From e84ead0cfdc5e45a577387cc54dceb4c3f32948a Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vlendec@samba.org>
Date: Sun, 27 Mar 2005 16:33:04 +0000
Subject: r6080: Port some of the non-critical changes from HEAD to 3_0. The
 main one is the change in pdb_enum_alias_memberships to match samr.idl a bit
 closer.

Volker
(This used to be commit 3a6786516957d9f67af6d53a3167c88aa272972f)
---
 source3/groupdb/mapping.c         | 41 ++++++++++++++++++++++++----
 source3/include/passdb.h          | 15 +++++++----
 source3/lib/privileges.c          |  2 +-
 source3/lib/system_smbd.c         |  4 +--
 source3/lib/util.c                | 10 ++++---
 source3/lib/util_sid.c            | 27 ++++++++++++++++---
 source3/lib/util_smbd.c           |  4 +--
 source3/nsswitch/winbindd_group.c | 57 ++++++++++++++++++++++++++++++++++++---
 source3/passdb/pdb_interface.c    | 25 ++++++++++-------
 source3/passdb/pdb_ldap.c         | 31 +++++++++++----------
 source3/rpc_server/srv_samr_nt.c  | 37 +++++++------------------
 source3/rpcclient/cmd_samr.c      | 54 ++++++++++++++++++++++++-------------
 source3/utils/net_groupmap.c      | 52 ++++++++++++++++++++++++++++-------
 13 files changed, 253 insertions(+), 106 deletions(-)

(limited to 'source3')

diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c
index 5613240a12..83ba575759 100644
--- a/source3/groupdb/mapping.c
+++ b/source3/groupdb/mapping.c
@@ -518,7 +518,7 @@ static NTSTATUS one_alias_membership(const DOM_SID *member,
 		if (!string_to_sid(&alias, string_sid))
 			continue;
 
-		add_sid_to_array_unique(&alias, sids, num);
+		add_sid_to_array_unique(NULL, &alias, sids, num);
 
 		if (sids == NULL)
 			return NT_STATUS_NO_MEMORY;
@@ -665,7 +665,7 @@ static int collect_aliasmem(TDB_CONTEXT *tdb_ctx, TDB_DATA key, TDB_DATA data,
 		if (!string_to_sid(&member, member_string))
 			continue;
 		
-		add_sid_to_array(&member, closure->sids, closure->num);
+		add_sid_to_array(NULL, &member, closure->sids, closure->num);
 	}
 
 	return 0;
@@ -1348,11 +1348,42 @@ NTSTATUS pdb_default_enum_aliasmem(struct pdb_methods *methods,
 }
 
 NTSTATUS pdb_default_alias_memberships(struct pdb_methods *methods,
-				       const DOM_SID *members,
+				       TALLOC_CTX *mem_ctx,
+				       const DOM_SID *domain_sid,
+				       const DOM_SID const *members,
 				       int num_members,
-				       DOM_SID **aliases, int *num)
+				       uint32 **alias_rids,
+				       int *num_alias_rids)
 {
-	return alias_memberships(members, num_members, aliases, num);
+	DOM_SID *alias_sids;
+	int i, num_alias_sids;
+	NTSTATUS result;
+
+	alias_sids = NULL;
+	num_alias_sids = 0;
+
+	result = alias_memberships(members, num_members,
+				   &alias_sids, &num_alias_sids);
+
+	if (!NT_STATUS_IS_OK(result))
+		return result;
+
+	*alias_rids = TALLOC_ARRAY(mem_ctx, uint32, num_alias_sids);
+	if ((alias_sids != 0) && (*alias_rids == NULL))
+		return NT_STATUS_NO_MEMORY;
+
+	*num_alias_rids = 0;
+
+	for (i=0; i<num_alias_sids; i++) {
+		if (!sid_peek_check_rid(domain_sid, &alias_sids[i],
+					&(*alias_rids)[*num_alias_rids]))
+			continue;
+		*num_alias_rids += 1;
+	}
+
+	SAFE_FREE(alias_sids);
+
+	return NT_STATUS_OK;
 }
 
 /**********************************************************************
diff --git a/source3/include/passdb.h b/source3/include/passdb.h
index ca65a4e5e8..f711eaf578 100644
--- a/source3/include/passdb.h
+++ b/source3/include/passdb.h
@@ -337,10 +337,12 @@ typedef struct pdb_context
 				      DOM_SID **members, int *num_members);
 
 	NTSTATUS (*pdb_enum_alias_memberships)(struct pdb_context *context,
-					       const DOM_SID *members,
+					       TALLOC_CTX *mem_ctx,
+					       const DOM_SID *domain_sid,
+					       const DOM_SID const *members,
 					       int num_members,
-					       DOM_SID **aliases,
-					       int *num_aliases);
+					       uint32 **alias_rids,
+					       int *num_alias_rids);
 
 	NTSTATUS (*pdb_lookup_rids)(struct pdb_context *context,
 				    TALLOC_CTX *mem_ctx,
@@ -445,9 +447,12 @@ typedef struct pdb_methods
 				  const DOM_SID *alias, DOM_SID **members,
 				  int *num_members);
 	NTSTATUS (*enum_alias_memberships)(struct pdb_methods *methods,
-					   const DOM_SID *members,
+					   TALLOC_CTX *mem_ctx,
+					   const DOM_SID *domain_sid,
+					   const DOM_SID const *members,
 					   int num_members,
-					   DOM_SID **aliases, int *num);
+					   uint32 **alias_rids,
+					   int *num_alias_rids);
 	NTSTATUS (*lookup_rids)(struct pdb_methods *methods,
 				TALLOC_CTX *mem_ctx,
 				const DOM_SID *domain_sid,
diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c
index b60832c8d8..e01561de06 100644
--- a/source3/lib/privileges.c
+++ b/source3/lib/privileges.c
@@ -497,7 +497,7 @@ static int priv_traverse_fn(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void *s
 		return 0;
 	}
 
-	add_sid_to_array( &sid, &priv->sids.list, &priv->sids.count );
+	add_sid_to_array( NULL, &sid, &priv->sids.list, &priv->sids.count );
 	
 	return 0;
 }
diff --git a/source3/lib/system_smbd.c b/source3/lib/system_smbd.c
index c83eecf173..f124983006 100644
--- a/source3/lib/system_smbd.c
+++ b/source3/lib/system_smbd.c
@@ -178,10 +178,10 @@ BOOL getgroups_user(const char *user, gid_t primary_gid,
 	groups = NULL;
 
 	/* Add in primary group first */
-	add_gid_to_array_unique(primary_gid, &groups, &ngrp);
+	add_gid_to_array_unique(NULL, primary_gid, &groups, &ngrp);
 
 	for (i=0; i<max_grp; i++)
-		add_gid_to_array_unique(temp_groups[i], &groups, &ngrp);
+		add_gid_to_array_unique(NULL, temp_groups[i], &groups, &ngrp);
 
 	*ngroups = ngrp;
 	*ret_groups = groups;
diff --git a/source3/lib/util.c b/source3/lib/util.c
index 8f6a381944..d945bca5a7 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -277,7 +277,8 @@ const char *tmpdir(void)
  Add a gid to an array of gids if it's not already there.
 ****************************************************************************/
 
-void add_gid_to_array_unique(gid_t gid, gid_t **gids, int *num)
+void add_gid_to_array_unique(TALLOC_CTX *mem_ctx, gid_t gid,
+			     gid_t **gids, int *num)
 {
 	int i;
 
@@ -285,8 +286,11 @@ void add_gid_to_array_unique(gid_t gid, gid_t **gids, int *num)
 		if ((*gids)[i] == gid)
 			return;
 	}
-	
-	*gids = SMB_REALLOC_ARRAY(*gids, gid_t, *num+1);
+
+	if (mem_ctx != NULL)
+		*gids = TALLOC_REALLOC_ARRAY(mem_ctx, *gids, gid_t, *num+1);
+	else
+		*gids = SMB_REALLOC_ARRAY(*gids, gid_t, *num+1);
 
 	if (*gids == NULL)
 		return;
diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c
index 0ba774e184..00fb40cd73 100644
--- a/source3/lib/util_sid.c
+++ b/source3/lib/util_sid.c
@@ -351,6 +351,19 @@ BOOL string_to_sid(DOM_SID *sidout, const char *sidstr)
 	return True;
 }
 
+DOM_SID *string_sid_talloc(TALLOC_CTX *mem_ctx, const char *sidstr)
+{
+	DOM_SID *result = TALLOC_P(mem_ctx, DOM_SID);
+
+	if (result == NULL)
+		return NULL;
+
+	if (!string_to_sid(result, sidstr))
+		return NULL;
+
+	return result;
+}
+
 /*****************************************************************
  Add a rid to the end of a sid
 *****************************************************************/  
@@ -652,9 +665,14 @@ DOM_SID *sid_dup_talloc(TALLOC_CTX *ctx, const DOM_SID *src)
  Add SID to an array SIDs
 ********************************************************************/
 
-void add_sid_to_array(const DOM_SID *sid, DOM_SID **sids, int *num)
+void add_sid_to_array(TALLOC_CTX *mem_ctx, const DOM_SID *sid,
+		      DOM_SID **sids, int *num)
 {
-	*sids = SMB_REALLOC_ARRAY(*sids, DOM_SID, (*num)+1);
+	if (mem_ctx != NULL)
+		*sids = TALLOC_REALLOC_ARRAY(mem_ctx, *sids, DOM_SID,
+					     (*num)+1);
+	else
+		*sids = SMB_REALLOC_ARRAY(*sids, DOM_SID, (*num)+1);
 
 	if (*sids == NULL)
 		return;
@@ -670,7 +688,8 @@ void add_sid_to_array(const DOM_SID *sid, DOM_SID **sids, int *num)
  Add SID to an array SIDs ensuring that it is not already there
 ********************************************************************/
 
-void add_sid_to_array_unique(const DOM_SID *sid, DOM_SID **sids, int *num_sids)
+void add_sid_to_array_unique(TALLOC_CTX *mem_ctx, const DOM_SID *sid,
+			     DOM_SID **sids, int *num_sids)
 {
 	int i;
 
@@ -679,7 +698,7 @@ void add_sid_to_array_unique(const DOM_SID *sid, DOM_SID **sids, int *num_sids)
 			return;
 	}
 
-	add_sid_to_array(sid, sids, num_sids);
+	add_sid_to_array(mem_ctx, sid, sids, num_sids);
 }
 
 /********************************************************************
diff --git a/source3/lib/util_smbd.c b/source3/lib/util_smbd.c
index 586362c1e4..c6f6bc0a32 100644
--- a/source3/lib/util_smbd.c
+++ b/source3/lib/util_smbd.c
@@ -73,10 +73,10 @@ BOOL getgroups_user(const char *user, gid_t primary_gid, gid_t **ret_groups, int
 	groups = NULL;
 
 	/* Add in primary group first */
-	add_gid_to_array_unique(primary_gid, &groups, &ngrp);
+	add_gid_to_array_unique(NULL, primary_gid, &groups, &ngrp);
 
 	for (i=0; i<max_grp; i++)
-		add_gid_to_array_unique(temp_groups[i], &groups, &ngrp);
+		add_gid_to_array_unique(NULL, temp_groups[i], &groups, &ngrp);
 
 	*ngroups = ngrp;
 	*ret_groups = groups;
diff --git a/source3/nsswitch/winbindd_group.c b/source3/nsswitch/winbindd_group.c
index c2371c48c5..b2a2a9b397 100644
--- a/source3/nsswitch/winbindd_group.c
+++ b/source3/nsswitch/winbindd_group.c
@@ -920,6 +920,55 @@ enum winbindd_result winbindd_list_groups(struct winbindd_cli_state *state)
 	return WINBINDD_OK;
 }
 
+static BOOL enum_alias_memberships(const DOM_SID *member_sid,
+				   DOM_SID **aliases, int *num_aliases)
+{
+	TALLOC_CTX *mem_ctx = talloc_init("enum_alias_memberships");
+	DOM_SID builtin_sid;
+
+	uint32 *rids = NULL;
+	int i, num_rids = 0;
+
+	BOOL result = False;
+
+	if (mem_ctx == NULL)
+		return False;
+	
+	*aliases = NULL;
+	*num_aliases = 0;
+
+	if (!pdb_enum_alias_memberships(mem_ctx, get_global_sam_sid(),
+					member_sid, 1, &rids, &num_rids))
+		goto done;
+
+	for (i=0; i<num_rids; i++) {
+		DOM_SID alias_sid;
+		sid_copy(&alias_sid, get_global_sam_sid());
+		sid_append_rid(&alias_sid, rids[i]);
+		add_sid_to_array(NULL, &alias_sid, aliases, num_aliases);
+	}
+
+	string_to_sid(&builtin_sid, "S-1-5-32");
+
+	if (!pdb_enum_alias_memberships(mem_ctx, &builtin_sid,
+					member_sid, 1, &rids, &num_rids))
+		goto done;
+
+	for (i=0; i<num_rids; i++) {
+		DOM_SID alias_sid;
+		sid_copy(&alias_sid, &builtin_sid);
+		sid_append_rid(&alias_sid, rids[i]);
+		add_sid_to_array(NULL, &alias_sid, aliases, num_aliases);
+	}
+
+	result = True;
+ done:
+	if (mem_ctx != NULL)
+		talloc_destroy(mem_ctx);
+
+	return result;
+}
+
 static void add_local_gids_from_sid(DOM_SID *sid, gid_t **gids, int *num)
 {
 	gid_t gid;
@@ -937,7 +986,7 @@ static void add_local_gids_from_sid(DOM_SID *sid, gid_t **gids, int *num)
 
 	/* Add nested group memberships */
 
-	if (!pdb_enum_alias_memberships(sid, 1, &aliases, &num_aliases))
+	if (!enum_alias_memberships(sid, &aliases, &num_aliases))
 		return;
 
 	for (j=0; j<num_aliases; j++) {
@@ -953,7 +1002,7 @@ static void add_local_gids_from_sid(DOM_SID *sid, gid_t **gids, int *num)
 			continue;
 		}
 
-		add_gid_to_array_unique(gid, gids, num);
+		add_gid_to_array_unique(NULL, gid, gids, num);
 	}
 	SAFE_FREE(aliases);
 }
@@ -974,7 +1023,7 @@ static void add_gids_from_group_sid(DOM_SID *sid, gid_t **gids, int *num)
 		   sid_string_static(sid)));
 
 	if (NT_STATUS_IS_OK(idmap_sid_to_gid(sid, &gid, 0)))
-		add_gid_to_array_unique(gid, gids, num);
+		add_gid_to_array_unique(NULL, gid, gids, num);
 
 	add_local_gids_from_sid(sid, gids, num);
 }
@@ -1170,7 +1219,7 @@ static void add_local_sids_from_sid(TALLOC_CTX *mem_ctx, const DOM_SID *sid,
 	DOM_SID *aliases = NULL;
 	int i, num_aliases = 0;
 
-	if (!pdb_enum_alias_memberships(sid, 1, &aliases, &num_aliases))
+	if (!enum_alias_memberships(sid, &aliases, &num_aliases))
 		return;
 
 	if (num_aliases == 0)
diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c
index 949ee83dcd..e61cf33279 100644
--- a/source3/passdb/pdb_interface.c
+++ b/source3/passdb/pdb_interface.c
@@ -643,9 +643,12 @@ static NTSTATUS context_enum_aliasmem(struct pdb_context *context,
 }
 	
 static NTSTATUS context_enum_alias_memberships(struct pdb_context *context,
-					       const DOM_SID *members,
+					       TALLOC_CTX *mem_ctx,
+					       const DOM_SID *domain_sid,
+					       const DOM_SID const *members,
 					       int num_members,
-					       DOM_SID **aliases, int *num)
+					       uint32 **alias_rids,
+					       int *num_alias_rids)
 {
 	NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
 
@@ -655,8 +658,9 @@ static NTSTATUS context_enum_alias_memberships(struct pdb_context *context,
 	}
 
 	return context->pdb_methods->
-		enum_alias_memberships(context->pdb_methods, members,
-				       num_members, aliases, num);
+		enum_alias_memberships(context->pdb_methods, mem_ctx,
+				       domain_sid, members, num_members,
+				       alias_rids, num_alias_rids);
 }
 
 static NTSTATUS context_lookup_rids(struct pdb_context *context,
@@ -1273,8 +1277,9 @@ BOOL pdb_enum_aliasmem(const DOM_SID *alias,
 						 members, num_members));
 }
 
-BOOL pdb_enum_alias_memberships(const DOM_SID *members, int num_members,
-				DOM_SID **aliases, int *num)
+BOOL pdb_enum_alias_memberships(TALLOC_CTX *mem_ctx, const DOM_SID *domain_sid,
+				const DOM_SID const *members, int num_members,
+				uint32 **alias_rids, int *num_alias_rids)
 {
 	struct pdb_context *pdb_context = pdb_get_static_context(False);
 
@@ -1283,9 +1288,11 @@ BOOL pdb_enum_alias_memberships(const DOM_SID *members, int num_members,
 	}
 
 	return NT_STATUS_IS_OK(pdb_context->
-			       pdb_enum_alias_memberships(pdb_context, members,
-							  num_members,
-							  aliases, num));
+			       pdb_enum_alias_memberships(pdb_context, mem_ctx,
+							  domain_sid,
+							  members, num_members,
+							  alias_rids,
+							  num_alias_rids));
 }
 
 NTSTATUS pdb_lookup_rids(TALLOC_CTX *mem_ctx,
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 14c764f12f..6597dc0fb2 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -2469,11 +2469,11 @@ static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods,
 
 	/* We need to add the primary group as the first gid/sid */
 
-	add_gid_to_array_unique(primary_gid, gids, &num_gids);
+	add_gid_to_array_unique(NULL, primary_gid, gids, &num_gids);
 
 	/* This sid will be replaced later */
 
-	add_sid_to_array_unique(&global_sid_NULL, sids, &num_sids);
+	add_sid_to_array_unique(NULL, &global_sid_NULL, sids, &num_sids);
 
 	for (entry = ldap_first_entry(conn->ldap_struct, msg);
 	     entry != NULL;
@@ -2505,8 +2505,8 @@ static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods,
 		if (gid == primary_gid) {
 			sid_copy(&(*sids)[0], &sid);
 		} else {
-			add_gid_to_array_unique(gid, gids, &num_gids);
-			add_sid_to_array_unique(&sid, sids, &num_sids);
+			add_gid_to_array_unique(NULL, gid, gids, &num_gids);
+			add_sid_to_array_unique(NULL, &sid, sids, &num_sids);
 		}
 	}
 
@@ -3052,7 +3052,7 @@ static NTSTATUS ldapsam_enum_aliasmem(struct pdb_methods *methods,
 		if (!string_to_sid(&member, values[i]))
 			continue;
 
-		add_sid_to_array(&member, members, num_members);
+		add_sid_to_array(NULL, &member, members, num_members);
 	}
 
 	ldap_value_free(values);
@@ -3062,9 +3062,12 @@ static NTSTATUS ldapsam_enum_aliasmem(struct pdb_methods *methods,
 }
 
 static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods,
+					  TALLOC_CTX *mem_ctx,
+					  const DOM_SID *domain_sid,
 					  const DOM_SID *members,
 					  int num_members,
-					  DOM_SID **aliases, int *num_aliases)
+					  uint32 **alias_rids,
+					  int *num_alias_rids)
 {
 	struct ldapsam_privates *ldap_state =
 		(struct ldapsam_privates *)methods->private_data;
@@ -3077,12 +3080,6 @@ static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods,
 	int i;
 	int rc;
 	char *filter;
-	TALLOC_CTX *mem_ctx;
-
-	mem_ctx = talloc_init("ldapsam_alias_memberships");
-
-	if (mem_ctx == NULL)
-		return NT_STATUS_NO_MEMORY;
 
 	/* This query could be further optimized by adding a
 	   (&(sambaSID=<domain-sid>*)) so that only those aliases that are
@@ -3107,9 +3104,6 @@ static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods,
 	if (rc != LDAP_SUCCESS)
 		return NT_STATUS_UNSUCCESSFUL;
 
-	*aliases = NULL;
-	*num_aliases = 0;
-
 	ldap_struct = ldap_state->smbldap_state->ldap_struct;
 
 	for (entry = ldap_first_entry(ldap_struct, result);
@@ -3118,6 +3112,7 @@ static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods,
 	{
 		fstring sid_str;
 		DOM_SID sid;
+		uint32 rid;
 
 		if (!smbldap_get_single_attribute(ldap_struct, entry,
 						  LDAP_ATTRIBUTE_SID,
@@ -3128,7 +3123,11 @@ static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods,
 		if (!string_to_sid(&sid, sid_str))
 			continue;
 
-		add_sid_to_array_unique(&sid, aliases, num_aliases);
+		if (!sid_peek_check_rid(domain_sid, &sid, &rid))
+			continue;
+
+		add_rid_to_array_unique(mem_ctx, rid, alias_rids,
+					num_alias_rids);
 	}
 
 	ldap_msgfree(result);
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 001da3f3ea..7294a46d75 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -3230,8 +3230,8 @@ NTSTATUS _samr_set_userinfo2(pipes_struct *p, SAMR_Q_SET_USERINFO2 *q_u, SAMR_R_
 
 NTSTATUS _samr_query_useraliases(pipes_struct *p, SAMR_Q_QUERY_USERALIASES *q_u, SAMR_R_QUERY_USERALIASES *r_u)
 {
-	int num_groups = 0;
-	uint32 *rids=NULL;
+	int num_alias_rids;
+	uint32 *alias_rids;
 	struct samr_info *info = NULL;
 	int i;
 		
@@ -3239,8 +3239,6 @@ NTSTATUS _samr_query_useraliases(pipes_struct *p, SAMR_Q_QUERY_USERALIASES *q_u,
 	NTSTATUS ntstatus2;
 
 	DOM_SID *members;
-	DOM_SID *aliases;
-	int num_aliases;
 	BOOL res;
 
 	r_u->status = NT_STATUS_OK;
@@ -3273,35 +3271,20 @@ NTSTATUS _samr_query_useraliases(pipes_struct *p, SAMR_Q_QUERY_USERALIASES *q_u,
 	for (i=0; i<q_u->num_sids1; i++)
 		sid_copy(&members[i], &q_u->sid[i].sid);
 
+	alias_rids = NULL;
+	num_alias_rids = 0;
+
 	become_root();
-	res = pdb_enum_alias_memberships(members,
-					 q_u->num_sids1, &aliases,
-					 &num_aliases);
+	res = pdb_enum_alias_memberships(p->mem_ctx, &info->sid, members,
+					 q_u->num_sids1,
+					 &alias_rids, &num_alias_rids);
 	unbecome_root();
 
 	if (!res)
 		return NT_STATUS_UNSUCCESSFUL;
 
-	rids = NULL;
-	num_groups = 0;
-
-	for (i=0; i<num_aliases; i++) {
-		uint32 rid;
-
-		if (!sid_peek_check_rid(&info->sid, &aliases[i], &rid))
-			continue;
-
-		rids = TALLOC_REALLOC_ARRAY(p->mem_ctx, rids, uint32, num_groups+1);
-
-		if (rids == NULL)
-			return NT_STATUS_NO_MEMORY;
-
-		rids[num_groups] = rid;
-		num_groups += 1;
-	}
-	SAFE_FREE(aliases);
-
-	init_samr_r_query_useraliases(r_u, num_groups, rids, NT_STATUS_OK);
+	init_samr_r_query_useraliases(r_u, num_alias_rids, alias_rids,
+				      NT_STATUS_OK);
 	return NT_STATUS_OK;
 }
 
diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c
index d3f8954050..f327004911 100644
--- a/source3/rpcclient/cmd_samr.c
+++ b/source3/rpcclient/cmd_samr.c
@@ -568,25 +568,42 @@ static NTSTATUS cmd_samr_query_useraliases(struct cli_state *cli,
 {
 	POLICY_HND 		connect_pol, domain_pol;
 	NTSTATUS		result = NT_STATUS_UNSUCCESSFUL;
-	uint32 			user_rid, num_aliases, *alias_rids;
+	DOM_SID                *sids;
+	int                     num_sids;
+	uint32 			num_aliases, *alias_rids;
 	uint32			access_mask = MAXIMUM_ALLOWED_ACCESS;
 	int 			i;
 	fstring			server;
-	DOM_SID			tmp_sid;
-	DOM_SID2		sid;
+	DOM_SID2	       *sid2;
 	DOM_SID global_sid_Builtin;
 
 	string_to_sid(&global_sid_Builtin, "S-1-5-32");
 
-	if ((argc < 3) || (argc > 4)) {
-		printf("Usage: %s builtin|domain rid [access mask]\n", argv[0]);
-		return NT_STATUS_OK;
+	if (argc < 3) {
+		printf("Usage: %s builtin|domain sid1 sid2 ...\n", argv[0]);
+		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-	sscanf(argv[2], "%i", &user_rid);
-	
-	if (argc > 3)
-		sscanf(argv[3], "%x", &access_mask);
+	sids = NULL;
+	num_sids = 0;
+
+	for (i=2; i<argc; i++) {
+		DOM_SID tmp_sid;
+		if (!string_to_sid(&tmp_sid, argv[i])) {
+			printf("%s is not a legal SID\n", argv[i]);
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+		add_sid_to_array(mem_ctx, &tmp_sid, &sids, &num_sids);
+	}
+
+	sid2 = TALLOC_ARRAY(mem_ctx, DOM_SID2, num_sids);
+	if (sid2 == NULL)
+		return NT_STATUS_NO_MEMORY;
+
+	for (i=0; i<num_sids; i++) {
+		sid_copy(&sid2[i].sid, &sids[i]);
+		sid2[i].num_auths = sid2[i].sid.num_auths;
+	}
 
 	slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
 	strupper_m(server);
@@ -604,18 +621,19 @@ static NTSTATUS cmd_samr_query_useraliases(struct cli_state *cli,
 	else if (StrCaseCmp(argv[1], "builtin")==0)
 		result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
 					      access_mask,
-					      &global_sid_Builtin, &domain_pol);
-	else
-		return NT_STATUS_OK;
+					      &global_sid_Builtin,
+					      &domain_pol);
+	else {
+		printf("Usage: %s builtin|domain sid1 sid2 ...\n", argv[0]);
+		return NT_STATUS_INVALID_PARAMETER;
+	}
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
-	sid_copy(&tmp_sid, &domain_sid);
-	sid_append_rid(&tmp_sid, user_rid);
-	init_dom_sid2(&sid, &tmp_sid);
-
-	result = cli_samr_query_useraliases(cli, mem_ctx, &domain_pol, 1, &sid, &num_aliases, &alias_rids);
+	result = cli_samr_query_useraliases(cli, mem_ctx, &domain_pol,
+					    num_sids, sid2,
+					    &num_aliases, &alias_rids);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
diff --git a/source3/utils/net_groupmap.c b/source3/utils/net_groupmap.c
index a63e8176f8..b20a37c726 100644
--- a/source3/utils/net_groupmap.c
+++ b/source3/utils/net_groupmap.c
@@ -693,12 +693,37 @@ static int net_groupmap_listmem(int argc, const char **argv)
 	return 0;
 }
 
+static BOOL print_alias_memberships(TALLOC_CTX *mem_ctx,
+				    const DOM_SID *domain_sid,
+				    const DOM_SID *member)
+{
+	uint32 *alias_rids;
+	int i, num_alias_rids;
+
+	alias_rids = NULL;
+	num_alias_rids = 0;
+
+	if (!pdb_enum_alias_memberships(mem_ctx, domain_sid, member, 1,
+					&alias_rids, &num_alias_rids)) {
+		d_printf("Could not list memberships for sid %s\n",
+			 sid_string_static(member));
+		return False;
+	}
+
+	for (i = 0; i < num_alias_rids; i++) {
+		DOM_SID alias;
+		sid_copy(&alias, domain_sid);
+		sid_append_rid(&alias, alias_rids[i]);
+		printf("%s\n", sid_string_static(&alias));
+	}
+
+	return True;
+}
+
 static int net_groupmap_memberships(int argc, const char **argv)
 {
-	DOM_SID member;
-	DOM_SID *aliases;
-	int i, num;
-	NTSTATUS result;
+	TALLOC_CTX *mem_ctx;
+	DOM_SID *domain_sid, *builtin_sid, member;
 
 	if ( (argc != 1) || 
 	     !string_to_sid(&member, argv[0]) ) {
@@ -706,17 +731,24 @@ static int net_groupmap_memberships(int argc, const char **argv)
 		return -1;
 	}
 
-	if (!pdb_enum_alias_memberships(&member, 1, &aliases, &num)) {
-		d_printf("Could not list memberships for sid %s: %s\n",
-			 argv[0], nt_errstr(result));
+	mem_ctx = talloc_init("net_groupmap_memberships");
+	if (mem_ctx == NULL) {
+		d_printf("talloc_init failed\n");
 		return -1;
 	}
 
-	for (i = 0; i < num; i++) {
-		printf("%s\n", sid_string_static(&(aliases[i])));
+	domain_sid = get_global_sam_sid();
+	builtin_sid = string_sid_talloc(mem_ctx, "S-1-5-32");
+	if ((domain_sid == NULL) || (builtin_sid == NULL)) {
+		d_printf("Could not get domain sid\n");
+		return -1;
 	}
 
-	SAFE_FREE(aliases);
+	if (!print_alias_memberships(mem_ctx, domain_sid, &member) ||
+	    !print_alias_memberships(mem_ctx, builtin_sid, &member))
+		return -1;
+
+	talloc_destroy(mem_ctx);
 
 	return 0;
 }
-- 
cgit