s3-auth: Add passwd_to_SamInfo3().

Correctly lookup users which come from smb.conf. passwd_to_SamInfo3()
tries to contact winbind if the user is a domain user to get
valid information about it. If winbind isn't running it will try to
create everything from the passwd struct. This is not always reliable
but works in most cases. It improves the current situation which doesn't
talk to winbind at all.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=8598

Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Feb  5 01:40:38 CET 2014 on sn-devel-104

1 files changed, 20 insertions, 2 deletions

diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c
index 46d817880a..43711d5bc0 100644
--- a/source3/auth/server_info.c
+++ b/source3/auth/server_info.c
@@ -489,10 +489,28 @@ NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx,
 		}
 	} else {
 		/*
-		 * Winbind is not running, create the group_sid from the
-		 * group id.
+		 * Winbind is not running, try to create the group_sid from the
+		 * passwd group id.
+		 */
+
+		/*
+		 * This can lead to a primary group of S-1-22-2-XX which
+		 * will be rejected by other Samba code.
 		 */
 		gid_to_sid(&group_sid, pwd->pw_gid);
+
+		ZERO_STRUCT(domain_sid);
+
+		/*
+		 * If we are a unix group, set the group_sid to the
+		 * 'Domain Users' RID of 513 which will always resolve to a
+		 * name.
+		 */
+		if (sid_check_is_in_unix_groups(&group_sid)) {
+			sid_compose(&group_sid,
+				    get_global_sam_sid(),
+				    DOMAIN_RID_USERS);
+		}
 	}
 
 	/* Make sure we have a valid group sid */