2 files changed, 31 insertions, 25 deletions

diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c
index 949ee83dcd..e61cf33279 100644
--- a/source3/passdb/pdb_interface.c
+++ b/source3/passdb/pdb_interface.c
@@ -643,9 +643,12 @@ static NTSTATUS context_enum_aliasmem(struct pdb_context *context,
 }
 	
 static NTSTATUS context_enum_alias_memberships(struct pdb_context *context,
-					       const DOM_SID *members,
+					       TALLOC_CTX *mem_ctx,
+					       const DOM_SID *domain_sid,
+					       const DOM_SID const *members,
 					       int num_members,
-					       DOM_SID **aliases, int *num)
+					       uint32 **alias_rids,
+					       int *num_alias_rids)
 {
 	NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 
@@ -655,8 +658,9 @@ static NTSTATUS context_enum_alias_memberships(struct pdb_context *context,
 	}
 
 	return context->pdb_methods->
-		enum_alias_memberships(context->pdb_methods, members,
-				       num_members, aliases, num);
+		enum_alias_memberships(context->pdb_methods, mem_ctx,
+				       domain_sid, members, num_members,
+				       alias_rids, num_alias_rids);
 }
 
 static NTSTATUS context_lookup_rids(struct pdb_context *context,
@@ -1273,8 +1277,9 @@ BOOL pdb_enum_aliasmem(const DOM_SID *alias,
 						 members, num_members));
 }
 
-BOOL pdb_enum_alias_memberships(const DOM_SID *members, int num_members,
-				DOM_SID **aliases, int *num)
+BOOL pdb_enum_alias_memberships(TALLOC_CTX *mem_ctx, const DOM_SID *domain_sid,
+				const DOM_SID const *members, int num_members,
+				uint32 **alias_rids, int *num_alias_rids)
 {
 	struct pdb_context *pdb_context = pdb_get_static_context(False);
 
@@ -1283,9 +1288,11 @@ BOOL pdb_enum_alias_memberships(const DOM_SID *members, int num_members,
 	}
 
 	return NT_STATUS_IS_OK(pdb_context->
-			       pdb_enum_alias_memberships(pdb_context, members,
-							  num_members,
-							  aliases, num));
+			       pdb_enum_alias_memberships(pdb_context, mem_ctx,
+							  domain_sid,
+							  members, num_members,
+							  alias_rids,
+							  num_alias_rids));
 }
 
 NTSTATUS pdb_lookup_rids(TALLOC_CTX *mem_ctx,
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 14c764f12f..6597dc0fb2 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -2469,11 +2469,11 @@ static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods,
 
 	/* We need to add the primary group as the first gid/sid */
 
-	add_gid_to_array_unique(primary_gid, gids, &num_gids);
+	add_gid_to_array_unique(NULL, primary_gid, gids, &num_gids);
 
 	/* This sid will be replaced later */
 
-	add_sid_to_array_unique(&global_sid_NULL, sids, &num_sids);
+	add_sid_to_array_unique(NULL, &global_sid_NULL, sids, &num_sids);
 
 	for (entry = ldap_first_entry(conn->ldap_struct, msg);
 	     entry != NULL;
@@ -2505,8 +2505,8 @@ static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods,
 		if (gid == primary_gid) {
 			sid_copy(&(*sids)[0], &sid);
 		} else {
-			add_gid_to_array_unique(gid, gids, &num_gids);
-			add_sid_to_array_unique(&sid, sids, &num_sids);
+			add_gid_to_array_unique(NULL, gid, gids, &num_gids);
+			add_sid_to_array_unique(NULL, &sid, sids, &num_sids);
 		}
 	}
 
@@ -3052,7 +3052,7 @@ static NTSTATUS ldapsam_enum_aliasmem(struct pdb_methods *methods,
 		if (!string_to_sid(&member, values[i]))
 			continue;
 
-		add_sid_to_array(&member, members, num_members);
+		add_sid_to_array(NULL, &member, members, num_members);
 	}
 
 	ldap_value_free(values);
@@ -3062,9 +3062,12 @@ static NTSTATUS ldapsam_enum_aliasmem(struct pdb_methods *methods,
 }
 
 static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods,
+					  TALLOC_CTX *mem_ctx,
+					  const DOM_SID *domain_sid,
 					  const DOM_SID *members,
 					  int num_members,
-					  DOM_SID **aliases, int *num_aliases)
+					  uint32 **alias_rids,
+					  int *num_alias_rids)
 {
 	struct ldapsam_privates *ldap_state =
 		(struct ldapsam_privates *)methods->private_data;
@@ -3077,12 +3080,6 @@ static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods,
 	int i;
 	int rc;
 	char *filter;
-	TALLOC_CTX *mem_ctx;
-
-	mem_ctx = talloc_init("ldapsam_alias_memberships");
-
-	if (mem_ctx == NULL)
-		return NT_STATUS_NO_MEMORY;
 
 	/* This query could be further optimized by adding a
 	   (&(sambaSID=<domain-sid>*)) so that only those aliases that are
@@ -3107,9 +3104,6 @@ static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods,
 	if (rc != LDAP_SUCCESS)
 		return NT_STATUS_UNSUCCESSFUL;
 
-	*aliases = NULL;
-	*num_aliases = 0;
-
 	ldap_struct = ldap_state->smbldap_state->ldap_struct;
 
 	for (entry = ldap_first_entry(ldap_struct, result);
@@ -3118,6 +3112,7 @@ static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods,
 	{
 		fstring sid_str;
 		DOM_SID sid;
+		uint32 rid;
 
 		if (!smbldap_get_single_attribute(ldap_struct, entry,
 						  LDAP_ATTRIBUTE_SID,
@@ -3128,7 +3123,11 @@ static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods,
 		if (!string_to_sid(&sid, sid_str))
 			continue;
 
-		add_sid_to_array_unique(&sid, aliases, num_aliases);
+		if (!sid_peek_check_rid(domain_sid, &sid, &rid))
+			continue;
+
+		add_rid_to_array_unique(mem_ctx, rid, alias_rids,
+					num_alias_rids);
 	}
 
 	ldap_msgfree(result);