summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorSergey Urushkin <urushkin@telros.ru>2012-07-20 13:16:08 +0400
committerAndrew Bartlett <abartlet@samba.org>2012-07-22 19:11:26 +1000
commite8b3b1c110fd7fdd154f7dd59e4c32ce7fa23c61 (patch)
treeb14bb89e4b5918aae70156a7a297e4047f21d606 /source4
parentf7b88fbe9f5fc1fbeef733eb7c90bdcd28bdc7af (diff)
downloadsamba-e8b3b1c110fd7fdd154f7dd59e4c32ce7fa23c61.tar.gz
samba-e8b3b1c110fd7fdd154f7dd59e4c32ce7fa23c61.tar.bz2
samba-e8b3b1c110fd7fdd154f7dd59e4c32ce7fa23c61.zip
s4 rfc2307 gids mapping fix
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4')
-rw-r--r--source4/winbind/idmap.c15
1 files changed, 8 insertions, 7 deletions
diff --git a/source4/winbind/idmap.c b/source4/winbind/idmap.c
index b4aa62e237..976a2d0f9d 100644
--- a/source4/winbind/idmap.c
+++ b/source4/winbind/idmap.c
@@ -235,10 +235,10 @@ static NTSTATUS idmap_xid_to_sid(struct idmap_context *idmap_ctx,
ldb_get_default_basedn(idmap_ctx->samdb),
LDB_SCOPE_SUBTREE,
sam_attrs, 0,
- "(&(sAMaccountType:" LDB_OID_COMPARATOR_AND ":=%u)"
+ "(&(|(sAMaccountType=%u)(sAMaccountType=%u)(sAMaccountType=%u))"
"(uidNumber=%u)(objectSid=*)"
"(|(objectClass=posixAccount)(objectClass=posixGroup)))",
- ATYPE_ACCOUNT, unixid->id);
+ ATYPE_ACCOUNT, ATYPE_WORKSTATION_TRUST, ATYPE_INTERDOMAIN_TRUST, unixid->id);
} else {
/* If we are not to use the rfc2307 attributes, we just emulate a non-match */
ret = LDB_ERR_NO_SUCH_OBJECT;
@@ -437,12 +437,13 @@ static NTSTATUS idmap_sid_to_xid(struct idmap_context *idmap_ctx,
ldb_get_default_basedn(idmap_ctx->samdb),
LDB_SCOPE_SUBTREE, sam_attrs, 0,
"(&(objectSid=%s)"
- "(|(sAMaccountType:" LDB_OID_COMPARATOR_AND ":=%u)"
- "(sAMaccountType=%u)"
- "(sAMaccountType=%u))"
+ "(|(sAMaccountType=%u)(sAMaccountType=%u)(sAMaccountType=%u)"
+ "(sAMaccountType=%u)(sAMaccountType=%u))"
"(|(uidNumber=*)(gidNumber=*))"
"(|(objectClass=posixAccount)(objectClass=posixGroup)))",
- dom_sid_string(tmp_ctx, sid), ATYPE_ACCOUNT, ATYPE_SECURITY_GLOBAL_GROUP, ATYPE_SECURITY_LOCAL_GROUP);
+ dom_sid_string(tmp_ctx, sid),
+ ATYPE_ACCOUNT, ATYPE_WORKSTATION_TRUST, ATYPE_INTERDOMAIN_TRUST,
+ ATYPE_SECURITY_GLOBAL_GROUP, ATYPE_SECURITY_LOCAL_GROUP);
} else {
/* If we are not to use the rfc2307 attributes, we just emulate a non-match */
ret = LDB_ERR_NO_SUCH_OBJECT;
@@ -455,7 +456,7 @@ static NTSTATUS idmap_sid_to_xid(struct idmap_context *idmap_ctx,
goto failed;
} else if (ret == LDB_SUCCESS) {
uint32_t account_type = ldb_msg_find_attr_as_uint(sam_msg, "sAMaccountType", 0);
- if (account_type & ATYPE_ACCOUNT) {
+ if ((account_type == ATYPE_ACCOUNT) || (account_type == ATYPE_WORKSTATION_TRUST ) || (account_type == ATYPE_INTERDOMAIN_TRUST )) {
const struct ldb_val *v = ldb_msg_find_ldb_val(sam_msg, "uidNumber");
if (v) {
unixid->type = ID_TYPE_UID;