Export (0) Print
Expand All

2.5.2.1.1 GatherGroupMembershipForSystem

The GatherGroupMembershipForSystem function accepts an array of SIDs and invokes GatherLocalGroupMembership, which in turn invokes GatherLocalGroupMembershipFromLocalDomain for the local account domain and again for the built-in domain.

An array of SIDs is returned that includes all input SIDs and the SIDs for all local groups of which the input SIDs are members.

 GatherGroupMembershipForSystem( InitialMembership, FinalMembership )
     --
     -- On entry  InitialMembership is a non-empty array of SIDs
     -- 
     -- On exit   FinalMembership is a array of SIDs 
     --
     CALL GatherLocalGroupMembership ( InitialMembership, FinalMembership )
 END_SUBROUTINE

The InitialMembership and FinalMembership parameters are arrays of SIDs. This method is called by authentication protocols during the process of authentication (see [MS-KILE] section 3.4.5.3 and [MS-APDS] section 3.1.5.

 GatherLocalGroupMembership( InitialMembership, FinalMembership )
     --
     -- On entry
     --     InitialMembership is a non-empty set of SIDs
     -- 
     -- On exit
     --     FinalMembership is a set of SIDs 
     --
         GatherLocalGroupMembershipFromLocalDomain( InitialMembership, 
                                                    LocalDomainSid, 
                                                    FinalMembership )
         GatherLocalGroupMembershipFromLocalDomain( FinalMembership, 
                                                    BuiltinDomainSid, 
                                                    FinalMembership )
 END_SUBROUTINE 
  
  
 GatherLocalGroupMembershipFromLocalDomain( InitialMembership,
                                            LimitingDomain,
                                            FinalMembership )
     --
     -- On entry
     --     InitialMembership is an array of SIDs
     --     LimitingDomain is a domain SID
     --
     -- On exit
     --     FinalMembership is an array of SIDs including any SID from InitialMembership
     --     plus all SIDs of groups of which SIDs in InitialMembership are members.
     --
     Domain d is the domain in Local Domains with objectSid equal LimitingDomain 
     AdditionalMembership is a set of sids initially empty
  
     Set FinalMembership equal to InitialMembership
  
     FOR EACH GROUP g in d DO
         FOR EACH SID m in g.members DO
             FOR EACH SID s in InitialMembership DO
                 if m equals s
                     Set AdditionalMembership equal to the union of
                         AdditionalMembership and g.objectSid
                 END IF
             END FOR
         END FOR
     END FOR
  
     Set FinalMembership equal to the union of
         InitialMembership and AdditionalMembership
 END_SUBROUTINE
  
Show:
© 2016 Microsoft