auth: consistent handling of well-known alias as primary gid

[nivanova/samba-autobuild/.git] / source3 / auth / server_info.c

diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c
index 4d046bbf17d6d3bef2b4dfd5b8086eee772096a3..9194cbd534f7db2456ea7bbdfdbce6e2b058ca3c 100644 (file)
--- a/source3/auth/server_info.c
+++ b/source3/auth/server_info.c
@@ -599,16 +599,27 @@ NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx,
                 * will be rejected by other Samba code.
                 */
                gid_to_sid(&group_sid, pwd->pw_gid);
+       }
 
-               /*
-                * If we are a unix group, set the group_sid to the
-                * 'Domain Users' RID of 513 which will always resolve to a
-                * name.
-                */
-               if (sid_check_is_in_unix_groups(&group_sid)) {
+       /*
+        * If we are a unix group, or a wellknown/builtin alias,
+        * set the group_sid to the
+        * 'Domain Users' RID of 513 which will always resolve to a
+        * name.
+        */
+       if (sid_check_is_in_unix_groups(&group_sid) ||
+           sid_check_is_in_builtin(&group_sid) ||
+           sid_check_is_in_wellknown_domain(&group_sid)) {
+               if (sid_check_is_in_unix_users(&user_sid)) {
                        sid_compose(&group_sid,
                                    get_global_sam_sid(),
                                    DOMAIN_RID_USERS);
+               } else {
+                       sid_copy(&domain_sid, &user_sid);
+                       sid_split_rid(&domain_sid, NULL);
+                       sid_compose(&group_sid,
+                                   &domain_sid,
+                                   DOMAIN_RID_USERS);
                }
        }