if (!string_to_sid(&alias, string_sid))
continue;
- add_sid_to_array_unique(&alias, sids, num);
+ add_sid_to_array_unique(NULL, &alias, sids, num);
if (sids == NULL)
return NT_STATUS_NO_MEMORY;
if (!string_to_sid(&member, member_string))
continue;
- add_sid_to_array(&member, closure->sids, closure->num);
+ add_sid_to_array(NULL, &member, closure->sids, closure->num);
}
return 0;
}
NTSTATUS pdb_default_alias_memberships(struct pdb_methods *methods,
- const DOM_SID *members,
+ TALLOC_CTX *mem_ctx,
+ const DOM_SID *domain_sid,
+ const DOM_SID const *members,
int num_members,
- DOM_SID **aliases, int *num)
+ uint32 **alias_rids,
+ int *num_alias_rids)
{
- return alias_memberships(members, num_members, aliases, num);
+ DOM_SID *alias_sids;
+ int i, num_alias_sids;
+ NTSTATUS result;
+
+ alias_sids = NULL;
+ num_alias_sids = 0;
+
+ result = alias_memberships(members, num_members,
+ &alias_sids, &num_alias_sids);
+
+ if (!NT_STATUS_IS_OK(result))
+ return result;
+
+ *alias_rids = TALLOC_ARRAY(mem_ctx, uint32, num_alias_sids);
+ if ((alias_sids != 0) && (*alias_rids == NULL))
+ return NT_STATUS_NO_MEMORY;
+
+ *num_alias_rids = 0;
+
+ for (i=0; i<num_alias_sids; i++) {
+ if (!sid_peek_check_rid(domain_sid, &alias_sids[i],
+ &(*alias_rids)[*num_alias_rids]))
+ continue;
+ *num_alias_rids += 1;
+ }
+
+ SAFE_FREE(alias_sids);
+
+ return NT_STATUS_OK;
}
/**********************************************************************
DOM_SID **members, int *num_members);
NTSTATUS (*pdb_enum_alias_memberships)(struct pdb_context *context,
- const DOM_SID *members,
+ TALLOC_CTX *mem_ctx,
+ const DOM_SID *domain_sid,
+ const DOM_SID const *members,
int num_members,
- DOM_SID **aliases,
- int *num_aliases);
+ uint32 **alias_rids,
+ int *num_alias_rids);
NTSTATUS (*pdb_lookup_rids)(struct pdb_context *context,
TALLOC_CTX *mem_ctx,
const DOM_SID *alias, DOM_SID **members,
int *num_members);
NTSTATUS (*enum_alias_memberships)(struct pdb_methods *methods,
- const DOM_SID *members,
+ TALLOC_CTX *mem_ctx,
+ const DOM_SID *domain_sid,
+ const DOM_SID const *members,
int num_members,
- DOM_SID **aliases, int *num);
+ uint32 **alias_rids,
+ int *num_alias_rids);
NTSTATUS (*lookup_rids)(struct pdb_methods *methods,
TALLOC_CTX *mem_ctx,
const DOM_SID *domain_sid,
return 0;
}
- add_sid_to_array( &sid, &priv->sids.list, &priv->sids.count );
+ add_sid_to_array( NULL, &sid, &priv->sids.list, &priv->sids.count );
return 0;
}
groups = NULL;
/* Add in primary group first */
- add_gid_to_array_unique(primary_gid, &groups, &ngrp);
+ add_gid_to_array_unique(NULL, primary_gid, &groups, &ngrp);
for (i=0; i<max_grp; i++)
- add_gid_to_array_unique(temp_groups[i], &groups, &ngrp);
+ add_gid_to_array_unique(NULL, temp_groups[i], &groups, &ngrp);
*ngroups = ngrp;
*ret_groups = groups;
Add a gid to an array of gids if it's not already there.
****************************************************************************/
-void add_gid_to_array_unique(gid_t gid, gid_t **gids, int *num)
+void add_gid_to_array_unique(TALLOC_CTX *mem_ctx, gid_t gid,
+ gid_t **gids, int *num)
{
int i;
if ((*gids)[i] == gid)
return;
}
-
- *gids = SMB_REALLOC_ARRAY(*gids, gid_t, *num+1);
+
+ if (mem_ctx != NULL)
+ *gids = TALLOC_REALLOC_ARRAY(mem_ctx, *gids, gid_t, *num+1);
+ else
+ *gids = SMB_REALLOC_ARRAY(*gids, gid_t, *num+1);
if (*gids == NULL)
return;
return True;
}
+DOM_SID *string_sid_talloc(TALLOC_CTX *mem_ctx, const char *sidstr)
+{
+ DOM_SID *result = TALLOC_P(mem_ctx, DOM_SID);
+
+ if (result == NULL)
+ return NULL;
+
+ if (!string_to_sid(result, sidstr))
+ return NULL;
+
+ return result;
+}
+
/*****************************************************************
Add a rid to the end of a sid
*****************************************************************/
Add SID to an array SIDs
********************************************************************/
-void add_sid_to_array(const DOM_SID *sid, DOM_SID **sids, int *num)
+void add_sid_to_array(TALLOC_CTX *mem_ctx, const DOM_SID *sid,
+ DOM_SID **sids, int *num)
{
- *sids = SMB_REALLOC_ARRAY(*sids, DOM_SID, (*num)+1);
+ if (mem_ctx != NULL)
+ *sids = TALLOC_REALLOC_ARRAY(mem_ctx, *sids, DOM_SID,
+ (*num)+1);
+ else
+ *sids = SMB_REALLOC_ARRAY(*sids, DOM_SID, (*num)+1);
if (*sids == NULL)
return;
Add SID to an array SIDs ensuring that it is not already there
********************************************************************/
-void add_sid_to_array_unique(const DOM_SID *sid, DOM_SID **sids, int *num_sids)
+void add_sid_to_array_unique(TALLOC_CTX *mem_ctx, const DOM_SID *sid,
+ DOM_SID **sids, int *num_sids)
{
int i;
return;
}
- add_sid_to_array(sid, sids, num_sids);
+ add_sid_to_array(mem_ctx, sid, sids, num_sids);
}
/********************************************************************
groups = NULL;
/* Add in primary group first */
- add_gid_to_array_unique(primary_gid, &groups, &ngrp);
+ add_gid_to_array_unique(NULL, primary_gid, &groups, &ngrp);
for (i=0; i<max_grp; i++)
- add_gid_to_array_unique(temp_groups[i], &groups, &ngrp);
+ add_gid_to_array_unique(NULL, temp_groups[i], &groups, &ngrp);
*ngroups = ngrp;
*ret_groups = groups;
return WINBINDD_OK;
}
+static BOOL enum_alias_memberships(const DOM_SID *member_sid,
+ DOM_SID **aliases, int *num_aliases)
+{
+ TALLOC_CTX *mem_ctx = talloc_init("enum_alias_memberships");
+ DOM_SID builtin_sid;
+
+ uint32 *rids = NULL;
+ int i, num_rids = 0;
+
+ BOOL result = False;
+
+ if (mem_ctx == NULL)
+ return False;
+
+ *aliases = NULL;
+ *num_aliases = 0;
+
+ if (!pdb_enum_alias_memberships(mem_ctx, get_global_sam_sid(),
+ member_sid, 1, &rids, &num_rids))
+ goto done;
+
+ for (i=0; i<num_rids; i++) {
+ DOM_SID alias_sid;
+ sid_copy(&alias_sid, get_global_sam_sid());
+ sid_append_rid(&alias_sid, rids[i]);
+ add_sid_to_array(NULL, &alias_sid, aliases, num_aliases);
+ }
+
+ string_to_sid(&builtin_sid, "S-1-5-32");
+
+ if (!pdb_enum_alias_memberships(mem_ctx, &builtin_sid,
+ member_sid, 1, &rids, &num_rids))
+ goto done;
+
+ for (i=0; i<num_rids; i++) {
+ DOM_SID alias_sid;
+ sid_copy(&alias_sid, &builtin_sid);
+ sid_append_rid(&alias_sid, rids[i]);
+ add_sid_to_array(NULL, &alias_sid, aliases, num_aliases);
+ }
+
+ result = True;
+ done:
+ if (mem_ctx != NULL)
+ talloc_destroy(mem_ctx);
+
+ return result;
+}
+
static void add_local_gids_from_sid(DOM_SID *sid, gid_t **gids, int *num)
{
gid_t gid;
/* Add nested group memberships */
- if (!pdb_enum_alias_memberships(sid, 1, &aliases, &num_aliases))
+ if (!enum_alias_memberships(sid, &aliases, &num_aliases))
return;
for (j=0; j<num_aliases; j++) {
continue;
}
- add_gid_to_array_unique(gid, gids, num);
+ add_gid_to_array_unique(NULL, gid, gids, num);
}
SAFE_FREE(aliases);
}
sid_string_static(sid)));
if (NT_STATUS_IS_OK(idmap_sid_to_gid(sid, &gid, 0)))
- add_gid_to_array_unique(gid, gids, num);
+ add_gid_to_array_unique(NULL, gid, gids, num);
add_local_gids_from_sid(sid, gids, num);
}
DOM_SID *aliases = NULL;
int i, num_aliases = 0;
- if (!pdb_enum_alias_memberships(sid, 1, &aliases, &num_aliases))
+ if (!enum_alias_memberships(sid, &aliases, &num_aliases))
return;
if (num_aliases == 0)
}
static NTSTATUS context_enum_alias_memberships(struct pdb_context *context,
- const DOM_SID *members,
+ TALLOC_CTX *mem_ctx,
+ const DOM_SID *domain_sid,
+ const DOM_SID const *members,
int num_members,
- DOM_SID **aliases, int *num)
+ uint32 **alias_rids,
+ int *num_alias_rids)
{
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
}
return context->pdb_methods->
- enum_alias_memberships(context->pdb_methods, members,
- num_members, aliases, num);
+ enum_alias_memberships(context->pdb_methods, mem_ctx,
+ domain_sid, members, num_members,
+ alias_rids, num_alias_rids);
}
static NTSTATUS context_lookup_rids(struct pdb_context *context,
members, num_members));
}
-BOOL pdb_enum_alias_memberships(const DOM_SID *members, int num_members,
- DOM_SID **aliases, int *num)
+BOOL pdb_enum_alias_memberships(TALLOC_CTX *mem_ctx, const DOM_SID *domain_sid,
+ const DOM_SID const *members, int num_members,
+ uint32 **alias_rids, int *num_alias_rids)
{
struct pdb_context *pdb_context = pdb_get_static_context(False);
}
return NT_STATUS_IS_OK(pdb_context->
- pdb_enum_alias_memberships(pdb_context, members,
- num_members,
- aliases, num));
+ pdb_enum_alias_memberships(pdb_context, mem_ctx,
+ domain_sid,
+ members, num_members,
+ alias_rids,
+ num_alias_rids));
}
NTSTATUS pdb_lookup_rids(TALLOC_CTX *mem_ctx,
/* We need to add the primary group as the first gid/sid */
- add_gid_to_array_unique(primary_gid, gids, &num_gids);
+ add_gid_to_array_unique(NULL, primary_gid, gids, &num_gids);
/* This sid will be replaced later */
- add_sid_to_array_unique(&global_sid_NULL, sids, &num_sids);
+ add_sid_to_array_unique(NULL, &global_sid_NULL, sids, &num_sids);
for (entry = ldap_first_entry(conn->ldap_struct, msg);
entry != NULL;
if (gid == primary_gid) {
sid_copy(&(*sids)[0], &sid);
} else {
- add_gid_to_array_unique(gid, gids, &num_gids);
- add_sid_to_array_unique(&sid, sids, &num_sids);
+ add_gid_to_array_unique(NULL, gid, gids, &num_gids);
+ add_sid_to_array_unique(NULL, &sid, sids, &num_sids);
}
}
if (!string_to_sid(&member, values[i]))
continue;
- add_sid_to_array(&member, members, num_members);
+ add_sid_to_array(NULL, &member, members, num_members);
}
ldap_value_free(values);
}
static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods,
+ TALLOC_CTX *mem_ctx,
+ const DOM_SID *domain_sid,
const DOM_SID *members,
int num_members,
- DOM_SID **aliases, int *num_aliases)
+ uint32 **alias_rids,
+ int *num_alias_rids)
{
struct ldapsam_privates *ldap_state =
(struct ldapsam_privates *)methods->private_data;
int i;
int rc;
char *filter;
- TALLOC_CTX *mem_ctx;
-
- mem_ctx = talloc_init("ldapsam_alias_memberships");
-
- if (mem_ctx == NULL)
- return NT_STATUS_NO_MEMORY;
/* This query could be further optimized by adding a
(&(sambaSID=<domain-sid>*)) so that only those aliases that are
if (rc != LDAP_SUCCESS)
return NT_STATUS_UNSUCCESSFUL;
- *aliases = NULL;
- *num_aliases = 0;
-
ldap_struct = ldap_state->smbldap_state->ldap_struct;
for (entry = ldap_first_entry(ldap_struct, result);
{
fstring sid_str;
DOM_SID sid;
+ uint32 rid;
if (!smbldap_get_single_attribute(ldap_struct, entry,
LDAP_ATTRIBUTE_SID,
if (!string_to_sid(&sid, sid_str))
continue;
- add_sid_to_array_unique(&sid, aliases, num_aliases);
+ if (!sid_peek_check_rid(domain_sid, &sid, &rid))
+ continue;
+
+ add_rid_to_array_unique(mem_ctx, rid, alias_rids,
+ num_alias_rids);
}
ldap_msgfree(result);
NTSTATUS _samr_query_useraliases(pipes_struct *p, SAMR_Q_QUERY_USERALIASES *q_u, SAMR_R_QUERY_USERALIASES *r_u)
{
- int num_groups = 0;
- uint32 *rids=NULL;
+ int num_alias_rids;
+ uint32 *alias_rids;
struct samr_info *info = NULL;
int i;
NTSTATUS ntstatus2;
DOM_SID *members;
- DOM_SID *aliases;
- int num_aliases;
BOOL res;
r_u->status = NT_STATUS_OK;
for (i=0; i<q_u->num_sids1; i++)
sid_copy(&members[i], &q_u->sid[i].sid);
+ alias_rids = NULL;
+ num_alias_rids = 0;
+
become_root();
- res = pdb_enum_alias_memberships(members,
- q_u->num_sids1, &aliases,
- &num_aliases);
+ res = pdb_enum_alias_memberships(p->mem_ctx, &info->sid, members,
+ q_u->num_sids1,
+ &alias_rids, &num_alias_rids);
unbecome_root();
if (!res)
return NT_STATUS_UNSUCCESSFUL;
- rids = NULL;
- num_groups = 0;
-
- for (i=0; i<num_aliases; i++) {
- uint32 rid;
-
- if (!sid_peek_check_rid(&info->sid, &aliases[i], &rid))
- continue;
-
- rids = TALLOC_REALLOC_ARRAY(p->mem_ctx, rids, uint32, num_groups+1);
-
- if (rids == NULL)
- return NT_STATUS_NO_MEMORY;
-
- rids[num_groups] = rid;
- num_groups += 1;
- }
- SAFE_FREE(aliases);
-
- init_samr_r_query_useraliases(r_u, num_groups, rids, NT_STATUS_OK);
+ init_samr_r_query_useraliases(r_u, num_alias_rids, alias_rids,
+ NT_STATUS_OK);
return NT_STATUS_OK;
}
{
POLICY_HND connect_pol, domain_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- uint32 user_rid, num_aliases, *alias_rids;
+ DOM_SID *sids;
+ int num_sids;
+ uint32 num_aliases, *alias_rids;
uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
int i;
fstring server;
- DOM_SID tmp_sid;
- DOM_SID2 sid;
+ DOM_SID2 *sid2;
DOM_SID global_sid_Builtin;
string_to_sid(&global_sid_Builtin, "S-1-5-32");
- if ((argc < 3) || (argc > 4)) {
- printf("Usage: %s builtin|domain rid [access mask]\n", argv[0]);
- return NT_STATUS_OK;
+ if (argc < 3) {
+ printf("Usage: %s builtin|domain sid1 sid2 ...\n", argv[0]);
+ return NT_STATUS_INVALID_PARAMETER;
}
- sscanf(argv[2], "%i", &user_rid);
-
- if (argc > 3)
- sscanf(argv[3], "%x", &access_mask);
+ sids = NULL;
+ num_sids = 0;
+
+ for (i=2; i<argc; i++) {
+ DOM_SID tmp_sid;
+ if (!string_to_sid(&tmp_sid, argv[i])) {
+ printf("%s is not a legal SID\n", argv[i]);
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ add_sid_to_array(mem_ctx, &tmp_sid, &sids, &num_sids);
+ }
+
+ sid2 = TALLOC_ARRAY(mem_ctx, DOM_SID2, num_sids);
+ if (sid2 == NULL)
+ return NT_STATUS_NO_MEMORY;
+
+ for (i=0; i<num_sids; i++) {
+ sid_copy(&sid2[i].sid, &sids[i]);
+ sid2[i].num_auths = sid2[i].sid.num_auths;
+ }
slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
strupper_m(server);
else if (StrCaseCmp(argv[1], "builtin")==0)
result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
access_mask,
- &global_sid_Builtin, &domain_pol);
- else
- return NT_STATUS_OK;
+ &global_sid_Builtin,
+ &domain_pol);
+ else {
+ printf("Usage: %s builtin|domain sid1 sid2 ...\n", argv[0]);
+ return NT_STATUS_INVALID_PARAMETER;
+ }
if (!NT_STATUS_IS_OK(result))
goto done;
- sid_copy(&tmp_sid, &domain_sid);
- sid_append_rid(&tmp_sid, user_rid);
- init_dom_sid2(&sid, &tmp_sid);
-
- result = cli_samr_query_useraliases(cli, mem_ctx, &domain_pol, 1, &sid, &num_aliases, &alias_rids);
+ result = cli_samr_query_useraliases(cli, mem_ctx, &domain_pol,
+ num_sids, sid2,
+ &num_aliases, &alias_rids);
if (!NT_STATUS_IS_OK(result))
goto done;
return 0;
}
+static BOOL print_alias_memberships(TALLOC_CTX *mem_ctx,
+ const DOM_SID *domain_sid,
+ const DOM_SID *member)
+{
+ uint32 *alias_rids;
+ int i, num_alias_rids;
+
+ alias_rids = NULL;
+ num_alias_rids = 0;
+
+ if (!pdb_enum_alias_memberships(mem_ctx, domain_sid, member, 1,
+ &alias_rids, &num_alias_rids)) {
+ d_printf("Could not list memberships for sid %s\n",
+ sid_string_static(member));
+ return False;
+ }
+
+ for (i = 0; i < num_alias_rids; i++) {
+ DOM_SID alias;
+ sid_copy(&alias, domain_sid);
+ sid_append_rid(&alias, alias_rids[i]);
+ printf("%s\n", sid_string_static(&alias));
+ }
+
+ return True;
+}
+
static int net_groupmap_memberships(int argc, const char **argv)
{
- DOM_SID member;
- DOM_SID *aliases;
- int i, num;
- NTSTATUS result;
+ TALLOC_CTX *mem_ctx;
+ DOM_SID *domain_sid, *builtin_sid, member;
if ( (argc != 1) ||
!string_to_sid(&member, argv[0]) ) {
return -1;
}
- if (!pdb_enum_alias_memberships(&member, 1, &aliases, &num)) {
- d_printf("Could not list memberships for sid %s: %s\n",
- argv[0], nt_errstr(result));
+ mem_ctx = talloc_init("net_groupmap_memberships");
+ if (mem_ctx == NULL) {
+ d_printf("talloc_init failed\n");
return -1;
}
- for (i = 0; i < num; i++) {
- printf("%s\n", sid_string_static(&(aliases[i])));
+ domain_sid = get_global_sam_sid();
+ builtin_sid = string_sid_talloc(mem_ctx, "S-1-5-32");
+ if ((domain_sid == NULL) || (builtin_sid == NULL)) {
+ d_printf("Could not get domain sid\n");
+ return -1;
}
- SAFE_FREE(aliases);
+ if (!print_alias_memberships(mem_ctx, domain_sid, &member) ||
+ !print_alias_memberships(mem_ctx, builtin_sid, &member))
+ return -1;
+
+ talloc_destroy(mem_ctx);
return 0;
}