r21881: Make sure we are very specific when testing whether a backand can handle a

particular SID. Make sure that the passdb backend will accept the same set
range of local SIDs that the idmap system sends it.

Simo, Jerry - this is a 3_0_25 candidate. Can you please review?

diff --git a/source/nsswitch/winbindd_util.c b/source/nsswitch/winbindd_util.c
index 72c85a9c6a4d3d666f73767a9a902c4333ae8f3f..b0529be4fbb643d7a429fbacf2310357bb30ac53 100644 (file)
--- a/source/nsswitch/winbindd_util.c
+++ b/source/nsswitch/winbindd_util.c
@@ -599,12 +599,18 @@ struct winbindd_domain *find_domain_from_name(const char *domain_name)
 struct winbindd_domain *find_domain_from_sid_noinit(const DOM_SID *sid)
 {
        struct winbindd_domain *domain;
+       uint32 discard;
 
        /* Search through list */
 
        for (domain = domain_list(); domain != NULL; domain = domain->next) {
-               if (sid_compare_domain(sid, &domain->sid) == 0)
+               /* We need to use sid_peek_check_rid, because we want 
+                * to make sure that the SIDs we send to the backends are
+                * as specific as possible.
+                */
+               if (sid_peek_check_rid(&domain->sid, sid, &discard) == 0) {
                        return domain;
+               }
        }
 
        /* Not found */

diff --git a/source/passdb/pdb_interface.c b/source/passdb/pdb_interface.c
index 976dfc1d081b6fb4ff49f34e8aa8f05a8422d180..e0b9086f9cceed9a98566061bbb90009835b12dc 100644 (file)
--- a/source/passdb/pdb_interface.c
+++ b/source/passdb/pdb_interface.c
@@ -1305,7 +1305,8 @@ static BOOL pdb_default_sid_to_id(struct pdb_methods *methods,
                goto done;
        }
 
-       if (sid_peek_check_rid(&global_sid_Builtin, sid, &rid)) {
+       if (sid_check_is_in_builtin(sid) ||
+           sid_check_is_in_wellknown_domain(sid)) {
                /* Here we only have aliases */
                GROUP_MAP map;
                if (!NT_STATUS_IS_OK(methods->getgrsid(methods, &map, *sid))) {