From 3bc3fabee2d411947dc936372495b5f3a1498031 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 4 Jan 2003 08:54:43 +0000
Subject: Merge from HEAD - extract user's list of SIDs from their NT_TOKEN and
 return this as thier list of groups, rather than do a seperate lookup.  This
 NT_TOKEN is originally initgroups() (or equiv) based.

We currently send all sids in our domain, perhaps this should be further
restricted, but this works for now.

Andrew Bartlett
(This used to be commit f5850928a011211f03e5b9ece37682fd9243e2ba)
---
 source3/rpc_server/srv_netlog_nt.c | 18 ++++++++----------
 source3/rpc_server/srv_util.c      | 29 +++++++++++++++++++++++++++++
 2 files changed, 37 insertions(+), 10 deletions(-)

(limited to 'source3')

diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index c65ea43e1e..c3d48a6527 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -688,16 +688,14 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
 		
 		pstrcpy(my_name, global_myname());
 
-		/*
-		 * This is the point at which we get the group
-		 * database - we should be getting the gid_t list
-		 * from /etc/group and then turning the uids into
-		 * rids and then into machine sids for this user.
-		 * JRA.
-		 */
-
-  		gids = NULL;
-		get_domain_user_groups(p->mem_ctx, &num_gids, &gids, server_info->sam_account);
+		if (!NT_STATUS_IS_OK(status 
+				     = nt_token_to_group_list(p->mem_ctx, 
+							      &domain_sid, 
+							      server_info->ptok, 
+							      &num_gids, 
+							      &gids))) {
+			return status;
+		}
 
 		init_net_user_info3(p->mem_ctx, usr_info, 
 				    user_rid,
diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 1b2ac34a6e..f33a576db9 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -350,6 +350,35 @@ BOOL get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SA
 	return True;
 }
 
+/*******************************************************************
+ gets a domain user's groups from their already-calculated NT_USER_TOKEN
+ ********************************************************************/
+NTSTATUS nt_token_to_group_list(TALLOC_CTX *mem_ctx, const DOM_SID *domain_sid, 
+				const NT_USER_TOKEN *nt_token,
+				int *numgroups, DOM_GID **pgids) 
+{
+	DOM_GID *gids;
+	int i;
+
+	gids = (DOM_GID *)talloc(mem_ctx, sizeof(*gids) * nt_token->num_sids);
+
+	if (!gids) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	*numgroups=0;
+
+	for (i=PRIMARY_GROUP_SID_INDEX; i < nt_token->num_sids; i++) {
+		if (sid_compare_domain(domain_sid, &nt_token->user_sids[i])==0) {
+			sid_peek_rid(&nt_token->user_sids[i], &(gids[*numgroups].g_rid));
+			gids[*numgroups].attr=7;
+			(*numgroups)++;
+		}
+	}
+	*pgids = gids; 
+	return NT_STATUS_OK;
+}
+
 /*******************************************************************
  Look up a local (domain) rid and return a name and type.
  ********************************************************************/
-- 
cgit