Even when looking up a users groups via winbindd even if the lookup for

the list of groups a user is in succeeds via winbind, we must allow the
lookup of the group name -> gid we are checking if the user is a member
of to go via winbind or /etc/group - as it may be a group on the local
box we are checking against. This is a subtle one.....
Jeremy.
(This used to be commit 4ffda462b97e4f35c6d050c579dfe3e3b64e2c9f)

diff --git a/source3/lib/username.c b/source3/lib/username.c
index 2cf45c2a966ac98dd9ffbd9d9be06ab869715ce7..0665e3db795aeded8ede192d3fad036403619d5a 100644 (file)
--- a/source3/lib/username.c
+++ b/source3/lib/username.c
@@ -298,10 +298,10 @@ failed with error %s\n", strerror(errno) ));
  
        /*
         * Now we have the gid list for this user - convert the gname
-        * to a gid_t via winbind and do the comparison.
+        * to a gid_t via either winbind or the local UNIX lookup and do the comparison.
         */
  
-       if (!winbind_nametogid(&gid, gname)) {
+       if ((gid = nametogid(gname)) == (gid_t)-1) {
                DEBUG(0,("user_in_winbind_group_list: winbind_lookup_name for group %s failed.\n",
                        gname ));
                goto err;