From 2ced94c54d4ad074600ed0bc955899a118d2d876 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vlendec@samba.org>
Date: Fri, 24 Feb 2006 22:26:53 +0000
Subject: r13683: Fix the 'valid users = +users' problem I introduced.

Volker
(This used to be commit dbdb8bdb9993b0136322530f0b8462bb9477dbf1)
---
 source3/passdb/lookup_sid.c | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

(limited to 'source3/passdb')

diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index 2ffc02a988..3d1805525a 100644
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -116,6 +116,25 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx,
 		goto failed;
 	}
 
+	/*
+	 * Nasty hack necessary for too common scenarios:
+	 *
+	 * For 'valid users = +users' we know "users" is most probably not
+	 * BUILTIN\users but the unix group users. This hack requires the
+	 * admin to explicitly qualify BUILTIN if BUILTIN\users is meant.
+	 *
+	 * Please note that LOOKUP_NAME_GROUP can not be requested via for
+	 * example lsa_lookupnames, it only comes into this routine via
+	 * the expansion of group names coming in from smb.conf
+	 */
+
+	if ((flags & LOOKUP_NAME_GROUP) &&
+	    (lookup_unix_group_name(name, &sid))) {
+		domain = talloc_strdup(tmp_ctx, unix_groups_domain_name());
+		type = SID_NAME_DOM_GRP;
+		goto ok;
+	}
+
 	/* Now the guesswork begins, we haven't been given an explicit
 	 * domain. Try the sequence as documented on
 	 * http://msdn.microsoft.com/library/en-us/secmgmt/security/lsalookupnames.asp
-- 
cgit