Instead of walking the entire group database, grabbing all members of each

group, testing for membership etc, use the already calculated NT_USER_TOKEN.

(which is initgroups() based)

So far we only fill out the 'domain' groups - we need to fill out the
'other sids' as well, and we possibly need to filter the list for 'domain
groups' only (the old code did that), but Win2k doesn't seem to mind
this for now.

I also need to find out what the magic '7' is about.  Fortunetly JF is in town,
so I'll grill him tomorrow :-).

Andrew Bartlett

diff --git a/source/rpc_server/srv_netlog_nt.c b/source/rpc_server/srv_netlog_nt.c
index dee0866b12a8737c16de1a0b456e2d37acb10eb5..89e46402cfa15c817d95f522565c1f3e7113151e 100644 (file)
--- a/source/rpc_server/srv_netlog_nt.c
+++ b/source/rpc_server/srv_netlog_nt.c
@@ -688,16 +688,14 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
                
                pstrcpy(my_name, global_myname());
 
-               /*
-                * This is the point at which we get the group
-                * database - we should be getting the gid_t list
-                * from /etc/group and then turning the uids into
-                * rids and then into machine sids for this user.
-                * JRA.
-                */
-
-               gids = NULL;
-               get_domain_user_groups(p->mem_ctx, &num_gids, &gids, server_info->sam_account);
+               if (!NT_STATUS_IS_OK(status 
+                                    = nt_token_to_group_list(p->mem_ctx, 
+                                                             &domain_sid, 
+                                                             server_info->ptok, 
+                                                             &num_gids, 
+                                                             &gids))) {
+                       return status;
+               }
 
                init_net_user_info3(p->mem_ctx, usr_info, 
                                    user_rid,

diff --git a/source/rpc_server/srv_util.c b/source/rpc_server/srv_util.c
index 519daff1f660bcd5b3158ddaf556d8db6f486f58..72a057b91c93b1dad40f82f5d32335f65d5eaddc 100644 (file)
--- a/source/rpc_server/srv_util.c
+++ b/source/rpc_server/srv_util.c
@@ -342,6 +342,7 @@ BOOL get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SA
        DEBUG(0,("get_domain_user_groups: primary gid of user [%s] is not a Domain group !\n", user_name));
        DEBUGADD(0,("get_domain_user_groups: You should fix it, NT doesn't like that\n"));
 
+
  done:
        *pgids=gids;
        *numgroups=cur_gid;
@@ -350,6 +351,35 @@ BOOL get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SA
        return True;
 }
 
+/*******************************************************************
+ gets a domain user's groups from their already-calculated NT_USER_TOKEN
+ ********************************************************************/
+NTSTATUS nt_token_to_group_list(TALLOC_CTX *mem_ctx, const DOM_SID *domain_sid, 
+                               const NT_USER_TOKEN *nt_token,
+                               int *numgroups, DOM_GID **pgids) 
+{
+       DOM_GID *gids;
+       int i;
+
+       gids = (DOM_GID *)talloc(mem_ctx, sizeof(*gids) * nt_token->num_sids);
+
+       if (!gids) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       *numgroups=0;
+
+       for (i=PRIMARY_GROUP_SID_INDEX; i < nt_token->num_sids; i++) {
+               if (sid_compare_domain(domain_sid, &nt_token->user_sids[i])==0) {
+                       sid_peek_rid(&nt_token->user_sids[i], &(gids[*numgroups].g_rid));
+                       gids[*numgroups].attr=7;
+                       (*numgroups)++;
+               }
+       }
+       *pgids = gids; 
+       return NT_STATUS_OK;
+}
+
 /*******************************************************************
  Look up a local (domain) rid and return a name and type.
  ********************************************************************/