adding ifdef'd code to add alias membership for vampire

source/utils/net_rpc_samsync.c

@@ -717,7 +717,145 @@ static NTSTATUS fetch_alias_info(uint32 rid, SAM_ALIAS_INFO *delta,
 static NTSTATUS
 fetch_alias_mem(uint32 rid, SAM_ALIAS_MEM_INFO *delta, DOM_SID dom_sid)
 {
+#if 0 	/* 
+	 * commented out right now after talking to Volker.  Can't
+	 * do much with the membership but seemed a shame to waste
+	 * somewhat working code.  Needs testing because the membership
+	 * that shows up surprises me.  Also can't do much with groups
+	 * in groups (e.g. Domain Admins being a member of Adminsitrators).
+	 * --jerry
+	 */
 	
+	int i;
+	TALLOC_CTX *t = NULL;
+	char **nt_members = NULL;
+	char **unix_members;
+	DOM_SID group_sid;
+	GROUP_MAP map;
+	struct group *grp;
+	enum SID_NAME_USE sid_type;
+
+	if (delta->num_members == 0) {
+		return NT_STATUS_OK;
+	}
+
+	sid_copy(&group_sid, &dom_sid);
+	sid_append_rid(&group_sid, rid);
+
+	if (sid_equal(&dom_sid, &global_sid_Builtin)) {
+		sid_type = SID_NAME_WKN_GRP;
+		if (!get_builtin_group_from_sid(group_sid, &map, False)) {
+			DEBUG(0, ("Could not find builtin group %s\n", sid_string_static(&group_sid)));
+			return NT_STATUS_NO_SUCH_GROUP;
+		}
+	} else {
+		sid_type = SID_NAME_ALIAS;
+		if (!get_local_group_from_sid(group_sid, &map, False)) {
+			DEBUG(0, ("Could not find local group %s\n", sid_string_static(&group_sid)));
+			return NT_STATUS_NO_SUCH_GROUP;
+		}
+	}	
+
+	if (!(grp = getgrgid(map.gid))) {
+		DEBUG(0, ("Could not find unix group %d\n", map.gid));
+		return NT_STATUS_NO_SUCH_GROUP;
+	}
+
+	d_printf("Group members of %s: ", grp->gr_name);
+
+	if (!(t = talloc_init("fetch_group_mem_info"))) {
+		DEBUG(0, ("could not talloc_init\n"));
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	nt_members = talloc_zero(t, sizeof(char *) * delta->num_members);
+
+	for (i=0; i<delta->num_members; i++) {
+		NTSTATUS nt_status;
+		SAM_ACCOUNT *member = NULL;
+		DOM_SID member_sid;
+
+		if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam_talloc(t, &member))) {
+			talloc_destroy(t);
+			return nt_status;
+		}
+
+		sid_copy(&member_sid, &delta->sids[i].sid);
+
+		if (!pdb_getsampwsid(member, &member_sid)) {
+			DEBUG(1, ("Found bogus group member: (member_sid=%s group=%s)\n",
+				  sid_string_static(&member_sid), grp->gr_name));
+			pdb_free_sam(&member);
+			continue;
+		}
+
+		if (pdb_get_group_rid(member) == rid) {
+			d_printf("%s(primary),", pdb_get_username(member));
+			pdb_free_sam(&member);
+			continue;
+		}
+		
+		d_printf("%s,", pdb_get_username(member));
+		nt_members[i] = talloc_strdup(t, pdb_get_username(member));
+		pdb_free_sam(&member);
+	}
+
+	d_printf("\n");
+
+	unix_members = grp->gr_mem;
+
+	while (*unix_members) {
+		BOOL is_nt_member = False;
+		for (i=0; i<delta->num_members; i++) {
+			if (nt_members[i] == NULL) {
+				/* This was a primary group */
+				continue;
+			}
+
+			if (strcmp(*unix_members, nt_members[i]) == 0) {
+				is_nt_member = True;
+				break;
+			}
+		}
+		if (!is_nt_member) {
+			/* We look at a unix group member that is not
+			   an nt group member. So, remove it. NT is
+			   boss here. */
+			smb_delete_user_group(grp->gr_name, *unix_members);
+		}
+		unix_members += 1;
+	}
+
+	for (i=0; i<delta->num_members; i++) {
+		BOOL is_unix_member = False;
+
+		if (nt_members[i] == NULL) {
+			/* This was the primary group */
+			continue;
+		}
+
+		unix_members = grp->gr_mem;
+
+		while (*unix_members) {
+			if (strcmp(*unix_members, nt_members[i]) == 0) {
+				is_unix_member = True;
+				break;
+			}
+			unix_members += 1;
+		}
+
+		if (!is_unix_member) {
+			/* We look at a nt group member that is not a
+                           unix group member currently. So, add the nt
+                           group member. */
+			smb_add_user_group(grp->gr_name, nt_members[i]);
+		}
+	}
+	
+	talloc_destroy(t);
+
+#endif	/* end of fetch_alias_mem() */
+
 	return NT_STATUS_OK;
 }