r16864: Intermediate checkin -- swap the sid_check_is_in_unix_users and

sid_check_is_in_our_domain cases.

Volker

diff --git a/source/auth/auth_util.c b/source/auth/auth_util.c
index c5ce55bc8c1a8a0b9b4793142b0e47fd4bd0e9a4..1c629bca82f34de6044098a7104182f28b55535b 100644 (file)
--- a/source/auth/auth_util.c
+++ b/source/auth/auth_util.c
@@ -1066,44 +1066,7 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
                goto done;
        }
 
-       if (sid_check_is_in_unix_users(&user_sid)) {
-
-               /* This is a unix user not in passdb. We need to ask nss
-                * directly, without consulting passdb */
-
-               struct passwd *pass;
-               size_t i;
-
-               pass = getpwuid_alloc(tmp_ctx, *uid);
-               if (pass == NULL) {
-                       DEBUG(1, ("getpwuid(%d) for user %s failed\n",
-                                 *uid, username));
-                       goto done;
-               }
-
-               *gid = pass->pw_gid;
-               gid_to_sid(&primary_group_sid, pass->pw_gid);
-
-               if (!getgroups_unix_user(tmp_ctx, username, pass->pw_gid,
-                                        &gids, &num_group_sids)) {
-                       DEBUG(1, ("getgroups_unix_user for user %s failed\n",
-                                 username));
-                       goto done;
-               }
-
-               group_sids = talloc_array(tmp_ctx, DOM_SID, num_group_sids);
-               if (group_sids == NULL) {
-                       DEBUG(1, ("talloc_array failed\n"));
-                       result = NT_STATUS_NO_MEMORY;
-                       goto done;
-               }
-
-               for (i=0; i<num_group_sids; i++) {
-                       gid_to_sid(&group_sids[i], gids[i]);
-               }
-               *found_username = talloc_strdup(mem_ctx, pass->pw_name);
-
-       } else if (sid_check_is_in_our_domain(&user_sid)) {
+       if (sid_check_is_in_our_domain(&user_sid)) {
 
                /* This is a passdb user, so ask passdb */
 
@@ -1148,6 +1111,43 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
                *found_username = talloc_strdup(mem_ctx,
                                                pdb_get_username(sam_acct));
 
+       } else  if (sid_check_is_in_unix_users(&user_sid)) {
+
+               /* This is a unix user not in passdb. We need to ask nss
+                * directly, without consulting passdb */
+
+               struct passwd *pass;
+               size_t i;
+
+               pass = getpwuid_alloc(tmp_ctx, *uid);
+               if (pass == NULL) {
+                       DEBUG(1, ("getpwuid(%d) for user %s failed\n",
+                                 *uid, username));
+                       goto done;
+               }
+
+               *gid = pass->pw_gid;
+               gid_to_sid(&primary_group_sid, pass->pw_gid);
+
+               if (!getgroups_unix_user(tmp_ctx, username, pass->pw_gid,
+                                        &gids, &num_group_sids)) {
+                       DEBUG(1, ("getgroups_unix_user for user %s failed\n",
+                                 username));
+                       goto done;
+               }
+
+               group_sids = talloc_array(tmp_ctx, DOM_SID, num_group_sids);
+               if (group_sids == NULL) {
+                       DEBUG(1, ("talloc_array failed\n"));
+                       result = NT_STATUS_NO_MEMORY;
+                       goto done;
+               }
+
+               for (i=0; i<num_group_sids; i++) {
+                       gid_to_sid(&group_sids[i], gids[i]);
+               }
+               *found_username = talloc_strdup(mem_ctx, pass->pw_name);
+
        } else {
 
                /* This user is from winbind, force the primary gid to the