r116: volker's patch for local group and group nesting

(This used to be commit b393469d9581f20e4d4c52633b952ee984cca36f)

1 files changed, 21 insertions, 12 deletions

diff --git a/source3/nsswitch/winbindd_sid.c b/source3/nsswitch/winbindd_sid.c
index 9fbf47046d6..d4206558c5e 100644
--- a/source3/nsswitch/winbindd_sid.c
+++ b/source3/nsswitch/winbindd_sid.c
@@ -30,10 +30,8 @@
 
 enum winbindd_result winbindd_lookupsid(struct winbindd_cli_state *state)
 {
-	extern DOM_SID global_sid_Builtin;
 	enum SID_NAME_USE type;
-	DOM_SID sid, tmp_sid;
-	uint32 rid;
+	DOM_SID sid;
 	fstring name;
 	fstring dom_name;
 
@@ -50,15 +48,6 @@ enum winbindd_result winbindd_lookupsid(struct winbindd_cli_state *state)
 		return WINBINDD_ERROR;
 	}
 
-	/* Don't look up BUILTIN sids */
-
-	sid_copy(&tmp_sid, &sid);
-	sid_split_rid(&tmp_sid, &rid);
-
-	if (sid_equal(&tmp_sid, &global_sid_Builtin)) {
-		return WINBINDD_ERROR;
-	}
-
 	/* Lookup the sid */
 
 	if (!winbindd_lookup_name_by_sid(&sid, dom_name, name, &type)) {
@@ -445,3 +434,23 @@ done:
 
 	return WINBINDD_OK;
 }
+
+enum winbindd_result winbindd_allocate_rid(struct winbindd_cli_state *state)
+{
+	if ( !state->privileged ) {
+		DEBUG(2, ("winbindd_allocate_rid: non-privileged access "
+			  "denied!\n"));
+		return WINBINDD_ERROR;
+	}
+
+	/* We tell idmap to always allocate a user RID. There might be a good
+	 * reason to keep RID allocation for users to even and groups to
+	 * odd. This needs discussion I think. For now only allocate user
+	 * rids. */
+
+	if (!NT_STATUS_IS_OK(idmap_allocate_rid(&state->response.data.rid,
+						USER_RID_TYPE)))
+		return WINBINDD_ERROR;
+
+	return WINBINDD_OK;
+}