summaryrefslogtreecommitdiff
path: root/source3/passdb
diff options
context:
space:
mode:
Diffstat (limited to 'source3/passdb')
-rw-r--r--source3/passdb/pdb_interface.c12
-rw-r--r--source3/passdb/pdb_ldap.c78
-rw-r--r--source3/passdb/util_sam_sid.c13
3 files changed, 60 insertions, 43 deletions
diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c
index d65b1b3463..5747435e69 100644
--- a/source3/passdb/pdb_interface.c
+++ b/source3/passdb/pdb_interface.c
@@ -587,7 +587,8 @@ static NTSTATUS context_enum_aliasmem(struct pdb_context *context,
}
static NTSTATUS context_enum_alias_memberships(struct pdb_context *context,
- const DOM_SID *sid,
+ const DOM_SID *members,
+ int num_members,
DOM_SID **aliases, int *num)
{
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
@@ -598,8 +599,8 @@ static NTSTATUS context_enum_alias_memberships(struct pdb_context *context,
}
return context->pdb_methods->
- enum_alias_memberships(context->pdb_methods, sid, aliases,
- num);
+ enum_alias_memberships(context->pdb_methods, members,
+ num_members, aliases, num);
}
/******************************************************************
@@ -1125,7 +1126,7 @@ BOOL pdb_enum_aliasmem(const DOM_SID *alias,
members, num_members));
}
-BOOL pdb_enum_alias_memberships(const DOM_SID *sid,
+BOOL pdb_enum_alias_memberships(const DOM_SID *members, int num_members,
DOM_SID **aliases, int *num)
{
struct pdb_context *pdb_context = pdb_get_static_context(False);
@@ -1135,7 +1136,8 @@ BOOL pdb_enum_alias_memberships(const DOM_SID *sid,
}
return NT_STATUS_IS_OK(pdb_context->
- pdb_enum_alias_memberships(pdb_context, sid,
+ pdb_enum_alias_memberships(pdb_context, members,
+ num_members,
aliases, num));
}
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index f7ee8dcb42..058ecb04d3 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -2733,71 +2733,73 @@ static NTSTATUS ldapsam_enum_aliasmem(struct pdb_methods *methods,
}
static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods,
- const DOM_SID *sid,
- DOM_SID **aliases, int *num)
+ const DOM_SID *members,
+ int num_members,
+ DOM_SID **aliases, int *num_aliases)
{
struct ldapsam_privates *ldap_state =
(struct ldapsam_privates *)methods->private_data;
+ LDAP *ldap_struct;
- fstring sid_string;
const char *attrs[] = { LDAP_ATTRIBUTE_SID, NULL };
LDAPMessage *result = NULL;
LDAPMessage *entry = NULL;
- int count;
+ int i;
int rc;
- pstring filter;
+ char *filter;
+ TALLOC_CTX *mem_ctx;
- sid_to_string(sid_string, sid);
- pstr_sprintf(filter, "(&(|(objectclass=%s)(objectclass=%s))(%s=%s))",
- LDAP_OBJ_GROUPMAP, LDAP_OBJ_IDMAP_ENTRY,
- get_attr_key2string(groupmap_attr_list,
- LDAP_ATTR_SID_LIST), sid_string);
+ mem_ctx = talloc_init("ldapsam_alias_memberships");
+
+ if (mem_ctx == NULL)
+ return NT_STATUS_NO_MEMORY;
+
+ /* This query could be further optimized by adding a
+ (&(sambaSID=<domain-sid>*)) so that only those aliases that are
+ asked for in the getuseraliases are returned. */
+
+ filter = talloc_asprintf(mem_ctx,
+ "(&(|(objectclass=%s)(objectclass=%s))(|",
+ LDAP_OBJ_GROUPMAP, LDAP_OBJ_IDMAP_ENTRY);
+
+ for (i=0; i<num_members; i++)
+ filter = talloc_asprintf(mem_ctx, "%s(sambaSIDList=%s)",
+ filter,
+ sid_string_static(&members[i]));
+
+ filter = talloc_asprintf(mem_ctx, "%s))", filter);
rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_group_suffix(),
LDAP_SCOPE_SUBTREE, filter, attrs, 0, &result);
+ talloc_destroy(mem_ctx);
+
if (rc != LDAP_SUCCESS)
return NT_STATUS_UNSUCCESSFUL;
*aliases = NULL;
- *num = 0;
-
- count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct,
- result);
-
- if (count < 1) {
- ldap_msgfree(result);
- return NT_STATUS_OK;
- }
+ *num_aliases = 0;
+ ldap_struct = ldap_state->smbldap_state->ldap_struct;
- for (entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct,
- result);
+ for (entry = ldap_first_entry(ldap_struct, result);
entry != NULL;
- entry = ldap_next_entry(ldap_state->smbldap_state->ldap_struct,
- entry))
+ entry = ldap_next_entry(ldap_struct, entry))
{
- DOM_SID alias;
- char **vals;
- vals = ldap_get_values(ldap_state->smbldap_state->ldap_struct,
- entry, LDAP_ATTRIBUTE_SID);
-
- if (vals == NULL)
- continue;
+ fstring sid_str;
+ DOM_SID sid;
- if (vals[0] == NULL) {
- ldap_value_free(vals);
+ if (!smbldap_get_single_attribute(ldap_struct, entry,
+ LDAP_ATTRIBUTE_SID,
+ sid_str,
+ sizeof(sid_str)-1))
continue;
- }
- if (!string_to_sid(&alias, vals[0])) {
- ldap_value_free(vals);
+ if (!string_to_sid(&sid, sid_str))
continue;
- }
- add_sid_to_array(&alias, aliases, num);
- ldap_value_free(vals);
+ add_sid_to_array_unique(&sid, aliases, num_aliases);
}
ldap_msgfree(result);
diff --git a/source3/passdb/util_sam_sid.c b/source3/passdb/util_sam_sid.c
index c13159e47f..204f68c121 100644
--- a/source3/passdb/util_sam_sid.c
+++ b/source3/passdb/util_sam_sid.c
@@ -327,3 +327,16 @@ void add_sid_to_array(const DOM_SID *sid, DOM_SID **sids, int *num)
return;
}
+
+
+void add_sid_to_array_unique(const DOM_SID *sid, DOM_SID **sids, int *num_sids)
+{
+ int i;
+
+ for (i=0; i<(*num_sids); i++) {
+ if (sid_compare(sid, &(*sids)[i]) == 0)
+ return;
+ }
+
+ return add_sid_to_array(sid, sids, num_sids);
+}