Export (0) Print
Expand All

2.5.2.1.1 GatherGroupMembershipForSystem

The GatherGroupMembershipForSystem function accepts an array of SIDs and invokes GatherLocalGroupMembership, which in turn invokes GatherLocalGroupMembershipFromLocalDomain for the local account domain and again for the built-in domain.

An array of SIDs is returned that includes all input SIDs and the SIDs for all local groups of which the input SIDs are members.

GatherGroupMembershipForSystem( InitialMembership, FinalMembership )
    --
    -- On entry  InitialMembership is a non-empty array of SIDs
    -- 
    -- On exit   FinalMembership is a array of SIDs 
    --
    CALL GatherLocalGroupMembership ( InitialMembership, FinalMembership )
END_SUBROUTINE

The InitialMembership and FinalMembership parameters are arrays of SIDs. This method is called by authentication protocols during the process of authentication (see [MS-KILE] section 3.4.5.3 and [MS-APDS] section 3.1.5.

GatherLocalGroupMembership( InitialMembership, FinalMembership )
    --
    -- On entry
    --     InitialMembership is a non-empty set of SIDs
    -- 
    -- On exit
    --     FinalMembership is a set of SIDs 
    --
        GatherLocalGroupMembershipFromLocalDomain( InitialMembership, 
                                                   LocalDomainSid, 
                                                   FinalMembership )
        GatherLocalGroupMembershipFromLocalDomain( FinalMembership, 
                                                   BuiltinDomainSid, 
                                                   FinalMembership )
END_SUBROUTINE 


GatherLocalGroupMembershipFromLocalDomain( InitialMembership,
                                           LimitingDomain,
                                           FinalMembership )
    --
    -- On entry
    --     InitialMembership is an array of SIDs
    --     LimitingDomain is a domain SID
    --
    -- On exit
    --     FinalMembership is an array of SIDs including any SID from InitialMembership
    --     plus all SIDs of groups of which SIDs in InitialMembership are members.
    --
    Domain d is the domain in Local Domains with objectSid equal LimitingDomain 
    AdditionalMembership is a set of sids initially empty

    Set FinalMembership equal to InitialMembership

    FOR EACH GROUP g in d DO
        FOR EACH SID m in g.members DO
            FOR EACH SID s in InitialMembership DO
                if m equals s
                    Set AdditionalMembership equal to the union of
                        AdditionalMembership and g.objectSid
                END IF
            END FOR
        END FOR
    END FOR

    Set FinalMembership equal to the union of
        InitialMembership and AdditionalMembership
END_SUBROUTINE
 
Show:
© 2014 Microsoft