diff options
Diffstat (limited to 'source3/passdb')
-rw-r--r-- | source3/passdb/pdb_interface.c | 12 | ||||
-rw-r--r-- | source3/passdb/pdb_ldap.c | 78 | ||||
-rw-r--r-- | source3/passdb/util_sam_sid.c | 13 |
3 files changed, 60 insertions, 43 deletions
diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index d65b1b3463..5747435e69 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -587,7 +587,8 @@ static NTSTATUS context_enum_aliasmem(struct pdb_context *context, } static NTSTATUS context_enum_alias_memberships(struct pdb_context *context, - const DOM_SID *sid, + const DOM_SID *members, + int num_members, DOM_SID **aliases, int *num) { NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; @@ -598,8 +599,8 @@ static NTSTATUS context_enum_alias_memberships(struct pdb_context *context, } return context->pdb_methods-> - enum_alias_memberships(context->pdb_methods, sid, aliases, - num); + enum_alias_memberships(context->pdb_methods, members, + num_members, aliases, num); } /****************************************************************** @@ -1125,7 +1126,7 @@ BOOL pdb_enum_aliasmem(const DOM_SID *alias, members, num_members)); } -BOOL pdb_enum_alias_memberships(const DOM_SID *sid, +BOOL pdb_enum_alias_memberships(const DOM_SID *members, int num_members, DOM_SID **aliases, int *num) { struct pdb_context *pdb_context = pdb_get_static_context(False); @@ -1135,7 +1136,8 @@ BOOL pdb_enum_alias_memberships(const DOM_SID *sid, } return NT_STATUS_IS_OK(pdb_context-> - pdb_enum_alias_memberships(pdb_context, sid, + pdb_enum_alias_memberships(pdb_context, members, + num_members, aliases, num)); } diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index f7ee8dcb42..058ecb04d3 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -2733,71 +2733,73 @@ static NTSTATUS ldapsam_enum_aliasmem(struct pdb_methods *methods, } static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods, - const DOM_SID *sid, - DOM_SID **aliases, int *num) + const DOM_SID *members, + int num_members, + DOM_SID **aliases, int *num_aliases) { struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)methods->private_data; + LDAP *ldap_struct; - fstring sid_string; const char *attrs[] = { LDAP_ATTRIBUTE_SID, NULL }; LDAPMessage *result = NULL; LDAPMessage *entry = NULL; - int count; + int i; int rc; - pstring filter; + char *filter; + TALLOC_CTX *mem_ctx; - sid_to_string(sid_string, sid); - pstr_sprintf(filter, "(&(|(objectclass=%s)(objectclass=%s))(%s=%s))", - LDAP_OBJ_GROUPMAP, LDAP_OBJ_IDMAP_ENTRY, - get_attr_key2string(groupmap_attr_list, - LDAP_ATTR_SID_LIST), sid_string); + mem_ctx = talloc_init("ldapsam_alias_memberships"); + + if (mem_ctx == NULL) + return NT_STATUS_NO_MEMORY; + + /* This query could be further optimized by adding a + (&(sambaSID=<domain-sid>*)) so that only those aliases that are + asked for in the getuseraliases are returned. */ + + filter = talloc_asprintf(mem_ctx, + "(&(|(objectclass=%s)(objectclass=%s))(|", + LDAP_OBJ_GROUPMAP, LDAP_OBJ_IDMAP_ENTRY); + + for (i=0; i<num_members; i++) + filter = talloc_asprintf(mem_ctx, "%s(sambaSIDList=%s)", + filter, + sid_string_static(&members[i])); + + filter = talloc_asprintf(mem_ctx, "%s))", filter); rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_group_suffix(), LDAP_SCOPE_SUBTREE, filter, attrs, 0, &result); + talloc_destroy(mem_ctx); + if (rc != LDAP_SUCCESS) return NT_STATUS_UNSUCCESSFUL; *aliases = NULL; - *num = 0; - - count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, - result); - - if (count < 1) { - ldap_msgfree(result); - return NT_STATUS_OK; - } + *num_aliases = 0; + ldap_struct = ldap_state->smbldap_state->ldap_struct; - for (entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, - result); + for (entry = ldap_first_entry(ldap_struct, result); entry != NULL; - entry = ldap_next_entry(ldap_state->smbldap_state->ldap_struct, - entry)) + entry = ldap_next_entry(ldap_struct, entry)) { - DOM_SID alias; - char **vals; - vals = ldap_get_values(ldap_state->smbldap_state->ldap_struct, - entry, LDAP_ATTRIBUTE_SID); - - if (vals == NULL) - continue; + fstring sid_str; + DOM_SID sid; - if (vals[0] == NULL) { - ldap_value_free(vals); + if (!smbldap_get_single_attribute(ldap_struct, entry, + LDAP_ATTRIBUTE_SID, + sid_str, + sizeof(sid_str)-1)) continue; - } - if (!string_to_sid(&alias, vals[0])) { - ldap_value_free(vals); + if (!string_to_sid(&sid, sid_str)) continue; - } - add_sid_to_array(&alias, aliases, num); - ldap_value_free(vals); + add_sid_to_array_unique(&sid, aliases, num_aliases); } ldap_msgfree(result); diff --git a/source3/passdb/util_sam_sid.c b/source3/passdb/util_sam_sid.c index c13159e47f..204f68c121 100644 --- a/source3/passdb/util_sam_sid.c +++ b/source3/passdb/util_sam_sid.c @@ -327,3 +327,16 @@ void add_sid_to_array(const DOM_SID *sid, DOM_SID **sids, int *num) return; } + + +void add_sid_to_array_unique(const DOM_SID *sid, DOM_SID **sids, int *num_sids) +{ + int i; + + for (i=0; i<(*num_sids); i++) { + if (sid_compare(sid, &(*sids)[i]) == 0) + return; + } + + return add_sid_to_array(sid, sids, num_sids); +} |