s3:passdb/pdb_util make pdb_create_builtin consider whether backend deals with BUILTIN

when creating a BUILTIN group, make the strategy dependent on passdb backend behavior
1. if passdb is responsible for BUILTIN (normal case), call pdb_create_builtin_alias with gid=0 argument
so it asks winbindd for a gid to be used
2. if passdb is not responsible, ask for a mapping for the group first and let pdb_create_builtin_alias
create the mapping based on the gid that was determined in the mapping request

Pair-Programmed-With: Michael Adam <obnox@samba.org>

Signed-off-by: Christian Ambach <ambi@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Jun 21 12:49:10 CEST 2013 on sn-devel-104

diff --git a/source3/passdb/pdb_util.c b/source3/passdb/pdb_util.c
index 31fd018e8c266447f9d6fc0e8eaa6bd620c79e20..bf7b2b8abd1015212c2f78236b9cce8b3eb98d8d 100644 (file)
--- a/source3/passdb/pdb_util.c
+++ b/source3/passdb/pdb_util.c
@@ -26,6 +26,7 @@
 #include "../libcli/security/security.h"
 #include "passdb.h"
 #include "lib/winbind_util.h"
+#include "../librpc/gen_ndr/idmap.h"
 
 /**
  * Add sid as a member of builtin_sid.
@@ -72,16 +73,44 @@ NTSTATUS pdb_create_builtin(uint32_t rid)
        NTSTATUS status = NT_STATUS_OK;
        struct dom_sid sid;
        gid_t gid;
+       bool mapresult;
 
        if (!sid_compose(&sid, &global_sid_Builtin, rid)) {
                return NT_STATUS_NO_SUCH_ALIAS;
        }
 
-       if (!sid_to_gid(&sid, &gid)) {
-               if (!lp_winbind_nested_groups() || !winbind_ping()) {
-                       return NT_STATUS_PROTOCOL_UNREACHABLE;
+       if (!pdb_is_responsible_for_builtin()) {
+               /*
+                * if this backend is not responsible for BUILTIN
+                *
+                * Use the gid from the mapping request for entry.
+                * If the mapping fails, bail out
+                */
+               mapresult = sid_to_gid(&sid, &gid);
+               if (!mapresult) {
+                       status = NT_STATUS_NO_SUCH_GROUP;
+               } else {
+                       status = pdb_create_builtin_alias(rid, gid);
+               }
+       } else {
+               /*
+                * this backend is responsible for BUILTIN
+                *
+                * a failed mapping result means that the entry
+                * does not exist yet, so create it
+                *
+                * we use pdb_sid_to_id intentionally here to
+                * directly query the passdb backend (sid_to_gid
+                * would finally do the same)
+                */
+               struct unixid id;
+               mapresult = pdb_sid_to_id(&sid, &id);
+               if (!mapresult) {
+                       if (!lp_winbind_nested_groups() || !winbind_ping()) {
+                               return NT_STATUS_PROTOCOL_UNREACHABLE;
+                       }
+                       status = pdb_create_builtin_alias(rid, 0);
                }
-               status = pdb_create_builtin_alias(rid, 0);
        }
        return status;
 }