r10474: We better ignore builtin SIDs from the Active Directory DC to prevent

that AD's builtin groups mixup with our own builtin groups. Guenther (This used to be commit 9930013161f1ae59e7aed1b397b79792d384f1ba)
author: Günther Deschner <gd@samba.org> 2005-09-24 11:33:55 +0000
committer: Gerald (Jerry) Carter <jerry@samba.org> 2007-10-10 11:03:42 -0500
commit: da1640d5a1aa8e3bbbab11423d79badeb2fbeeb8 (patch)
tree: 9bf92b89bf8361d1678a45e100d92ab894975969
parent: 83d67f99aada08db2a4c8c93964380f679ca6777 (diff)
download: samba-da1640d5a1aa8e3bbbab11423d79badeb2fbeeb8.tar.gz
samba-da1640d5a1aa8e3bbbab11423d79badeb2fbeeb8.tar.bz2
samba-da1640d5a1aa8e3bbbab11423d79badeb2fbeeb8.zip
1 files changed, 8 insertions, 1 deletions
diff --git a/source3/nsswitch/winbindd_ads.c b/source3/nsswitch/winbindd_ads.c
index 7851fdabc3..eda6dea2c4 100644
--- a/source3/nsswitch/winbindd_ads.c
+++ b/source3/nsswitch/winbindd_ads.c
@@ -613,9 +613,16 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
 
 	add_sid_to_array(mem_ctx, &primary_group, user_sids, num_groups);
 	
-	for (i=0;i<count;i++)
+	for (i=0;i<count;i++) {
+
+		/* ignore Builtin groups from ADS - Guenther */
+		if (sid_check_is_in_builtin(&sids[i])) {
+			continue;
+		}
+			       
 		add_sid_to_array_unique(mem_ctx, &sids[i],
 					user_sids, num_groups);
+	}
 
 	status = (user_sids != NULL) ? NT_STATUS_OK : NT_STATUS_NO_MEMORY;
author	Günther Deschner <gd@samba.org>	2005-09-24 11:33:55 +0000
committer	Gerald (Jerry) Carter <jerry@samba.org>	2007-10-10 11:03:42 -0500
commit	da1640d5a1aa8e3bbbab11423d79badeb2fbeeb8 (patch)
tree	9bf92b89bf8361d1678a45e100d92ab894975969
parent	83d67f99aada08db2a4c8c93964380f679ca6777 (diff)
download	samba-da1640d5a1aa8e3bbbab11423d79badeb2fbeeb8.tar.gz samba-da1640d5a1aa8e3bbbab11423d79badeb2fbeeb8.tar.bz2 samba-da1640d5a1aa8e3bbbab11423d79badeb2fbeeb8.zip