diff options
Diffstat (limited to 'source3')
-rw-r--r-- | source3/rpc_server/srv_lsa_ds.c | 2 | ||||
-rw-r--r-- | source3/rpc_server/srv_util.c | 11 | ||||
-rw-r--r-- | source3/smbd/lanman.c | 66 |
3 files changed, 70 insertions, 9 deletions
diff --git a/source3/rpc_server/srv_lsa_ds.c b/source3/rpc_server/srv_lsa_ds.c index 5996935b22..21e18f52fc 100644 --- a/source3/rpc_server/srv_lsa_ds.c +++ b/source3/rpc_server/srv_lsa_ds.c @@ -58,7 +58,7 @@ static BOOL api_dsrole_get_primary_dominfo(pipes_struct *p) static BOOL api_dsrole_stub( pipes_struct *p ) { - DEBUG(0,("api_dsrole_stub: Hmmm....didn't know this RPC existsed?!??!\n")); + DEBUG(0,("api_dsrole_stub: Hmmm....didn't know this RPC existed...\n")); return False; } diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c index 03e53118a8..632d381503 100644 --- a/source3/rpc_server/srv_util.c +++ b/source3/rpc_server/srv_util.c @@ -307,8 +307,17 @@ BOOL get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SA */ gids = (DOM_GID *)talloc(ctx, sizeof(DOM_GID) * num_entries); - /* for each group, check if the user is a member of*/ + /* for each group, check if the user is a member of. Only include groups + from this domain */ + for(i=0; i<num_entries; i++) { + + if ( !sid_check_is_in_our_domain(&map[i].sid) ) { + DEBUG(10,("get_domain_user_groups: skipping check of %s since it is not in our domain\n", + map[i].nt_name)); + continue; + } + if ((grp=getgrgid(map[i].gid)) == NULL) { /* very weird !!! */ DEBUG(5,("get_domain_user_groups: gid %d doesn't exist anymore !\n", (int)map[i].gid)); diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c index 7fcf25d7c9..0d5bc3a9ab 100644 --- a/source3/smbd/lanman.c +++ b/source3/smbd/lanman.c @@ -1706,13 +1706,24 @@ static BOOL api_NetUserGetGroups(connection_struct *conn,uint16 vuid, char *para int uLevel = SVAL(p,0); const char *level_string; int count=0; + SAM_ACCOUNT *sampw = NULL; + BOOL ret = False; + DOM_GID *gids = NULL; + int num_groups = 0; + int i; + fstring grp_domain; + fstring grp_name; + enum SID_NAME_USE grp_type; + DOM_SID sid, dom_sid; *rparam_len = 8; *rparam = REALLOC(*rparam,*rparam_len); /* check it's a supported varient */ - if (!strcmp(str1,"zWrLeh")) + + if ( strcmp(str1,"zWrLeh") != 0 ) return False; + switch( uLevel ) { case 0: level_string = "B21"; @@ -1732,18 +1743,59 @@ static BOOL api_NetUserGetGroups(connection_struct *conn,uint16 vuid, char *para p = *rdata; - /* XXXX we need a real SAM database some day */ - pstrcpy(p,"Users"); p += 21; count++; - pstrcpy(p,"Domain Users"); p += 21; count++; - pstrcpy(p,"Guests"); p += 21; count++; - pstrcpy(p,"Domain Guests"); p += 21; count++; + /* Lookup the user information; This should only be one of + our accounts (not remote domains) */ + + pdb_init_sam( &sampw ); + + become_root(); /* ROOT BLOCK */ + + if ( !pdb_getsampwnam(sampw, UserName) ) + goto out; + /* this next set of code is horribly inefficient, but since + it is rarely called, I'm going to leave it like this since + it easier to follow --jerry */ + + /* get the list of group SIDs */ + + if ( !get_domain_user_groups(conn->mem_ctx, &num_groups, &gids, sampw) ) { + DEBUG(1,("api_NetUserGetGroups: get_domain_user_groups() failed!\n")); + goto out; + } + + /* convert to names (we don't support universal groups so the domain + can only be ours) */ + + sid_copy( &dom_sid, get_global_sam_sid() ); + for (i=0; i<num_groups; i++) { + + /* make the DOM_GID into a DOM_SID and then lookup + the name */ + + sid_copy( &sid, &dom_sid ); + sid_append_rid( &sid, gids[i].g_rid ); + + if ( lookup_sid(&sid, grp_domain, grp_name, &grp_type) ) { + pstrcpy(p, grp_name); + p += 21; + count++; + } + } + *rdata_len = PTR_DIFF(p,*rdata); SSVAL(*rparam,4,count); /* is this right?? */ SSVAL(*rparam,6,count); /* is this right?? */ - return(True); + ret = True; + +out: + unbecome_root(); /* END ROOT BLOCK */ + + pdb_free_sam( &sampw ); + + return ret; } /******************************************************************* |