diff options
author | Sergey Urushkin <urushkin@telros.ru> | 2012-07-20 13:16:08 +0400 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2012-07-22 19:11:26 +1000 |
commit | e8b3b1c110fd7fdd154f7dd59e4c32ce7fa23c61 (patch) | |
tree | b14bb89e4b5918aae70156a7a297e4047f21d606 /source4 | |
parent | f7b88fbe9f5fc1fbeef733eb7c90bdcd28bdc7af (diff) | |
download | samba-e8b3b1c110fd7fdd154f7dd59e4c32ce7fa23c61.tar.gz samba-e8b3b1c110fd7fdd154f7dd59e4c32ce7fa23c61.tar.bz2 samba-e8b3b1c110fd7fdd154f7dd59e4c32ce7fa23c61.zip |
s4 rfc2307 gids mapping fix
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4')
-rw-r--r-- | source4/winbind/idmap.c | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/source4/winbind/idmap.c b/source4/winbind/idmap.c index b4aa62e237..976a2d0f9d 100644 --- a/source4/winbind/idmap.c +++ b/source4/winbind/idmap.c @@ -235,10 +235,10 @@ static NTSTATUS idmap_xid_to_sid(struct idmap_context *idmap_ctx, ldb_get_default_basedn(idmap_ctx->samdb), LDB_SCOPE_SUBTREE, sam_attrs, 0, - "(&(sAMaccountType:" LDB_OID_COMPARATOR_AND ":=%u)" + "(&(|(sAMaccountType=%u)(sAMaccountType=%u)(sAMaccountType=%u))" "(uidNumber=%u)(objectSid=*)" "(|(objectClass=posixAccount)(objectClass=posixGroup)))", - ATYPE_ACCOUNT, unixid->id); + ATYPE_ACCOUNT, ATYPE_WORKSTATION_TRUST, ATYPE_INTERDOMAIN_TRUST, unixid->id); } else { /* If we are not to use the rfc2307 attributes, we just emulate a non-match */ ret = LDB_ERR_NO_SUCH_OBJECT; @@ -437,12 +437,13 @@ static NTSTATUS idmap_sid_to_xid(struct idmap_context *idmap_ctx, ldb_get_default_basedn(idmap_ctx->samdb), LDB_SCOPE_SUBTREE, sam_attrs, 0, "(&(objectSid=%s)" - "(|(sAMaccountType:" LDB_OID_COMPARATOR_AND ":=%u)" - "(sAMaccountType=%u)" - "(sAMaccountType=%u))" + "(|(sAMaccountType=%u)(sAMaccountType=%u)(sAMaccountType=%u)" + "(sAMaccountType=%u)(sAMaccountType=%u))" "(|(uidNumber=*)(gidNumber=*))" "(|(objectClass=posixAccount)(objectClass=posixGroup)))", - dom_sid_string(tmp_ctx, sid), ATYPE_ACCOUNT, ATYPE_SECURITY_GLOBAL_GROUP, ATYPE_SECURITY_LOCAL_GROUP); + dom_sid_string(tmp_ctx, sid), + ATYPE_ACCOUNT, ATYPE_WORKSTATION_TRUST, ATYPE_INTERDOMAIN_TRUST, + ATYPE_SECURITY_GLOBAL_GROUP, ATYPE_SECURITY_LOCAL_GROUP); } else { /* If we are not to use the rfc2307 attributes, we just emulate a non-match */ ret = LDB_ERR_NO_SUCH_OBJECT; @@ -455,7 +456,7 @@ static NTSTATUS idmap_sid_to_xid(struct idmap_context *idmap_ctx, goto failed; } else if (ret == LDB_SUCCESS) { uint32_t account_type = ldb_msg_find_attr_as_uint(sam_msg, "sAMaccountType", 0); - if (account_type & ATYPE_ACCOUNT) { + if ((account_type == ATYPE_ACCOUNT) || (account_type == ATYPE_WORKSTATION_TRUST ) || (account_type == ATYPE_INTERDOMAIN_TRUST )) { const struct ldb_val *v = ldb_msg_find_ldb_val(sam_msg, "uidNumber"); if (v) { unixid->type = ID_TYPE_UID; |