diff options
Diffstat (limited to 'source3/passdb/pdb_ads.c')
-rw-r--r-- | source3/passdb/pdb_ads.c | 89 |
1 files changed, 86 insertions, 3 deletions
diff --git a/source3/passdb/pdb_ads.c b/source3/passdb/pdb_ads.c index 1bfbdf0dce..0ae1a8d0da 100644 --- a/source3/passdb/pdb_ads.c +++ b/source3/passdb/pdb_ads.c @@ -952,11 +952,94 @@ static NTSTATUS pdb_ads_del_aliasmem(struct pdb_methods *m, return NT_STATUS_NOT_IMPLEMENTED; } +static bool pdb_ads_dnblob2sid(struct tldap_context *ld, DATA_BLOB *dnblob, + struct dom_sid *psid) +{ + const char *attrs[1] = { "objectSid" }; + struct tldap_message **msg; + char *dn; + size_t len; + int rc; + bool ret; + + if (!convert_string_talloc(talloc_tos(), CH_UTF8, CH_UNIX, + dnblob->data, dnblob->length, &dn, &len, + false)) { + return false; + } + rc = tldap_search_fmt(ld, dn, TLDAP_SCOPE_BASE, + attrs, ARRAY_SIZE(attrs), 0, talloc_tos(), + &msg, "(objectclass=*)"); + TALLOC_FREE(dn); + if (talloc_array_length(msg) != 1) { + DEBUG(10, ("Got %d objects, expected one\n", + (int)talloc_array_length(msg))); + TALLOC_FREE(msg); + return false; + } + + ret = tldap_pull_binsid(msg[0], "objectSid", psid); + TALLOC_FREE(msg); + return ret; +} + static NTSTATUS pdb_ads_enum_aliasmem(struct pdb_methods *m, - const DOM_SID *alias, DOM_SID **members, - size_t *p_num_members) + const DOM_SID *alias, + TALLOC_CTX *mem_ctx, + DOM_SID **pmembers, + size_t *pnum_members) { - return NT_STATUS_NOT_IMPLEMENTED; + struct pdb_ads_state *state = talloc_get_type_abort( + m->private_data, struct pdb_ads_state); + const char *attrs[1] = { "member" }; + char *sidstr; + struct tldap_message **msg; + int i, rc, num_members; + DATA_BLOB *blobs; + struct dom_sid *members; + + sidstr = sid_binstring(talloc_tos(), alias); + NT_STATUS_HAVE_NO_MEMORY(sidstr); + + rc = tldap_search_fmt(state->ld, state->domaindn, TLDAP_SCOPE_SUB, + attrs, ARRAY_SIZE(attrs), 0, talloc_tos(), &msg, + "(objectsid=%s)", sidstr); + TALLOC_FREE(sidstr); + if (rc != TLDAP_SUCCESS) { + DEBUG(10, ("ldap_search failed %s\n", + tldap_errstr(debug_ctx(), state->ld, rc))); + return NT_STATUS_LDAP(rc); + } + switch talloc_array_length(msg) { + case 0: + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + break; + case 1: + break; + default: + return NT_STATUS_INTERNAL_DB_CORRUPTION; + break; + } + + if (!tldap_entry_values(msg[0], "member", &num_members, &blobs)) { + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + + members = talloc_array(mem_ctx, struct dom_sid, num_members); + if (members == NULL) { + return NT_STATUS_NO_MEMORY; + } + + for (i=0; i<num_members; i++) { + if (!pdb_ads_dnblob2sid(state->ld, &blobs[i], &members[i])) { + TALLOC_FREE(members); + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + } + + *pmembers = members; + *pnum_members = num_members; + return NT_STATUS_OK; } static NTSTATUS pdb_ads_enum_alias_memberships(struct pdb_methods *m, |