diff options
-rw-r--r-- | source3/passdb/lookup_sid.c | 26 |
1 files changed, 23 insertions, 3 deletions
diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index 02b83f1965..8a28f75ec8 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -43,6 +43,7 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx, DOM_SID sid; enum SID_NAME_USE type; TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); + struct group *grp; if (tmp_ctx == NULL) { DEBUG(0, ("talloc_new failed\n")); @@ -128,8 +129,27 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx, * the expansion of group names coming in from smb.conf */ - if (flags & LOOKUP_NAME_GROUP) { - struct group *grp; + if ((flags & LOOKUP_NAME_GROUP) && ((grp = getgrnam(name)) != NULL)) { + + GROUP_MAP map; + + if (pdb_getgrgid(&map, grp->gr_gid)) { + /* The hack gets worse. Handle the case where we have + * 'force group = +unixgroup' but "unixgroup" has a + * group mapping */ + + if (sid_check_is_in_builtin(&map.sid)) { + domain = talloc_strdup( + tmp_ctx, builtin_domain_name()); + } else { + domain = talloc_strdup( + tmp_ctx, get_global_sam_name()); + } + + sid_copy(&sid, &map.sid); + type = map.sid_name_use; + goto ok; + } /* If we are using the smbpasswd backend, we need to use the * algorithmic mapping for the unix group we find. This is @@ -137,7 +157,7 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx, * gid list we got from initgroups() we use gid_to_sid() that * uses algorithmic mapping if pdb_rid_algorithm() is true. */ - if (pdb_rid_algorithm() && ((grp = getgrnam(name)) != NULL) && + if (pdb_rid_algorithm() && (grp->gr_gid < max_algorithmic_gid())) { domain = talloc_strdup(tmp_ctx, get_global_sam_name()); sid_compose(&sid, get_global_sam_sid(), |