From: Ralph Boehme <slow@samba.org>
Date: Wed, 28 Nov 2018 16:20:41 +0000 (+0100)
Subject: winbindd: fix predefined domains routing in find_lookup_domain_from_sid()
X-Git-Tag: samba-4.8.8~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bd464e2892c212287658146f544364ebafb36050;p=thirdparty%2Fsamba.git

winbindd: fix predefined domains routing in find_lookup_domain_from_sid()

Route predefined domains through the BUILTIN domain child, not passdb.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit b512a58bbd7361cbbcf68f6713943377338fc2a1)
---

diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index 0f0e70e016b..dddd58c23e2 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -108,15 +108,6 @@ static bool is_internal_domain(const struct dom_sid *sid)
 	return (sid_check_is_our_sam(sid) || sid_check_is_builtin(sid));
 }
 
-static bool is_in_internal_domain(const struct dom_sid *sid)
-{
-	if (sid == NULL)
-		return False;
-
-	return (sid_check_is_in_our_sam(sid) || sid_check_is_in_builtin(sid));
-}
-
-
 /* Add a trusted domain to our list of domains.
    If the domain already exists in the list,
    return it and don't re-initialize.  */
@@ -1475,20 +1466,18 @@ struct winbindd_domain *find_lookup_domain_from_sid(const struct dom_sid *sid)
 	     sid_check_is_unix_groups(sid) ||
 	     sid_check_is_in_unix_users(sid) ||
 	     sid_check_is_unix_users(sid) ||
-	     sid_check_is_wellknown_domain(sid, NULL) ||
-	     sid_check_is_in_wellknown_domain(sid) )
+	     sid_check_is_our_sam(sid) ||
+             sid_check_is_in_our_sam(sid) )
 	{
 		return find_domain_from_sid(get_global_sam_sid());
 	}
 
-	/*
-	 * On member servers the internal domains are different: These are part
-	 * of the local SAM.
-	 */
-
-	if (is_internal_domain(sid) || is_in_internal_domain(sid)) {
-		DEBUG(10, ("calling find_domain_from_sid\n"));
-		return find_domain_from_sid(sid);
+	if ( sid_check_is_builtin(sid) ||
+	     sid_check_is_in_builtin(sid) ||
+	     sid_check_is_wellknown_domain(sid, NULL) ||
+	     sid_check_is_in_wellknown_domain(sid) )
+	{
+		return find_domain_from_sid(&global_sid_Builtin);
 	}
 
 	if (IS_DC) {