2 files changed, 72 insertions, 49 deletions

diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 52b24b04f3..e6abb26b3f 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -510,6 +510,8 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use
 {
 	uint32 rid;
 	BOOL is_user;
+	SAM_ACCOUNT *sam_account = NULL;
+	BOOL found = False;
 
 	sid_peek_rid(sid, &rid);
 	is_user = pdb_rid_is_user(rid);
@@ -541,26 +543,44 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use
 			 */
 			if (lp_hide_local_users())
 				return False;
+
+			if (!NT_STATUS_IS_OK(pdb_init_sam(&sam_account))) {
+				return False;
+			}
+			
+			if (pdb_getsampwrid(sam_account, rid)) {
+				fstrcpy(name, pdb_get_username(sam_account));
+				*psid_name_use = SID_NAME_USER;
+				found = True;
+			}
+			
+			pdb_free_sam(&sam_account);
+			
+			if (found) {
+				return True;
+			}
 			
 			uid = pdb_user_rid_to_uid(rid);
-			pass = sys_getpwuid(uid);
-
+			pass = getpwuid_alloc(uid);
+			
 			*psid_name_use = SID_NAME_USER;
-
+			
 			DEBUG(5,("local_lookup_sid: looking up uid %u %s\n", (unsigned int)uid,
-				pass ? "succeeded" : "failed" ));
-
+				 pass ? "succeeded" : "failed" ));
+			
 			if(!pass) {
 				slprintf(name, sizeof(fstring)-1, "unix_user.%u", (unsigned int)uid);
 				return True;
 			}
-
+			
 			fstrcpy(name, pass->pw_name);
-
+			
 			DEBUG(5,("local_lookup_sid: found user %s for rid %u\n", name,
-				(unsigned int)rid ));
+				 (unsigned int)rid ));
+			
+			passwd_free(&pass);
 		}
-
+		
 	} else {
 		gid_t gid;
 		struct group *gr; 
@@ -617,7 +637,8 @@ BOOL local_lookup_name(const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psi
 	DOM_SID local_sid;
 	fstring user;
 	SAM_ACCOUNT *sam_account = NULL;
-
+	BOOL found = False;
+	
 	*psid_name_use = SID_NAME_UNKNOWN;
 
 	/*
@@ -655,14 +676,19 @@ BOOL local_lookup_name(const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psi
 	if (pdb_getsampwnam(sam_account, user)) {
 		sid_append_rid( &local_sid, pdb_get_user_rid(sam_account));
 		*psid_name_use = SID_NAME_USER;
-		pdb_free_sam(&sam_account);
+		
+		sid_copy( psid, &local_sid);
+		found = True;
+	}
+
+	pdb_free_sam(&sam_account);
 
-	} else if((pass = Get_Pwnam(user))) {
+	if (!found && (pass = Get_Pwnam(user))) {
 		sid_append_rid( &local_sid, pdb_uid_to_user_rid(pass->pw_uid));
 		*psid_name_use = SID_NAME_USER;
 		pdb_free_sam(&sam_account);
 
-	} else {
+	} else if (!found) {
 		/*
 		 * Maybe it was a group ?
 		 */
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index 240b4d46bb..eb1756008f 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -433,7 +433,7 @@ void add_supplementary_nt_login_groups(int *n_groups, gid_t **pp_groups, NT_USER
 
 /*****************************************************************
  *THE CANONICAL* convert name to SID function.
- Tries winbind first - then uses local lookup.
+ Tries local lookup first - for local domains - then uses winbind.
 *****************************************************************/  
 
 BOOL lookup_name(const char *domain, const char *name, DOM_SID *psid, enum SID_NAME_USE *name_type)
@@ -441,54 +441,51 @@ BOOL lookup_name(const char *domain, const char *name, DOM_SID *psid, enum SID_N
 	extern pstring global_myname;
 	extern fstring global_myworkgroup;
 	fstring sid;
+	BOOL ret = False;
 	
 	*name_type = SID_NAME_UNKNOWN;
 
-	if (!winbind_lookup_name(domain, name, psid, name_type) || (*name_type != SID_NAME_USER) ) {
-		BOOL ret = False;
-
-		DEBUG(10, ("lookup_name: winbind lookup for [%s]\\[%s] failed - trying local\n", domain, name));
-
-		/* If we are looking up a domain user, make sure it is
-		   for the local machine only */
-		
-		switch (lp_server_role()) {
-		case ROLE_DOMAIN_PDC:
-		case ROLE_DOMAIN_BDC:
-			if (strequal(domain, global_myworkgroup)) {
-				ret = local_lookup_name(name, psid, name_type);
-			}
-			/* No break is deliberate here. JRA. */
-		default:
-			if (ret) {
-			} else if (strequal(global_myname, domain)) {
-				ret = local_lookup_name(name, psid, name_type);
-			} else {
-				DEBUG(5, ("lookup_name: domain %s is not local\n", domain));
-			}
+	/* If we are looking up a domain user, make sure it is
+	   for the local machine only */
+	
+	switch (lp_server_role()) {
+	case ROLE_DOMAIN_PDC:
+	case ROLE_DOMAIN_BDC:
+		if (strequal(domain, global_myworkgroup)) {
+			ret = local_lookup_name(name, psid, name_type);
 		}
-
+		/* No break is deliberate here. JRA. */
+	default:
 		if (ret) {
-			DEBUG(10,
-			      ("lookup_name: (local) [%s]\\[%s] -> SID %s (type %u)\n",
-			       domain, name, sid_to_string(sid,psid),
-			       (unsigned int)*name_type ));
+		} else if (strequal(global_myname, domain)) {
+			ret = local_lookup_name(name, psid, name_type);
 		} else {
-			DEBUG(10,("lookup name: (local) [%s]\\[%s] failed.\n", domain, name));
+			DEBUG(5, ("lookup_name: domain %s is not local\n", domain));
 		}
-
-		return ret;
+	}
+	
+	if (ret) {
+		DEBUG(10,
+		      ("lookup_name: (local) [%s]\\[%s] -> SID %s (type %u)\n",
+		       domain, name, sid_to_string(sid,psid),
+		       (unsigned int)*name_type ));
+		return True;
+	} else if (winbind_lookup_name(domain, name, psid, name_type) || (*name_type != SID_NAME_USER) ) {
+		
+		DEBUG(10,("lookup_name (winbindd): [%s]\\[%s] -> SID %s (type %u)\n",
+			  domain, name, sid_to_string(sid, psid), 
+			  (unsigned int)*name_type));
+		return True;
 	}
 
-	DEBUG(10,("lookup_name (winbindd): [%s]\\[%s] -> SID %s (type %u)\n",
-		  domain, name, sid_to_string(sid, psid), 
-		  (unsigned int)*name_type));
-	return True;
+	DEBUG(10, ("lookup_name: winbind and local lookups for [%s]\\[%s] failed\n", domain, name));
+
+	return False;
 }
 
 /*****************************************************************
  *THE CANONICAL* convert SID to name function.
- Tries winbind first - then uses local lookup.
+ Tries local lookup first - for local sids, then tries winbind.
 *****************************************************************/  
 
 BOOL lookup_sid(DOM_SID *sid, fstring dom_name, fstring name, enum SID_NAME_USE *name_type)