From 117c19efa4212cf11bf013dd5e12aa2e4991fe46 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Thu, 11 Jun 2009 18:03:11 +0200
Subject: Implement pdb_enum_alias_memberships

---
 source3/passdb/pdb_ads.c | 91 ++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 88 insertions(+), 3 deletions(-)

diff --git a/source3/passdb/pdb_ads.c b/source3/passdb/pdb_ads.c
index 8d7c215986..c2f1e20c1b 100644
--- a/source3/passdb/pdb_ads.c
+++ b/source3/passdb/pdb_ads.c
@@ -1387,10 +1387,95 @@ static NTSTATUS pdb_ads_enum_alias_memberships(struct pdb_methods *m,
 					       const DOM_SID *domain_sid,
 					       const DOM_SID *members,
 					       size_t num_members,
-					       uint32 **pp_alias_rids,
-					       size_t *p_num_alias_rids)
+					       uint32_t **palias_rids,
+					       size_t *pnum_alias_rids)
 {
-	return NT_STATUS_NOT_IMPLEMENTED;
+	struct pdb_ads_state *state = talloc_get_type_abort(
+		m->private_data, struct pdb_ads_state);
+	const char *attrs[1] = { "objectSid" };
+	struct tldap_message **msg;
+	uint32_t *alias_rids = NULL;
+	size_t num_alias_rids = 0;
+	int i, rc, count;
+	bool got_members = false;
+	char *filter;
+	NTSTATUS status;
+
+	/*
+	 * TODO: Get the filter right so that we only get the aliases from
+	 * either the SAM or BUILTIN
+	 */
+
+	filter = talloc_asprintf(talloc_tos(),
+				 "(&(|(grouptype=%d)(grouptype=%d))"
+				 "(objectclass=group)(|",
+				 GTYPE_SECURITY_BUILTIN_LOCAL_GROUP,
+				 GTYPE_SECURITY_DOMAIN_LOCAL_GROUP);
+	if (filter == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	for (i=0; i<num_members; i++) {
+		char *dn;
+
+		status = pdb_ads_sid2dn(state, &members[i], talloc_tos(), &dn);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(10, ("pdb_ads_sid2dn failed for %s: %s\n",
+				   sid_string_dbg(&members[i]),
+				   nt_errstr(status)));
+			continue;
+		}
+		filter = talloc_asprintf_append_buffer(
+			filter, "(member=%s)", dn);
+		TALLOC_FREE(dn);
+		if (filter == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		got_members = true;
+	}
+
+	if (!got_members) {
+		goto done;
+	}
+
+	rc = tldap_search_fmt(state->ld, state->domaindn, LDAP_SCOPE_SUB,
+			      attrs, ARRAY_SIZE(attrs), 0, talloc_tos(),
+			      &msg, "%s))", filter);
+	TALLOC_FREE(filter);
+	if (rc != TLDAP_SUCCESS) {
+		DEBUG(10, ("tldap_search failed %s\n",
+			   tldap_errstr(debug_ctx(), state->ld, rc)));
+		return NT_STATUS_LDAP(rc);
+	}
+
+	count = talloc_array_length(msg);
+	if (count == 0) {
+		goto done;
+	}
+
+	alias_rids = talloc_array(mem_ctx, uint32_t, count);
+	if (alias_rids == NULL) {
+		TALLOC_FREE(msg);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	for (i=0; i<count; i++) {
+		struct dom_sid sid;
+
+		if (!tldap_pull_binsid(msg[i], "objectSid", &sid)) {
+			DEBUG(10, ("Could not pull SID for member %d\n", i));
+			continue;
+		}
+		if (sid_peek_check_rid(domain_sid, &sid,
+				       &alias_rids[num_alias_rids])) {
+			num_alias_rids += 1;
+		}
+	}
+done:
+	TALLOC_FREE(msg);
+	*palias_rids = alias_rids;
+	*pnum_alias_rids = 0;
+	return NT_STATUS_OK;
 }
 
 static NTSTATUS pdb_ads_lookup_rids(struct pdb_methods *m,
-- 
cgit