summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/nsswitch/idmap.c5
-rw-r--r--source3/nsswitch/winbindd_passdb.c7
-rw-r--r--source3/nsswitch/winbindd_util.c19
3 files changed, 29 insertions, 2 deletions
diff --git a/source3/nsswitch/idmap.c b/source3/nsswitch/idmap.c
index babd5645aa..8f3e7c465e 100644
--- a/source3/nsswitch/idmap.c
+++ b/source3/nsswitch/idmap.c
@@ -821,7 +821,10 @@ static NTSTATUS idmap_can_map(const struct id_map *map, struct idmap_domain **re
/* Check we do not create mappings for our own local domain, or BUILTIN or special SIDs */
if ((sid_compare_domain(map->sid, get_global_sam_sid()) == 0) ||
sid_check_is_in_builtin(map->sid) ||
- sid_check_is_in_wellknown_domain(map->sid)) {
+ sid_check_is_in_wellknown_domain(map->sid) ||
+ sid_check_is_in_unix_users(map->sid) ||
+ sid_check_is_in_unix_groups(map->sid) )
+ {
DEBUG(10, ("We are not supposed to create mappings for our own domains (local, builtin, specials)\n"));
return NT_STATUS_UNSUCCESSFUL;
}
diff --git a/source3/nsswitch/winbindd_passdb.c b/source3/nsswitch/winbindd_passdb.c
index e8b0ae641f..2a61908f0e 100644
--- a/source3/nsswitch/winbindd_passdb.c
+++ b/source3/nsswitch/winbindd_passdb.c
@@ -125,7 +125,12 @@ static NTSTATUS sid_to_name(struct winbindd_domain *domain,
/* Paranoia check */
if (!sid_check_is_in_builtin(sid) &&
- !sid_check_is_in_our_domain(sid)) {
+ !sid_check_is_in_our_domain(sid) &&
+ !sid_check_is_in_unix_users(sid) &&
+ !sid_check_is_unix_users(sid) &&
+ !sid_check_is_in_unix_groups(sid) &&
+ !sid_check_is_unix_groups(sid) )
+ {
DEBUG(0, ("Possible deadlock: Trying to lookup SID %s with "
"passdb backend\n", sid_string_static(sid)));
return NT_STATUS_NONE_MAPPED;
diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c
index 2bec404a13..e05f698ee8 100644
--- a/source3/nsswitch/winbindd_util.c
+++ b/source3/nsswitch/winbindd_util.c
@@ -914,6 +914,17 @@ struct winbindd_domain *find_lookup_domain_from_sid(const DOM_SID *sid)
return find_domain_from_sid(sid);
}
+ /* SIDs in the S-1-22-{1,2} domain should be handled by our passdb */
+
+ if ( sid_check_is_in_unix_groups(sid) ||
+ sid_check_is_unix_groups(sid) ||
+ sid_check_is_in_unix_users(sid) ||
+ sid_check_is_unix_users(sid) )
+ {
+ return find_domain_from_sid(get_global_sam_sid());
+ }
+
+
/* On a member server a query for SID or name can always go to our
* primary DC. */
@@ -927,6 +938,14 @@ struct winbindd_domain *find_lookup_domain_from_name(const char *domain_name)
strequal(domain_name, get_global_sam_name()))
return find_domain_from_name_noinit(domain_name);
+ /* The "Unix User" and "Unix Group" domain our handled by passdb */
+
+ if ( strequal(domain_name, unix_users_domain_name() ) ||
+ strequal(domain_name, unix_groups_domain_name() ) )
+ {
+ return find_domain_from_name_noinit( get_global_sam_name() );
+ }
+
return find_our_domain();
}