r23048: Simo is correct in that winbind_lookup{sid,name}_async() needs

to be able to handle SIDs in the S-1-22-{1,2} domain in order
for winbindd_sid_to_uid(), et. al. to succeed.  For 3.0.25a,
we will short circuit in the sid_to_uid() family of functions
so that smbd is ok.

For 3.0.26, we need to allow winbindd to handle all types of SIDs.
(This used to be commit d70cec31965de41d3296c9b585ff0aea4f2bcffe)

1 files changed, 19 insertions, 0 deletions

diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c
index 2bec404a13..e05f698ee8 100644
--- a/source3/nsswitch/winbindd_util.c
+++ b/source3/nsswitch/winbindd_util.c
@@ -914,6 +914,17 @@ struct winbindd_domain *find_lookup_domain_from_sid(const DOM_SID *sid)
 		return find_domain_from_sid(sid);
 	}
 
+	/* SIDs in the S-1-22-{1,2} domain should be handled by our passdb */
+
+	if ( sid_check_is_in_unix_groups(sid) || 
+	     sid_check_is_unix_groups(sid) ||
+	     sid_check_is_in_unix_users(sid) ||
+	     sid_check_is_unix_users(sid) )
+	{
+		return find_domain_from_sid(get_global_sam_sid());
+	}
+	
+
 	/* On a member server a query for SID or name can always go to our
 	 * primary DC. */
 
@@ -927,6 +938,14 @@ struct winbindd_domain *find_lookup_domain_from_name(const char *domain_name)
 	    strequal(domain_name, get_global_sam_name()))
 		return find_domain_from_name_noinit(domain_name);
 
+	/* The "Unix User" and "Unix Group" domain our handled by passdb */
+
+	if ( strequal(domain_name, unix_users_domain_name() ) ||
+	     strequal(domain_name, unix_groups_domain_name() ) )
+	{
+		return find_domain_from_name_noinit( get_global_sam_name() );
+	}
+
 	return find_our_domain();
 }