winbindd: fix predefined domains routing in find_lookup_domain_from_sid()
authorRalph Boehme <slow@samba.org>
Wed, 28 Nov 2018 16:20:41 +0000 (17:20 +0100)
committerRalph Boehme <slow@samba.org>
Wed, 5 Dec 2018 07:12:17 +0000 (08:12 +0100)
Route predefined domains through the BUILTIN domain child, not passdb.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
source3/winbindd/winbindd_util.c

index 1b657aa653945e204a2eb7f04843f454fb86f008..4d8fdb74472daaf0c6caa4f284053e8f63ba7544 100644 (file)
@@ -108,15 +108,6 @@ static bool is_internal_domain(const struct dom_sid *sid)
        return (sid_check_is_our_sam(sid) || sid_check_is_builtin(sid));
 }
 
        return (sid_check_is_our_sam(sid) || sid_check_is_builtin(sid));
 }
 
-static bool is_in_internal_domain(const struct dom_sid *sid)
-{
-       if (sid == NULL)
-               return False;
-
-       return (sid_check_is_in_our_sam(sid) || sid_check_is_in_builtin(sid));
-}
-
-
 /* Add a trusted domain to our list of domains.
    If the domain already exists in the list,
    return it and don't re-initialize.  */
 /* Add a trusted domain to our list of domains.
    If the domain already exists in the list,
    return it and don't re-initialize.  */
@@ -1475,20 +1466,18 @@ struct winbindd_domain *find_lookup_domain_from_sid(const struct dom_sid *sid)
             sid_check_is_unix_groups(sid) ||
             sid_check_is_in_unix_users(sid) ||
             sid_check_is_unix_users(sid) ||
             sid_check_is_unix_groups(sid) ||
             sid_check_is_in_unix_users(sid) ||
             sid_check_is_unix_users(sid) ||
-            sid_check_is_wellknown_domain(sid, NULL) ||
-            sid_check_is_in_wellknown_domain(sid) )
+            sid_check_is_our_sam(sid) ||
+             sid_check_is_in_our_sam(sid) )
        {
                return find_domain_from_sid(get_global_sam_sid());
        }
 
        {
                return find_domain_from_sid(get_global_sam_sid());
        }
 
-       /*
-        * On member servers the internal domains are different: These are part
-        * of the local SAM.
-        */
-
-       if (is_internal_domain(sid) || is_in_internal_domain(sid)) {
-               DEBUG(10, ("calling find_domain_from_sid\n"));
-               return find_domain_from_sid(sid);
+       if ( sid_check_is_builtin(sid) ||
+            sid_check_is_in_builtin(sid) ||
+            sid_check_is_wellknown_domain(sid, NULL) ||
+            sid_check_is_in_wellknown_domain(sid) )
+       {
+               return find_domain_from_sid(&global_sid_Builtin);
        }
 
        if (IS_DC) {
        }
 
        if (IS_DC) {