mirror of
https://github.com/samba-team/samba.git
synced 2025-08-03 04:22:09 +03:00
moved lookup_usergroups() into the backend structure
This commit is contained in:
Andrew Tridgell
@ -116,6 +116,11 @@ struct winbindd_methods {
|
||||
TALLOC_CTX *mem_ctx,
|
||||
const char *user_name, uint32 user_rid,
|
||||
WINBIND_USERINFO *user_info);
|
||||
|
||||
NTSTATUS (*lookup_usergroups)(struct winbindd_domain *domain,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
uint32 user_rid, uint32 *num_groups,
|
||||
uint32 **user_gids);
|
||||
};
|
||||
|
||||
/* Structures to hold per domain information */
|
||||
|
||||
@ -341,6 +341,15 @@ error:
|
||||
return NT_STATUS_UNSUCCESSFUL;
|
||||
}
|
||||
|
||||
/* Lookup groups a user is a member of. */
|
||||
static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
uint32 user_rid, uint32 *num_groups,
|
||||
uint32 **user_gids)
|
||||
{
|
||||
return NT_STATUS_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
/* the ADS backend methods are exposed via this structure */
|
||||
struct winbindd_methods ads_methods = {
|
||||
query_user_list,
|
||||
@ -350,7 +359,8 @@ struct winbindd_methods ads_methods = {
|
||||
and MS servers always allow RPC for this (even in native mode) so
|
||||
just use RPC for sid_to_name. Maybe that's why they allow it? */
|
||||
winbindd_rpc_sid_to_name,
|
||||
query_user
|
||||
query_user,
|
||||
lookup_usergroups
|
||||
};
|
||||
|
||||
#endif
|
||||
|
||||
@ -918,7 +918,8 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state)
|
||||
DOM_SID user_sid;
|
||||
enum SID_NAME_USE name_type;
|
||||
uint32 user_rid, num_groups, num_gids;
|
||||
DOM_GID *user_groups = NULL;
|
||||
NTSTATUS status;
|
||||
uint32 *user_gids;
|
||||
struct winbindd_domain *domain;
|
||||
enum winbindd_result result = WINBINDD_ERROR;
|
||||
gid_t *gid_list;
|
||||
@ -967,9 +968,8 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state)
|
||||
|
||||
sid_split_rid(&user_sid, &user_rid);
|
||||
|
||||
if (!winbindd_lookup_usergroups(domain, mem_ctx, user_rid,
|
||||
&num_groups, &user_groups))
|
||||
goto done;
|
||||
status = domain->methods->lookup_usergroups(domain, mem_ctx, user_rid, &num_groups, &user_gids);
|
||||
if (!NT_STATUS_IS_OK(status)) goto done;
|
||||
|
||||
/* Copy data back to client */
|
||||
|
||||
@ -980,12 +980,8 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state)
|
||||
goto done;
|
||||
|
||||
for (i = 0; i < num_groups; i++) {
|
||||
if (!winbindd_idmap_get_gid_from_rid(
|
||||
domain->name, user_groups[i].g_rid,
|
||||
&gid_list[num_gids])) {
|
||||
|
||||
DEBUG(1, ("unable to convert group rid %d to gid\n",
|
||||
user_groups[i].g_rid));
|
||||
if (!winbindd_idmap_get_gid_from_rid(domain->name, user_gids[i], &gid_list[num_gids])) {
|
||||
DEBUG(1, ("unable to convert group rid %d to gid\n", user_gids[i]));
|
||||
continue;
|
||||
}
|
||||
|
||||
|
||||
@ -145,10 +145,6 @@ BOOL winbindd_lookup_sid_by_name(struct winbindd_domain *domain,
|
||||
BOOL winbindd_lookup_name_by_sid(DOM_SID *sid,
|
||||
fstring name,
|
||||
enum SID_NAME_USE *type);
|
||||
BOOL winbindd_lookup_usergroups(struct winbindd_domain *domain,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
uint32 user_rid, uint32 *num_groups,
|
||||
DOM_GID **user_groups);
|
||||
BOOL winbindd_lookup_groupmem(struct winbindd_domain *domain,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
uint32 group_rid, uint32 *num_names,
|
||||
|
||||
@ -240,6 +240,65 @@ static NTSTATUS query_user(struct winbindd_domain *domain,
|
||||
return result;
|
||||
}
|
||||
|
||||
/* Lookup groups a user is a member of. I wish Unix had a call like this! */
|
||||
static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
uint32 user_rid, uint32 *num_groups,
|
||||
uint32 **user_gids)
|
||||
{
|
||||
CLI_POLICY_HND *hnd;
|
||||
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
|
||||
POLICY_HND dom_pol, user_pol;
|
||||
uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
|
||||
BOOL got_dom_pol = False, got_user_pol = False;
|
||||
DOM_GID *user_groups;
|
||||
int i;
|
||||
|
||||
/* Get sam handle */
|
||||
if (!(hnd = cm_get_sam_handle(domain->name)))
|
||||
goto done;
|
||||
|
||||
/* Get domain handle */
|
||||
result = cli_samr_open_domain(hnd->cli, mem_ctx, &hnd->pol,
|
||||
des_access, &domain->sid, &dom_pol);
|
||||
|
||||
if (!NT_STATUS_IS_OK(result))
|
||||
goto done;
|
||||
|
||||
got_dom_pol = True;
|
||||
|
||||
/* Get user handle */
|
||||
result = cli_samr_open_user(hnd->cli, mem_ctx, &dom_pol,
|
||||
des_access, user_rid, &user_pol);
|
||||
|
||||
if (!NT_STATUS_IS_OK(result))
|
||||
goto done;
|
||||
|
||||
got_user_pol = True;
|
||||
|
||||
/* Query user rids */
|
||||
result = cli_samr_query_usergroups(hnd->cli, mem_ctx, &user_pol,
|
||||
num_groups, &user_groups);
|
||||
|
||||
if (!NT_STATUS_IS_OK(result) || (*num_groups) == 0)
|
||||
goto done;
|
||||
|
||||
(*user_gids) = talloc(mem_ctx, sizeof(uint32) * (*num_groups));
|
||||
for (i=0;i<(*num_groups);i++) {
|
||||
(*user_gids)[i] = user_groups[i].g_rid;
|
||||
}
|
||||
|
||||
done:
|
||||
/* Clean up policy handles */
|
||||
if (got_user_pol)
|
||||
cli_samr_close(hnd->cli, mem_ctx, &user_pol);
|
||||
|
||||
if (got_dom_pol)
|
||||
cli_samr_close(hnd->cli, mem_ctx, &dom_pol);
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
|
||||
/* the rpc backend methods are exposed via this structure */
|
||||
struct winbindd_methods msrpc_methods = {
|
||||
@ -247,6 +306,7 @@ struct winbindd_methods msrpc_methods = {
|
||||
enum_dom_groups,
|
||||
name_to_sid,
|
||||
winbindd_rpc_sid_to_name,
|
||||
query_user
|
||||
query_user,
|
||||
lookup_usergroups
|
||||
};
|
||||
|
||||
|
||||
@ -478,62 +478,6 @@ BOOL winbindd_lookup_name_by_sid(DOM_SID *sid,
|
||||
return rv;
|
||||
}
|
||||
|
||||
/* Lookup groups a user is a member of. I wish Unix had a call like this! */
|
||||
|
||||
BOOL winbindd_lookup_usergroups(struct winbindd_domain *domain,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
uint32 user_rid, uint32 *num_groups,
|
||||
DOM_GID **user_groups)
|
||||
{
|
||||
CLI_POLICY_HND *hnd;
|
||||
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
|
||||
POLICY_HND dom_pol, user_pol;
|
||||
uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
|
||||
BOOL got_dom_pol = False, got_user_pol = False;
|
||||
|
||||
/* Get sam handle */
|
||||
|
||||
if (!(hnd = cm_get_sam_handle(domain->name)))
|
||||
goto done;
|
||||
|
||||
/* Get domain handle */
|
||||
|
||||
result = cli_samr_open_domain(hnd->cli, mem_ctx, &hnd->pol,
|
||||
des_access, &domain->sid, &dom_pol);
|
||||
|
||||
if (!NT_STATUS_IS_OK(result))
|
||||
goto done;
|
||||
|
||||
got_dom_pol = True;
|
||||
|
||||
/* Get user handle */
|
||||
|
||||
result = cli_samr_open_user(hnd->cli, mem_ctx, &dom_pol,
|
||||
des_access, user_rid, &user_pol);
|
||||
|
||||
if (!NT_STATUS_IS_OK(result))
|
||||
goto done;
|
||||
|
||||
got_user_pol = True;
|
||||
|
||||
/* Query user rids */
|
||||
|
||||
result = cli_samr_query_usergroups(hnd->cli, mem_ctx, &user_pol,
|
||||
num_groups, user_groups);
|
||||
|
||||
done:
|
||||
|
||||
/* Clean up policy handles */
|
||||
|
||||
if (got_user_pol)
|
||||
cli_samr_close(hnd->cli, mem_ctx, &user_pol);
|
||||
|
||||
if (got_dom_pol)
|
||||
cli_samr_close(hnd->cli, mem_ctx, &dom_pol);
|
||||
|
||||
return NT_STATUS_IS_OK(result);
|
||||
}
|
||||
|
||||
/* Lookup group membership given a rid. */
|
||||
|
||||
BOOL winbindd_lookup_groupmem(struct winbindd_domain *domain,
|
||||
|
||||
Reference in New Issue
Block a user