From d2360fe56c860fa20051f6373eb2fcc3e4def6b6 Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox@samba.org>
Date: Thu, 6 Dec 2012 22:02:32 +0100
Subject: s3:winbindd: create group structs for gids that are coming from a
 user sid id-mapped with ID_TYPE_BOTH

This "fake" group contains exctly one member, namely the user that the sid is
actually belonging to.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
---
 source3/winbindd/wb_getgrsid.c | 49 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)

(limited to 'source3/winbindd/wb_getgrsid.c')

diff --git a/source3/winbindd/wb_getgrsid.c b/source3/winbindd/wb_getgrsid.c
index 2097539e29..fa376da088 100644
--- a/source3/winbindd/wb_getgrsid.c
+++ b/source3/winbindd/wb_getgrsid.c
@@ -91,6 +91,11 @@ static void wb_getgrsid_lookupsid_done(struct tevent_req *subreq)
 	case SID_NAME_DOM_GRP:
 	case SID_NAME_ALIAS:
 	case SID_NAME_WKN_GRP:
+	/*
+	 * also treat user-type SIDS (they might map to ID_TYPE_BOTH)
+	 */
+	case SID_NAME_USER:
+	case SID_NAME_COMPUTER:
 		break;
 	default:
 		tevent_req_nterror(req, NT_STATUS_NO_SUCH_GROUP);
@@ -132,6 +137,50 @@ static void wb_getgrsid_sid2gid_done(struct tevent_req *subreq)
 
 	state->gid = (gid_t)xid.id;
 
+	if (state->type == SID_NAME_USER || state->type == SID_NAME_COMPUTER) {
+		/*
+		 * special treatment for a user sid that is
+		 * mapped to ID_TYPE_BOTH:
+		 * create a group with the sid/xid as only member
+		 */
+		char *name;
+
+		if (xid.type != ID_TYPE_BOTH) {
+			tevent_req_nterror(req, NT_STATUS_NO_SUCH_GROUP);
+			return;
+		}
+
+		state->members = talloc_dict_init(state);
+		if (tevent_req_nomem(state->members, req)) {
+			return;
+		}
+
+		name = fill_domain_username_talloc(talloc_tos(),
+						   state->domname,
+						   state->name,
+						   true /* can_assume */);
+		if (tevent_req_nomem(name, req)) {
+			return;
+		}
+
+		status = add_wbint_Principal_to_dict(talloc_tos(),
+						     &state->sid,
+						     &name,
+						     state->type,
+						     state->members);
+		if (!NT_STATUS_IS_OK(status)) {
+			tevent_req_nterror(req, status);
+			return;
+		}
+
+		tevent_req_done(req);
+		return;
+	}
+
+	/*
+	 * the "regular" case of a group type sid.
+	 */
+
 	subreq = wb_group_members_send(state, state->ev, &state->sid,
 				       state->type, state->max_nesting);
 	if (tevent_req_nomem(subreq, req)) {
-- 
cgit