summaryrefslogtreecommitdiff
path: root/source3/winbindd/winbindd_passdb.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/winbindd/winbindd_passdb.c')
-rw-r--r--source3/winbindd/winbindd_passdb.c72
1 files changed, 35 insertions, 37 deletions
diff --git a/source3/winbindd/winbindd_passdb.c b/source3/winbindd/winbindd_passdb.c
index 5a2c31fe2f..c23f87dcd5 100644
--- a/source3/winbindd/winbindd_passdb.c
+++ b/source3/winbindd/winbindd_passdb.c
@@ -396,22 +396,6 @@ static NTSTATUS builtin_query_user(struct winbindd_domain *domain,
return NT_STATUS_NO_SUCH_USER;
}
-static NTSTATUS builtin_lookup_groupmem(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const DOM_SID *group_sid, uint32 *num_names,
- DOM_SID **sid_mem, char ***names,
- uint32 **name_types)
-{
- DEBUG(10,("passdb: lookup_groupmem (builtin) %s sid=%s\n", domain->name,
- sid_string_dbg(group_sid)));
-
- *num_names = 0;
- *sid_mem = NULL;
- *names = NULL;
- *name_types = 0;
- return NT_STATUS_NO_SUCH_GROUP;
-}
-
/* get a list of trusted domains - builtin domain */
static NTSTATUS builtin_trusted_domains(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
@@ -552,13 +536,14 @@ static NTSTATUS sam_query_user(struct winbindd_domain *domain,
/* Lookup group membership given a rid. */
static NTSTATUS sam_lookup_groupmem(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const DOM_SID *group_sid, uint32 *num_names,
- DOM_SID **sid_mem, char ***names,
- uint32 **name_types)
+ TALLOC_CTX *mem_ctx,
+ const DOM_SID *group_sid,
+ enum lsa_SidType type,
+ uint32 *num_names,
+ DOM_SID **sid_mem, char ***names,
+ uint32 **name_types)
{
size_t i, num_members, num_mapped;
- uint32 *rids;
NTSTATUS result;
const DOM_SID **sids;
struct lsa_dom_info *lsa_domains;
@@ -568,7 +553,7 @@ static NTSTATUS sam_lookup_groupmem(struct winbindd_domain *domain,
DEBUG(10,("passdb: lookup_groupmem (sam) %s sid=%s\n", domain->name,
sid_string_dbg(group_sid)));
- if (!sid_check_is_in_our_domain(group_sid)) {
+ if (sid_check_is_in_builtin(group_sid) && (type != SID_NAME_ALIAS)) {
/* There's no groups, only aliases in BUILTIN */
return NT_STATUS_NO_SUCH_GROUP;
}
@@ -577,11 +562,31 @@ static NTSTATUS sam_lookup_groupmem(struct winbindd_domain *domain,
return NT_STATUS_NO_MEMORY;
}
- result = pdb_enum_group_members(tmp_ctx, group_sid, &rids,
- &num_members);
- if (!NT_STATUS_IS_OK(result)) {
- TALLOC_FREE(tmp_ctx);
- return result;
+ if (type == SID_NAME_DOM_GRP) {
+ uint32 *rids;
+
+ result = pdb_enum_group_members(tmp_ctx, group_sid, &rids,
+ &num_members);
+ if (!NT_STATUS_IS_OK(result)) {
+ TALLOC_FREE(tmp_ctx);
+ return result;
+ }
+ *sid_mem = talloc_array(mem_ctx, struct dom_sid, num_members);
+ if (*sid_mem == NULL) {
+ TALLOC_FREE(tmp_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
+ for (i=0; i<num_members; i++) {
+ sid_compose(&((*sid_mem)[i]), &domain->sid, rids[i]);
+ }
+ TALLOC_FREE(rids);
+ } else {
+ result = pdb_enum_aliasmem(group_sid, mem_ctx, sid_mem,
+ &num_members);
+ if (!NT_STATUS_IS_OK(result)) {
+ TALLOC_FREE(tmp_ctx);
+ return result;
+ }
}
if (num_members == 0) {
@@ -593,13 +598,11 @@ static NTSTATUS sam_lookup_groupmem(struct winbindd_domain *domain,
return NT_STATUS_OK;
}
- *sid_mem = TALLOC_ARRAY(mem_ctx, DOM_SID, num_members);
*names = TALLOC_ARRAY(mem_ctx, char *, num_members);
*name_types = TALLOC_ARRAY(mem_ctx, uint32, num_members);
sids = TALLOC_ARRAY(tmp_ctx, const DOM_SID *, num_members);
- if (((*sid_mem) == NULL) || ((*names) == NULL) ||
- ((*name_types) == NULL) || (sids == NULL)) {
+ if (((*names) == NULL) || ((*name_types) == NULL) || (sids == NULL)) {
TALLOC_FREE(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
@@ -610,12 +613,7 @@ static NTSTATUS sam_lookup_groupmem(struct winbindd_domain *domain,
*/
for (i=0; i<num_members; i++) {
- DOM_SID *sid = &((*sid_mem)[i]);
- if (!sid_compose(sid, &domain->sid, rids[i])) {
- TALLOC_FREE(tmp_ctx);
- return NT_STATUS_INTERNAL_ERROR;
- }
- sids[i] = sid;
+ sids[i] = &((*sid_mem)[i]);
}
result = lookup_sids(tmp_ctx, num_members, sids, 1,
@@ -718,7 +716,7 @@ struct winbindd_methods builtin_passdb_methods = {
builtin_query_user,
lookup_usergroups,
lookup_useraliases,
- builtin_lookup_groupmem,
+ sam_lookup_groupmem,
sequence_number,
lockout_policy,
password_policy,