mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
s3-winbind: Use rpc_lookup_groupmem in samr.
This commit is contained in:
parent
3c06d42bec
commit
62038010e0
@ -421,35 +421,28 @@ static NTSTATUS sam_lookup_groupmem(struct winbindd_domain *domain,
|
||||
uint32_t **pname_types)
|
||||
{
|
||||
struct rpc_pipe_client *samr_pipe;
|
||||
struct policy_handle dom_pol, group_pol;
|
||||
uint32_t samr_access = SEC_FLAG_MAXIMUM_ALLOWED;
|
||||
struct samr_RidTypeArray *rids = NULL;
|
||||
uint32_t group_rid;
|
||||
uint32_t *rid_mem = NULL;
|
||||
struct policy_handle dom_pol;
|
||||
|
||||
uint32_t num_names = 0;
|
||||
uint32_t total_names = 0;
|
||||
struct dom_sid *sid_mem = NULL;
|
||||
char **names = NULL;
|
||||
uint32_t *name_types = NULL;
|
||||
|
||||
struct lsa_Strings tmp_names;
|
||||
struct samr_Ids tmp_types;
|
||||
|
||||
uint32_t j, r;
|
||||
TALLOC_CTX *tmp_ctx;
|
||||
NTSTATUS status;
|
||||
|
||||
DEBUG(3,("samr: lookup groupmem\n"));
|
||||
DEBUG(3,("sam_lookup_groupmem\n"));
|
||||
|
||||
/* Paranoia check */
|
||||
if (sid_check_is_in_builtin(group_sid) && (type != SID_NAME_ALIAS)) {
|
||||
/* There's no groups, only aliases in BUILTIN */
|
||||
return NT_STATUS_NO_SUCH_GROUP;
|
||||
}
|
||||
|
||||
if (pnum_names) {
|
||||
pnum_names = 0;
|
||||
}
|
||||
|
||||
if (!sid_peek_check_rid(&domain->sid, group_sid, &group_rid)) {
|
||||
return NT_STATUS_UNSUCCESSFUL;
|
||||
}
|
||||
|
||||
tmp_ctx = talloc_stackframe();
|
||||
if (tmp_ctx == NULL) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
@ -457,99 +450,23 @@ static NTSTATUS sam_lookup_groupmem(struct winbindd_domain *domain,
|
||||
|
||||
status = open_internal_samr_conn(tmp_ctx, domain, &samr_pipe, &dom_pol);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
goto error;
|
||||
goto done;
|
||||
}
|
||||
|
||||
status = rpccli_samr_OpenGroup(samr_pipe,
|
||||
tmp_ctx,
|
||||
&dom_pol,
|
||||
samr_access,
|
||||
group_rid,
|
||||
&group_pol);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
goto error;
|
||||
}
|
||||
|
||||
/*
|
||||
* Step #1: Get a list of user rids that are the members of the group.
|
||||
*/
|
||||
status = rpccli_samr_QueryGroupMember(samr_pipe,
|
||||
tmp_ctx,
|
||||
&group_pol,
|
||||
&rids);
|
||||
|
||||
rpccli_samr_Close(samr_pipe, tmp_ctx, &group_pol);
|
||||
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
goto error;
|
||||
}
|
||||
|
||||
if (rids == NULL || rids->count == 0) {
|
||||
pnum_names = 0;
|
||||
pnames = NULL;
|
||||
pname_types = NULL;
|
||||
psid_mem = NULL;
|
||||
|
||||
status = NT_STATUS_OK;
|
||||
goto error;
|
||||
}
|
||||
|
||||
num_names = rids->count;
|
||||
rid_mem = rids->rids;
|
||||
|
||||
/*
|
||||
* Step #2: Convert list of rids into list of usernames.
|
||||
*/
|
||||
#define MAX_LOOKUP_RIDS 900
|
||||
|
||||
if (num_names > 0) {
|
||||
names = TALLOC_ZERO_ARRAY(tmp_ctx, char *, num_names);
|
||||
name_types = TALLOC_ZERO_ARRAY(tmp_ctx, uint32_t, num_names);
|
||||
sid_mem = TALLOC_ZERO_ARRAY(tmp_ctx, struct dom_sid, num_names);
|
||||
if (names == NULL || name_types == NULL || sid_mem == NULL) {
|
||||
status = NT_STATUS_NO_MEMORY;
|
||||
goto error;
|
||||
}
|
||||
}
|
||||
|
||||
for (j = 0; j < num_names; j++) {
|
||||
sid_compose(&sid_mem[j], &domain->sid, rid_mem[j]);
|
||||
}
|
||||
|
||||
status = rpccli_samr_LookupRids(samr_pipe,
|
||||
tmp_ctx,
|
||||
&dom_pol,
|
||||
num_names,
|
||||
rid_mem,
|
||||
&tmp_names,
|
||||
&tmp_types);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
if (!NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) {
|
||||
goto error;
|
||||
}
|
||||
}
|
||||
|
||||
/* Copy result into array. The talloc system will take
|
||||
care of freeing the temporary arrays later on. */
|
||||
if (tmp_names.count != tmp_types.count) {
|
||||
status = NT_STATUS_UNSUCCESSFUL;
|
||||
goto error;
|
||||
}
|
||||
|
||||
for (r = 0; r < tmp_names.count; r++) {
|
||||
if (tmp_types.ids[r] == SID_NAME_UNKNOWN) {
|
||||
continue;
|
||||
}
|
||||
names[total_names] = fill_domain_username_talloc(names,
|
||||
domain->name,
|
||||
tmp_names.names[r].string,
|
||||
true);
|
||||
name_types[total_names] = tmp_types.ids[r];
|
||||
total_names++;
|
||||
}
|
||||
status = rpc_lookup_groupmem(tmp_ctx,
|
||||
samr_pipe,
|
||||
&dom_pol,
|
||||
domain->name,
|
||||
&domain->sid,
|
||||
group_sid,
|
||||
type,
|
||||
&num_names,
|
||||
&sid_mem,
|
||||
&names,
|
||||
&name_types);
|
||||
|
||||
if (pnum_names) {
|
||||
*pnum_names = total_names;
|
||||
*pnum_names = num_names;
|
||||
}
|
||||
|
||||
if (pnames) {
|
||||
@ -564,7 +481,7 @@ static NTSTATUS sam_lookup_groupmem(struct winbindd_domain *domain,
|
||||
*psid_mem = talloc_move(mem_ctx, &sid_mem);
|
||||
}
|
||||
|
||||
error:
|
||||
done:
|
||||
TALLOC_FREE(tmp_ctx);
|
||||
return status;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user