summaryrefslogtreecommitdiff
path: root/source3/utils
diff options
context:
space:
mode:
Diffstat (limited to 'source3/utils')
-rw-r--r--source3/utils/net_rpc_samsync.c138
1 files changed, 138 insertions, 0 deletions
diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c
index 909ed298cb..42bb480844 100644
--- a/source3/utils/net_rpc_samsync.c
+++ b/source3/utils/net_rpc_samsync.c
@@ -717,7 +717,145 @@ static NTSTATUS fetch_alias_info(uint32 rid, SAM_ALIAS_INFO *delta,
static NTSTATUS
fetch_alias_mem(uint32 rid, SAM_ALIAS_MEM_INFO *delta, DOM_SID dom_sid)
{
+#if 0 /*
+ * commented out right now after talking to Volker. Can't
+ * do much with the membership but seemed a shame to waste
+ * somewhat working code. Needs testing because the membership
+ * that shows up surprises me. Also can't do much with groups
+ * in groups (e.g. Domain Admins being a member of Adminsitrators).
+ * --jerry
+ */
+ int i;
+ TALLOC_CTX *t = NULL;
+ char **nt_members = NULL;
+ char **unix_members;
+ DOM_SID group_sid;
+ GROUP_MAP map;
+ struct group *grp;
+ enum SID_NAME_USE sid_type;
+
+ if (delta->num_members == 0) {
+ return NT_STATUS_OK;
+ }
+
+ sid_copy(&group_sid, &dom_sid);
+ sid_append_rid(&group_sid, rid);
+
+ if (sid_equal(&dom_sid, &global_sid_Builtin)) {
+ sid_type = SID_NAME_WKN_GRP;
+ if (!get_builtin_group_from_sid(group_sid, &map, False)) {
+ DEBUG(0, ("Could not find builtin group %s\n", sid_string_static(&group_sid)));
+ return NT_STATUS_NO_SUCH_GROUP;
+ }
+ } else {
+ sid_type = SID_NAME_ALIAS;
+ if (!get_local_group_from_sid(group_sid, &map, False)) {
+ DEBUG(0, ("Could not find local group %s\n", sid_string_static(&group_sid)));
+ return NT_STATUS_NO_SUCH_GROUP;
+ }
+ }
+
+ if (!(grp = getgrgid(map.gid))) {
+ DEBUG(0, ("Could not find unix group %d\n", map.gid));
+ return NT_STATUS_NO_SUCH_GROUP;
+ }
+
+ d_printf("Group members of %s: ", grp->gr_name);
+
+ if (!(t = talloc_init("fetch_group_mem_info"))) {
+ DEBUG(0, ("could not talloc_init\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ nt_members = talloc_zero(t, sizeof(char *) * delta->num_members);
+
+ for (i=0; i<delta->num_members; i++) {
+ NTSTATUS nt_status;
+ SAM_ACCOUNT *member = NULL;
+ DOM_SID member_sid;
+
+ if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam_talloc(t, &member))) {
+ talloc_destroy(t);
+ return nt_status;
+ }
+
+ sid_copy(&member_sid, &delta->sids[i].sid);
+
+ if (!pdb_getsampwsid(member, &member_sid)) {
+ DEBUG(1, ("Found bogus group member: (member_sid=%s group=%s)\n",
+ sid_string_static(&member_sid), grp->gr_name));
+ pdb_free_sam(&member);
+ continue;
+ }
+
+ if (pdb_get_group_rid(member) == rid) {
+ d_printf("%s(primary),", pdb_get_username(member));
+ pdb_free_sam(&member);
+ continue;
+ }
+
+ d_printf("%s,", pdb_get_username(member));
+ nt_members[i] = talloc_strdup(t, pdb_get_username(member));
+ pdb_free_sam(&member);
+ }
+
+ d_printf("\n");
+
+ unix_members = grp->gr_mem;
+
+ while (*unix_members) {
+ BOOL is_nt_member = False;
+ for (i=0; i<delta->num_members; i++) {
+ if (nt_members[i] == NULL) {
+ /* This was a primary group */
+ continue;
+ }
+
+ if (strcmp(*unix_members, nt_members[i]) == 0) {
+ is_nt_member = True;
+ break;
+ }
+ }
+ if (!is_nt_member) {
+ /* We look at a unix group member that is not
+ an nt group member. So, remove it. NT is
+ boss here. */
+ smb_delete_user_group(grp->gr_name, *unix_members);
+ }
+ unix_members += 1;
+ }
+
+ for (i=0; i<delta->num_members; i++) {
+ BOOL is_unix_member = False;
+
+ if (nt_members[i] == NULL) {
+ /* This was the primary group */
+ continue;
+ }
+
+ unix_members = grp->gr_mem;
+
+ while (*unix_members) {
+ if (strcmp(*unix_members, nt_members[i]) == 0) {
+ is_unix_member = True;
+ break;
+ }
+ unix_members += 1;
+ }
+
+ if (!is_unix_member) {
+ /* We look at a nt group member that is not a
+ unix group member currently. So, add the nt
+ group member. */
+ smb_add_user_group(grp->gr_name, nt_members[i]);
+ }
+ }
+
+ talloc_destroy(t);
+
+#endif /* end of fetch_alias_mem() */
+
return NT_STATUS_OK;
}