summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
Diffstat (limited to 'source3')
-rw-r--r--source3/rpc_server/srv_lsa_ds.c2
-rw-r--r--source3/rpc_server/srv_util.c11
-rw-r--r--source3/smbd/lanman.c66
3 files changed, 70 insertions, 9 deletions
diff --git a/source3/rpc_server/srv_lsa_ds.c b/source3/rpc_server/srv_lsa_ds.c
index 5996935b22..21e18f52fc 100644
--- a/source3/rpc_server/srv_lsa_ds.c
+++ b/source3/rpc_server/srv_lsa_ds.c
@@ -58,7 +58,7 @@ static BOOL api_dsrole_get_primary_dominfo(pipes_struct *p)
static BOOL api_dsrole_stub( pipes_struct *p )
{
- DEBUG(0,("api_dsrole_stub: Hmmm....didn't know this RPC existsed?!??!\n"));
+ DEBUG(0,("api_dsrole_stub: Hmmm....didn't know this RPC existed...\n"));
return False;
}
diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 03e53118a8..632d381503 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -307,8 +307,17 @@ BOOL get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SA
*/
gids = (DOM_GID *)talloc(ctx, sizeof(DOM_GID) * num_entries);
- /* for each group, check if the user is a member of*/
+ /* for each group, check if the user is a member of. Only include groups
+ from this domain */
+
for(i=0; i<num_entries; i++) {
+
+ if ( !sid_check_is_in_our_domain(&map[i].sid) ) {
+ DEBUG(10,("get_domain_user_groups: skipping check of %s since it is not in our domain\n",
+ map[i].nt_name));
+ continue;
+ }
+
if ((grp=getgrgid(map[i].gid)) == NULL) {
/* very weird !!! */
DEBUG(5,("get_domain_user_groups: gid %d doesn't exist anymore !\n", (int)map[i].gid));
diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
index 7fcf25d7c9..0d5bc3a9ab 100644
--- a/source3/smbd/lanman.c
+++ b/source3/smbd/lanman.c
@@ -1706,13 +1706,24 @@ static BOOL api_NetUserGetGroups(connection_struct *conn,uint16 vuid, char *para
int uLevel = SVAL(p,0);
const char *level_string;
int count=0;
+ SAM_ACCOUNT *sampw = NULL;
+ BOOL ret = False;
+ DOM_GID *gids = NULL;
+ int num_groups = 0;
+ int i;
+ fstring grp_domain;
+ fstring grp_name;
+ enum SID_NAME_USE grp_type;
+ DOM_SID sid, dom_sid;
*rparam_len = 8;
*rparam = REALLOC(*rparam,*rparam_len);
/* check it's a supported varient */
- if (!strcmp(str1,"zWrLeh"))
+
+ if ( strcmp(str1,"zWrLeh") != 0 )
return False;
+
switch( uLevel ) {
case 0:
level_string = "B21";
@@ -1732,18 +1743,59 @@ static BOOL api_NetUserGetGroups(connection_struct *conn,uint16 vuid, char *para
p = *rdata;
- /* XXXX we need a real SAM database some day */
- pstrcpy(p,"Users"); p += 21; count++;
- pstrcpy(p,"Domain Users"); p += 21; count++;
- pstrcpy(p,"Guests"); p += 21; count++;
- pstrcpy(p,"Domain Guests"); p += 21; count++;
+ /* Lookup the user information; This should only be one of
+ our accounts (not remote domains) */
+
+ pdb_init_sam( &sampw );
+
+ become_root(); /* ROOT BLOCK */
+
+ if ( !pdb_getsampwnam(sampw, UserName) )
+ goto out;
+ /* this next set of code is horribly inefficient, but since
+ it is rarely called, I'm going to leave it like this since
+ it easier to follow --jerry */
+
+ /* get the list of group SIDs */
+
+ if ( !get_domain_user_groups(conn->mem_ctx, &num_groups, &gids, sampw) ) {
+ DEBUG(1,("api_NetUserGetGroups: get_domain_user_groups() failed!\n"));
+ goto out;
+ }
+
+ /* convert to names (we don't support universal groups so the domain
+ can only be ours) */
+
+ sid_copy( &dom_sid, get_global_sam_sid() );
+ for (i=0; i<num_groups; i++) {
+
+ /* make the DOM_GID into a DOM_SID and then lookup
+ the name */
+
+ sid_copy( &sid, &dom_sid );
+ sid_append_rid( &sid, gids[i].g_rid );
+
+ if ( lookup_sid(&sid, grp_domain, grp_name, &grp_type) ) {
+ pstrcpy(p, grp_name);
+ p += 21;
+ count++;
+ }
+ }
+
*rdata_len = PTR_DIFF(p,*rdata);
SSVAL(*rparam,4,count); /* is this right?? */
SSVAL(*rparam,6,count); /* is this right?? */
- return(True);
+ ret = True;
+
+out:
+ unbecome_root(); /* END ROOT BLOCK */
+
+ pdb_free_sam( &sampw );
+
+ return ret;
}
/*******************************************************************