diff options
-rw-r--r-- | source3/winbindd/winbindd_samr.c | 127 |
1 files changed, 22 insertions, 105 deletions
diff --git a/source3/winbindd/winbindd_samr.c b/source3/winbindd/winbindd_samr.c index a3bbb27df9..78e4c00e93 100644 --- a/source3/winbindd/winbindd_samr.c +++ b/source3/winbindd/winbindd_samr.c @@ -421,33 +421,26 @@ static NTSTATUS sam_lookup_groupmem(struct winbindd_domain *domain, uint32_t **pname_types) { struct rpc_pipe_client *samr_pipe; - struct policy_handle dom_pol, group_pol; - uint32_t samr_access = SEC_FLAG_MAXIMUM_ALLOWED; - struct samr_RidTypeArray *rids = NULL; - uint32_t group_rid; - uint32_t *rid_mem = NULL; + struct policy_handle dom_pol; uint32_t num_names = 0; - uint32_t total_names = 0; struct dom_sid *sid_mem = NULL; char **names = NULL; uint32_t *name_types = NULL; - struct lsa_Strings tmp_names; - struct samr_Ids tmp_types; - - uint32_t j, r; TALLOC_CTX *tmp_ctx; NTSTATUS status; - DEBUG(3,("samr: lookup groupmem\n")); + DEBUG(3,("sam_lookup_groupmem\n")); - if (pnum_names) { - pnum_names = 0; + /* Paranoia check */ + if (sid_check_is_in_builtin(group_sid) && (type != SID_NAME_ALIAS)) { + /* There's no groups, only aliases in BUILTIN */ + return NT_STATUS_NO_SUCH_GROUP; } - if (!sid_peek_check_rid(&domain->sid, group_sid, &group_rid)) { - return NT_STATUS_UNSUCCESSFUL; + if (pnum_names) { + pnum_names = 0; } tmp_ctx = talloc_stackframe(); @@ -457,99 +450,23 @@ static NTSTATUS sam_lookup_groupmem(struct winbindd_domain *domain, status = open_internal_samr_conn(tmp_ctx, domain, &samr_pipe, &dom_pol); if (!NT_STATUS_IS_OK(status)) { - goto error; - } - - status = rpccli_samr_OpenGroup(samr_pipe, - tmp_ctx, - &dom_pol, - samr_access, - group_rid, - &group_pol); - if (!NT_STATUS_IS_OK(status)) { - goto error; - } - - /* - * Step #1: Get a list of user rids that are the members of the group. - */ - status = rpccli_samr_QueryGroupMember(samr_pipe, - tmp_ctx, - &group_pol, - &rids); - - rpccli_samr_Close(samr_pipe, tmp_ctx, &group_pol); - - if (!NT_STATUS_IS_OK(status)) { - goto error; - } - - if (rids == NULL || rids->count == 0) { - pnum_names = 0; - pnames = NULL; - pname_types = NULL; - psid_mem = NULL; - - status = NT_STATUS_OK; - goto error; - } - - num_names = rids->count; - rid_mem = rids->rids; - - /* - * Step #2: Convert list of rids into list of usernames. - */ -#define MAX_LOOKUP_RIDS 900 - - if (num_names > 0) { - names = TALLOC_ZERO_ARRAY(tmp_ctx, char *, num_names); - name_types = TALLOC_ZERO_ARRAY(tmp_ctx, uint32_t, num_names); - sid_mem = TALLOC_ZERO_ARRAY(tmp_ctx, struct dom_sid, num_names); - if (names == NULL || name_types == NULL || sid_mem == NULL) { - status = NT_STATUS_NO_MEMORY; - goto error; - } - } - - for (j = 0; j < num_names; j++) { - sid_compose(&sid_mem[j], &domain->sid, rid_mem[j]); - } - - status = rpccli_samr_LookupRids(samr_pipe, - tmp_ctx, - &dom_pol, - num_names, - rid_mem, - &tmp_names, - &tmp_types); - if (!NT_STATUS_IS_OK(status)) { - if (!NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) { - goto error; - } - } - - /* Copy result into array. The talloc system will take - care of freeing the temporary arrays later on. */ - if (tmp_names.count != tmp_types.count) { - status = NT_STATUS_UNSUCCESSFUL; - goto error; + goto done; } - for (r = 0; r < tmp_names.count; r++) { - if (tmp_types.ids[r] == SID_NAME_UNKNOWN) { - continue; - } - names[total_names] = fill_domain_username_talloc(names, - domain->name, - tmp_names.names[r].string, - true); - name_types[total_names] = tmp_types.ids[r]; - total_names++; - } + status = rpc_lookup_groupmem(tmp_ctx, + samr_pipe, + &dom_pol, + domain->name, + &domain->sid, + group_sid, + type, + &num_names, + &sid_mem, + &names, + &name_types); if (pnum_names) { - *pnum_names = total_names; + *pnum_names = num_names; } if (pnames) { @@ -564,7 +481,7 @@ static NTSTATUS sam_lookup_groupmem(struct winbindd_domain *domain, *psid_mem = talloc_move(mem_ctx, &sid_mem); } -error: +done: TALLOC_FREE(tmp_ctx); return status; } |