-
- /* Expands the account SID - this function takes in
- * memberOf-like values, so we fake one up with the
- * <SID=S-...> format of DN and then let it expand
- * them, as long as they meet the filter - so only
- * builtin groups
- *
- * We already have the primary group in the token, so set
- * 'only childs' flag to true
- */
- account_sid_string = dom_sid_string(tmp_ctx, server_info->account_sid);
- NT_STATUS_HAVE_NO_MEMORY_AND_FREE(account_sid_string, server_info);
-
- account_sid_dn = talloc_asprintf(tmp_ctx, "<SID=%s>", account_sid_string);
- NT_STATUS_HAVE_NO_MEMORY_AND_FREE(account_sid_dn, server_info);
-
- account_sid_blob = data_blob_string_const(account_sid_dn);
-
- nt_status = authsam_expand_nested_groups(sam_ctx, &account_sid_blob, true, filter,
- tmp_ctx, &groupSIDs, &num_groupSIDs);
- if (!NT_STATUS_IS_OK(nt_status)) {
- talloc_free(tmp_ctx);
- return nt_status;
- }
-
- /* Expands the primary group - this function takes in
- * memberOf-like values, so we fake one up with the
- * <SID=S-...> format of DN and then let it expand
- * them, as long as they meet the filter - so only
- * builtin groups
- *
- * We already have the primary group in the token, so set
- * 'only childs' flag to true
- */
- primary_group_string = dom_sid_string(tmp_ctx, server_info->primary_group_sid);
- NT_STATUS_HAVE_NO_MEMORY_AND_FREE(primary_group_string, server_info);
-
- primary_group_dn = talloc_asprintf(tmp_ctx, "<SID=%s>", primary_group_string);
- NT_STATUS_HAVE_NO_MEMORY_AND_FREE(primary_group_dn, server_info);
-
- primary_group_blob = data_blob_string_const(primary_group_dn);
-
- nt_status = authsam_expand_nested_groups(sam_ctx, &primary_group_blob, true, filter,
- tmp_ctx, &groupSIDs, &num_groupSIDs);
- if (!NT_STATUS_IS_OK(nt_status)) {
- talloc_free(tmp_ctx);
- return nt_status;
- }
-
- for (i = 0; i < server_info->n_domain_groups; i++) {
- char *group_string;
- const char *group_dn;
- DATA_BLOB group_blob;