svn commit: samba r6217 - in branches/SAMBA_3_0/source/nsswitch: .

Tue Apr 5 16:42:06 GMT 2005

Author: vlendec
Date: 2005-04-05 16:42:06 +0000 (Tue, 05 Apr 2005)
New Revision: 6217

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=6217

Log:
After talking to jerry, commit the partial fix for wbinfo -r. This fixes the
expansion of domain local groups in case the netsamlogon_cache is valid. The
non-samlogon-cache side needs more work, as well as the samlogon cache itself.

Volker

Modified:
   branches/SAMBA_3_0/source/nsswitch/winbindd_group.c


Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_group.c
===================================================================

--- branches/SAMBA_3_0/source/nsswitch/winbindd_group.c	2005-04-05 14:24:50 UTC (rev 6216)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_group.c	2005-04-05 16:42:06 UTC (rev 6217)
@@ -1100,6 +1100,13 @@
 
 	if ( !opt_nocache && (info3 = netsamlogon_cache_get(mem_ctx, &user_sid))) {
 
+		struct winbindd_domain *our_domain = find_our_domain();
+
+		if (our_domain == NULL) {
+			DEBUG(0, ("Could not find our domain\n"));
+			goto done;
+		}
+
 		DEBUG(10, ("winbindd_getgroups: info3 has %d groups, %d other sids\n",
 			   info3->num_groups2, info3->num_other_sids));
 
@@ -1108,6 +1115,7 @@
 		/* Go through each other sid and convert it to a gid */
 
 		for (i = 0; i < info3->num_other_sids; i++) {
+			DOM_SID *sid = &info3->other_sids[i].sid;
 			fstring name;
 			fstring dom_name;
 			enum SID_NAME_USE sid_type;
@@ -1115,30 +1123,30 @@
 			/* Is this sid known to us?  It can either be
                            a trusted domain sid or a foreign sid. */
 
-			if (!winbindd_lookup_name_by_sid( &info3->other_sids[i].sid, 
-				dom_name, name, &sid_type))
-			{
-				DEBUG(10, ("winbindd_getgroups: could not lookup name for %s\n", 
-					   sid_string_static(&info3->other_sids[i].sid)));
+			if (!winbindd_lookup_name_by_sid( sid, dom_name,
+							  name, &sid_type)) {
+				DEBUG(10, ("winbindd_getgroups: could not "
+					   "lookup name for %s\n", 
+					   sid_string_static(sid)));
 				continue;
 			}
 
-			/* Check it is a domain group or an alias (domain local group) 
-			   in a win2k native mode domain. */
+			/* Check it is a domain group or an alias (domain
+			   local group) in a win2k native mode domain. */
 			
-			if ( !((sid_type==SID_NAME_DOM_GRP) ||
-				((sid_type==SID_NAME_ALIAS) && domain->primary)) )
-			{
+			if (!((sid_type==SID_NAME_DOM_GRP) ||
+			      ((sid_type==SID_NAME_ALIAS) &&
+			       (our_domain->active_directory) &&
+			       (our_domain->native_mode) &&
+			       (sid_compare_domain(sid, &our_domain->sid)
+				== 0)))) {
 				DEBUG(10, ("winbindd_getgroups: sid type %d "
 					   "for %s is not a domain group\n",
-					   sid_type,
-					   sid_string_static(
-						   &info3->other_sids[i].sid)));
+					   sid_type, sid_string_static(sid)));
 				continue;
 			}
 
-			add_gids_from_group_sid(&info3->other_sids[i].sid,
-						&gid_list, &num_gids);
+			add_gids_from_group_sid(sid, &gid_list, &num_gids);
 		}
 
 		for (i = 0; i < info3->num_groups2; i++) {

