Lines 3581-3611
static NTSTATUS dcesrv_samr_GetGroupsForUser(struct dcesrv_call_state *dce_call,
|
Link Here
|
---|
|
3581 |
struct dcesrv_handle *h; |
3581 |
struct dcesrv_handle *h; |
3582 |
struct samr_account_state *a_state; |
3582 |
struct samr_account_state *a_state; |
3583 |
struct samr_domain_state *d_state; |
3583 |
struct samr_domain_state *d_state; |
3584 |
struct ldb_message **res; |
3584 |
struct ldb_result *res, *res_memberof; |
3585 |
const char * const attrs[2] = { "objectSid", NULL }; |
3585 |
const char * const attrs[] = { "primaryGroupID", |
|
|
3586 |
"memberOf", |
3587 |
NULL }; |
3588 |
const char * const group_attrs[] = { "objectSid", |
3589 |
NULL }; |
3590 |
|
3586 |
struct samr_RidWithAttributeArray *array; |
3591 |
struct samr_RidWithAttributeArray *array; |
3587 |
int i, count; |
3592 |
struct ldb_message_element *memberof_el; |
3588 |
char membersidstr[DOM_SID_STR_BUFLEN]; |
3593 |
int i, ret, count = 0; |
|
|
3594 |
uint32_t primary_group_id; |
3595 |
char *filter; |
3589 |
|
3596 |
|
3590 |
DCESRV_PULL_HANDLE(h, r->in.user_handle, SAMR_HANDLE_USER); |
3597 |
DCESRV_PULL_HANDLE(h, r->in.user_handle, SAMR_HANDLE_USER); |
3591 |
|
3598 |
|
3592 |
a_state = h->data; |
3599 |
a_state = h->data; |
3593 |
d_state = a_state->domain_state; |
3600 |
d_state = a_state->domain_state; |
3594 |
|
3601 |
|
3595 |
dom_sid_string_buf(a_state->account_sid, |
3602 |
ret = dsdb_search_dn(a_state->sam_ctx, mem_ctx, |
3596 |
membersidstr, sizeof(membersidstr)), |
3603 |
&res, |
3597 |
|
3604 |
a_state->account_dn, |
3598 |
count = samdb_search_domain(a_state->sam_ctx, mem_ctx, |
3605 |
attrs, DSDB_SEARCH_SHOW_EXTENDED_DN); |
3599 |
d_state->domain_dn, &res, |
3606 |
|
3600 |
attrs, d_state->domain_sid, |
3607 |
if (ret == LDB_ERR_NO_SUCH_OBJECT) { |
3601 |
"(&(member=<SID=%s>)" |
3608 |
return NT_STATUS_NO_SUCH_USER; |
3602 |
"(|(grouptype=%d)(grouptype=%d))" |
3609 |
} else if (ret != LDB_SUCCESS) { |
3603 |
"(objectclass=group))", |
|
|
3604 |
membersidstr, |
3605 |
GTYPE_SECURITY_UNIVERSAL_GROUP, |
3606 |
GTYPE_SECURITY_GLOBAL_GROUP); |
3607 |
if (count < 0) |
3608 |
return NT_STATUS_INTERNAL_DB_CORRUPTION; |
3610 |
return NT_STATUS_INTERNAL_DB_CORRUPTION; |
|
|
3611 |
} else if (res->count != 1) { |
3612 |
return NT_STATUS_NO_SUCH_USER; |
3613 |
} |
3614 |
|
3615 |
primary_group_id = ldb_msg_find_attr_as_uint(res->msgs[0], "primaryGroupID", |
3616 |
0); |
3617 |
|
3618 |
filter = talloc_asprintf(mem_ctx, |
3619 |
"(&(|(grouptype=%d)(grouptype=%d))" |
3620 |
"(objectclass=group)(|", |
3621 |
GTYPE_SECURITY_UNIVERSAL_GROUP, |
3622 |
GTYPE_SECURITY_GLOBAL_GROUP); |
3623 |
if (filter == NULL) { |
3624 |
return NT_STATUS_NO_MEMORY; |
3625 |
} |
3626 |
|
3627 |
memberof_el = ldb_msg_find_element(res->msgs[0], "memberOf"); |
3628 |
if (memberof_el != NULL) { |
3629 |
for (i = 0; i < memberof_el->num_values; i++) { |
3630 |
const struct ldb_val *memberof_sid_binary; |
3631 |
char *memberof_sid_escaped; |
3632 |
struct ldb_dn *memberof_dn |
3633 |
= ldb_dn_from_ldb_val(mem_ctx, |
3634 |
a_state->sam_ctx, |
3635 |
&memberof_el->values[i]); |
3636 |
if (memberof_dn == NULL) { |
3637 |
return NT_STATUS_INTERNAL_DB_CORRUPTION; |
3638 |
} |
3639 |
|
3640 |
memberof_sid_binary |
3641 |
= ldb_dn_get_extended_component(memberof_dn, |
3642 |
"SID"); |
3643 |
if (memberof_sid_binary == NULL) { |
3644 |
return NT_STATUS_INTERNAL_DB_CORRUPTION; |
3645 |
} |
3646 |
|
3647 |
memberof_sid_escaped = ldb_binary_encode(mem_ctx, |
3648 |
*memberof_sid_binary); |
3649 |
if (memberof_sid_escaped == NULL) { |
3650 |
return NT_STATUS_NO_MEMORY; |
3651 |
} |
3652 |
filter = talloc_asprintf_append(filter, "(objectSID=%s)", |
3653 |
memberof_sid_escaped); |
3654 |
if (filter == NULL) { |
3655 |
return NT_STATUS_NO_MEMORY; |
3656 |
} |
3657 |
} |
3658 |
|
3659 |
ret = dsdb_search(a_state->sam_ctx, mem_ctx, |
3660 |
&res_memberof, |
3661 |
d_state->domain_dn, |
3662 |
LDB_SCOPE_SUBTREE, |
3663 |
group_attrs, 0, |
3664 |
"%s))", filter); |
3665 |
|
3666 |
if (ret != LDB_SUCCESS) { |
3667 |
return NT_STATUS_INTERNAL_DB_CORRUPTION; |
3668 |
} |
3669 |
count = res_memberof->count; |
3670 |
} |
3609 |
|
3671 |
|
3610 |
array = talloc(mem_ctx, struct samr_RidWithAttributeArray); |
3672 |
array = talloc(mem_ctx, struct samr_RidWithAttributeArray); |
3611 |
if (array == NULL) |
3673 |
if (array == NULL) |
Lines 3615-3637
static NTSTATUS dcesrv_samr_GetGroupsForUser(struct dcesrv_call_state *dce_call,
|
Link Here
|
---|
|
3615 |
array->rids = NULL; |
3677 |
array->rids = NULL; |
3616 |
|
3678 |
|
3617 |
array->rids = talloc_array(mem_ctx, struct samr_RidWithAttribute, |
3679 |
array->rids = talloc_array(mem_ctx, struct samr_RidWithAttribute, |
3618 |
count + 1); |
3680 |
count + 1); |
3619 |
if (array->rids == NULL) |
3681 |
if (array->rids == NULL) |
3620 |
return NT_STATUS_NO_MEMORY; |
3682 |
return NT_STATUS_NO_MEMORY; |
3621 |
|
3683 |
|
3622 |
/* Adds the primary group */ |
3684 |
/* Adds the primary group */ |
3623 |
array->rids[0].rid = samdb_search_uint(a_state->sam_ctx, mem_ctx, |
3685 |
|
3624 |
~0, a_state->account_dn, |
3686 |
array->rids[0].rid = primary_group_id; |
3625 |
"primaryGroupID", NULL); |
|
|
3626 |
array->rids[0].attributes = SE_GROUP_MANDATORY |
3687 |
array->rids[0].attributes = SE_GROUP_MANDATORY |
3627 |
| SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; |
3688 |
| SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; |
3628 |
array->count += 1; |
3689 |
array->count += 1; |
3629 |
|
3690 |
|
3630 |
/* Adds the additional groups */ |
3691 |
/* Adds the additional groups */ |
3631 |
for (i = 0; i < count; i++) { |
3692 |
for (i = 0; i < count; i++) { |
3632 |
struct dom_sid *group_sid; |
3693 |
struct dom_sid *group_sid; |
3633 |
|
3694 |
|
3634 |
group_sid = samdb_result_dom_sid(mem_ctx, res[i], "objectSid"); |
3695 |
group_sid = samdb_result_dom_sid(mem_ctx, |
|
|
3696 |
res_memberof->msgs[i], |
3697 |
"objectSid"); |
3635 |
if (group_sid == NULL) { |
3698 |
if (group_sid == NULL) { |
3636 |
return NT_STATUS_INTERNAL_DB_CORRUPTION; |
3699 |
return NT_STATUS_INTERNAL_DB_CORRUPTION; |
3637 |
} |
3700 |
} |
3638 |
- |
|
|