From e8b3b1c110fd7fdd154f7dd59e4c32ce7fa23c61 Mon Sep 17 00:00:00 2001
From: Sergey Urushkin <urushkin@telros.ru>
Date: Fri, 20 Jul 2012 13:16:08 +0400
Subject: s4 rfc2307 gids mapping fix

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
---
 source4/winbind/idmap.c | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

(limited to 'source4/winbind')

diff --git a/source4/winbind/idmap.c b/source4/winbind/idmap.c
index b4aa62e237..976a2d0f9d 100644
--- a/source4/winbind/idmap.c
+++ b/source4/winbind/idmap.c
@@ -235,10 +235,10 @@ static NTSTATUS idmap_xid_to_sid(struct idmap_context *idmap_ctx,
 						      ldb_get_default_basedn(idmap_ctx->samdb),
 						      LDB_SCOPE_SUBTREE,
 						      sam_attrs, 0,
-						      "(&(sAMaccountType:" LDB_OID_COMPARATOR_AND ":=%u)"
+						      "(&(|(sAMaccountType=%u)(sAMaccountType=%u)(sAMaccountType=%u))"
 						      "(uidNumber=%u)(objectSid=*)"
 						      "(|(objectClass=posixAccount)(objectClass=posixGroup)))",
-						      ATYPE_ACCOUNT, unixid->id);
+						      ATYPE_ACCOUNT, ATYPE_WORKSTATION_TRUST, ATYPE_INTERDOMAIN_TRUST, unixid->id);
 			} else {
 				/* If we are not to use the rfc2307 attributes, we just emulate a non-match */
 				ret = LDB_ERR_NO_SUCH_OBJECT;
@@ -437,12 +437,13 @@ static NTSTATUS idmap_sid_to_xid(struct idmap_context *idmap_ctx,
 				      ldb_get_default_basedn(idmap_ctx->samdb),
 				      LDB_SCOPE_SUBTREE, sam_attrs, 0,
 				      "(&(objectSid=%s)"
-				      "(|(sAMaccountType:" LDB_OID_COMPARATOR_AND ":=%u)"
-				      "(sAMaccountType=%u)"
-				      "(sAMaccountType=%u))"
+				      "(|(sAMaccountType=%u)(sAMaccountType=%u)(sAMaccountType=%u)"
+				      "(sAMaccountType=%u)(sAMaccountType=%u))"
 				      "(|(uidNumber=*)(gidNumber=*))"
 				      "(|(objectClass=posixAccount)(objectClass=posixGroup)))",
-				      dom_sid_string(tmp_ctx, sid), ATYPE_ACCOUNT, ATYPE_SECURITY_GLOBAL_GROUP, ATYPE_SECURITY_LOCAL_GROUP);
+				      dom_sid_string(tmp_ctx, sid),
+				      ATYPE_ACCOUNT, ATYPE_WORKSTATION_TRUST, ATYPE_INTERDOMAIN_TRUST,
+				      ATYPE_SECURITY_GLOBAL_GROUP, ATYPE_SECURITY_LOCAL_GROUP);
 	} else {
 		/* If we are not to use the rfc2307 attributes, we just emulate a non-match */
 		ret = LDB_ERR_NO_SUCH_OBJECT;
@@ -455,7 +456,7 @@ static NTSTATUS idmap_sid_to_xid(struct idmap_context *idmap_ctx,
 		goto failed;
 	} else if (ret == LDB_SUCCESS) {
 		uint32_t account_type = ldb_msg_find_attr_as_uint(sam_msg, "sAMaccountType", 0);
-		if (account_type & ATYPE_ACCOUNT) {
+		if ((account_type == ATYPE_ACCOUNT) || (account_type == ATYPE_WORKSTATION_TRUST ) || (account_type == ATYPE_INTERDOMAIN_TRUST )) {
 			const struct ldb_val *v = ldb_msg_find_ldb_val(sam_msg, "uidNumber");
 			if (v) {
 				unixid->type = ID_TYPE_UID;
-- 
cgit