summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/passdb/passdb.c30
1 files changed, 23 insertions, 7 deletions
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 4bdceec571..ae7f57fb5a 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -550,7 +550,7 @@ BOOL algorithmic_pdb_rid_is_user(uint32 rid)
Convert a name into a SID. Used in the lookup name rpc.
********************************************************************/
-BOOL lookup_global_sam_name(const char *user, int flags, uint32_t *rid,
+BOOL lookup_global_sam_name(const char *name, int flags, uint32_t *rid,
enum lsa_SidType *type)
{
GROUP_MAP map;
@@ -561,7 +561,7 @@ BOOL lookup_global_sam_name(const char *user, int flags, uint32_t *rid,
name "None" on Windows. You will get an error that
the group already exists. */
- if ( strequal( user, "None" ) ) {
+ if ( strequal( name, "None" ) ) {
*rid = DOMAIN_GROUP_RID_USERS;
*type = SID_NAME_DOM_GRP;
@@ -581,7 +581,7 @@ BOOL lookup_global_sam_name(const char *user, int flags, uint32_t *rid,
}
become_root();
- ret = pdb_getsampwnam(sam_account, user);
+ ret = pdb_getsampwnam(sam_account, name);
unbecome_root();
if (ret) {
@@ -593,7 +593,7 @@ BOOL lookup_global_sam_name(const char *user, int flags, uint32_t *rid,
if (ret) {
if (!sid_check_is_in_our_domain(&user_sid)) {
DEBUG(0, ("User %s with invalid SID %s in passdb\n",
- user, sid_string_static(&user_sid)));
+ name, sid_string_static(&user_sid)));
return False;
}
@@ -608,17 +608,33 @@ BOOL lookup_global_sam_name(const char *user, int flags, uint32_t *rid,
*/
become_root();
- ret = pdb_getgrnam(&map, user);
+ ret = pdb_getgrnam(&map, name);
unbecome_root();
if (!ret) {
- return False;
+ /* try to see if we can lookup a mapped
+ * group with the unix group name */
+
+ struct group *grp;
+
+ grp = getgrnam(name);
+ if (!grp) {
+ return False;
+ }
+
+ become_root();
+ ret = pdb_getgrgid(&map, grp->gr_gid);
+ unbecome_root();
+
+ if (!ret) {
+ return False;
+ }
}
/* BUILTIN groups are looked up elsewhere */
if (!sid_check_is_in_our_domain(&map.sid)) {
DEBUG(10, ("Found group %s (%s) not in our domain -- "
- "ignoring.", user,
+ "ignoring.", name,
sid_string_static(&map.sid)));
return False;
}