winbind: provide passwd struct for group sid with ID_TYPE_BOTH mapping (again)

Patch 394622ef8c916cf361f8596dba4664dc8d6bfc9e originally introduced the
above feature.

This functionality was undone as part of patch
bce19a6efe11980933531f0349c8f5212419366a ("winbind: Restructure
get_pwsid"). I think that this semantic change was accidential.

This patch undoes the semantic change and re-establishes the
functionality.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

diff --git a/source3/winbindd/wb_queryuser.c b/source3/winbindd/wb_queryuser.c
index 17170c3352ac189daf0055956fb0fa04fd165bf2..7d3c3eaf78f85f331c3a34f12d79c712c6974e6b 100644 (file)
--- a/source3/winbindd/wb_queryuser.c
+++ b/source3/winbindd/wb_queryuser.c
@@ -166,8 +166,22 @@ static void wb_queryuser_got_domain(struct tevent_req *subreq)
                return;
        }
 
-       if (type != SID_NAME_USER) {
-               /* allow SID_NAME_COMPUTER? */
+       switch (type) {
+       case SID_NAME_USER:
+       case SID_NAME_COMPUTER:
+               /*
+                * user case: we only need the account name from lookup_sids
+                */
+               break;
+       case SID_NAME_DOM_GRP:
+       case SID_NAME_ALIAS:
+       case SID_NAME_WKN_GRP:
+               /*
+                * also treat group-type SIDs (they might map to ID_TYPE_BOTH)
+                */
+               sid_copy(&state->info->group_sid, &state->info->user_sid);
+               break;
+       default:
                tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER);
                return;
        }