diff options
-rw-r--r-- | source/groupdb/mapping.c | 41 | ||||
-rw-r--r-- | source/include/passdb.h | 15 | ||||
-rw-r--r-- | source/lib/privileges.c | 2 | ||||
-rw-r--r-- | source/lib/system_smbd.c | 4 | ||||
-rw-r--r-- | source/lib/util.c | 10 | ||||
-rw-r--r-- | source/lib/util_sid.c | 27 | ||||
-rw-r--r-- | source/lib/util_smbd.c | 4 | ||||
-rw-r--r-- | source/nsswitch/winbindd_group.c | 57 | ||||
-rw-r--r-- | source/passdb/pdb_interface.c | 25 | ||||
-rw-r--r-- | source/passdb/pdb_ldap.c | 31 | ||||
-rw-r--r-- | source/rpc_server/srv_samr_nt.c | 37 | ||||
-rw-r--r-- | source/rpcclient/cmd_samr.c | 54 | ||||
-rw-r--r-- | source/utils/net_groupmap.c | 52 |
13 files changed, 253 insertions, 106 deletions
diff --git a/source/groupdb/mapping.c b/source/groupdb/mapping.c index 5613240a121..83ba575759e 100644 --- a/source/groupdb/mapping.c +++ b/source/groupdb/mapping.c @@ -518,7 +518,7 @@ static NTSTATUS one_alias_membership(const DOM_SID *member, if (!string_to_sid(&alias, string_sid)) continue; - add_sid_to_array_unique(&alias, sids, num); + add_sid_to_array_unique(NULL, &alias, sids, num); if (sids == NULL) return NT_STATUS_NO_MEMORY; @@ -665,7 +665,7 @@ static int collect_aliasmem(TDB_CONTEXT *tdb_ctx, TDB_DATA key, TDB_DATA data, if (!string_to_sid(&member, member_string)) continue; - add_sid_to_array(&member, closure->sids, closure->num); + add_sid_to_array(NULL, &member, closure->sids, closure->num); } return 0; @@ -1348,11 +1348,42 @@ NTSTATUS pdb_default_enum_aliasmem(struct pdb_methods *methods, } NTSTATUS pdb_default_alias_memberships(struct pdb_methods *methods, - const DOM_SID *members, + TALLOC_CTX *mem_ctx, + const DOM_SID *domain_sid, + const DOM_SID const *members, int num_members, - DOM_SID **aliases, int *num) + uint32 **alias_rids, + int *num_alias_rids) { - return alias_memberships(members, num_members, aliases, num); + DOM_SID *alias_sids; + int i, num_alias_sids; + NTSTATUS result; + + alias_sids = NULL; + num_alias_sids = 0; + + result = alias_memberships(members, num_members, + &alias_sids, &num_alias_sids); + + if (!NT_STATUS_IS_OK(result)) + return result; + + *alias_rids = TALLOC_ARRAY(mem_ctx, uint32, num_alias_sids); + if ((alias_sids != 0) && (*alias_rids == NULL)) + return NT_STATUS_NO_MEMORY; + + *num_alias_rids = 0; + + for (i=0; i<num_alias_sids; i++) { + if (!sid_peek_check_rid(domain_sid, &alias_sids[i], + &(*alias_rids)[*num_alias_rids])) + continue; + *num_alias_rids += 1; + } + + SAFE_FREE(alias_sids); + + return NT_STATUS_OK; } /********************************************************************** diff --git a/source/include/passdb.h b/source/include/passdb.h index ca65a4e5e88..f711eaf578d 100644 --- a/source/include/passdb.h +++ b/source/include/passdb.h @@ -337,10 +337,12 @@ typedef struct pdb_context DOM_SID **members, int *num_members); NTSTATUS (*pdb_enum_alias_memberships)(struct pdb_context *context, - const DOM_SID *members, + TALLOC_CTX *mem_ctx, + const DOM_SID *domain_sid, + const DOM_SID const *members, int num_members, - DOM_SID **aliases, - int *num_aliases); + uint32 **alias_rids, + int *num_alias_rids); NTSTATUS (*pdb_lookup_rids)(struct pdb_context *context, TALLOC_CTX *mem_ctx, @@ -445,9 +447,12 @@ typedef struct pdb_methods const DOM_SID *alias, DOM_SID **members, int *num_members); NTSTATUS (*enum_alias_memberships)(struct pdb_methods *methods, - const DOM_SID *members, + TALLOC_CTX *mem_ctx, + const DOM_SID *domain_sid, + const DOM_SID const *members, int num_members, - DOM_SID **aliases, int *num); + uint32 **alias_rids, + int *num_alias_rids); NTSTATUS (*lookup_rids)(struct pdb_methods *methods, TALLOC_CTX *mem_ctx, const DOM_SID *domain_sid, diff --git a/source/lib/privileges.c b/source/lib/privileges.c index b60832c8d8b..e01561de06f 100644 --- a/source/lib/privileges.c +++ b/source/lib/privileges.c @@ -497,7 +497,7 @@ static int priv_traverse_fn(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void *s return 0; } - add_sid_to_array( &sid, &priv->sids.list, &priv->sids.count ); + add_sid_to_array( NULL, &sid, &priv->sids.list, &priv->sids.count ); return 0; } diff --git a/source/lib/system_smbd.c b/source/lib/system_smbd.c index c83eecf1733..f124983006d 100644 --- a/source/lib/system_smbd.c +++ b/source/lib/system_smbd.c @@ -178,10 +178,10 @@ BOOL getgroups_user(const char *user, gid_t primary_gid, groups = NULL; /* Add in primary group first */ - add_gid_to_array_unique(primary_gid, &groups, &ngrp); + add_gid_to_array_unique(NULL, primary_gid, &groups, &ngrp); for (i=0; i<max_grp; i++) - add_gid_to_array_unique(temp_groups[i], &groups, &ngrp); + add_gid_to_array_unique(NULL, temp_groups[i], &groups, &ngrp); *ngroups = ngrp; *ret_groups = groups; diff --git a/source/lib/util.c b/source/lib/util.c index 8f6a3819442..d945bca5a73 100644 --- a/source/lib/util.c +++ b/source/lib/util.c @@ -277,7 +277,8 @@ const char *tmpdir(void) Add a gid to an array of gids if it's not already there. ****************************************************************************/ -void add_gid_to_array_unique(gid_t gid, gid_t **gids, int *num) +void add_gid_to_array_unique(TALLOC_CTX *mem_ctx, gid_t gid, + gid_t **gids, int *num) { int i; @@ -285,8 +286,11 @@ void add_gid_to_array_unique(gid_t gid, gid_t **gids, int *num) if ((*gids)[i] == gid) return; } - - *gids = SMB_REALLOC_ARRAY(*gids, gid_t, *num+1); + + if (mem_ctx != NULL) + *gids = TALLOC_REALLOC_ARRAY(mem_ctx, *gids, gid_t, *num+1); + else + *gids = SMB_REALLOC_ARRAY(*gids, gid_t, *num+1); if (*gids == NULL) return; diff --git a/source/lib/util_sid.c b/source/lib/util_sid.c index 0ba774e184d..00fb40cd733 100644 --- a/source/lib/util_sid.c +++ b/source/lib/util_sid.c @@ -351,6 +351,19 @@ BOOL string_to_sid(DOM_SID *sidout, const char *sidstr) return True; } +DOM_SID *string_sid_talloc(TALLOC_CTX *mem_ctx, const char *sidstr) +{ + DOM_SID *result = TALLOC_P(mem_ctx, DOM_SID); + + if (result == NULL) + return NULL; + + if (!string_to_sid(result, sidstr)) + return NULL; + + return result; +} + /***************************************************************** Add a rid to the end of a sid *****************************************************************/ @@ -652,9 +665,14 @@ DOM_SID *sid_dup_talloc(TALLOC_CTX *ctx, const DOM_SID *src) Add SID to an array SIDs ********************************************************************/ -void add_sid_to_array(const DOM_SID *sid, DOM_SID **sids, int *num) +void add_sid_to_array(TALLOC_CTX *mem_ctx, const DOM_SID *sid, + DOM_SID **sids, int *num) { - *sids = SMB_REALLOC_ARRAY(*sids, DOM_SID, (*num)+1); + if (mem_ctx != NULL) + *sids = TALLOC_REALLOC_ARRAY(mem_ctx, *sids, DOM_SID, + (*num)+1); + else + *sids = SMB_REALLOC_ARRAY(*sids, DOM_SID, (*num)+1); if (*sids == NULL) return; @@ -670,7 +688,8 @@ void add_sid_to_array(const DOM_SID *sid, DOM_SID **sids, int *num) Add SID to an array SIDs ensuring that it is not already there ********************************************************************/ -void add_sid_to_array_unique(const DOM_SID *sid, DOM_SID **sids, int *num_sids) +void add_sid_to_array_unique(TALLOC_CTX *mem_ctx, const DOM_SID *sid, + DOM_SID **sids, int *num_sids) { int i; @@ -679,7 +698,7 @@ void add_sid_to_array_unique(const DOM_SID *sid, DOM_SID **sids, int *num_sids) return; } - add_sid_to_array(sid, sids, num_sids); + add_sid_to_array(mem_ctx, sid, sids, num_sids); } /******************************************************************** diff --git a/source/lib/util_smbd.c b/source/lib/util_smbd.c index 586362c1e4c..c6f6bc0a32a 100644 --- a/source/lib/util_smbd.c +++ b/source/lib/util_smbd.c @@ -73,10 +73,10 @@ BOOL getgroups_user(const char *user, gid_t primary_gid, gid_t **ret_groups, int groups = NULL; /* Add in primary group first */ - add_gid_to_array_unique(primary_gid, &groups, &ngrp); + add_gid_to_array_unique(NULL, primary_gid, &groups, &ngrp); for (i=0; i<max_grp; i++) - add_gid_to_array_unique(temp_groups[i], &groups, &ngrp); + add_gid_to_array_unique(NULL, temp_groups[i], &groups, &ngrp); *ngroups = ngrp; *ret_groups = groups; diff --git a/source/nsswitch/winbindd_group.c b/source/nsswitch/winbindd_group.c index c2371c48c58..b2a2a9b397e 100644 --- a/source/nsswitch/winbindd_group.c +++ b/source/nsswitch/winbindd_group.c @@ -920,6 +920,55 @@ enum winbindd_result winbindd_list_groups(struct winbindd_cli_state *state) return WINBINDD_OK; } +static BOOL enum_alias_memberships(const DOM_SID *member_sid, + DOM_SID **aliases, int *num_aliases) +{ + TALLOC_CTX *mem_ctx = talloc_init("enum_alias_memberships"); + DOM_SID builtin_sid; + + uint32 *rids = NULL; + int i, num_rids = 0; + + BOOL result = False; + + if (mem_ctx == NULL) + return False; + + *aliases = NULL; + *num_aliases = 0; + + if (!pdb_enum_alias_memberships(mem_ctx, get_global_sam_sid(), + member_sid, 1, &rids, &num_rids)) + goto done; + + for (i=0; i<num_rids; i++) { + DOM_SID alias_sid; + sid_copy(&alias_sid, get_global_sam_sid()); + sid_append_rid(&alias_sid, rids[i]); + add_sid_to_array(NULL, &alias_sid, aliases, num_aliases); + } + + string_to_sid(&builtin_sid, "S-1-5-32"); + + if (!pdb_enum_alias_memberships(mem_ctx, &builtin_sid, + member_sid, 1, &rids, &num_rids)) + goto done; + + for (i=0; i<num_rids; i++) { + DOM_SID alias_sid; + sid_copy(&alias_sid, &builtin_sid); + sid_append_rid(&alias_sid, rids[i]); + add_sid_to_array(NULL, &alias_sid, aliases, num_aliases); + } + + result = True; + done: + if (mem_ctx != NULL) + talloc_destroy(mem_ctx); + + return result; +} + static void add_local_gids_from_sid(DOM_SID *sid, gid_t **gids, int *num) { gid_t gid; @@ -937,7 +986,7 @@ static void add_local_gids_from_sid(DOM_SID *sid, gid_t **gids, int *num) /* Add nested group memberships */ - if (!pdb_enum_alias_memberships(sid, 1, &aliases, &num_aliases)) + if (!enum_alias_memberships(sid, &aliases, &num_aliases)) return; for (j=0; j<num_aliases; j++) { @@ -953,7 +1002,7 @@ static void add_local_gids_from_sid(DOM_SID *sid, gid_t **gids, int *num) continue; } - add_gid_to_array_unique(gid, gids, num); + add_gid_to_array_unique(NULL, gid, gids, num); } SAFE_FREE(aliases); } @@ -974,7 +1023,7 @@ static void add_gids_from_group_sid(DOM_SID *sid, gid_t **gids, int *num) sid_string_static(sid))); if (NT_STATUS_IS_OK(idmap_sid_to_gid(sid, &gid, 0))) - add_gid_to_array_unique(gid, gids, num); + add_gid_to_array_unique(NULL, gid, gids, num); add_local_gids_from_sid(sid, gids, num); } @@ -1170,7 +1219,7 @@ static void add_local_sids_from_sid(TALLOC_CTX *mem_ctx, const DOM_SID *sid, DOM_SID *aliases = NULL; int i, num_aliases = 0; - if (!pdb_enum_alias_memberships(sid, 1, &aliases, &num_aliases)) + if (!enum_alias_memberships(sid, &aliases, &num_aliases)) return; if (num_aliases == 0) diff --git a/source/passdb/pdb_interface.c b/source/passdb/pdb_interface.c index 949ee83dcd7..e61cf332796 100644 --- a/source/passdb/pdb_interface.c +++ b/source/passdb/pdb_interface.c @@ -643,9 +643,12 @@ static NTSTATUS context_enum_aliasmem(struct pdb_context *context, } static NTSTATUS context_enum_alias_memberships(struct pdb_context *context, - const DOM_SID *members, + TALLOC_CTX *mem_ctx, + const DOM_SID *domain_sid, + const DOM_SID const *members, int num_members, - DOM_SID **aliases, int *num) + uint32 **alias_rids, + int *num_alias_rids) { NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; @@ -655,8 +658,9 @@ static NTSTATUS context_enum_alias_memberships(struct pdb_context *context, } return context->pdb_methods-> - enum_alias_memberships(context->pdb_methods, members, - num_members, aliases, num); + enum_alias_memberships(context->pdb_methods, mem_ctx, + domain_sid, members, num_members, + alias_rids, num_alias_rids); } static NTSTATUS context_lookup_rids(struct pdb_context *context, @@ -1273,8 +1277,9 @@ BOOL pdb_enum_aliasmem(const DOM_SID *alias, members, num_members)); } -BOOL pdb_enum_alias_memberships(const DOM_SID *members, int num_members, - DOM_SID **aliases, int *num) +BOOL pdb_enum_alias_memberships(TALLOC_CTX *mem_ctx, const DOM_SID *domain_sid, + const DOM_SID const *members, int num_members, + uint32 **alias_rids, int *num_alias_rids) { struct pdb_context *pdb_context = pdb_get_static_context(False); @@ -1283,9 +1288,11 @@ BOOL pdb_enum_alias_memberships(const DOM_SID *members, int num_members, } return NT_STATUS_IS_OK(pdb_context-> - pdb_enum_alias_memberships(pdb_context, members, - num_members, - aliases, num)); + pdb_enum_alias_memberships(pdb_context, mem_ctx, + domain_sid, + members, num_members, + alias_rids, + num_alias_rids)); } NTSTATUS pdb_lookup_rids(TALLOC_CTX *mem_ctx, diff --git a/source/passdb/pdb_ldap.c b/source/passdb/pdb_ldap.c index 14c764f12fd..6597dc0fb23 100644 --- a/source/passdb/pdb_ldap.c +++ b/source/passdb/pdb_ldap.c @@ -2469,11 +2469,11 @@ static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods, /* We need to add the primary group as the first gid/sid */ - add_gid_to_array_unique(primary_gid, gids, &num_gids); + add_gid_to_array_unique(NULL, primary_gid, gids, &num_gids); /* This sid will be replaced later */ - add_sid_to_array_unique(&global_sid_NULL, sids, &num_sids); + add_sid_to_array_unique(NULL, &global_sid_NULL, sids, &num_sids); for (entry = ldap_first_entry(conn->ldap_struct, msg); entry != NULL; @@ -2505,8 +2505,8 @@ static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods, if (gid == primary_gid) { sid_copy(&(*sids)[0], &sid); } else { - add_gid_to_array_unique(gid, gids, &num_gids); - add_sid_to_array_unique(&sid, sids, &num_sids); + add_gid_to_array_unique(NULL, gid, gids, &num_gids); + add_sid_to_array_unique(NULL, &sid, sids, &num_sids); } } @@ -3052,7 +3052,7 @@ static NTSTATUS ldapsam_enum_aliasmem(struct pdb_methods *methods, if (!string_to_sid(&member, values[i])) continue; - add_sid_to_array(&member, members, num_members); + add_sid_to_array(NULL, &member, members, num_members); } ldap_value_free(values); @@ -3062,9 +3062,12 @@ static NTSTATUS ldapsam_enum_aliasmem(struct pdb_methods *methods, } static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods, + TALLOC_CTX *mem_ctx, + const DOM_SID *domain_sid, const DOM_SID *members, int num_members, - DOM_SID **aliases, int *num_aliases) + uint32 **alias_rids, + int *num_alias_rids) { struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)methods->private_data; @@ -3077,12 +3080,6 @@ static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods, int i; int rc; char *filter; - TALLOC_CTX *mem_ctx; - - mem_ctx = talloc_init("ldapsam_alias_memberships"); - - if (mem_ctx == NULL) - return NT_STATUS_NO_MEMORY; /* This query could be further optimized by adding a (&(sambaSID=<domain-sid>*)) so that only those aliases that are @@ -3107,9 +3104,6 @@ static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods, if (rc != LDAP_SUCCESS) return NT_STATUS_UNSUCCESSFUL; - *aliases = NULL; - *num_aliases = 0; - ldap_struct = ldap_state->smbldap_state->ldap_struct; for (entry = ldap_first_entry(ldap_struct, result); @@ -3118,6 +3112,7 @@ static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods, { fstring sid_str; DOM_SID sid; + uint32 rid; if (!smbldap_get_single_attribute(ldap_struct, entry, LDAP_ATTRIBUTE_SID, @@ -3128,7 +3123,11 @@ static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods, if (!string_to_sid(&sid, sid_str)) continue; - add_sid_to_array_unique(&sid, aliases, num_aliases); + if (!sid_peek_check_rid(domain_sid, &sid, &rid)) + continue; + + add_rid_to_array_unique(mem_ctx, rid, alias_rids, + num_alias_rids); } ldap_msgfree(result); diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c index 001da3f3ea7..7294a46d757 100644 --- a/source/rpc_server/srv_samr_nt.c +++ b/source/rpc_server/srv_samr_nt.c @@ -3230,8 +3230,8 @@ NTSTATUS _samr_set_userinfo2(pipes_struct *p, SAMR_Q_SET_USERINFO2 *q_u, SAMR_R_ NTSTATUS _samr_query_useraliases(pipes_struct *p, SAMR_Q_QUERY_USERALIASES *q_u, SAMR_R_QUERY_USERALIASES *r_u) { - int num_groups = 0; - uint32 *rids=NULL; + int num_alias_rids; + uint32 *alias_rids; struct samr_info *info = NULL; int i; @@ -3239,8 +3239,6 @@ NTSTATUS _samr_query_useraliases(pipes_struct *p, SAMR_Q_QUERY_USERALIASES *q_u, NTSTATUS ntstatus2; DOM_SID *members; - DOM_SID *aliases; - int num_aliases; BOOL res; r_u->status = NT_STATUS_OK; @@ -3273,35 +3271,20 @@ NTSTATUS _samr_query_useraliases(pipes_struct *p, SAMR_Q_QUERY_USERALIASES *q_u, for (i=0; i<q_u->num_sids1; i++) sid_copy(&members[i], &q_u->sid[i].sid); + alias_rids = NULL; + num_alias_rids = 0; + become_root(); - res = pdb_enum_alias_memberships(members, - q_u->num_sids1, &aliases, - &num_aliases); + res = pdb_enum_alias_memberships(p->mem_ctx, &info->sid, members, + q_u->num_sids1, + &alias_rids, &num_alias_rids); unbecome_root(); if (!res) return NT_STATUS_UNSUCCESSFUL; - rids = NULL; - num_groups = 0; - - for (i=0; i<num_aliases; i++) { - uint32 rid; - - if (!sid_peek_check_rid(&info->sid, &aliases[i], &rid)) - continue; - - rids = TALLOC_REALLOC_ARRAY(p->mem_ctx, rids, uint32, num_groups+1); - - if (rids == NULL) - return NT_STATUS_NO_MEMORY; - - rids[num_groups] = rid; - num_groups += 1; - } - SAFE_FREE(aliases); - - init_samr_r_query_useraliases(r_u, num_groups, rids, NT_STATUS_OK); + init_samr_r_query_useraliases(r_u, num_alias_rids, alias_rids, + NT_STATUS_OK); return NT_STATUS_OK; } diff --git a/source/rpcclient/cmd_samr.c b/source/rpcclient/cmd_samr.c index d3f89540502..f327004911e 100644 --- a/source/rpcclient/cmd_samr.c +++ b/source/rpcclient/cmd_samr.c @@ -568,25 +568,42 @@ static NTSTATUS cmd_samr_query_useraliases(struct cli_state *cli, { POLICY_HND connect_pol, domain_pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - uint32 user_rid, num_aliases, *alias_rids; + DOM_SID *sids; + int num_sids; + uint32 num_aliases, *alias_rids; uint32 access_mask = MAXIMUM_ALLOWED_ACCESS; int i; fstring server; - DOM_SID tmp_sid; - DOM_SID2 sid; + DOM_SID2 *sid2; DOM_SID global_sid_Builtin; string_to_sid(&global_sid_Builtin, "S-1-5-32"); - if ((argc < 3) || (argc > 4)) { - printf("Usage: %s builtin|domain rid [access mask]\n", argv[0]); - return NT_STATUS_OK; + if (argc < 3) { + printf("Usage: %s builtin|domain sid1 sid2 ...\n", argv[0]); + return NT_STATUS_INVALID_PARAMETER; } - sscanf(argv[2], "%i", &user_rid); - - if (argc > 3) - sscanf(argv[3], "%x", &access_mask); + sids = NULL; + num_sids = 0; + + for (i=2; i<argc; i++) { + DOM_SID tmp_sid; + if (!string_to_sid(&tmp_sid, argv[i])) { + printf("%s is not a legal SID\n", argv[i]); + return NT_STATUS_INVALID_PARAMETER; + } + add_sid_to_array(mem_ctx, &tmp_sid, &sids, &num_sids); + } + + sid2 = TALLOC_ARRAY(mem_ctx, DOM_SID2, num_sids); + if (sid2 == NULL) + return NT_STATUS_NO_MEMORY; + + for (i=0; i<num_sids; i++) { + sid_copy(&sid2[i].sid, &sids[i]); + sid2[i].num_auths = sid2[i].sid.num_auths; + } slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->desthost); strupper_m(server); @@ -604,18 +621,19 @@ static NTSTATUS cmd_samr_query_useraliases(struct cli_state *cli, else if (StrCaseCmp(argv[1], "builtin")==0) result = cli_samr_open_domain(cli, mem_ctx, &connect_pol, access_mask, - &global_sid_Builtin, &domain_pol); - else - return NT_STATUS_OK; + &global_sid_Builtin, + &domain_pol); + else { + printf("Usage: %s builtin|domain sid1 sid2 ...\n", argv[0]); + return NT_STATUS_INVALID_PARAMETER; + } if (!NT_STATUS_IS_OK(result)) goto done; - sid_copy(&tmp_sid, &domain_sid); - sid_append_rid(&tmp_sid, user_rid); - init_dom_sid2(&sid, &tmp_sid); - - result = cli_samr_query_useraliases(cli, mem_ctx, &domain_pol, 1, &sid, &num_aliases, &alias_rids); + result = cli_samr_query_useraliases(cli, mem_ctx, &domain_pol, + num_sids, sid2, + &num_aliases, &alias_rids); if (!NT_STATUS_IS_OK(result)) goto done; diff --git a/source/utils/net_groupmap.c b/source/utils/net_groupmap.c index a63e8176f8a..b20a37c7267 100644 --- a/source/utils/net_groupmap.c +++ b/source/utils/net_groupmap.c @@ -693,12 +693,37 @@ static int net_groupmap_listmem(int argc, const char **argv) return 0; } +static BOOL print_alias_memberships(TALLOC_CTX *mem_ctx, + const DOM_SID *domain_sid, + const DOM_SID *member) +{ + uint32 *alias_rids; + int i, num_alias_rids; + + alias_rids = NULL; + num_alias_rids = 0; + + if (!pdb_enum_alias_memberships(mem_ctx, domain_sid, member, 1, + &alias_rids, &num_alias_rids)) { + d_printf("Could not list memberships for sid %s\n", + sid_string_static(member)); + return False; + } + + for (i = 0; i < num_alias_rids; i++) { + DOM_SID alias; + sid_copy(&alias, domain_sid); + sid_append_rid(&alias, alias_rids[i]); + printf("%s\n", sid_string_static(&alias)); + } + + return True; +} + static int net_groupmap_memberships(int argc, const char **argv) { - DOM_SID member; - DOM_SID *aliases; - int i, num; - NTSTATUS result; + TALLOC_CTX *mem_ctx; + DOM_SID *domain_sid, *builtin_sid, member; if ( (argc != 1) || !string_to_sid(&member, argv[0]) ) { @@ -706,17 +731,24 @@ static int net_groupmap_memberships(int argc, const char **argv) return -1; } - if (!pdb_enum_alias_memberships(&member, 1, &aliases, &num)) { - d_printf("Could not list memberships for sid %s: %s\n", - argv[0], nt_errstr(result)); + mem_ctx = talloc_init("net_groupmap_memberships"); + if (mem_ctx == NULL) { + d_printf("talloc_init failed\n"); return -1; } - for (i = 0; i < num; i++) { - printf("%s\n", sid_string_static(&(aliases[i]))); + domain_sid = get_global_sam_sid(); + builtin_sid = string_sid_talloc(mem_ctx, "S-1-5-32"); + if ((domain_sid == NULL) || (builtin_sid == NULL)) { + d_printf("Could not get domain sid\n"); + return -1; } - SAFE_FREE(aliases); + if (!print_alias_memberships(mem_ctx, domain_sid, &member) || + !print_alias_memberships(mem_ctx, builtin_sid, &member)) + return -1; + + talloc_destroy(mem_ctx); return 0; } |