s3-winbind: Fix bug #9052 resolving our own "Domain Local" groups.

We don't resolve our own "Domain Local" groups since bug #7843 has been
fixed. So we need to add the add resource groups to the sid list too.

Before bug #7843 the "Domain Local" groups were added with a
lookupuseraliases call, but this isn't done anymore for our domain
so we need to resolve resource groups here.

When to use Resource Groups:
http://technet.microsoft.com/en-us/library/cc753670%28v=WS.10%29.aspx

Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Jul 23 22:12:30 CEST 2012 on sn-devel-104

diff --git a/source3/include/proto.h b/source3/include/proto.h
index 585067eccc0c9da4d8696ba38ace810e4381d66b..3a2bf1baa5fb13fd7d5b6f2380f6fbdfc4b9bd6b 100644 (file)
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -549,8 +549,7 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
                              const struct netr_SamInfo3 *info3,
                              struct dom_sid **user_sids,
                              uint32_t *num_user_sids,
-                             bool include_user_group_rid,
-                             bool skip_ressource_groups);
+                             bool include_user_group_rid);
 
 /* The following definitions come from lib/util_sock.c  */
 

diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c
index f080d3dfb0c3afa80375cfcf98a97fcb52255f96..f051b7a1ff547fd7aeaa0028d18c71c0d3d59cc1 100644 (file)
--- a/source3/lib/util_sid.c
+++ b/source3/lib/util_sid.c
@@ -130,8 +130,7 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
                              const struct netr_SamInfo3 *info3,
                              struct dom_sid **user_sids,
                              uint32_t *num_user_sids,
-                             bool include_user_group_rid,
-                             bool skip_ressource_groups)
+                             bool include_user_group_rid)
 {
        NTSTATUS status;
        struct dom_sid sid;
@@ -191,12 +190,6 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
          */
 
        for (i = 0; i < info3->sidcount; i++) {
-
-               if (skip_ressource_groups &&
-                   (info3->sids[i].attributes & SE_GROUP_RESOURCE)) {
-                       continue;
-               }
-
                status = add_sid_to_array(mem_ctx, info3->sids[i].sid,
                                      &sid_array, &num_sids);
                if (!NT_STATUS_IS_OK(status)) {

diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 96956d071ef71936d903a28b271ebf35df669eda..a64cc5692c504f0c4aef480316b3333886489255 100644 (file)
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -308,7 +308,7 @@ static NTSTATUS check_info3_in_group(struct netr_SamInfo3 *info3,
        status = sid_array_from_info3(talloc_tos(), info3,
                                      &token->sids,
                                      &token->num_sids,
-                                     true, false);
+                                     true);
        if (!NT_STATUS_IS_OK(status)) {
                TALLOC_FREE(frame);
                return status;

diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index 162cdf22e1a70ad2b9ff74c0e93e7cc7060082b4..52ce1e30561506c86550569b06005350bee37b37 100644 (file)
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -1033,12 +1033,18 @@ NTSTATUS lookup_usergroups_cached(struct winbindd_domain *domain,
                return NT_STATUS_UNSUCCESSFUL;
        }
 
-       /* Skip Domain local groups outside our domain.
-          We'll get these from the getsidaliases() RPC call. */
+       /*
+        * Before bug #7843 the "Domain Local" groups were added with a
+        * lookupuseraliases call, but this isn't done anymore for our domain
+        * so we need to resolve resource groups here.
+        *
+        * When to use Resource Groups:
+        * http://technet.microsoft.com/en-us/library/cc753670%28v=WS.10%29.aspx
+        */
        status = sid_array_from_info3(mem_ctx, info3,
                                      user_sids,
                                      &num_groups,
-                                     false, true);
+                                     false);
 
        if (!NT_STATUS_IS_OK(status)) {
                TALLOC_FREE(info3);