s3:winbind: unmapped Unix groups in getgrgid must be resolved locally

Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Reviewed-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

diff --git a/source3/winbindd/wb_getgrsid.c b/source3/winbindd/wb_getgrsid.c
index acfedf62c9d2cfba342799a6cb12ae54046bfa54..8e0eac7de93d015db36e56ded2e085766f9108f6 100644 (file)
--- a/source3/winbindd/wb_getgrsid.c
+++ b/source3/winbindd/wb_getgrsid.c
@@ -53,6 +53,12 @@ struct tevent_req *wb_getgrsid_send(TALLOC_CTX *mem_ctx,
        state->ev = ev;
        state->max_nesting = max_nesting;
 
+       if (dom_sid_in_domain(&global_sid_Unix_Groups, group_sid)) {
+               /* unmapped Unix groups must be resolved locally */
+               tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+               return tevent_req_post(req, ev);
+       }
+
        if (lp_winbind_trusted_domains_only()) {
                struct winbindd_domain *our_domain = find_our_domain();