diff options
| author | Volker Lendecke <vlendec@samba.org> | 2005-04-05 16:42:06 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:56:29 -0500 |
| commit | 78355805efb1e8e3ef9a5073841275ffa80da77a (patch) | |
| tree | 5833f4289094eeee217b4f691ac87fa096dcecbb /source3/nsswitch | |
| parent | 1c10d5fc30e6136091246e4eb06a9cf04edebc55 (diff) | |
| download | samba-78355805efb1e8e3ef9a5073841275ffa80da77a.tar.gz samba-78355805efb1e8e3ef9a5073841275ffa80da77a.tar.bz2 samba-78355805efb1e8e3ef9a5073841275ffa80da77a.zip | |
r6217: After talking to jerry, commit the partial fix for wbinfo -r. This fixes the
expansion of domain local groups in case the netsamlogon_cache is valid. The
non-samlogon-cache side needs more work, as well as the samlogon cache itself.
Volker
(This used to be commit b6352a3c46f8e67503945eeac33e157ecea01bfb)
Diffstat (limited to 'source3/nsswitch')
| -rw-r--r-- | source3/nsswitch/winbindd_group.c | 38 |
1 files changed, 23 insertions, 15 deletions
diff --git a/source3/nsswitch/winbindd_group.c b/source3/nsswitch/winbindd_group.c index 24968db0ce..9c81aef447 100644 --- a/source3/nsswitch/winbindd_group.c +++ b/source3/nsswitch/winbindd_group.c @@ -1100,6 +1100,13 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state) if ( !opt_nocache && (info3 = netsamlogon_cache_get(mem_ctx, &user_sid))) { + struct winbindd_domain *our_domain = find_our_domain(); + + if (our_domain == NULL) { + DEBUG(0, ("Could not find our domain\n")); + goto done; + } + DEBUG(10, ("winbindd_getgroups: info3 has %d groups, %d other sids\n", info3->num_groups2, info3->num_other_sids)); @@ -1108,6 +1115,7 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state) /* Go through each other sid and convert it to a gid */ for (i = 0; i < info3->num_other_sids; i++) { + DOM_SID *sid = &info3->other_sids[i].sid; fstring name; fstring dom_name; enum SID_NAME_USE sid_type; @@ -1115,30 +1123,30 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state) /* Is this sid known to us? It can either be a trusted domain sid or a foreign sid. */ - if (!winbindd_lookup_name_by_sid( &info3->other_sids[i].sid, - dom_name, name, &sid_type)) - { - DEBUG(10, ("winbindd_getgroups: could not lookup name for %s\n", - sid_string_static(&info3->other_sids[i].sid))); + if (!winbindd_lookup_name_by_sid( sid, dom_name, + name, &sid_type)) { + DEBUG(10, ("winbindd_getgroups: could not " + "lookup name for %s\n", + sid_string_static(sid))); continue; } - /* Check it is a domain group or an alias (domain local group) - in a win2k native mode domain. */ + /* Check it is a domain group or an alias (domain + local group) in a win2k native mode domain. */ - if ( !((sid_type==SID_NAME_DOM_GRP) || - ((sid_type==SID_NAME_ALIAS) && domain->primary)) ) - { + if (!((sid_type==SID_NAME_DOM_GRP) || + ((sid_type==SID_NAME_ALIAS) && + (our_domain->active_directory) && + (our_domain->native_mode) && + (sid_compare_domain(sid, &our_domain->sid) + == 0)))) { DEBUG(10, ("winbindd_getgroups: sid type %d " "for %s is not a domain group\n", - sid_type, - sid_string_static( - &info3->other_sids[i].sid))); + sid_type, sid_string_static(sid))); continue; } - add_gids_from_group_sid(&info3->other_sids[i].sid, - &gid_list, &num_gids); + add_gids_from_group_sid(sid, &gid_list, &num_gids); } for (i = 0; i < info3->num_groups2; i++) { |