From af365408d5056ea5eeaafd5df23196d9ba19de58 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 25 Nov 2002 06:54:22 +0000 Subject: Instead of walking the entire group database, grabbing all members of each group, testing for membership etc, use the already calculated NT_USER_TOKEN. (which is initgroups() based) So far we only fill out the 'domain' groups - we need to fill out the 'other sids' as well, and we possibly need to filter the list for 'domain groups' only (the old code did that), but Win2k doesn't seem to mind this for now. I also need to find out what the magic '7' is about. Fortunetly JF is in town, so I'll grill him tomorrow :-). Andrew Bartlett (This used to be commit 7e846e7387247f8bc2b07a1a1006014c6978143b) --- source3/rpc_server/srv_util.c | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) (limited to 'source3/rpc_server/srv_util.c') diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c index 519daff1f6..72a057b91c 100644 --- a/source3/rpc_server/srv_util.c +++ b/source3/rpc_server/srv_util.c @@ -342,6 +342,7 @@ BOOL get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SA DEBUG(0,("get_domain_user_groups: primary gid of user [%s] is not a Domain group !\n", user_name)); DEBUGADD(0,("get_domain_user_groups: You should fix it, NT doesn't like that\n")); + done: *pgids=gids; *numgroups=cur_gid; @@ -350,6 +351,35 @@ BOOL get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SA return True; } +/******************************************************************* + gets a domain user's groups from their already-calculated NT_USER_TOKEN + ********************************************************************/ +NTSTATUS nt_token_to_group_list(TALLOC_CTX *mem_ctx, const DOM_SID *domain_sid, + const NT_USER_TOKEN *nt_token, + int *numgroups, DOM_GID **pgids) +{ + DOM_GID *gids; + int i; + + gids = (DOM_GID *)talloc(mem_ctx, sizeof(*gids) * nt_token->num_sids); + + if (!gids) { + return NT_STATUS_NO_MEMORY; + } + + *numgroups=0; + + for (i=PRIMARY_GROUP_SID_INDEX; i < nt_token->num_sids; i++) { + if (sid_compare_domain(domain_sid, &nt_token->user_sids[i])==0) { + sid_peek_rid(&nt_token->user_sids[i], &(gids[*numgroups].g_rid)); + gids[*numgroups].attr=7; + (*numgroups)++; + } + } + *pgids = gids; + return NT_STATUS_OK; +} + /******************************************************************* Look up a local (domain) rid and return a name and type. ********************************************************************/ -- cgit