passdb: fix NT_STATUS_NO_SUCH_GROUP

Share options like "force group" and "valid users = @group1"
triggered a NT_STATUS_NO_SUCH_GROUP. While the group was found in
the SAM backend, its objectclass was not retrived.

This fix also revealed a talloc access after free in the group
branch of pdb_samba_dsdb_getgrfilter.

[Bug 9570] Access failure for shares with "force group" or "valid users = @group"

https://bugzilla.samba.org/show_bug.cgi?id=9570

Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/source3/passdb/pdb_samba_dsdb.c b/source3/passdb/pdb_samba_dsdb.c
index 4cd7a4b6cdcabf305e09dde852030e1e3a542e1e..cfb0f9c134a07f2599a7be67dac3d9a9aec68a55 100644 (file)
--- a/source3/passdb/pdb_samba_dsdb.c
+++ b/source3/passdb/pdb_samba_dsdb.c
@@ -882,7 +882,7 @@ static NTSTATUS pdb_samba_dsdb_getgrfilter(struct pdb_methods *m, GROUP_MAP *map
 {
        struct pdb_samba_dsdb_state *state = talloc_get_type_abort(
                m->private_data, struct pdb_samba_dsdb_state);
-       const char *attrs[] = { "objectSid", "description", "samAccountName", "groupType",
+       const char *attrs[] = { "objectClass", "objectSid", "description", "samAccountName", "groupType",
                                NULL };
        struct ldb_message *msg;
        va_list ap;
@@ -949,7 +949,7 @@ static NTSTATUS pdb_samba_dsdb_getgrfilter(struct pdb_methods *m, GROUP_MAP *map
                id_maps[1] = NULL;
 
                status = idmap_sids_to_xids(state->idmap_ctx, tmp_ctx, id_maps);
-               talloc_free(tmp_ctx);
+
                if (!NT_STATUS_IS_OK(status)) {
                        talloc_free(tmp_ctx);
                        return status;