Author: jerry Date: 2007-05-21 21:33:51 +0000 (Mon, 21 May 2007) New Revision: 23054
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=23054 Log: Move the check for the lookup_domain of S-1-22-{1,2} before the check for IS_DC. Otherwise we will for example fail to lookup a sid of S-1-22-1-780 because it has no valid struct winbindd_domain* in the list. Thanks to Simo for the catch. Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_util.c branches/SAMBA_3_0_26/source/nsswitch/winbindd_util.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_util.c =================================================================== --- branches/SAMBA_3_0/source/nsswitch/winbindd_util.c 2007-05-21 21:18:23 UTC (rev 23053) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_util.c 2007-05-21 21:33:51 UTC (rev 23054) @@ -902,6 +902,16 @@ struct winbindd_domain *find_lookup_domain_from_sid(const DOM_SID *sid) { + /* SIDs in the S-1-22-{1,2} domain should be handled by our passdb */ + + if ( sid_check_is_in_unix_groups(sid) || + sid_check_is_unix_groups(sid) || + sid_check_is_in_unix_users(sid) || + sid_check_is_unix_users(sid) ) + { + return find_domain_from_sid(get_global_sam_sid()); + } + /* A DC can't ask the local smbd for remote SIDs, here winbindd is the * one to contact the external DC's. On member servers the internal * domains are different: These are part of the local SAM. */ @@ -912,19 +922,8 @@ if (IS_DC || is_internal_domain(sid) || is_in_internal_domain(sid)) { DEBUG(10, ("calling find_domain_from_sid\n")); return find_domain_from_sid(sid); - } + } - /* SIDs in the S-1-22-{1,2} domain should be handled by our passdb */ - - if ( sid_check_is_in_unix_groups(sid) || - sid_check_is_unix_groups(sid) || - sid_check_is_in_unix_users(sid) || - sid_check_is_unix_users(sid) ) - { - return find_domain_from_sid(get_global_sam_sid()); - } - - /* On a member server a query for SID or name can always go to our * primary DC. */ @@ -934,18 +933,18 @@ struct winbindd_domain *find_lookup_domain_from_name(const char *domain_name) { - if (IS_DC || strequal(domain_name, "BUILTIN") || - strequal(domain_name, get_global_sam_name())) - return find_domain_from_name_noinit(domain_name); - - /* The "Unix User" and "Unix Group" domain our handled by passdb */ - if ( strequal(domain_name, unix_users_domain_name() ) || strequal(domain_name, unix_groups_domain_name() ) ) { return find_domain_from_name_noinit( get_global_sam_name() ); } + if (IS_DC || strequal(domain_name, "BUILTIN") || + strequal(domain_name, get_global_sam_name())) + return find_domain_from_name_noinit(domain_name); + + /* The "Unix User" and "Unix Group" domain our handled by passdb */ + return find_our_domain(); } Modified: branches/SAMBA_3_0_26/source/nsswitch/winbindd_util.c =================================================================== --- branches/SAMBA_3_0_26/source/nsswitch/winbindd_util.c 2007-05-21 21:18:23 UTC (rev 23053) +++ branches/SAMBA_3_0_26/source/nsswitch/winbindd_util.c 2007-05-21 21:33:51 UTC (rev 23054) @@ -911,6 +911,16 @@ struct winbindd_domain *find_lookup_domain_from_sid(const DOM_SID *sid) { + /* SIDs in the S-1-22-{1,2} domain should be handled by our passdb */ + + if ( sid_check_is_in_unix_groups(sid) || + sid_check_is_unix_groups(sid) || + sid_check_is_in_unix_users(sid) || + sid_check_is_unix_users(sid) ) + { + return find_domain_from_sid(get_global_sam_sid()); + } + /* A DC can't ask the local smbd for remote SIDs, here winbindd is the * one to contact the external DC's. On member servers the internal * domains are different: These are part of the local SAM. */ @@ -921,19 +931,8 @@ if (IS_DC || is_internal_domain(sid) || is_in_internal_domain(sid)) { DEBUG(10, ("calling find_domain_from_sid\n")); return find_domain_from_sid(sid); - } + } - /* SIDs in the S-1-22-{1,2} domain should be handled by our passdb */ - - if ( sid_check_is_in_unix_groups(sid) || - sid_check_is_unix_groups(sid) || - sid_check_is_in_unix_users(sid) || - sid_check_is_unix_users(sid) ) - { - return find_domain_from_sid(get_global_sam_sid()); - } - - /* On a member server a query for SID or name can always go to our * primary DC. */ @@ -943,18 +942,18 @@ struct winbindd_domain *find_lookup_domain_from_name(const char *domain_name) { - if (IS_DC || strequal(domain_name, "BUILTIN") || - strequal(domain_name, get_global_sam_name())) - return find_domain_from_name_noinit(domain_name); - - /* The "Unix User" and "Unix Group" domain our handled by passdb */ - if ( strequal(domain_name, unix_users_domain_name() ) || strequal(domain_name, unix_groups_domain_name() ) ) { return find_domain_from_name_noinit( get_global_sam_name() ); } + if (IS_DC || strequal(domain_name, "BUILTIN") || + strequal(domain_name, get_global_sam_name())) + return find_domain_from_name_noinit(domain_name); + + /* The "Unix User" and "Unix Group" domain our handled by passdb */ + return find_our_domain(); }