1 files changed, 23 insertions, 14 deletions

diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index 6b58210919..5c0bf0aef8 100644
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -76,25 +76,34 @@ BOOL lookup_sid(const DOM_SID *sid, fstring dom_name, fstring name, enum SID_NAM
 	/* Check if this is our own sid.  This should perhaps be done by
 	   winbind?  For the moment handle it here. */
 
-	if (sid->num_auths == 4 && sid_equal(get_global_sam_sid(), sid)) {
-		DOM_SID tmp_sid;
-		sid_copy(&tmp_sid, sid);
-		return map_domain_sid_to_name(&tmp_sid, dom_name) && 
-			local_lookup_sid(sid, name, name_type);
+	if (sid_check_is_domain(sid)) {
+		fstrcpy(dom_name, get_global_sam_name());
+		fstrcpy(name, "");
+		*name_type = SID_NAME_DOMAIN;
+		return True;
 	}
 
-	if (sid->num_auths == 5) {
-		DOM_SID tmp_sid;
-		uint32 rid;
+	if (sid_check_is_builtin(sid)) {
 
-		sid_copy(&tmp_sid, sid);
-		sid_split_rid(&tmp_sid, &rid);
+		/* Got through map_domain_sid_to_name here so that the mapping
+		 * of S-1-5-32 to the name "BUILTIN" in as few places as
+		 * possible. We might add i18n... */
+		SMB_ASSERT(map_domain_sid_to_name(sid, dom_name));
 
-		if (sid_equal(get_global_sam_sid(), &tmp_sid)) {
+		/* Yes, W2k3 returns "BUILTIN" both as domain and name here */
+		fstrcpy(name, dom_name); 
 
-			return map_domain_sid_to_name(&tmp_sid, dom_name) &&
-				local_lookup_sid(sid, name, name_type);
-		}
+		*name_type = SID_NAME_DOMAIN;
+		return True;
+	}
+
+	if (sid_check_is_in_our_domain(sid)) {
+		uint32 rid;
+		SMB_ASSERT(sid_peek_rid(sid, &rid));
+
+		/* For our own domain passdb is responsible */
+		fstrcpy(dom_name, get_global_sam_name());
+		return local_lookup_rid(rid, name, name_type);
 	}
 
 	if (winbind_lookup_sid(sid, dom_name, name, name_type)) {