1 files changed, 12 insertions, 21 deletions

diff --git a/source/nsswitch/winbindd_sid.c b/source/nsswitch/winbindd_sid.c
index d4206558c5e..9fbf47046d6 100644
--- a/source/nsswitch/winbindd_sid.c
+++ b/source/nsswitch/winbindd_sid.c
@@ -30,8 +30,10 @@
 
 enum winbindd_result winbindd_lookupsid(struct winbindd_cli_state *state)
 {
+	extern DOM_SID global_sid_Builtin;
 	enum SID_NAME_USE type;
-	DOM_SID sid;
+	DOM_SID sid, tmp_sid;
+	uint32 rid;
 	fstring name;
 	fstring dom_name;
 
@@ -48,6 +50,15 @@ enum winbindd_result winbindd_lookupsid(struct winbindd_cli_state *state)
 		return WINBINDD_ERROR;
 	}
 
+	/* Don't look up BUILTIN sids */
+
+	sid_copy(&tmp_sid, &sid);
+	sid_split_rid(&tmp_sid, &rid);
+
+	if (sid_equal(&tmp_sid, &global_sid_Builtin)) {
+		return WINBINDD_ERROR;
+	}
+
 	/* Lookup the sid */
 
 	if (!winbindd_lookup_name_by_sid(&sid, dom_name, name, &type)) {
@@ -434,23 +445,3 @@ done:
 
 	return WINBINDD_OK;
 }
-
-enum winbindd_result winbindd_allocate_rid(struct winbindd_cli_state *state)
-{
-	if ( !state->privileged ) {
-		DEBUG(2, ("winbindd_allocate_rid: non-privileged access "
-			  "denied!\n"));
-		return WINBINDD_ERROR;
-	}
-
-	/* We tell idmap to always allocate a user RID. There might be a good
-	 * reason to keep RID allocation for users to even and groups to
-	 * odd. This needs discussion I think. For now only allocate user
-	 * rids. */
-
-	if (!NT_STATUS_IS_OK(idmap_allocate_rid(&state->response.data.rid,
-						USER_RID_TYPE)))
-		return WINBINDD_ERROR;
-
-	return WINBINDD_OK;
-}