r2793: fixed the handling of primaryGroupID in auth_sam. There were two bugs,

the first was it didn't pass primaryGroupID as an attributed it
wanted, the second was it didn't cope with primaryGroupID not being
present.
(This used to be commit 8373bfcdeca13dcdce3081af420d8bb7d842ad18)

1 files changed, 12 insertions, 2 deletions

diff --git a/source4/auth/auth_sam.c b/source4/auth/auth_sam.c
index 6ddddafee3..4e797acd36 100644
--- a/source4/auth/auth_sam.c
+++ b/source4/auth/auth_sam.c
@@ -222,6 +222,7 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
 			       "accountExpires",
 			       "badPwdCount",
 			       "logonCount",
+			       "primaryGroupID",
 			       NULL,
 	};
 
@@ -333,6 +334,7 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
 		struct dom_sid *primary_group_sid;
 		const char *sidstr;
 		int i;
+		uint_t rid;
 
 		group_ret = samdb_search(sam_ctx,
 					 mem_ctx, NULL, &group_msgs, group_attrs,
@@ -357,8 +359,16 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
 		sidstr = ldb_msg_find_string(msgs[0], "objectSid", NULL);
 		user_sid = dom_sid_parse_talloc(*server_info, sidstr);
 		primary_group_sid = dom_sid_parse_talloc(*server_info, sidstr);
-		primary_group_sid->sub_auths[primary_group_sid->num_auths-1] 
-			= samdb_result_uint(msgs[0], "primaryGroupID", 0);
+		rid = samdb_result_uint(msgs[0], "primaryGroupID", ~0);
+		if (rid == ~0) {
+			if (group_ret > 0) {
+				primary_group_sid = groupSIDs[0];
+			} else {
+				primary_group_sid = NULL;
+			}
+		} else {
+			primary_group_sid->sub_auths[primary_group_sid->num_auths-1] = rid;
+		}
 
 		(*server_info)->user_sid = user_sid;
 		(*server_info)->primary_group_sid = primary_group_sid;