diff options
Diffstat (limited to 'source3/groupdb/groupdb.c')
-rw-r--r-- | source3/groupdb/groupdb.c | 38 |
1 files changed, 30 insertions, 8 deletions
diff --git a/source3/groupdb/groupdb.c b/source3/groupdb/groupdb.c index 7b9a14c7df..6bd6c34442 100644 --- a/source3/groupdb/groupdb.c +++ b/source3/groupdb/groupdb.c @@ -24,6 +24,7 @@ #include "nterr.h" extern int DEBUGLEVEL; +extern DOM_SID global_sam_sid; /* * NOTE. All these functions are abstracted into a structure @@ -65,7 +66,28 @@ BOOL initialise_group_db(void) *************************************************************************/ DOMAIN_GRP *iterate_getgroupgid(gid_t gid, DOMAIN_GRP_MEMBER **mem, int *num_mem) { - return iterate_getgrouprid(pwdb_gid_to_group_rid(gid), mem, num_mem); + DOM_NAME_MAP gmep; + uint32 rid; + if (!lookupsmbgrpgid(gid, &gmep)) + { + DEBUG(0,("iterate_getgroupgid: gid %d does not map to one of our Domain's Groups\n", gid)); + return NULL; + } + + if (gmep.type != SID_NAME_DOM_GRP && gmep.type != SID_NAME_WKN_GRP) + { + DEBUG(0,("iterate_getgroupgid: gid %d does not map to one of our Domain's Groups\n", gid)); + return NULL; + } + + sid_split_rid(&gmep.sid, &rid); + if (!sid_equal(&gmep.sid, &global_sam_sid)) + { + DEBUG(0,("iterate_getgroupgid: gid %d does not map into our Domain SID\n", gid)); + return NULL; + } + + return iterate_getgrouprid(rid, mem, num_mem); } /************************************************************************ @@ -105,7 +127,7 @@ DOMAIN_GRP *iterate_getgrouprid(uint32 rid, DOMAIN_GRP_MEMBER **mem, int *num_me Utility function to search group database by name. use this if your database does not have search facilities. *************************************************************************/ -DOMAIN_GRP *iterate_getgroupnam(char *name, DOMAIN_GRP_MEMBER **mem, int *num_mem) +DOMAIN_GRP *iterate_getgroupntnam(const char *name, DOMAIN_GRP_MEMBER **mem, int *num_mem) { DOMAIN_GRP *grp = NULL; void *fp = NULL; @@ -165,7 +187,7 @@ BOOL add_domain_group(DOMAIN_GRP **grps, int *num_grps, DOMAIN_GRP *grp) /************************************************************************* checks to see if a user is a member of a domain group *************************************************************************/ -static BOOL user_is_member(char *user_name, DOMAIN_GRP_MEMBER *mem, int num_mem) +static BOOL user_is_member(const char *user_name, DOMAIN_GRP_MEMBER *mem, int num_mem) { int i; for (i = 0; i < num_mem; i++) @@ -185,7 +207,7 @@ static BOOL user_is_member(char *user_name, DOMAIN_GRP_MEMBER *mem, int num_mem) gets an array of groups that a user is in. use this if your database does not have search facilities *************************************************************************/ -BOOL iterate_getusergroupsnam(char *user_name, DOMAIN_GRP **grps, int *num_grps) +BOOL iterate_getusergroupsnam(const char *user_name, DOMAIN_GRP **grps, int *num_grps) { DOMAIN_GRP *grp = NULL; DOMAIN_GRP_MEMBER *mem = NULL; @@ -342,9 +364,9 @@ BOOL mod_group_entry(DOMAIN_GRP* grp) Routine to search group database by name. *************************************************************************/ -DOMAIN_GRP *getgroupnam(char *name, DOMAIN_GRP_MEMBER **mem, int *num_mem) +DOMAIN_GRP *getgroupntnam(const char *name, DOMAIN_GRP_MEMBER **mem, int *num_mem) { - return gpdb_ops->getgroupnam(name, mem, num_mem); + return gpdb_ops->getgroupntnam(name, mem, num_mem); } /************************************************************************ @@ -368,9 +390,9 @@ DOMAIN_GRP *getgroupgid(gid_t gid, DOMAIN_GRP_MEMBER **mem, int *num_mem) /************************************************************************* gets an array of groups that a user is in. *************************************************************************/ -BOOL getusergroupsnam(char *user_name, DOMAIN_GRP **grp, int *num_grps) +BOOL getusergroupsntnam(const char *user_name, DOMAIN_GRP **grp, int *num_grps) { - return gpdb_ops->getusergroupsnam(user_name, grp, num_grps); + return gpdb_ops->getusergroupsntnam(user_name, grp, num_grps); } /************************************************************* |