From 0899eed4ab161030732f61988f55b0879de5c5ad Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Fri, 15 Nov 2002 17:57:21 +0000
Subject: enable enumeration of domain local groups using LDAP (and in a native
 mode domain) (This used to be commit
 ff4b2411d146b72f5f578b2e78701f125fec8f08)

---
 source3/nsswitch/winbindd_ads.c | 35 ++++++++++++++++++++++++++++++-----
 1 file changed, 30 insertions(+), 5 deletions(-)

(limited to 'source3')

diff --git a/source3/nsswitch/winbindd_ads.c b/source3/nsswitch/winbindd_ads.c
index abdb4f9ef6..709b134c45 100644
--- a/source3/nsswitch/winbindd_ads.c
+++ b/source3/nsswitch/winbindd_ads.c
@@ -204,6 +204,7 @@ static NTSTATUS enum_dom_groups(struct winbindd_domain *domain,
 	void *res = NULL;
 	void *msg = NULL;
 	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+	uint32 group_flags;
 
 	*num_entries = 0;
 
@@ -231,6 +232,10 @@ static NTSTATUS enum_dom_groups(struct winbindd_domain *domain,
 	}
 
 	i = 0;
+	
+	group_flags = ATYPE_GLOBAL_GROUP;
+	if ( domain->native_mode )
+		group_flags |= ATYPE_LOCAL_GROUP;
 
 	for (msg = ads_first_entry(ads, res); msg; msg = ads_next_entry(ads, msg)) {
 		char *name, *gecos;
@@ -238,10 +243,9 @@ static NTSTATUS enum_dom_groups(struct winbindd_domain *domain,
 		uint32 rid;
 		uint32 account_type;
 
-		if (!ads_pull_uint32(ads, msg, "sAMAccountType", 
-				     &account_type) ||
-		    !(account_type & ATYPE_GLOBAL_GROUP)) continue;
-
+		if (!ads_pull_uint32(ads, msg, "sAMAccountType", &account_type) || !(account_type & group_flags) ) 
+			continue; 
+			
 		name = ads_pull_username(ads, mem_ctx, msg);
 		gecos = ads_pull_string(ads, mem_ctx, msg, "name");
 		if (!ads_pull_sid(ads, msg, "objectSid", &sid)) {
@@ -272,6 +276,27 @@ done:
 	return status;
 }
 
+/* list all domain local groups */
+static NTSTATUS enum_local_groups(struct winbindd_domain *domain,
+				TALLOC_CTX *mem_ctx,
+				uint32 *num_entries, 
+				struct acct_info **info)
+{
+	/*
+	 * This is a stub function only as we returned the domain 
+	 * ocal groups in enum_dom_groups() if the domain->native field
+	 * was true.  This is a simple performance optimization when
+	 * using LDAP.
+	 *
+	 * if we ever need to enumerate domain local groups separately, 
+	 * then this the optimization in enum_dom_groups() will need 
+	 * to be split out
+	 */
+	*num_entries = 0;
+	
+	return NT_STATUS_OK;
+}
+
 /* convert a single name to a sid in a domain */
 static NTSTATUS name_to_sid(struct winbindd_domain *domain,
 			    const char *name,
@@ -675,7 +700,7 @@ struct winbindd_methods ads_methods = {
 	True,
 	query_user_list,
 	enum_dom_groups,
-	NULL,
+	enum_local_groups,
 	name_to_sid,
 	sid_to_name,
 	query_user,
-- 
cgit