return token;
}
-static void add_gid_to_array_unique(gid_t gid, gid_t **groups, int *ngroups)
-{
- int i;
-
- if ((*ngroups) >= groups_max())
- return;
-
- for (i=0; i<*ngroups; i++) {
- if ((*groups)[i] == gid)
- return;
- }
-
- *groups = Realloc(*groups, ((*ngroups)+1) * sizeof(gid_t));
-
- if (*groups == NULL)
- return;
-
- (*groups)[*ngroups] = gid;
- *ngroups += 1;
-}
-
-static void add_foreign_gids_from_sid(const DOM_SID *sid, gid_t **groups,
- int *ngroups)
-{
- DOM_SID *aliases;
- int j, num_aliases;
-
- if (!pdb_enum_alias_memberships(sid, &aliases, &num_aliases))
- return;
-
- for (j=0; j<num_aliases; j++) {
- gid_t gid;
-
- if (!NT_STATUS_IS_OK(sid_to_gid(&aliases[j], &gid)))
- continue;
-
- add_gid_to_array_unique(gid, groups, ngroups);
- }
- SAFE_FREE(aliases);
-}
-
static void add_foreign_gids(uid_t uid, gid_t gid,
gid_t **groups, int *ngroups)
{
return (result == 0 ? NT_STATUS_OK : NT_STATUS_ACCESS_DENIED);
}
-static BOOL add_sid_to_array(DOM_SID sid, DOM_SID **sids, int *num)
-{
- *sids = Realloc(*sids, ((*num)+1) * sizeof(DOM_SID));
-
- if (*sids == NULL)
- return False;
-
- sid_copy(&((*sids)[*num]), &sid);
- *num += 1;
-
- return True;
-}
-
static NTSTATUS enum_aliasmem(const DOM_SID *alias, DOM_SID **sids, int *num)
{
GROUP_MAP map;
if (!string_to_sid(&sid, string_sid))
continue;
- if (!add_sid_to_array(sid, sids, num))
+ add_sid_to_array(sid, sids, num);
+
+ if (sids == NULL)
return NT_STATUS_NO_MEMORY;
}
return NT_STATUS_NO_MEMORY;
for (i=0; i<num_maps; i++) {
- if (is_foreign_alias_member(sid, &maps[i].sid))
+
+ if (is_foreign_alias_member(sid, &maps[i].sid)) {
+
add_sid_to_array(maps[i].sid, sids, num);
+
+ if (sids == NULL) {
+ SAFE_FREE(maps);
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
}
SAFE_FREE(maps);
return NT_STATUS_NO_MEMORY;
for (i=0; i<num_maps; i++) {
- if (is_foreign_alias_member(sid, &maps[i].sid))
+ if (is_foreign_alias_member(sid, &maps[i].sid)) {
+
add_sid_to_array(maps[i].sid, sids, num);
+
+ if (sids == NULL) {
+ SAFE_FREE(maps);
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
}
SAFE_FREE(maps);
for (i=0; i<num_members; i++) {
add_sid_to_array(members[i], sids, num_sids);
+
+ if (sids == NULL)
+ return False;
}
}
return WINBINDD_OK;
}
+static void add_gids_from_sid(DOM_SID *sid, gid_t **gids, int *num)
+{
+ gid_t gid;
+
+ DEBUG(10, ("Adding gids from SID: %s\n", sid_string_static(sid)));
+
+ if (NT_STATUS_IS_OK(idmap_sid_to_gid(sid, &gid, 0)))
+ add_gid_to_array_unique(gid, gids, num);
+
+ /* Add nested group memberships */
+
+ add_foreign_gids_from_sid(sid, gids, num);
+}
+
/* Get user supplementary groups. This is much quicker than trying to
invert the groups database. We merge the groups from the gids and
other_sids info3 fields as trusted domain, universal group
DOM_SID **user_grpsids;
struct winbindd_domain *domain;
enum winbindd_result result = WINBINDD_ERROR;
- gid_t *gid_list;
+ gid_t *gid_list = NULL;
unsigned int i;
TALLOC_CTX *mem_ctx;
NET_USER_INFO_3 *info3 = NULL;
goto done;
}
+ add_gids_from_sid(&user_sid, &gid_list, &num_gids);
+
/* Treat the info3 cache as authoritative as the
lookup_usergroups() function may return cached data. */
info3->num_groups2, info3->num_other_sids));
num_groups = info3->num_other_sids + info3->num_groups2;
- gid_list = calloc(sizeof(gid_t), num_groups);
/* Go through each other sid and convert it to a gid */
continue;
}
- /* Map to a gid */
+ add_gids_from_sid(&info3->other_sids[i].sid,
+ &gid_list, &num_gids);
- if (!NT_STATUS_IS_OK(idmap_sid_to_gid(&info3->other_sids[i].sid, &gid_list[num_gids], 0)) )
- {
- DEBUG(10, ("winbindd_getgroups: could not map sid %s to gid\n",
- sid_string_static(&info3->other_sids[i].sid)));
- continue;
- }
-
- /* We've jumped through a lot of hoops to get here */
-
- DEBUG(10, ("winbindd_getgroups: mapped other sid %s to "
- "gid %lu\n", sid_string_static(
- &info3->other_sids[i].sid),
- (unsigned long)gid_list[num_gids]));
-
- num_gids++;
+ if (gid_list == NULL)
+ goto done;
}
for (i = 0; i < info3->num_groups2; i++) {
sid_copy( &group_sid, &domain->sid );
sid_append_rid( &group_sid, info3->gids[i].g_rid );
- if (!NT_STATUS_IS_OK(idmap_sid_to_gid(&group_sid, &gid_list[num_gids], 0)) ) {
- DEBUG(10, ("winbindd_getgroups: could not map sid %s to gid\n",
- sid_string_static(&group_sid)));
- }
+ add_gids_from_sid(&group_sid, &gid_list, &num_gids);
- num_gids++;
+ if (gid_list == NULL)
+ goto done;
}
SAFE_FREE(info3);
goto done;
for (i = 0; i < num_groups; i++) {
- if (!NT_STATUS_IS_OK(idmap_sid_to_gid(user_grpsids[i], &gid_list[num_gids], 0))) {
- DEBUG(1, ("unable to convert group sid %s to gid\n",
- sid_string_static(user_grpsids[i])));
- continue;
- }
- num_gids++;
+ add_gids_from_sid(user_grpsids[i],
+ &gid_list, &num_gids);
+
+ if (gid_list == NULL)
+ goto done;
}
}
return False;
}
+
+void add_sid_to_array(DOM_SID sid, DOM_SID **sids, int *num)
+{
+ *sids = Realloc(*sids, ((*num)+1) * sizeof(DOM_SID));
+
+ if (*sids == NULL)
+ return;
+
+ sid_copy(&((*sids)[*num]), &sid);
+ *num += 1;
+
+ return;
+}
+
+void add_gid_to_array_unique(gid_t gid, gid_t **gids, int *num)
+{
+ int i;
+
+ if ((*num) >= groups_max())
+ return;
+
+ for (i=0; i<*num; i++) {
+ if ((*gids)[i] == gid)
+ return;
+ }
+
+ *gids = Realloc(*gids, (*num+1) * sizeof(gid_t));
+
+ if (*gids == NULL)
+ return;
+
+ (*gids)[*num] = gid;
+ *num += 1;
+}
+
+/**************************************************************************
+ Augment a gid list with gids from alias memberships
+***************************************************************************/
+
+void add_foreign_gids_from_sid(const DOM_SID *sid, gid_t **gids, int *num)
+{
+ DOM_SID *aliases;
+ int j, num_aliases;
+
+ if (!pdb_enum_alias_memberships(sid, &aliases, &num_aliases))
+ return;
+
+ for (j=0; j<num_aliases; j++) {
+ gid_t gid;
+
+ if (!NT_STATUS_IS_OK(sid_to_gid(&aliases[j], &gid)))
+ continue;
+
+ add_gid_to_array_unique(gid, gids, num);
+ }
+ SAFE_FREE(aliases);
+}