mirror of
https://github.com/samba-team/samba.git
synced 2025-01-27 14:04:05 +03:00
Merge from HEAD - extract user's list of SIDs from their NT_TOKEN and return
this as thier list of groups, rather than do a seperate lookup. This NT_TOKEN is originally initgroups() (or equiv) based. We currently send all sids in our domain, perhaps this should be further restricted, but this works for now. Andrew Bartlett
This commit is contained in:
Andrew Bartlett
-
parent
f3432869b9
commit
f5850928a0
@ -688,16 +688,14 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
|
||||
|
||||
pstrcpy(my_name, global_myname());
|
||||
|
||||
/*
|
||||
* This is the point at which we get the group
|
||||
* database - we should be getting the gid_t list
|
||||
* from /etc/group and then turning the uids into
|
||||
* rids and then into machine sids for this user.
|
||||
* JRA.
|
||||
*/
|
||||
|
||||
gids = NULL;
|
||||
get_domain_user_groups(p->mem_ctx, &num_gids, &gids, server_info->sam_account);
|
||||
if (!NT_STATUS_IS_OK(status
|
||||
= nt_token_to_group_list(p->mem_ctx,
|
||||
&domain_sid,
|
||||
server_info->ptok,
|
||||
&num_gids,
|
||||
&gids))) {
|
||||
return status;
|
||||
}
|
||||
|
||||
init_net_user_info3(p->mem_ctx, usr_info,
|
||||
user_rid,
|
||||
|
||||
@ -350,6 +350,35 @@ BOOL get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SA
|
||||
return True;
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
gets a domain user's groups from their already-calculated NT_USER_TOKEN
|
||||
********************************************************************/
|
||||
NTSTATUS nt_token_to_group_list(TALLOC_CTX *mem_ctx, const DOM_SID *domain_sid,
|
||||
const NT_USER_TOKEN *nt_token,
|
||||
int *numgroups, DOM_GID **pgids)
|
||||
{
|
||||
DOM_GID *gids;
|
||||
int i;
|
||||
|
||||
gids = (DOM_GID *)talloc(mem_ctx, sizeof(*gids) * nt_token->num_sids);
|
||||
|
||||
if (!gids) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
*numgroups=0;
|
||||
|
||||
for (i=PRIMARY_GROUP_SID_INDEX; i < nt_token->num_sids; i++) {
|
||||
if (sid_compare_domain(domain_sid, &nt_token->user_sids[i])==0) {
|
||||
sid_peek_rid(&nt_token->user_sids[i], &(gids[*numgroups].g_rid));
|
||||
gids[*numgroups].attr=7;
|
||||
(*numgroups)++;
|
||||
}
|
||||
}
|
||||
*pgids = gids;
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
Look up a local (domain) rid and return a name and type.
|
||||
********************************************************************/
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user