summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/passdb/lookup_sid.c26
1 files changed, 23 insertions, 3 deletions
diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index 02b83f1965..8a28f75ec8 100644
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -43,6 +43,7 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx,
DOM_SID sid;
enum SID_NAME_USE type;
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+ struct group *grp;
if (tmp_ctx == NULL) {
DEBUG(0, ("talloc_new failed\n"));
@@ -128,8 +129,27 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx,
* the expansion of group names coming in from smb.conf
*/
- if (flags & LOOKUP_NAME_GROUP) {
- struct group *grp;
+ if ((flags & LOOKUP_NAME_GROUP) && ((grp = getgrnam(name)) != NULL)) {
+
+ GROUP_MAP map;
+
+ if (pdb_getgrgid(&map, grp->gr_gid)) {
+ /* The hack gets worse. Handle the case where we have
+ * 'force group = +unixgroup' but "unixgroup" has a
+ * group mapping */
+
+ if (sid_check_is_in_builtin(&map.sid)) {
+ domain = talloc_strdup(
+ tmp_ctx, builtin_domain_name());
+ } else {
+ domain = talloc_strdup(
+ tmp_ctx, get_global_sam_name());
+ }
+
+ sid_copy(&sid, &map.sid);
+ type = map.sid_name_use;
+ goto ok;
+ }
/* If we are using the smbpasswd backend, we need to use the
* algorithmic mapping for the unix group we find. This is
@@ -137,7 +157,7 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx,
* gid list we got from initgroups() we use gid_to_sid() that
* uses algorithmic mapping if pdb_rid_algorithm() is true. */
- if (pdb_rid_algorithm() && ((grp = getgrnam(name)) != NULL) &&
+ if (pdb_rid_algorithm() &&
(grp->gr_gid < max_algorithmic_gid())) {
domain = talloc_strdup(tmp_ctx, get_global_sam_name());
sid_compose(&sid, get_global_sam_sid(),