2.5.2.1.1 GatherGroupMembershipForSystem

  • Article

msdn link

The GatherGroupMembershipForSystem function accepts an array of SIDs and invokes GatherLocalGroupMembership, which in turn invokes GatherLocalGroupMembershipFromLocalDomain for the local account domain and again for the built-in domain.

An array of SIDs is returned that includes all input SIDs and the SIDs for all local groups of which the input SIDs are members.

 GatherGroupMembershipForSystem( InitialMembership, FinalMembership )
     --
     -- On entry  InitialMembership is a non-empty array of SIDs
     -- 
     -- On exit   FinalMembership is a array of SIDs 
     --
     CALL GatherLocalGroupMembership ( InitialMembership, FinalMembership )
 END_SUBROUTINE

The InitialMembership and FinalMembership parameters are arrays of SIDs. This method is called by authentication protocols during the process of authentication (see [MS-KILE] section 3.4.5.3 and [MS-APDS] section 3.1.5.

 GatherLocalGroupMembership( InitialMembership, FinalMembership )
     --
     -- On entry
     --     InitialMembership is a non-empty set of SIDs
     -- 
     -- On exit
     --     FinalMembership is a set of SIDs 
     --
         GatherLocalGroupMembershipFromLocalDomain( InitialMembership, 
                                                    LocalDomainSid, 
                                                    FinalMembership )
         GatherLocalGroupMembershipFromLocalDomain( FinalMembership, 
                                                    BuiltinDomainSid, 
                                                    FinalMembership )
 END_SUBROUTINE 
  
  
 GatherLocalGroupMembershipFromLocalDomain( InitialMembership,
                                            LimitingDomain,
                                            FinalMembership )
     --
     -- On entry
     --     InitialMembership is an array of SIDs
     --     LimitingDomain is a domain SID
     --
     -- On exit
     --     FinalMembership is an array of SIDs including any SID from InitialMembership
     --     plus all SIDs of groups of which SIDs in InitialMembership are members.
     --
     Domain d is the domain in Local Domains with objectSid equal LimitingDomain 
     AdditionalMembership is a set of sids initially empty
  
     Set FinalMembership equal to InitialMembership
  
     FOR EACH GROUP g in d DO
         FOR EACH SID m in g.members DO
             FOR EACH SID s in InitialMembership DO
                 if m equals s
                     Set AdditionalMembership equal to the union of
                         AdditionalMembership and g.objectSid
                 END IF
             END FOR
         END FOR
     END FOR
  
     Set FinalMembership equal to the union of
         InitialMembership and AdditionalMembership
 END_SUBROUTINE