ret = pdb_getgrsid(map, sid);
unbecome_root();
- if ( !ret )
+ /* special case check for rid 513 */
+
+ if ( !ret ) {
+ uint32 rid;
+
+ sid_peek_rid( &sid, &rid );
+
+ if ( rid == DOMAIN_GROUP_RID_USERS ) {
+ fstrcpy( map->nt_name, "None" );
+ fstrcpy( map->comment, "Ordinary Users" );
+ sid_copy( &map->sid, &sid );
+ map->sid_name_use = SID_NAME_DOM_GRP;
+
+ return True;
+ }
+
return False;
+ }
DEBUG(10, ("get_domain_group_from_sid: SID found in the TDB\n"));
{
GROUP_MAP map;
BOOL ret;
+
+ /* Windows treats "MACHINE\None" as a special name for
+ rid 513 on non-DCs. You cannot create a user or group
+ name "None" on Windows. You will get an error that
+ the group already exists. */
+
+ if ( strequal( user, "None" ) ) {
+ *rid = DOMAIN_GROUP_RID_USERS;
+ *type = SID_NAME_DOM_GRP;
+
+ return True;
+ }
/* LOOKUP_NAME_GROUP is a hack to allow valid users = @foo to work
* correctly in the case where foo also exists as a user. If the flag
size_t *p_num_members)
{
struct pdb_methods *pdb = pdb_get_methods();
+ NTSTATUS result;
if ( !pdb ) {
return NT_STATUS_UNSUCCESSFUL;
}
- return pdb->enum_group_members(pdb, mem_ctx, sid,
- pp_member_rids, p_num_members);
+ result = pdb->enum_group_members(pdb, mem_ctx,
+ sid, pp_member_rids, p_num_members);
+
+ /* special check for rid 513 */
+
+ if ( !NT_STATUS_IS_OK( result ) ) {
+ uint32 rid;
+
+ sid_peek_rid( sid, &rid );
+
+ if ( rid == DOMAIN_GROUP_RID_USERS ) {
+ *p_num_members = 0;
+ *pp_member_rids = NULL;
+
+ return NT_STATUS_OK;
+ }
+ }
+
+ return result;
}
NTSTATUS pdb_enum_group_memberships(TALLOC_CTX *mem_ctx, struct samu *user,