s3:passdb: avoid sid_to_gid() if the sid is "domain users"

author Stefan Metzmacher <metze@samba.org>

Thu, 25 Mar 2010 19:59:49 +0000 (20:59 +0100)

committer Stefan Metzmacher <metze@samba.org>

Thu, 25 Mar 2010 20:25:27 +0000 (21:25 +0100)
author Stefan Metzmacher <metze@samba.org>
Thu, 25 Mar 2010 19:59:49 +0000 (20:59 +0100)
committer Stefan Metzmacher <metze@samba.org>
Thu, 25 Mar 2010 20:25:27 +0000 (21:25 +0100)
diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c

index 8001bbbae3b1fe168bdd6f878ec1bc38c4557363..4725e8e2f1b387341c1f6ed0ad5d270308bb3de7 100644 (file)
--- a/source3/passdb/pdb_get_set.c
+++ b/source3/passdb/pdb_get_set.c
@@ -572,6 +572,7 @@ bool pdb_set_user_sid_from_string(struct samu *sampass, fstring u_sid, enum pdb_
  bool pdb_set_group_sid(struct samu *sampass, const DOM_SID *g_sid, enum pdb_value_state flag)
  {
         gid_t gid;
+       DOM_SID dug_sid;
  
         if (!g_sid)
                 return False;
@@ -583,11 +584,14 @@ bool pdb_set_group_sid(struct samu *sampass, const DOM_SID *g_sid, enum pdb_valu
         /* if we cannot resolve the SID to gid, then just ignore it and 
            store DOMAIN_USERS as the primary groupSID */
  
-       if ( sid_to_gid( g_sid, &gid ) ) {
+       sid_compose(&dug_sid, get_global_sam_sid(), DOMAIN_GROUP_RID_USERS);
+
+       if (sid_equal(&dug_sid, g_sid)) {
+               sid_copy(sampass->group_sid, &dug_sid);
+       } else if (sid_to_gid( g_sid, &gid ) ) {
                 sid_copy(sampass->group_sid, g_sid);
         } else {
-               sid_compose(sampass->group_sid, get_global_sam_sid(),
-                           DOMAIN_GROUP_RID_USERS);
+               sid_copy(sampass->group_sid, &dug_sid);
         }
  
         DEBUG(10, ("pdb_set_group_sid: setting group sid %s\n",
author	Stefan Metzmacher <metze@samba.org>
	Thu, 25 Mar 2010 19:59:49 +0000 (20:59 +0100)
committer	Stefan Metzmacher <metze@samba.org>
	Thu, 25 Mar 2010 20:25:27 +0000 (21:25 +0100)