summaryrefslogtreecommitdiff
path: root/source/nsswitch/winbindd_group.c
diff options
context:
space:
mode:
Diffstat (limited to 'source/nsswitch/winbindd_group.c')
-rw-r--r--source/nsswitch/winbindd_group.c128
1 files changed, 41 insertions, 87 deletions
diff --git a/source/nsswitch/winbindd_group.c b/source/nsswitch/winbindd_group.c
index 94037e39200..3ee8c0877b5 100644
--- a/source/nsswitch/winbindd_group.c
+++ b/source/nsswitch/winbindd_group.c
@@ -106,15 +106,6 @@ static BOOL fill_grent_mem(struct winbindd_domain *domain,
DEBUG(10, ("group SID %s\n", sid_to_string(sid_string, group_sid)));
*num_gr_mem = 0;
-
- /* HACK ALERT!! This whole routine does not cope with group members
- * from more than one domain, ie aliases. Thus we have to work it out
- * ourselves in a special routine. */
-
- if (domain->internal)
- return fill_passdb_alias_grmem(domain, group_sid,
- num_gr_mem,
- gr_mem, gr_mem_len);
if ( !((group_name_type==SID_NAME_DOM_GRP) ||
((group_name_type==SID_NAME_ALIAS) && domain->primary)) )
@@ -252,11 +243,14 @@ enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state)
/* if no domain or our local domain, then do a local tdb search */
- if ( (!*name_domain || strequal(name_domain, get_global_sam_name())) &&
- ((grp = wb_getgrnam(name_group)) != NULL) ) {
-
+ if ( !*name_domain || strequal(name_domain, get_global_sam_name()) ) {
char *buffer = NULL;
+ if ( !(grp=wb_getgrnam(name_group)) ) {
+ DEBUG(5,("winbindd_getgrnam: lookup for %s\\%s failed\n",
+ name_domain, name_group));
+ return WINBINDD_ERROR;
+ }
memcpy( &state->response.data.gr, grp, sizeof(WINBINDD_GR) );
gr_mem_len = gr_mem_buffer( &buffer, grp->gr_mem, grp->num_gr_mem );
@@ -268,13 +262,6 @@ enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state)
return WINBINDD_OK;
}
- /* if no domain or our local domain and no local tdb group, default to
- * our local domain for aliases */
-
- if ( !*name_domain || strequal(name_domain, get_global_sam_name()) ) {
- fstrcpy(name_domain, get_global_sam_name());
- }
-
/* Get info for the domain */
if ((domain = find_domain_from_name(name_domain)) == NULL) {
@@ -300,8 +287,7 @@ enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state)
}
if ( !((name_type==SID_NAME_DOM_GRP) ||
- ((name_type==SID_NAME_ALIAS) && domain->primary) ||
- ((name_type==SID_NAME_ALIAS) && domain->internal)) )
+ ((name_type==SID_NAME_ALIAS) && domain->primary)) )
{
DEBUG(1, ("name '%s' is not a local or domain group: %d\n",
name_group, name_type));
@@ -392,8 +378,7 @@ enum winbindd_result winbindd_getgrgid(struct winbindd_cli_state *state)
}
if ( !((name_type==SID_NAME_DOM_GRP) ||
- ((name_type==SID_NAME_ALIAS) && domain->primary) ||
- ((name_type==SID_NAME_ALIAS) && domain->internal)) )
+ ((name_type==SID_NAME_ALIAS) && domain->primary) ))
{
DEBUG(1, ("name '%s' is not a local or domain group: %d\n",
group_name, name_type));
@@ -556,8 +541,8 @@ static BOOL get_sam_group_entries(struct getent_state *ent)
/* get the domain local groups if we are a member of a native win2k domain
and are not using LDAP to get the groups */
- if ( ( lp_security() != SEC_ADS && domain->native_mode
- && domain->primary) || domain->internal )
+ if ( lp_security() != SEC_ADS && domain->native_mode
+ && domain->primary )
{
DEBUG(4,("get_sam_group_entries: Native Mode 2k domain; enumerating local groups as well\n"));
@@ -913,53 +898,6 @@ enum winbindd_result winbindd_list_groups(struct winbindd_cli_state *state)
return WINBINDD_OK;
}
-static void add_gid_to_array_unique(gid_t gid, gid_t **gids, int *num)
-{
- int i;
-
- if ((*num) >= groups_max())
- return;
-
- for (i=0; i<*num; i++) {
- if ((*gids)[i] == gid)
- return;
- }
-
- *gids = Realloc(*gids, (*num+1) * sizeof(gid_t));
-
- if (*gids == NULL)
- return;
-
- (*gids)[*num] = gid;
- *num += 1;
-}
-
-static void add_gids_from_sid(DOM_SID *sid, gid_t **gids, int *num)
-{
- gid_t gid;
- DOM_SID *aliases;
- int j, num_aliases;
-
- DEBUG(10, ("Adding gids from SID: %s\n", sid_string_static(sid)));
-
- if (NT_STATUS_IS_OK(idmap_sid_to_gid(sid, &gid, 0)))
- add_gid_to_array_unique(gid, gids, num);
-
- /* Add nested group memberships */
-
- if (!pdb_enum_alias_memberships(sid, &aliases, &num_aliases))
- return;
-
- for (j=0; j<num_aliases; j++) {
-
- if (!NT_STATUS_IS_OK(sid_to_gid(&aliases[j], &gid)))
- continue;
-
- add_gid_to_array_unique(gid, gids, num);
- }
- SAFE_FREE(aliases);
-}
-
/* Get user supplementary groups. This is much quicker than trying to
invert the groups database. We merge the groups from the gids and
other_sids info3 fields as trusted domain, universal group
@@ -977,7 +915,7 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state)
DOM_SID **user_grpsids;
struct winbindd_domain *domain;
enum winbindd_result result = WINBINDD_ERROR;
- gid_t *gid_list = NULL;
+ gid_t *gid_list;
unsigned int i;
TALLOC_CTX *mem_ctx;
NET_USER_INFO_3 *info3 = NULL;
@@ -1025,8 +963,6 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state)
goto done;
}
- add_gids_from_sid(&user_sid, &gid_list, &num_gids);
-
/* Treat the info3 cache as authoritative as the
lookup_usergroups() function may return cached data. */
@@ -1036,6 +972,7 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state)
info3->num_groups2, info3->num_other_sids));
num_groups = info3->num_other_sids + info3->num_groups2;
+ gid_list = calloc(sizeof(gid_t), num_groups);
/* Go through each other sid and convert it to a gid */
@@ -1069,11 +1006,23 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state)
continue;
}
- add_gids_from_sid(&info3->other_sids[i].sid,
- &gid_list, &num_gids);
+ /* Map to a gid */
- if (gid_list == NULL)
- goto done;
+ if (!NT_STATUS_IS_OK(idmap_sid_to_gid(&info3->other_sids[i].sid, &gid_list[num_gids], 0)) )
+ {
+ DEBUG(10, ("winbindd_getgroups: could not map sid %s to gid\n",
+ sid_string_static(&info3->other_sids[i].sid)));
+ continue;
+ }
+
+ /* We've jumped through a lot of hoops to get here */
+
+ DEBUG(10, ("winbindd_getgroups: mapped other sid %s to "
+ "gid %lu\n", sid_string_static(
+ &info3->other_sids[i].sid),
+ (unsigned long)gid_list[num_gids]));
+
+ num_gids++;
}
for (i = 0; i < info3->num_groups2; i++) {
@@ -1083,10 +1032,12 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state)
sid_copy( &group_sid, &domain->sid );
sid_append_rid( &group_sid, info3->gids[i].g_rid );
- add_gids_from_sid(&group_sid, &gid_list, &num_gids);
+ if (!NT_STATUS_IS_OK(idmap_sid_to_gid(&group_sid, &gid_list[num_gids], 0)) ) {
+ DEBUG(10, ("winbindd_getgroups: could not map sid %s to gid\n",
+ sid_string_static(&group_sid)));
+ }
- if (gid_list == NULL)
- goto done;
+ num_gids++;
}
SAFE_FREE(info3);
@@ -1098,15 +1049,18 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state)
if (!NT_STATUS_IS_OK(status))
goto done;
+ gid_list = malloc(sizeof(gid_t) * num_groups);
+
if (state->response.extra_data)
goto done;
for (i = 0; i < num_groups; i++) {
- add_gids_from_sid(user_grpsids[i],
- &gid_list, &num_gids);
-
- if (gid_list == NULL)
- goto done;
+ if (!NT_STATUS_IS_OK(idmap_sid_to_gid(user_grpsids[i], &gid_list[num_gids], 0))) {
+ DEBUG(1, ("unable to convert group sid %s to gid\n",
+ sid_string_static(user_grpsids[i])));
+ continue;
+ }
+ num_gids++;
}
}
View Lorry Controller Status