From 63c9147f8631d73b52bdd36ff407e0361dcf5178 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 11 Jan 2019 10:44:30 +0100 Subject: winbind: provide passwd struct for group sid with ID_TYPE_BOTH mapping (again) https://git.samba.org/?p=samba.git;a=commitdiff;h=394622ef8c916cf361f8596dba4664dc8d6bfc9e originally introduced the above feature. This functionality was undone as part of "winbind: Restructure get_pwsid" https://git.samba.org/?p=samba.git;a=commitdiff;h=bce19a6efe11980933531f0349c8f5212419366a I think that this semantic change was accidential. This patch undoes the semantic change and re-establishes the functionality. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14141 Signed-off-by: Michael Adam Reviewed-by: Christof Schmitt Reviewed-by: Stefan Metzmacher Autobuild-User(master): Christof Schmitt Autobuild-Date(master): Fri Sep 27 17:25:29 UTC 2019 on sn-devel-184 --- selftest/knownfail.d/passwd-id-type-both | 4 ---- source3/winbindd/wb_queryuser.c | 18 ++++++++++++++++-- 2 files changed, 16 insertions(+), 6 deletions(-) delete mode 100644 selftest/knownfail.d/passwd-id-type-both diff --git a/selftest/knownfail.d/passwd-id-type-both b/selftest/knownfail.d/passwd-id-type-both deleted file mode 100644 index e969ef8d165..00000000000 --- a/selftest/knownfail.d/passwd-id-type-both +++ /dev/null @@ -1,4 +0,0 @@ -idmap\.rid.getpwnam for ID_TYPE_BOTH group succeeds\(ad_member_idmap_rid\) -idmap\.rid.getpwnam for ID_TYPE_BOTH group output\(ad_member_idmap_rid\) -idmap\.rid.getpwuid for ID_TYPE_BOTH group succeeds\(ad_member_idmap_rid\) -idmap\.rid.getpwuid for ID_TYPE_BOTH group output\(ad_member_idmap_rid\) diff --git a/source3/winbindd/wb_queryuser.c b/source3/winbindd/wb_queryuser.c index 17170c3352a..2eb61406fc5 100644 --- a/source3/winbindd/wb_queryuser.c +++ b/source3/winbindd/wb_queryuser.c @@ -166,8 +166,22 @@ static void wb_queryuser_got_domain(struct tevent_req *subreq) return; } - if (type != SID_NAME_USER) { - /* allow SID_NAME_COMPUTER? */ + switch (type) { + case SID_NAME_USER: + case SID_NAME_COMPUTER: + /* + * user case: we only need the account name from lookup_sids + */ + break; + case SID_NAME_DOM_GRP: + case SID_NAME_ALIAS: + case SID_NAME_WKN_GRP: + /* + * also treat group-type SIDs (they might map to ID_TYPE_BOTH) + */ + sid_copy(&info->group_sid, &info->user_sid); + break; + default: tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER); return; } -- cgit v1.2.1