From e7e72aca393f5247d0e4bad5dae3464eadb04c94 Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox@samba.org>
Date: Tue, 29 Apr 2014 13:31:42 +0200
Subject: [PATCH] s4:samr: allow builtin groups for samr_OpenGroup.

This fixes nsswitch getgrgid for builtins.

Signed-off-by: Michael Adam <obnox@samba.org>
---
 source4/rpc_server/samr/dcesrv_samr.c | 23 ++++++++++++++++-------
 1 file changed, 16 insertions(+), 7 deletions(-)

diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c
index 3e58a44..eacbe7d 100644
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -1746,13 +1746,22 @@ static NTSTATUS dcesrv_samr_OpenGroup(struct dcesrv_call_state *dce_call, TALLOC
 	}
 
 	/* search for the group record */
-	ret = gendb_search(d_state->sam_ctx,
-			   mem_ctx, d_state->domain_dn, &msgs, attrs,
-			   "(&(objectSid=%s)(objectClass=group)"
-			   "(|(groupType=%d)(groupType=%d)))",
-			   ldap_encode_ndr_dom_sid(mem_ctx, sid),
-			   GTYPE_SECURITY_UNIVERSAL_GROUP,
-			   GTYPE_SECURITY_GLOBAL_GROUP);
+	if (d_state->builtin) {
+		ret = gendb_search(d_state->sam_ctx,
+				   mem_ctx, d_state->domain_dn, &msgs, attrs,
+				   "(&(objectSid=%s)(objectClass=group)"
+				   "(groupType=%d))",
+				   ldap_encode_ndr_dom_sid(mem_ctx, sid),
+				   GTYPE_SECURITY_BUILTIN_LOCAL_GROUP);
+	} else {
+		ret = gendb_search(d_state->sam_ctx,
+				   mem_ctx, d_state->domain_dn, &msgs, attrs,
+				   "(&(objectSid=%s)(objectClass=group)"
+				   "(|(groupType=%d)(groupType=%d)))",
+				   ldap_encode_ndr_dom_sid(mem_ctx, sid),
+				   GTYPE_SECURITY_UNIVERSAL_GROUP,
+				   GTYPE_SECURITY_GLOBAL_GROUP);
+	}
 	if (ret == 0) {
 		return NT_STATUS_NO_SUCH_GROUP;
 	}
-- 
1.9.1