summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/passdb/pdb_ads.c48
1 files changed, 27 insertions, 21 deletions
diff --git a/source3/passdb/pdb_ads.c b/source3/passdb/pdb_ads.c
index 68ce2b469c..f153c9e0ce 100644
--- a/source3/passdb/pdb_ads.c
+++ b/source3/passdb/pdb_ads.c
@@ -983,37 +983,43 @@ static NTSTATUS pdb_ads_enum_group_memberships(struct pdb_methods *m,
gid_t *gids;
priv = pdb_ads_get_samu_private(m, user);
- if (priv == NULL) {
+ if (priv != NULL) {
+ rc = pdb_ads_search_fmt(
+ state, state->domaindn, TLDAP_SCOPE_SUB,
+ attrs, ARRAY_SIZE(attrs), 0, talloc_tos(), &groups,
+ "(&(member=%s)(grouptype=%d)(objectclass=group))",
+ priv->dn, GTYPE_SECURITY_GLOBAL_GROUP);
+ if (rc != TLDAP_SUCCESS) {
+ DEBUG(10, ("ldap_search failed %s\n",
+ tldap_errstr(talloc_tos(), state->ld, rc)));
+ return NT_STATUS_LDAP(rc);
+ }
+ count = talloc_array_length(groups);
+ } else {
+ /*
+ * This happens for artificial samu users
+ */
DEBUG(10, ("Could not get pdb_ads_samu_private\n"));
- *pp_sids = NULL;
- *pp_gids = NULL;
- *p_num_groups = 0;
- return NT_STATUS_OK;
+ count = 0;
}
- rc = pdb_ads_search_fmt(
- state, state->domaindn, TLDAP_SCOPE_SUB,
- attrs, ARRAY_SIZE(attrs), 0, talloc_tos(), &groups,
- "(&(member=%s)(grouptype=%d)(objectclass=group))",
- priv->dn, GTYPE_SECURITY_GLOBAL_GROUP);
- if (rc != TLDAP_SUCCESS) {
- DEBUG(10, ("ldap_search failed %s\n",
- tldap_errstr(talloc_tos(), state->ld, rc)));
- return NT_STATUS_LDAP(rc);
- }
-
- count = talloc_array_length(groups);
-
- group_sids = talloc_array(mem_ctx, struct dom_sid, count);
+ group_sids = talloc_array(mem_ctx, struct dom_sid, count+1);
if (group_sids == NULL) {
return NT_STATUS_NO_MEMORY;
}
- gids = talloc_array(mem_ctx, gid_t, count);
+ gids = talloc_array(mem_ctx, gid_t, count+1);
if (gids == NULL) {
TALLOC_FREE(group_sids);
return NT_STATUS_NO_MEMORY;
}
- num_groups = 0;
+
+ sid_copy(&group_sids[0], pdb_get_group_sid(user));
+ if (!sid_to_gid(&group_sids[0], &gids[0])) {
+ TALLOC_FREE(gids);
+ TALLOC_FREE(group_sids);
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+ num_groups = 1;
for (i=0; i<count; i++) {
if (!tldap_pull_binsid(groups[i], "objectSid",