From bea4541e11f0664aaa8b62d525e0a02b14fc3afa Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 4 Apr 2008 02:53:40 +0200 Subject: Use sid_array_from_info3 in lookup_usergroups_cached(). Guenther (This used to be commit 65b4cb20ea3fb806cfd50281e08f32bea70fafce) --- source3/auth/auth_util.c | 2 +- source3/lib/util_sid.c | 9 +++++++- source3/winbindd/winbindd_pam.c | 2 +- source3/winbindd/winbindd_util.c | 50 ++++++++-------------------------------- 4 files changed, 20 insertions(+), 43 deletions(-) (limited to 'source3') diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index a95a59ea46..7013285809 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -1620,7 +1620,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, nt_status = sid_array_from_info3(result, info3, &result->sids, &result->num_sids, - False); + false, false); if (!NT_STATUS_IS_OK(nt_status)) { TALLOC_FREE(result); return nt_status; diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c index fd2e93a697..6b83f9ce65 100644 --- a/source3/lib/util_sid.c +++ b/source3/lib/util_sid.c @@ -668,7 +668,8 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx, const struct netr_SamInfo3 *info3, DOM_SID **user_sids, size_t *num_user_sids, - bool include_user_group_rid) + bool include_user_group_rid, + bool skip_ressource_groups) { NTSTATUS status; DOM_SID sid; @@ -728,6 +729,12 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx, */ for (i = 0; i < info3->sidcount; i++) { + + if (skip_ressource_groups && + (info3->sids[i].attributes & SE_GROUP_RESOURCE)) { + continue; + } + status = add_sid_to_array(mem_ctx, info3->sids[i].sid, &sid_array, &num_sids); if (!NT_STATUS_IS_OK(status)) { diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index 972a3bf3b9..bc27f3db20 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -313,7 +313,7 @@ static NTSTATUS check_info3_in_group(TALLOC_CTX *mem_ctx, status = sid_array_from_info3(mem_ctx, info3, &token->user_sids, &token->num_sids, - True); + true, false); if (!NT_STATUS_IS_OK(status)) { return status; } diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c index 641fd5a9f5..ec97b49428 100644 --- a/source3/winbindd/winbindd_util.c +++ b/source3/winbindd/winbindd_util.c @@ -1274,14 +1274,11 @@ NTSTATUS lookup_usergroups_cached(struct winbindd_domain *domain, { struct netr_SamInfo3 *info3 = NULL; NTSTATUS status = NT_STATUS_NO_MEMORY; - int i; size_t num_groups = 0; - DOM_SID group_sid, primary_group; - + DEBUG(3,(": lookup_usergroups_cached\n")); - + *user_sids = NULL; - num_groups = 0; *p_num_groups = 0; info3 = netsamlogon_cache_get(mem_ctx, user_sid); @@ -1294,46 +1291,19 @@ NTSTATUS lookup_usergroups_cached(struct winbindd_domain *domain, TALLOC_FREE(info3); return NT_STATUS_UNSUCCESSFUL; } - - /* always add the primary group to the sid array */ - sid_compose(&primary_group, info3->base.domain_sid, info3->base.rid); - - status = add_sid_to_array(mem_ctx, &primary_group, user_sids, - &num_groups); + + /* Skip Domain local groups outside our domain. + We'll get these from the getsidaliases() RPC call. */ + status = sid_array_from_info3(mem_ctx, info3, + user_sids, + &num_groups, + true, true); + if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(info3); return status; } - for (i=0; i < info3->base.groups.count; i++) { - sid_copy(&group_sid, info3->base.domain_sid); - sid_append_rid(&group_sid, info3->base.groups.rids[i].rid); - - status = add_sid_to_array(mem_ctx, &group_sid, user_sids, - &num_groups); - if (!NT_STATUS_IS_OK(status)) { - TALLOC_FREE(info3); - return status; - } - } - - /* Add any Universal groups in the other_sids list */ - - for (i=0; i < info3->sidcount; i++) { - /* Skip Domain local groups outside our domain. - We'll get these from the getsidaliases() RPC call. */ - if (info3->sids[i].attributes & SE_GROUP_RESOURCE) - continue; - - status = add_sid_to_array(mem_ctx, info3->sids[i].sid, - user_sids, &num_groups); - if (!NT_STATUS_IS_OK(status)) { - TALLOC_FREE(info3); - return status; - } - } - - TALLOC_FREE(info3); *p_num_groups = num_groups; status = (user_sids != NULL) ? NT_STATUS_OK : NT_STATUS_NO_MEMORY; -- cgit