From a0b0dc16a6ca63e633f51d079bb76124965d254c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 20 May 2010 16:51:59 +1000 Subject: s4:auth handle addition of nested aliases of domain groups. The challenge here is that we are asked not to add the domain groups again, but we need to search inside them for any aliases that we need to add. So, we can't short-circuit the operation just because we found the domain group. Andrew Bartlett --- source4/auth/sam.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'source4/auth') diff --git a/source4/auth/sam.c b/source4/auth/sam.c index 244ebc732e..d5dc4ded12 100644 --- a/source4/auth/sam.c +++ b/source4/auth/sam.c @@ -332,23 +332,23 @@ NTSTATUS authsam_expand_nested_groups(struct ldb_context *sam_ctx, } v = ldb_dn_get_extended_component(dn, "SID"); - ndr_err = ndr_pull_struct_blob(v, sid, NULL, sid, + ndr_err = ndr_pull_struct_blob(v, sid, sid, (ndr_pull_flags_fn_t)ndr_pull_dom_sid); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { talloc_free(tmp_ctx); return NT_STATUS_INTERNAL_DB_CORRUPTION; } - /* This is an O(n^2) linear search */ - already_there = sids_contains_sid((const struct dom_sid**) *res_sids, - *num_res_sids, sid); - if (already_there) { - return NT_STATUS_OK; - } - if (only_childs) { ret = dsdb_search(sam_ctx, tmp_ctx, &res, dn, LDB_SCOPE_BASE, attrs, DSDB_SEARCH_SHOW_EXTENDED_DN, NULL); } else { + /* This is an O(n^2) linear search */ + already_there = sids_contains_sid((const struct dom_sid**) *res_sids, + *num_res_sids, sid); + if (already_there) { + return NT_STATUS_OK; + } + ret = dsdb_search(sam_ctx, tmp_ctx, &res, dn, LDB_SCOPE_BASE, attrs, DSDB_SEARCH_SHOW_EXTENDED_DN, "%s", filter); } -- cgit