From be8e338ef7d1bbcb33f9be449b8deb86fe23df1b Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vlendec@samba.org>
Date: Sun, 30 Apr 2006 14:34:30 +0000
Subject: r15360: Fix bug # 3741. One more place where the algorithmic mapping
 needs to stay.

Volker
(This used to be commit 898948d65409e5b63937fbd8050be04ac81df05d)
---
 source3/passdb/lookup_sid.c | 29 ++++++++++++++++++++++++-----
 1 file changed, 24 insertions(+), 5 deletions(-)

diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index 942d277178..751fa597c0 100644
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -128,11 +128,30 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx,
 	 * the expansion of group names coming in from smb.conf
 	 */
 
-	if ((flags & LOOKUP_NAME_GROUP) &&
-	    (lookup_unix_group_name(name, &sid))) {
-		domain = talloc_strdup(tmp_ctx, unix_groups_domain_name());
-		type = SID_NAME_DOM_GRP;
-		goto ok;
+	if (flags & LOOKUP_NAME_GROUP) {
+		struct group *grp;
+
+		/* If we are using the smbpasswd backend, we need to use the
+		 * algorithmic mapping for the unix group we find. This is
+		 * necessary because when creating the NT token from the unix
+		 * gid list we got from initgroups() we use gid_to_sid() that
+		 * uses algorithmic mapping if pdb_rid_algorithm() is true. */
+
+		if (pdb_rid_algorithm() && ((grp = getgrnam(name)) != NULL) &&
+		    (grp->gr_gid < max_algorithmic_gid())) {
+			domain = talloc_strdup(tmp_ctx, get_global_sam_name());
+			sid_compose(&sid, get_global_sam_sid(),
+				    pdb_gid_to_group_rid(grp->gr_gid));
+			type = SID_NAME_DOM_GRP;
+			goto ok;
+		}
+		
+		if (lookup_unix_group_name(name, &sid)) {
+			domain = talloc_strdup(tmp_ctx,
+					       unix_groups_domain_name());
+			type = SID_NAME_DOM_GRP;
+			goto ok;
+		}
 	}
 
 	/* Now the guesswork begins, we haven't been given an explicit
-- 
cgit