summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--source/groupdb/mapping.c41
-rw-r--r--source/include/passdb.h15
-rw-r--r--source/lib/privileges.c2
-rw-r--r--source/lib/system_smbd.c4
-rw-r--r--source/lib/util.c10
-rw-r--r--source/lib/util_sid.c27
-rw-r--r--source/lib/util_smbd.c4
-rw-r--r--source/nsswitch/winbindd_group.c57
-rw-r--r--source/passdb/pdb_interface.c25
-rw-r--r--source/passdb/pdb_ldap.c31
-rw-r--r--source/rpc_server/srv_samr_nt.c37
-rw-r--r--source/rpcclient/cmd_samr.c54
-rw-r--r--source/utils/net_groupmap.c52
13 files changed, 253 insertions, 106 deletions
diff --git a/source/groupdb/mapping.c b/source/groupdb/mapping.c
index 5613240a121..83ba575759e 100644
--- a/source/groupdb/mapping.c
+++ b/source/groupdb/mapping.c
@@ -518,7 +518,7 @@ static NTSTATUS one_alias_membership(const DOM_SID *member,
if (!string_to_sid(&alias, string_sid))
continue;
- add_sid_to_array_unique(&alias, sids, num);
+ add_sid_to_array_unique(NULL, &alias, sids, num);
if (sids == NULL)
return NT_STATUS_NO_MEMORY;
@@ -665,7 +665,7 @@ static int collect_aliasmem(TDB_CONTEXT *tdb_ctx, TDB_DATA key, TDB_DATA data,
if (!string_to_sid(&member, member_string))
continue;
- add_sid_to_array(&member, closure->sids, closure->num);
+ add_sid_to_array(NULL, &member, closure->sids, closure->num);
}
return 0;
@@ -1348,11 +1348,42 @@ NTSTATUS pdb_default_enum_aliasmem(struct pdb_methods *methods,
}
NTSTATUS pdb_default_alias_memberships(struct pdb_methods *methods,
- const DOM_SID *members,
+ TALLOC_CTX *mem_ctx,
+ const DOM_SID *domain_sid,
+ const DOM_SID const *members,
int num_members,
- DOM_SID **aliases, int *num)
+ uint32 **alias_rids,
+ int *num_alias_rids)
{
- return alias_memberships(members, num_members, aliases, num);
+ DOM_SID *alias_sids;
+ int i, num_alias_sids;
+ NTSTATUS result;
+
+ alias_sids = NULL;
+ num_alias_sids = 0;
+
+ result = alias_memberships(members, num_members,
+ &alias_sids, &num_alias_sids);
+
+ if (!NT_STATUS_IS_OK(result))
+ return result;
+
+ *alias_rids = TALLOC_ARRAY(mem_ctx, uint32, num_alias_sids);
+ if ((alias_sids != 0) && (*alias_rids == NULL))
+ return NT_STATUS_NO_MEMORY;
+
+ *num_alias_rids = 0;
+
+ for (i=0; i<num_alias_sids; i++) {
+ if (!sid_peek_check_rid(domain_sid, &alias_sids[i],
+ &(*alias_rids)[*num_alias_rids]))
+ continue;
+ *num_alias_rids += 1;
+ }
+
+ SAFE_FREE(alias_sids);
+
+ return NT_STATUS_OK;
}
/**********************************************************************
diff --git a/source/include/passdb.h b/source/include/passdb.h
index ca65a4e5e88..f711eaf578d 100644
--- a/source/include/passdb.h
+++ b/source/include/passdb.h
@@ -337,10 +337,12 @@ typedef struct pdb_context
DOM_SID **members, int *num_members);
NTSTATUS (*pdb_enum_alias_memberships)(struct pdb_context *context,
- const DOM_SID *members,
+ TALLOC_CTX *mem_ctx,
+ const DOM_SID *domain_sid,
+ const DOM_SID const *members,
int num_members,
- DOM_SID **aliases,
- int *num_aliases);
+ uint32 **alias_rids,
+ int *num_alias_rids);
NTSTATUS (*pdb_lookup_rids)(struct pdb_context *context,
TALLOC_CTX *mem_ctx,
@@ -445,9 +447,12 @@ typedef struct pdb_methods
const DOM_SID *alias, DOM_SID **members,
int *num_members);
NTSTATUS (*enum_alias_memberships)(struct pdb_methods *methods,
- const DOM_SID *members,
+ TALLOC_CTX *mem_ctx,
+ const DOM_SID *domain_sid,
+ const DOM_SID const *members,
int num_members,
- DOM_SID **aliases, int *num);
+ uint32 **alias_rids,
+ int *num_alias_rids);
NTSTATUS (*lookup_rids)(struct pdb_methods *methods,
TALLOC_CTX *mem_ctx,
const DOM_SID *domain_sid,
diff --git a/source/lib/privileges.c b/source/lib/privileges.c
index b60832c8d8b..e01561de06f 100644
--- a/source/lib/privileges.c
+++ b/source/lib/privileges.c
@@ -497,7 +497,7 @@ static int priv_traverse_fn(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void *s
return 0;
}
- add_sid_to_array( &sid, &priv->sids.list, &priv->sids.count );
+ add_sid_to_array( NULL, &sid, &priv->sids.list, &priv->sids.count );
return 0;
}
diff --git a/source/lib/system_smbd.c b/source/lib/system_smbd.c
index c83eecf1733..f124983006d 100644
--- a/source/lib/system_smbd.c
+++ b/source/lib/system_smbd.c
@@ -178,10 +178,10 @@ BOOL getgroups_user(const char *user, gid_t primary_gid,
groups = NULL;
/* Add in primary group first */
- add_gid_to_array_unique(primary_gid, &groups, &ngrp);
+ add_gid_to_array_unique(NULL, primary_gid, &groups, &ngrp);
for (i=0; i<max_grp; i++)
- add_gid_to_array_unique(temp_groups[i], &groups, &ngrp);
+ add_gid_to_array_unique(NULL, temp_groups[i], &groups, &ngrp);
*ngroups = ngrp;
*ret_groups = groups;
diff --git a/source/lib/util.c b/source/lib/util.c
index 8f6a3819442..d945bca5a73 100644
--- a/source/lib/util.c
+++ b/source/lib/util.c
@@ -277,7 +277,8 @@ const char *tmpdir(void)
Add a gid to an array of gids if it's not already there.
****************************************************************************/
-void add_gid_to_array_unique(gid_t gid, gid_t **gids, int *num)
+void add_gid_to_array_unique(TALLOC_CTX *mem_ctx, gid_t gid,
+ gid_t **gids, int *num)
{
int i;
@@ -285,8 +286,11 @@ void add_gid_to_array_unique(gid_t gid, gid_t **gids, int *num)
if ((*gids)[i] == gid)
return;
}
-
- *gids = SMB_REALLOC_ARRAY(*gids, gid_t, *num+1);
+
+ if (mem_ctx != NULL)
+ *gids = TALLOC_REALLOC_ARRAY(mem_ctx, *gids, gid_t, *num+1);
+ else
+ *gids = SMB_REALLOC_ARRAY(*gids, gid_t, *num+1);
if (*gids == NULL)
return;
diff --git a/source/lib/util_sid.c b/source/lib/util_sid.c
index 0ba774e184d..00fb40cd733 100644
--- a/source/lib/util_sid.c
+++ b/source/lib/util_sid.c
@@ -351,6 +351,19 @@ BOOL string_to_sid(DOM_SID *sidout, const char *sidstr)
return True;
}
+DOM_SID *string_sid_talloc(TALLOC_CTX *mem_ctx, const char *sidstr)
+{
+ DOM_SID *result = TALLOC_P(mem_ctx, DOM_SID);
+
+ if (result == NULL)
+ return NULL;
+
+ if (!string_to_sid(result, sidstr))
+ return NULL;
+
+ return result;
+}
+
/*****************************************************************
Add a rid to the end of a sid
*****************************************************************/
@@ -652,9 +665,14 @@ DOM_SID *sid_dup_talloc(TALLOC_CTX *ctx, const DOM_SID *src)
Add SID to an array SIDs
********************************************************************/
-void add_sid_to_array(const DOM_SID *sid, DOM_SID **sids, int *num)
+void add_sid_to_array(TALLOC_CTX *mem_ctx, const DOM_SID *sid,
+ DOM_SID **sids, int *num)
{
- *sids = SMB_REALLOC_ARRAY(*sids, DOM_SID, (*num)+1);
+ if (mem_ctx != NULL)
+ *sids = TALLOC_REALLOC_ARRAY(mem_ctx, *sids, DOM_SID,
+ (*num)+1);
+ else
+ *sids = SMB_REALLOC_ARRAY(*sids, DOM_SID, (*num)+1);
if (*sids == NULL)
return;
@@ -670,7 +688,8 @@ void add_sid_to_array(const DOM_SID *sid, DOM_SID **sids, int *num)
Add SID to an array SIDs ensuring that it is not already there
********************************************************************/
-void add_sid_to_array_unique(const DOM_SID *sid, DOM_SID **sids, int *num_sids)
+void add_sid_to_array_unique(TALLOC_CTX *mem_ctx, const DOM_SID *sid,
+ DOM_SID **sids, int *num_sids)
{
int i;
@@ -679,7 +698,7 @@ void add_sid_to_array_unique(const DOM_SID *sid, DOM_SID **sids, int *num_sids)
return;
}
- add_sid_to_array(sid, sids, num_sids);
+ add_sid_to_array(mem_ctx, sid, sids, num_sids);
}
/********************************************************************
diff --git a/source/lib/util_smbd.c b/source/lib/util_smbd.c
index 586362c1e4c..c6f6bc0a32a 100644
--- a/source/lib/util_smbd.c
+++ b/source/lib/util_smbd.c
@@ -73,10 +73,10 @@ BOOL getgroups_user(const char *user, gid_t primary_gid, gid_t **ret_groups, int
groups = NULL;
/* Add in primary group first */
- add_gid_to_array_unique(primary_gid, &groups, &ngrp);
+ add_gid_to_array_unique(NULL, primary_gid, &groups, &ngrp);
for (i=0; i<max_grp; i++)
- add_gid_to_array_unique(temp_groups[i], &groups, &ngrp);
+ add_gid_to_array_unique(NULL, temp_groups[i], &groups, &ngrp);
*ngroups = ngrp;
*ret_groups = groups;
diff --git a/source/nsswitch/winbindd_group.c b/source/nsswitch/winbindd_group.c
index c2371c48c58..b2a2a9b397e 100644
--- a/source/nsswitch/winbindd_group.c
+++ b/source/nsswitch/winbindd_group.c
@@ -920,6 +920,55 @@ enum winbindd_result winbindd_list_groups(struct winbindd_cli_state *state)
return WINBINDD_OK;
}
+static BOOL enum_alias_memberships(const DOM_SID *member_sid,
+ DOM_SID **aliases, int *num_aliases)
+{
+ TALLOC_CTX *mem_ctx = talloc_init("enum_alias_memberships");
+ DOM_SID builtin_sid;
+
+ uint32 *rids = NULL;
+ int i, num_rids = 0;
+
+ BOOL result = False;
+
+ if (mem_ctx == NULL)
+ return False;
+
+ *aliases = NULL;
+ *num_aliases = 0;
+
+ if (!pdb_enum_alias_memberships(mem_ctx, get_global_sam_sid(),
+ member_sid, 1, &rids, &num_rids))
+ goto done;
+
+ for (i=0; i<num_rids; i++) {
+ DOM_SID alias_sid;
+ sid_copy(&alias_sid, get_global_sam_sid());
+ sid_append_rid(&alias_sid, rids[i]);
+ add_sid_to_array(NULL, &alias_sid, aliases, num_aliases);
+ }
+
+ string_to_sid(&builtin_sid, "S-1-5-32");
+
+ if (!pdb_enum_alias_memberships(mem_ctx, &builtin_sid,
+ member_sid, 1, &rids, &num_rids))
+ goto done;
+
+ for (i=0; i<num_rids; i++) {
+ DOM_SID alias_sid;
+ sid_copy(&alias_sid, &builtin_sid);
+ sid_append_rid(&alias_sid, rids[i]);
+ add_sid_to_array(NULL, &alias_sid, aliases, num_aliases);
+ }
+
+ result = True;
+ done:
+ if (mem_ctx != NULL)
+ talloc_destroy(mem_ctx);
+
+ return result;
+}
+
static void add_local_gids_from_sid(DOM_SID *sid, gid_t **gids, int *num)
{
gid_t gid;
@@ -937,7 +986,7 @@ static void add_local_gids_from_sid(DOM_SID *sid, gid_t **gids, int *num)
/* Add nested group memberships */
- if (!pdb_enum_alias_memberships(sid, 1, &aliases, &num_aliases))
+ if (!enum_alias_memberships(sid, &aliases, &num_aliases))
return;
for (j=0; j<num_aliases; j++) {
@@ -953,7 +1002,7 @@ static void add_local_gids_from_sid(DOM_SID *sid, gid_t **gids, int *num)
continue;
}
- add_gid_to_array_unique(gid, gids, num);
+ add_gid_to_array_unique(NULL, gid, gids, num);
}
SAFE_FREE(aliases);
}
@@ -974,7 +1023,7 @@ static void add_gids_from_group_sid(DOM_SID *sid, gid_t **gids, int *num)
sid_string_static(sid)));
if (NT_STATUS_IS_OK(idmap_sid_to_gid(sid, &gid, 0)))
- add_gid_to_array_unique(gid, gids, num);
+ add_gid_to_array_unique(NULL, gid, gids, num);
add_local_gids_from_sid(sid, gids, num);
}
@@ -1170,7 +1219,7 @@ static void add_local_sids_from_sid(TALLOC_CTX *mem_ctx, const DOM_SID *sid,
DOM_SID *aliases = NULL;
int i, num_aliases = 0;
- if (!pdb_enum_alias_memberships(sid, 1, &aliases, &num_aliases))
+ if (!enum_alias_memberships(sid, &aliases, &num_aliases))
return;
if (num_aliases == 0)
diff --git a/source/passdb/pdb_interface.c b/source/passdb/pdb_interface.c
index 949ee83dcd7..e61cf332796 100644
--- a/source/passdb/pdb_interface.c
+++ b/source/passdb/pdb_interface.c
@@ -643,9 +643,12 @@ static NTSTATUS context_enum_aliasmem(struct pdb_context *context,
}
static NTSTATUS context_enum_alias_memberships(struct pdb_context *context,
- const DOM_SID *members,
+ TALLOC_CTX *mem_ctx,
+ const DOM_SID *domain_sid,
+ const DOM_SID const *members,
int num_members,
- DOM_SID **aliases, int *num)
+ uint32 **alias_rids,
+ int *num_alias_rids)
{
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
@@ -655,8 +658,9 @@ static NTSTATUS context_enum_alias_memberships(struct pdb_context *context,
}
return context->pdb_methods->
- enum_alias_memberships(context->pdb_methods, members,
- num_members, aliases, num);
+ enum_alias_memberships(context->pdb_methods, mem_ctx,
+ domain_sid, members, num_members,
+ alias_rids, num_alias_rids);
}
static NTSTATUS context_lookup_rids(struct pdb_context *context,
@@ -1273,8 +1277,9 @@ BOOL pdb_enum_aliasmem(const DOM_SID *alias,
members, num_members));
}
-BOOL pdb_enum_alias_memberships(const DOM_SID *members, int num_members,
- DOM_SID **aliases, int *num)
+BOOL pdb_enum_alias_memberships(TALLOC_CTX *mem_ctx, const DOM_SID *domain_sid,
+ const DOM_SID const *members, int num_members,
+ uint32 **alias_rids, int *num_alias_rids)
{
struct pdb_context *pdb_context = pdb_get_static_context(False);
@@ -1283,9 +1288,11 @@ BOOL pdb_enum_alias_memberships(const DOM_SID *members, int num_members,
}
return NT_STATUS_IS_OK(pdb_context->
- pdb_enum_alias_memberships(pdb_context, members,
- num_members,
- aliases, num));
+ pdb_enum_alias_memberships(pdb_context, mem_ctx,
+ domain_sid,
+ members, num_members,
+ alias_rids,
+ num_alias_rids));
}
NTSTATUS pdb_lookup_rids(TALLOC_CTX *mem_ctx,
diff --git a/source/passdb/pdb_ldap.c b/source/passdb/pdb_ldap.c
index 14c764f12fd..6597dc0fb23 100644
--- a/source/passdb/pdb_ldap.c
+++ b/source/passdb/pdb_ldap.c
@@ -2469,11 +2469,11 @@ static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods,
/* We need to add the primary group as the first gid/sid */
- add_gid_to_array_unique(primary_gid, gids, &num_gids);
+ add_gid_to_array_unique(NULL, primary_gid, gids, &num_gids);
/* This sid will be replaced later */
- add_sid_to_array_unique(&global_sid_NULL, sids, &num_sids);
+ add_sid_to_array_unique(NULL, &global_sid_NULL, sids, &num_sids);
for (entry = ldap_first_entry(conn->ldap_struct, msg);
entry != NULL;
@@ -2505,8 +2505,8 @@ static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods,
if (gid == primary_gid) {
sid_copy(&(*sids)[0], &sid);
} else {
- add_gid_to_array_unique(gid, gids, &num_gids);
- add_sid_to_array_unique(&sid, sids, &num_sids);
+ add_gid_to_array_unique(NULL, gid, gids, &num_gids);
+ add_sid_to_array_unique(NULL, &sid, sids, &num_sids);
}
}
@@ -3052,7 +3052,7 @@ static NTSTATUS ldapsam_enum_aliasmem(struct pdb_methods *methods,
if (!string_to_sid(&member, values[i]))
continue;
- add_sid_to_array(&member, members, num_members);
+ add_sid_to_array(NULL, &member, members, num_members);
}
ldap_value_free(values);
@@ -3062,9 +3062,12 @@ static NTSTATUS ldapsam_enum_aliasmem(struct pdb_methods *methods,
}
static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods,
+ TALLOC_CTX *mem_ctx,
+ const DOM_SID *domain_sid,
const DOM_SID *members,
int num_members,
- DOM_SID **aliases, int *num_aliases)
+ uint32 **alias_rids,
+ int *num_alias_rids)
{
struct ldapsam_privates *ldap_state =
(struct ldapsam_privates *)methods->private_data;
@@ -3077,12 +3080,6 @@ static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods,
int i;
int rc;
char *filter;
- TALLOC_CTX *mem_ctx;
-
- mem_ctx = talloc_init("ldapsam_alias_memberships");
-
- if (mem_ctx == NULL)
- return NT_STATUS_NO_MEMORY;
/* This query could be further optimized by adding a
(&(sambaSID=<domain-sid>*)) so that only those aliases that are
@@ -3107,9 +3104,6 @@ static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods,
if (rc != LDAP_SUCCESS)
return NT_STATUS_UNSUCCESSFUL;
- *aliases = NULL;
- *num_aliases = 0;
-
ldap_struct = ldap_state->smbldap_state->ldap_struct;
for (entry = ldap_first_entry(ldap_struct, result);
@@ -3118,6 +3112,7 @@ static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods,
{
fstring sid_str;
DOM_SID sid;
+ uint32 rid;
if (!smbldap_get_single_attribute(ldap_struct, entry,
LDAP_ATTRIBUTE_SID,
@@ -3128,7 +3123,11 @@ static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods,
if (!string_to_sid(&sid, sid_str))
continue;
- add_sid_to_array_unique(&sid, aliases, num_aliases);
+ if (!sid_peek_check_rid(domain_sid, &sid, &rid))
+ continue;
+
+ add_rid_to_array_unique(mem_ctx, rid, alias_rids,
+ num_alias_rids);
}
ldap_msgfree(result);
diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c
index 001da3f3ea7..7294a46d757 100644
--- a/source/rpc_server/srv_samr_nt.c
+++ b/source/rpc_server/srv_samr_nt.c
@@ -3230,8 +3230,8 @@ NTSTATUS _samr_set_userinfo2(pipes_struct *p, SAMR_Q_SET_USERINFO2 *q_u, SAMR_R_
NTSTATUS _samr_query_useraliases(pipes_struct *p, SAMR_Q_QUERY_USERALIASES *q_u, SAMR_R_QUERY_USERALIASES *r_u)
{
- int num_groups = 0;
- uint32 *rids=NULL;
+ int num_alias_rids;
+ uint32 *alias_rids;
struct samr_info *info = NULL;
int i;
@@ -3239,8 +3239,6 @@ NTSTATUS _samr_query_useraliases(pipes_struct *p, SAMR_Q_QUERY_USERALIASES *q_u,
NTSTATUS ntstatus2;
DOM_SID *members;
- DOM_SID *aliases;
- int num_aliases;
BOOL res;
r_u->status = NT_STATUS_OK;
@@ -3273,35 +3271,20 @@ NTSTATUS _samr_query_useraliases(pipes_struct *p, SAMR_Q_QUERY_USERALIASES *q_u,
for (i=0; i<q_u->num_sids1; i++)
sid_copy(&members[i], &q_u->sid[i].sid);
+ alias_rids = NULL;
+ num_alias_rids = 0;
+
become_root();
- res = pdb_enum_alias_memberships(members,
- q_u->num_sids1, &aliases,
- &num_aliases);
+ res = pdb_enum_alias_memberships(p->mem_ctx, &info->sid, members,
+ q_u->num_sids1,
+ &alias_rids, &num_alias_rids);
unbecome_root();
if (!res)
return NT_STATUS_UNSUCCESSFUL;
- rids = NULL;
- num_groups = 0;
-
- for (i=0; i<num_aliases; i++) {
- uint32 rid;
-
- if (!sid_peek_check_rid(&info->sid, &aliases[i], &rid))
- continue;
-
- rids = TALLOC_REALLOC_ARRAY(p->mem_ctx, rids, uint32, num_groups+1);
-
- if (rids == NULL)
- return NT_STATUS_NO_MEMORY;
-
- rids[num_groups] = rid;
- num_groups += 1;
- }
- SAFE_FREE(aliases);
-
- init_samr_r_query_useraliases(r_u, num_groups, rids, NT_STATUS_OK);
+ init_samr_r_query_useraliases(r_u, num_alias_rids, alias_rids,
+ NT_STATUS_OK);
return NT_STATUS_OK;
}
diff --git a/source/rpcclient/cmd_samr.c b/source/rpcclient/cmd_samr.c
index d3f89540502..f327004911e 100644
--- a/source/rpcclient/cmd_samr.c
+++ b/source/rpcclient/cmd_samr.c
@@ -568,25 +568,42 @@ static NTSTATUS cmd_samr_query_useraliases(struct cli_state *cli,
{
POLICY_HND connect_pol, domain_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- uint32 user_rid, num_aliases, *alias_rids;
+ DOM_SID *sids;
+ int num_sids;
+ uint32 num_aliases, *alias_rids;
uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
int i;
fstring server;
- DOM_SID tmp_sid;
- DOM_SID2 sid;
+ DOM_SID2 *sid2;
DOM_SID global_sid_Builtin;
string_to_sid(&global_sid_Builtin, "S-1-5-32");
- if ((argc < 3) || (argc > 4)) {
- printf("Usage: %s builtin|domain rid [access mask]\n", argv[0]);
- return NT_STATUS_OK;
+ if (argc < 3) {
+ printf("Usage: %s builtin|domain sid1 sid2 ...\n", argv[0]);
+ return NT_STATUS_INVALID_PARAMETER;
}
- sscanf(argv[2], "%i", &user_rid);
-
- if (argc > 3)
- sscanf(argv[3], "%x", &access_mask);
+ sids = NULL;
+ num_sids = 0;
+
+ for (i=2; i<argc; i++) {
+ DOM_SID tmp_sid;
+ if (!string_to_sid(&tmp_sid, argv[i])) {
+ printf("%s is not a legal SID\n", argv[i]);
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ add_sid_to_array(mem_ctx, &tmp_sid, &sids, &num_sids);
+ }
+
+ sid2 = TALLOC_ARRAY(mem_ctx, DOM_SID2, num_sids);
+ if (sid2 == NULL)
+ return NT_STATUS_NO_MEMORY;
+
+ for (i=0; i<num_sids; i++) {
+ sid_copy(&sid2[i].sid, &sids[i]);
+ sid2[i].num_auths = sid2[i].sid.num_auths;
+ }
slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
strupper_m(server);
@@ -604,18 +621,19 @@ static NTSTATUS cmd_samr_query_useraliases(struct cli_state *cli,
else if (StrCaseCmp(argv[1], "builtin")==0)
result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
access_mask,
- &global_sid_Builtin, &domain_pol);
- else
- return NT_STATUS_OK;
+ &global_sid_Builtin,
+ &domain_pol);
+ else {
+ printf("Usage: %s builtin|domain sid1 sid2 ...\n", argv[0]);
+ return NT_STATUS_INVALID_PARAMETER;
+ }
if (!NT_STATUS_IS_OK(result))
goto done;
- sid_copy(&tmp_sid, &domain_sid);
- sid_append_rid(&tmp_sid, user_rid);
- init_dom_sid2(&sid, &tmp_sid);
-
- result = cli_samr_query_useraliases(cli, mem_ctx, &domain_pol, 1, &sid, &num_aliases, &alias_rids);
+ result = cli_samr_query_useraliases(cli, mem_ctx, &domain_pol,
+ num_sids, sid2,
+ &num_aliases, &alias_rids);
if (!NT_STATUS_IS_OK(result))
goto done;
diff --git a/source/utils/net_groupmap.c b/source/utils/net_groupmap.c
index a63e8176f8a..b20a37c7267 100644
--- a/source/utils/net_groupmap.c
+++ b/source/utils/net_groupmap.c
@@ -693,12 +693,37 @@ static int net_groupmap_listmem(int argc, const char **argv)
return 0;
}
+static BOOL print_alias_memberships(TALLOC_CTX *mem_ctx,
+ const DOM_SID *domain_sid,
+ const DOM_SID *member)
+{
+ uint32 *alias_rids;
+ int i, num_alias_rids;
+
+ alias_rids = NULL;
+ num_alias_rids = 0;
+
+ if (!pdb_enum_alias_memberships(mem_ctx, domain_sid, member, 1,
+ &alias_rids, &num_alias_rids)) {
+ d_printf("Could not list memberships for sid %s\n",
+ sid_string_static(member));
+ return False;
+ }
+
+ for (i = 0; i < num_alias_rids; i++) {
+ DOM_SID alias;
+ sid_copy(&alias, domain_sid);
+ sid_append_rid(&alias, alias_rids[i]);
+ printf("%s\n", sid_string_static(&alias));
+ }
+
+ return True;
+}
+
static int net_groupmap_memberships(int argc, const char **argv)
{
- DOM_SID member;
- DOM_SID *aliases;
- int i, num;
- NTSTATUS result;
+ TALLOC_CTX *mem_ctx;
+ DOM_SID *domain_sid, *builtin_sid, member;
if ( (argc != 1) ||
!string_to_sid(&member, argv[0]) ) {
@@ -706,17 +731,24 @@ static int net_groupmap_memberships(int argc, const char **argv)
return -1;
}
- if (!pdb_enum_alias_memberships(&member, 1, &aliases, &num)) {
- d_printf("Could not list memberships for sid %s: %s\n",
- argv[0], nt_errstr(result));
+ mem_ctx = talloc_init("net_groupmap_memberships");
+ if (mem_ctx == NULL) {
+ d_printf("talloc_init failed\n");
return -1;
}
- for (i = 0; i < num; i++) {
- printf("%s\n", sid_string_static(&(aliases[i])));
+ domain_sid = get_global_sam_sid();
+ builtin_sid = string_sid_talloc(mem_ctx, "S-1-5-32");
+ if ((domain_sid == NULL) || (builtin_sid == NULL)) {
+ d_printf("Could not get domain sid\n");
+ return -1;
}
- SAFE_FREE(aliases);
+ if (!print_alias_memberships(mem_ctx, domain_sid, &member) ||
+ !print_alias_memberships(mem_ctx, builtin_sid, &member))
+ return -1;
+
+ talloc_destroy(mem_ctx);
return 0;
}