|
Lines 3581-3611
static NTSTATUS dcesrv_samr_GetGroupsForUser(struct dcesrv_call_state *dce_call,
|
Link Here
|
|---|
|
|---|
| 3581 |
struct dcesrv_handle *h; |
3581 |
struct dcesrv_handle *h; |
| 3582 |
struct samr_account_state *a_state; |
3582 |
struct samr_account_state *a_state; |
| 3583 |
struct samr_domain_state *d_state; |
3583 |
struct samr_domain_state *d_state; |
| 3584 |
struct ldb_message **res; |
3584 |
struct ldb_result *res, *res_memberof; |
| 3585 |
const char * const attrs[2] = { "objectSid", NULL }; |
3585 |
const char * const attrs[] = { "primaryGroupID", |
|
|
3586 |
"memberOf", |
| 3587 |
NULL }; |
| 3588 |
const char * const group_attrs[] = { "objectSid", |
| 3589 |
NULL }; |
| 3590 |
|
| 3586 |
struct samr_RidWithAttributeArray *array; |
3591 |
struct samr_RidWithAttributeArray *array; |
| 3587 |
int i, count; |
3592 |
struct ldb_message_element *memberof_el; |
| 3588 |
char membersidstr[DOM_SID_STR_BUFLEN]; |
3593 |
int i, ret, count = 0; |
|
|
3594 |
uint32_t primary_group_id; |
| 3595 |
char *filter; |
| 3589 |
|
3596 |
|
| 3590 |
DCESRV_PULL_HANDLE(h, r->in.user_handle, SAMR_HANDLE_USER); |
3597 |
DCESRV_PULL_HANDLE(h, r->in.user_handle, SAMR_HANDLE_USER); |
| 3591 |
|
3598 |
|
| 3592 |
a_state = h->data; |
3599 |
a_state = h->data; |
| 3593 |
d_state = a_state->domain_state; |
3600 |
d_state = a_state->domain_state; |
| 3594 |
|
3601 |
|
| 3595 |
dom_sid_string_buf(a_state->account_sid, |
3602 |
ret = dsdb_search_dn(a_state->sam_ctx, mem_ctx, |
| 3596 |
membersidstr, sizeof(membersidstr)), |
3603 |
&res, |
| 3597 |
|
3604 |
a_state->account_dn, |
| 3598 |
count = samdb_search_domain(a_state->sam_ctx, mem_ctx, |
3605 |
attrs, DSDB_SEARCH_SHOW_EXTENDED_DN); |
| 3599 |
d_state->domain_dn, &res, |
3606 |
|
| 3600 |
attrs, d_state->domain_sid, |
3607 |
if (ret == LDB_ERR_NO_SUCH_OBJECT) { |
| 3601 |
"(&(member=<SID=%s>)" |
3608 |
return NT_STATUS_NO_SUCH_USER; |
| 3602 |
"(|(grouptype=%d)(grouptype=%d))" |
3609 |
} else if (ret != LDB_SUCCESS) { |
| 3603 |
"(objectclass=group))", |
|
|
| 3604 |
membersidstr, |
| 3605 |
GTYPE_SECURITY_UNIVERSAL_GROUP, |
| 3606 |
GTYPE_SECURITY_GLOBAL_GROUP); |
| 3607 |
if (count < 0) |
| 3608 |
return NT_STATUS_INTERNAL_DB_CORRUPTION; |
3610 |
return NT_STATUS_INTERNAL_DB_CORRUPTION; |
|
|
3611 |
} else if (res->count != 1) { |
| 3612 |
return NT_STATUS_NO_SUCH_USER; |
| 3613 |
} |
| 3614 |
|
| 3615 |
primary_group_id = ldb_msg_find_attr_as_uint(res->msgs[0], "primaryGroupID", |
| 3616 |
0); |
| 3617 |
|
| 3618 |
filter = talloc_asprintf(mem_ctx, |
| 3619 |
"(&(|(grouptype=%d)(grouptype=%d))" |
| 3620 |
"(objectclass=group)(|", |
| 3621 |
GTYPE_SECURITY_UNIVERSAL_GROUP, |
| 3622 |
GTYPE_SECURITY_GLOBAL_GROUP); |
| 3623 |
if (filter == NULL) { |
| 3624 |
return NT_STATUS_NO_MEMORY; |
| 3625 |
} |
| 3626 |
|
| 3627 |
memberof_el = ldb_msg_find_element(res->msgs[0], "memberOf"); |
| 3628 |
if (memberof_el != NULL) { |
| 3629 |
for (i = 0; i < memberof_el->num_values; i++) { |
| 3630 |
const struct ldb_val *memberof_sid_binary; |
| 3631 |
char *memberof_sid_escaped; |
| 3632 |
struct ldb_dn *memberof_dn |
| 3633 |
= ldb_dn_from_ldb_val(mem_ctx, |
| 3634 |
a_state->sam_ctx, |
| 3635 |
&memberof_el->values[i]); |
| 3636 |
if (memberof_dn == NULL) { |
| 3637 |
return NT_STATUS_INTERNAL_DB_CORRUPTION; |
| 3638 |
} |
| 3639 |
|
| 3640 |
memberof_sid_binary |
| 3641 |
= ldb_dn_get_extended_component(memberof_dn, |
| 3642 |
"SID"); |
| 3643 |
if (memberof_sid_binary == NULL) { |
| 3644 |
return NT_STATUS_INTERNAL_DB_CORRUPTION; |
| 3645 |
} |
| 3646 |
|
| 3647 |
memberof_sid_escaped = ldb_binary_encode(mem_ctx, |
| 3648 |
*memberof_sid_binary); |
| 3649 |
if (memberof_sid_escaped == NULL) { |
| 3650 |
return NT_STATUS_NO_MEMORY; |
| 3651 |
} |
| 3652 |
filter = talloc_asprintf_append(filter, "(objectSID=%s)", |
| 3653 |
memberof_sid_escaped); |
| 3654 |
if (filter == NULL) { |
| 3655 |
return NT_STATUS_NO_MEMORY; |
| 3656 |
} |
| 3657 |
} |
| 3658 |
|
| 3659 |
ret = dsdb_search(a_state->sam_ctx, mem_ctx, |
| 3660 |
&res_memberof, |
| 3661 |
d_state->domain_dn, |
| 3662 |
LDB_SCOPE_SUBTREE, |
| 3663 |
group_attrs, 0, |
| 3664 |
"%s))", filter); |
| 3665 |
|
| 3666 |
if (ret != LDB_SUCCESS) { |
| 3667 |
return NT_STATUS_INTERNAL_DB_CORRUPTION; |
| 3668 |
} |
| 3669 |
count = res_memberof->count; |
| 3670 |
} |
| 3609 |
|
3671 |
|
| 3610 |
array = talloc(mem_ctx, struct samr_RidWithAttributeArray); |
3672 |
array = talloc(mem_ctx, struct samr_RidWithAttributeArray); |
| 3611 |
if (array == NULL) |
3673 |
if (array == NULL) |
|
Lines 3615-3637
static NTSTATUS dcesrv_samr_GetGroupsForUser(struct dcesrv_call_state *dce_call,
|
Link Here
|
|---|
|
|---|
| 3615 |
array->rids = NULL; |
3677 |
array->rids = NULL; |
| 3616 |
|
3678 |
|
| 3617 |
array->rids = talloc_array(mem_ctx, struct samr_RidWithAttribute, |
3679 |
array->rids = talloc_array(mem_ctx, struct samr_RidWithAttribute, |
| 3618 |
count + 1); |
3680 |
count + 1); |
| 3619 |
if (array->rids == NULL) |
3681 |
if (array->rids == NULL) |
| 3620 |
return NT_STATUS_NO_MEMORY; |
3682 |
return NT_STATUS_NO_MEMORY; |
| 3621 |
|
3683 |
|
| 3622 |
/* Adds the primary group */ |
3684 |
/* Adds the primary group */ |
| 3623 |
array->rids[0].rid = samdb_search_uint(a_state->sam_ctx, mem_ctx, |
3685 |
|
| 3624 |
~0, a_state->account_dn, |
3686 |
array->rids[0].rid = primary_group_id; |
| 3625 |
"primaryGroupID", NULL); |
|
|
| 3626 |
array->rids[0].attributes = SE_GROUP_MANDATORY |
3687 |
array->rids[0].attributes = SE_GROUP_MANDATORY |
| 3627 |
| SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; |
3688 |
| SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; |
| 3628 |
array->count += 1; |
3689 |
array->count += 1; |
| 3629 |
|
3690 |
|
| 3630 |
/* Adds the additional groups */ |
3691 |
/* Adds the additional groups */ |
| 3631 |
for (i = 0; i < count; i++) { |
3692 |
for (i = 0; i < count; i++) { |
| 3632 |
struct dom_sid *group_sid; |
3693 |
struct dom_sid *group_sid; |
| 3633 |
|
3694 |
|
| 3634 |
group_sid = samdb_result_dom_sid(mem_ctx, res[i], "objectSid"); |
3695 |
group_sid = samdb_result_dom_sid(mem_ctx, |
|
|
3696 |
res_memberof->msgs[i], |
| 3697 |
"objectSid"); |
| 3635 |
if (group_sid == NULL) { |
3698 |
if (group_sid == NULL) { |
| 3636 |
return NT_STATUS_INTERNAL_DB_CORRUPTION; |
3699 |
return NT_STATUS_INTERNAL_DB_CORRUPTION; |
| 3637 |
} |
3700 |
} |
| 3638 |
- |
|
|