passdb: fix NT_STATUS_NO_SUCH_GROUP

Share options like "force group" and "valid users = @group1"
triggered a NT_STATUS_NO_SUCH_GROUP. While the group was found in
the SAM backend, its objectclass was not retrived.

This fix also revealed a talloc access after free in the group
branch of pdb_samba_dsdb_getgrfilter.

[Bug 9570] Access failure for shares with "force group" or "valid users = @group"

https://bugzilla.samba.org/show_bug.cgi?id=9570

Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

1 files changed, 2 insertions, 2 deletions

diff --git a/source3/passdb/pdb_samba_dsdb.c b/source3/passdb/pdb_samba_dsdb.c
index 87320e8708..7d7bd8d617 100644
--- a/source3/passdb/pdb_samba_dsdb.c
+++ b/source3/passdb/pdb_samba_dsdb.c
@@ -885,7 +885,7 @@ static NTSTATUS pdb_samba_dsdb_getgrfilter(struct pdb_methods *m, GROUP_MAP *map
 {
 	struct pdb_samba_dsdb_state *state = talloc_get_type_abort(
 		m->private_data, struct pdb_samba_dsdb_state);
-	const char *attrs[] = { "objectSid", "description", "samAccountName", "groupType",
+	const char *attrs[] = { "objectClass", "objectSid", "description", "samAccountName", "groupType",
 				NULL };
 	struct ldb_message *msg;
 	va_list ap;
@@ -950,7 +950,7 @@ static NTSTATUS pdb_samba_dsdb_getgrfilter(struct pdb_methods *m, GROUP_MAP *map
 		id_maps[1] = NULL;
 
 		status = idmap_sids_to_xids(state->idmap_ctx, tmp_ctx, id_maps);
-		talloc_free(tmp_ctx);
+
 		if (!NT_STATUS_IS_OK(status)) {
 			talloc_free(tmp_ctx);
 			return status;