summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/nsswitch/winbindd_group.c38
1 files changed, 23 insertions, 15 deletions
diff --git a/source3/nsswitch/winbindd_group.c b/source3/nsswitch/winbindd_group.c
index 24968db0ce..9c81aef447 100644
--- a/source3/nsswitch/winbindd_group.c
+++ b/source3/nsswitch/winbindd_group.c
@@ -1100,6 +1100,13 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state)
if ( !opt_nocache && (info3 = netsamlogon_cache_get(mem_ctx, &user_sid))) {
+ struct winbindd_domain *our_domain = find_our_domain();
+
+ if (our_domain == NULL) {
+ DEBUG(0, ("Could not find our domain\n"));
+ goto done;
+ }
+
DEBUG(10, ("winbindd_getgroups: info3 has %d groups, %d other sids\n",
info3->num_groups2, info3->num_other_sids));
@@ -1108,6 +1115,7 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state)
/* Go through each other sid and convert it to a gid */
for (i = 0; i < info3->num_other_sids; i++) {
+ DOM_SID *sid = &info3->other_sids[i].sid;
fstring name;
fstring dom_name;
enum SID_NAME_USE sid_type;
@@ -1115,30 +1123,30 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state)
/* Is this sid known to us? It can either be
a trusted domain sid or a foreign sid. */
- if (!winbindd_lookup_name_by_sid( &info3->other_sids[i].sid,
- dom_name, name, &sid_type))
- {
- DEBUG(10, ("winbindd_getgroups: could not lookup name for %s\n",
- sid_string_static(&info3->other_sids[i].sid)));
+ if (!winbindd_lookup_name_by_sid( sid, dom_name,
+ name, &sid_type)) {
+ DEBUG(10, ("winbindd_getgroups: could not "
+ "lookup name for %s\n",
+ sid_string_static(sid)));
continue;
}
- /* Check it is a domain group or an alias (domain local group)
- in a win2k native mode domain. */
+ /* Check it is a domain group or an alias (domain
+ local group) in a win2k native mode domain. */
- if ( !((sid_type==SID_NAME_DOM_GRP) ||
- ((sid_type==SID_NAME_ALIAS) && domain->primary)) )
- {
+ if (!((sid_type==SID_NAME_DOM_GRP) ||
+ ((sid_type==SID_NAME_ALIAS) &&
+ (our_domain->active_directory) &&
+ (our_domain->native_mode) &&
+ (sid_compare_domain(sid, &our_domain->sid)
+ == 0)))) {
DEBUG(10, ("winbindd_getgroups: sid type %d "
"for %s is not a domain group\n",
- sid_type,
- sid_string_static(
- &info3->other_sids[i].sid)));
+ sid_type, sid_string_static(sid)));
continue;
}
- add_gids_from_group_sid(&info3->other_sids[i].sid,
- &gid_list, &num_gids);
+ add_gids_from_group_sid(sid, &gid_list, &num_gids);
}
for (i = 0; i < info3->num_groups2; i++) {