s3:passdb: avoid sid_to_gid() if the sid is "domain users"

If the call fails we would use the "domain users" sid anyway.

metze
(cherry picked from commit 9fbbaa560ae74f015e404cfa700753c0b5909519)

diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c
index 1155050d7995d0c05fa9d79b3f433fc21fe5fb2b..d9af2ea49b01b8341b3a5971352e2269ea90fbd1 100644 (file)
--- a/source3/passdb/pdb_get_set.c
+++ b/source3/passdb/pdb_get_set.c
@@ -572,6 +572,7 @@ bool pdb_set_user_sid_from_string(struct samu *sampass, fstring u_sid, enum pdb_
 bool pdb_set_group_sid(struct samu *sampass, const DOM_SID *g_sid, enum pdb_value_state flag)
 {
        gid_t gid;
+       DOM_SID dug_sid;
 
        if (!g_sid)
                return False;
@@ -583,11 +584,15 @@ bool pdb_set_group_sid(struct samu *sampass, const DOM_SID *g_sid, enum pdb_valu
        /* if we cannot resolve the SID to gid, then just ignore it and 
           store DOMAIN_USERS as the primary groupSID */
 
-       if ( sid_to_gid( g_sid, &gid ) ) {
+       sid_copy(&dug_sid, get_global_sam_sid());
+       sid_append_rid(&dug_sid, DOMAIN_GROUP_RID_USERS);
+
+       if (sid_equal(&dug_sid, g_sid)) {
+               sid_copy(sampass->group_sid, &dug_sid);
+       } else if (sid_to_gid( g_sid, &gid ) ) {
                sid_copy(sampass->group_sid, g_sid);
        } else {
-               sid_copy( sampass->group_sid, get_global_sam_sid() );
-               sid_append_rid( sampass->group_sid, DOMAIN_GROUP_RID_USERS );
+               sid_copy(sampass->group_sid, &dug_sid);
        }
 
        DEBUG(10, ("pdb_set_group_sid: setting group sid %s\n",