NTSTATUS pdb_default_alias_memberships(struct pdb_methods *methods,
TALLOC_CTX *mem_ctx,
const DOM_SID *domain_sid,
const DOM_SID *members,
size_t num_members,
uint32 **pp_alias_rids,
size_t *p_num_alias_rids)
{
DOM_SID *alias_sids;
size_t i, num_alias_sids;
NTSTATUS result;
if (!init_group_mapping()) {
DEBUG(0,("failed to initialize group mapping\n"));
return NT_STATUS_UNSUCCESSFUL;
}
alias_sids = NULL;
num_alias_sids = 0;
result = alias_memberships(members, num_members,
&alias_sids, &num_alias_sids);
if (!NT_STATUS_IS_OK(result))
return result;
*p_num_alias_rids = 0;
if (num_alias_sids == 0) {
TALLOC_FREE(alias_sids);
return NT_STATUS_OK;
}
*pp_alias_rids = TALLOC_ARRAY(mem_ctx, uint32, num_alias_sids);
if (*pp_alias_rids == NULL)
return NT_STATUS_NO_MEMORY;
for (i=0; i<num_alias_sids; i++) {
if (!sid_peek_check_rid(domain_sid, &alias_sids[i],
&(*pp_alias_rids)[*p_num_alias_rids]))
continue;
*p_num_alias_rids += 1;
}
TALLOC_FREE(alias_sids);
return NT_STATUS_OK;
}
static bool is_aliasmem(const DOM_SID *alias, const DOM_SID *member)
{
DOM_SID *sids;
size_t i, num;
/* This feels the wrong way round, but the on-disk data structure
* dictates it this way. */
if (!NT_STATUS_IS_OK(alias_memberships(member, 1, &sids, &num)))
return False;
for (i=0; i<num; i++) {
if (sid_compare(alias, &sids[i]) == 0) {
TALLOC_FREE(sids);
return True;
}
}
TALLOC_FREE(sids);
return False;
}
static NTSTATUS del_aliasmem(const DOM_SID *alias, const DOM_SID *member)
{
NTSTATUS status;
DOM_SID *sids;
size_t i, num;
bool found = False;
char *member_string;
char *key;
fstring sid_string;
if (db->transaction_start(db) != 0) {
DEBUG(0, ("transaction_start failed\n"));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
status = alias_memberships(member, 1, &sids, &num);
if (!NT_STATUS_IS_OK(status)) {
goto cancel;
}
for (i=0; i<num; i++) {
if (sid_compare(&sids[i], alias) == 0) {
found = True;
break;
}
}
if (!found) {
TALLOC_FREE(sids);
status = NT_STATUS_MEMBER_NOT_IN_ALIAS;
goto cancel;
}
if (i < num)
sids[i] = sids[num-1];
num -= 1;
sid_to_fstring(sid_string, member);
key = talloc_asprintf(sids, "%s%s", MEMBEROF_PREFIX, sid_string);
if (key == NULL) {
TALLOC_FREE(sids);
status = NT_STATUS_NO_MEMORY;
goto cancel;
}
if (num == 0) {
status = dbwrap_delete_bystring(db, key);
TALLOC_FREE(sids);
goto cancel;
}
member_string = talloc_strdup(sids, "");
if (member_string == NULL) {
TALLOC_FREE(sids);
status = NT_STATUS_NO_MEMORY;
goto cancel;
}
for (i=0; i<num; i++) {
sid_to_fstring(sid_string, &sids[i]);
member_string = talloc_asprintf_append_buffer(
member_string, " %s", sid_string);
if (member_string == NULL) {
TALLOC_FREE(sids);
status = NT_STATUS_NO_MEMORY;
goto cancel;
}
}
status = dbwrap_store_bystring(
db, key, string_term_tdb_data(member_string), 0);
TALLOC_FREE(sids);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("dbwrap_store_bystring failed: %s\n",
nt_errstr(status)));
goto cancel;
}
if (db->transaction_commit(db) != 0) {
DEBUG(0, ("transaction_commit failed\n"));
status = NT_STATUS_INTERNAL_DB_CORRUPTION;
goto cancel;
}
return NT_STATUS_OK;
cancel:
if (db->transaction_cancel(db) != 0) {
smb_panic("transaction_cancel failed");
}
return status;
}