From 9fbbaa560ae74f015e404cfa700753c0b5909519 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 25 Mar 2010 20:59:49 +0100
Subject: s3:passdb: avoid sid_to_gid() if the sid is "domain users"

If the call fails we would use the "domain users" sid anyway.

metze
---
 source3/passdb/pdb_get_set.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'source3')

diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c
index 8001bbbae3..4725e8e2f1 100644
--- a/source3/passdb/pdb_get_set.c
+++ b/source3/passdb/pdb_get_set.c
@@ -572,6 +572,7 @@ bool pdb_set_user_sid_from_string(struct samu *sampass, fstring u_sid, enum pdb_
 bool pdb_set_group_sid(struct samu *sampass, const DOM_SID *g_sid, enum pdb_value_state flag)
 {
 	gid_t gid;
+	DOM_SID dug_sid;
 
 	if (!g_sid)
 		return False;
@@ -583,11 +584,14 @@ bool pdb_set_group_sid(struct samu *sampass, const DOM_SID *g_sid, enum pdb_valu
 	/* if we cannot resolve the SID to gid, then just ignore it and 
 	   store DOMAIN_USERS as the primary groupSID */
 
-	if ( sid_to_gid( g_sid, &gid ) ) {
+	sid_compose(&dug_sid, get_global_sam_sid(), DOMAIN_GROUP_RID_USERS);
+
+	if (sid_equal(&dug_sid, g_sid)) {
+		sid_copy(sampass->group_sid, &dug_sid);
+	} else if (sid_to_gid( g_sid, &gid ) ) {
 		sid_copy(sampass->group_sid, g_sid);
 	} else {
-		sid_compose(sampass->group_sid, get_global_sam_sid(),
-			    DOMAIN_GROUP_RID_USERS);
+		sid_copy(sampass->group_sid, &dug_sid);
 	}
 
 	DEBUG(10, ("pdb_set_group_sid: setting group sid %s\n", 
-- 
cgit