Merge from HEAD - extract user's list of SIDs from their NT_TOKEN and return

this as thier list of groups, rather than do a seperate lookup.  This NT_TOKEN
is originally initgroups() (or equiv) based.

We currently send all sids in our domain, perhaps this should be further
restricted, but this works for now.

Andrew Bartlett

diff --git a/source/rpc_server/srv_netlog_nt.c b/source/rpc_server/srv_netlog_nt.c
index c65ea43e1e1d2861a3622fc7f922929a165295d5..c3d48a65270bffd19b56477d689276f292e16765 100644 (file)
--- a/source/rpc_server/srv_netlog_nt.c
+++ b/source/rpc_server/srv_netlog_nt.c
@@ -688,16 +688,14 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
                
                pstrcpy(my_name, global_myname());
 
-               /*
-                * This is the point at which we get the group
-                * database - we should be getting the gid_t list
-                * from /etc/group and then turning the uids into
-                * rids and then into machine sids for this user.
-                * JRA.
-                */
-
-               gids = NULL;
-               get_domain_user_groups(p->mem_ctx, &num_gids, &gids, server_info->sam_account);
+               if (!NT_STATUS_IS_OK(status 
+                                    = nt_token_to_group_list(p->mem_ctx, 
+                                                             &domain_sid, 
+                                                             server_info->ptok, 
+                                                             &num_gids, 
+                                                             &gids))) {
+                       return status;
+               }
 
                init_net_user_info3(p->mem_ctx, usr_info, 
                                    user_rid,

diff --git a/source/rpc_server/srv_util.c b/source/rpc_server/srv_util.c
index 1b2ac34a6e3831687dc80c321fd6b4dfe46f2d9f..f33a576db97ee5d8ad7dce9050954f3aec88ed10 100644 (file)
--- a/source/rpc_server/srv_util.c
+++ b/source/rpc_server/srv_util.c
@@ -350,6 +350,35 @@ BOOL get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SA
        return True;
 }
 
+/*******************************************************************
+ gets a domain user's groups from their already-calculated NT_USER_TOKEN
+ ********************************************************************/
+NTSTATUS nt_token_to_group_list(TALLOC_CTX *mem_ctx, const DOM_SID *domain_sid, 
+                               const NT_USER_TOKEN *nt_token,
+                               int *numgroups, DOM_GID **pgids) 
+{
+       DOM_GID *gids;
+       int i;
+
+       gids = (DOM_GID *)talloc(mem_ctx, sizeof(*gids) * nt_token->num_sids);
+
+       if (!gids) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       *numgroups=0;
+
+       for (i=PRIMARY_GROUP_SID_INDEX; i < nt_token->num_sids; i++) {
+               if (sid_compare_domain(domain_sid, &nt_token->user_sids[i])==0) {
+                       sid_peek_rid(&nt_token->user_sids[i], &(gids[*numgroups].g_rid));
+                       gids[*numgroups].attr=7;
+                       (*numgroups)++;
+               }
+       }
+       *pgids = gids; 
+       return NT_STATUS_OK;
+}
+
 /*******************************************************************
  Look up a local (domain) rid and return a name and type.
  ********************************************************************/