1 files changed, 44 insertions, 39 deletions
diff --git a/source/passdb/passdb.c b/source/passdb/passdb.c
index 0905d816920..14c8c67aa3c 100644
--- a/source/passdb/passdb.c
+++ b/source/passdb/passdb.c
@@ -190,7 +190,9 @@ static NTSTATUS pdb_set_sam_sids(SAM_ACCOUNT *account_data, const struct passwd
 	const char *guest_account = lp_guestaccount();
 	GROUP_MAP map;
 	BOOL ret;
-	
+	DOM_SID user_sid;
+	DOM_SID group_sid;
+
 	if (!account_data || !pwd) {
 		return NT_STATUS_INVALID_PARAMETER;
 	}
@@ -198,7 +200,7 @@ static NTSTATUS pdb_set_sam_sids(SAM_ACCOUNT *account_data, const struct passwd
 	/* this is a hack this thing should not be set
 	   this way --SSS */
 	if (!(guest_account && *guest_account)) {
-		DEBUG(1, ("NULL guest account!?!?\n"));
+		DEBUG(1, ("pdb_set_sam_sids: NULL guest account!?!?\n"));
 		return NT_STATUS_UNSUCCESSFUL;
 	} else {
 		/* Ensure this *must* be set right */
@@ -213,8 +215,13 @@ static NTSTATUS pdb_set_sam_sids(SAM_ACCOUNT *account_data, const struct passwd
 		}
 	}
 
-	if (!pdb_set_user_sid_from_rid(account_data, fallback_pdb_uid_to_user_rid(pwd->pw_uid), PDB_SET)) {
-		DEBUG(0,("Can't set User SID from RID!\n"));
+	if (NT_STATUS_IS_OK(uid_to_sid(&user_sid, pwd->pw_uid))) {
+		if (!pdb_set_user_sid(account_data, &user_sid, PDB_SET)) {
+			DEBUG(0,("pdb_set_sam_sids: Can't set User SID from mapped UID\n"));
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+	} else if (!pdb_set_user_sid_from_rid(account_data, algorithmic_pdb_uid_to_user_rid(pwd->pw_uid), PDB_SET)) {
+		DEBUG(0,("pdb_set_sam_sids: Can't set User SID from RID!\n"));
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 	
@@ -225,13 +232,18 @@ static NTSTATUS pdb_set_sam_sids(SAM_ACCOUNT *account_data, const struct passwd
 	
 	if( ret ) {
 		if (!pdb_set_group_sid(account_data, &map.sid, PDB_SET)){
-			DEBUG(0,("Can't set Group SID!\n"));
+			DEBUG(0,("pdb_set_sam_sids: Can't set Group SID!\n"));
 			return NT_STATUS_INVALID_PARAMETER;
 		}
 	} 
 	else {
-		if (!pdb_set_group_sid_from_rid(account_data, pdb_gid_to_group_rid(pwd->pw_gid), PDB_SET)) {
-			DEBUG(0,("Can't set Group SID\n"));
+		if (NT_STATUS_IS_OK(gid_to_sid(&group_sid, pwd->pw_gid))) {
+			if (!pdb_set_group_sid(account_data, &group_sid, PDB_SET)) {
+				DEBUG(0,("pdb_set_sam_sids: Can't set Group SID from mapped GID\n"));
+				return NT_STATUS_INVALID_PARAMETER;
+			}
+		} else if (!pdb_set_group_sid_from_rid(account_data, pdb_gid_to_group_rid(pwd->pw_gid), PDB_SET)) {
+			DEBUG(0,("pdb_set_sam_sids: Can't set Group SID\n"));
 			return NT_STATUS_INVALID_PARAMETER;
 		}
 	}
@@ -370,7 +382,7 @@ NTSTATUS pdb_init_sam_new(SAM_ACCOUNT **new_sam_acct, const char *username,
 	/* see if we need to generate a new rid using the 2.2 algorithm */
 	if ( rid == 0 && lp_enable_rid_algorithm() ) {
 		DEBUG(10,("pdb_init_sam_new: no RID specified.  Generating one via old algorithm\n"));
-		rid = fallback_pdb_uid_to_user_rid(pwd->pw_uid);
+		rid = algorithmic_pdb_uid_to_user_rid(pwd->pw_uid);
 	}
 	
 	/* set the new SID */
@@ -660,7 +672,7 @@ int algorithmic_rid_base(void)
  Converts NT user RID to a UNIX uid.
  ********************************************************************/
 
-uid_t fallback_pdb_user_rid_to_uid(uint32 user_rid)
+uid_t algorithmic_pdb_user_rid_to_uid(uint32 user_rid)
 {
 	int rid_offset = algorithmic_rid_base();
 	return (uid_t)(((user_rid & (~USER_RID_TYPE)) - rid_offset)/RID_MULTIPLIER);
@@ -670,7 +682,7 @@ uid_t fallback_pdb_user_rid_to_uid(uint32 user_rid)
  converts UNIX uid to an NT User RID.
  ********************************************************************/
 
-uint32 fallback_pdb_uid_to_user_rid(uid_t uid)
+uint32 algorithmic_pdb_uid_to_user_rid(uid_t uid)
 {
 	int rid_offset = algorithmic_rid_base();
 	return (((((uint32)uid)*RID_MULTIPLIER) + rid_offset) | USER_RID_TYPE);
@@ -716,26 +728,19 @@ static BOOL pdb_rid_is_well_known(uint32 rid)
  Decides if a RID is a user or group RID.
  ********************************************************************/
 
-BOOL fallback_pdb_rid_is_user(uint32 rid)
+BOOL algorithmic_pdb_rid_is_user(uint32 rid)
 {
-  /* lkcl i understand that NT attaches an enumeration to a RID
-   * such that it can be identified as either a user, group etc
-   * type.  there are 5 such categories, and they are documented.
-   */
-	/* However, they are not in the RID, just somthing you can query
-	   seperatly.  Sorry luke :-) */
-
-   if(pdb_rid_is_well_known(rid)) {
-      /*
-       * The only well known user RIDs are DOMAIN_USER_RID_ADMIN
-       * and DOMAIN_USER_RID_GUEST.
-       */
-     if(rid == DOMAIN_USER_RID_ADMIN || rid == DOMAIN_USER_RID_GUEST)
-       return True;
-   } else if((rid & RID_TYPE_MASK) == USER_RID_TYPE) {
-     return True;
-   }
-   return False;
+	if(pdb_rid_is_well_known(rid)) {
+		/*
+		 * The only well known user RIDs are DOMAIN_USER_RID_ADMIN
+		 * and DOMAIN_USER_RID_GUEST.
+		 */
+		if(rid == DOMAIN_USER_RID_ADMIN || rid == DOMAIN_USER_RID_GUEST)
+			return True;
+	} else if((rid & RID_TYPE_MASK) == USER_RID_TYPE) {
+		return True;
+	}
+	return False;
 }
 
 /*******************************************************************
@@ -806,13 +811,13 @@ BOOL local_lookup_sid(const DOM_SID *sid, char *name, enum SID_NAME_USE *psid_na
 		return True;
 	}
 
-	if (fallback_pdb_rid_is_user(rid)) {
+	if (algorithmic_pdb_rid_is_user(rid)) {
 		uid_t uid;
 		struct passwd *pw = NULL;
 
 		DEBUG(5, ("assuming RID %u is a user\n", (unsigned)rid));
 
-       		uid = fallback_pdb_user_rid_to_uid(rid);
+       		uid = algorithmic_pdb_user_rid_to_uid(rid);
 		pw = sys_getpwuid( uid );
 		
 		DEBUG(5,("local_lookup_sid: looking up uid %u %s\n", (unsigned int)uid,
@@ -851,7 +856,7 @@ BOOL local_lookup_sid(const DOM_SID *sid, char *name, enum SID_NAME_USE *psid_na
 		DEBUG(5,("local_lookup_sid: found group %s for rid %u\n", name,
 			 (unsigned int)rid ));
 		
-		/* assume fallback groups aer domain global groups */
+		/* assume algorithmic groups are domain global groups */
 		
 		*psid_name_use = SID_NAME_DOM_GRP;
 		
@@ -1119,7 +1124,7 @@ DOM_SID *algorithmic_uid_to_sid(DOM_SID *psid, uid_t uid)
 
 	DEBUG(8,("algorithmic_uid_to_sid: falling back to RID algorithm\n"));
 	sid_copy( psid, get_global_sam_sid() );
-	sid_append_rid( psid, fallback_pdb_uid_to_user_rid(uid) );
+	sid_append_rid( psid, algorithmic_pdb_uid_to_user_rid(uid) );
 	DEBUG(10,("algorithmic_uid_to_sid:  uid (%d) -> SID %s.\n",
 		(unsigned int)uid, sid_string_static(psid) ));
 
@@ -1263,7 +1268,7 @@ DOM_SID *local_gid_to_sid(DOM_SID *psid, gid_t gid)
 	
 	if ( !ret ) {
 
-		/* fallback to rid mapping if enabled */
+		/* algorithmic to rid mapping if enabled */
 
 		if ( lp_enable_rid_algorithm() ) {
 
@@ -1308,7 +1313,7 @@ BOOL local_sid_to_gid(gid_t *pgid, const DOM_SID *psid, enum SID_NAME_USE *name_
 	
 	if ( !ret ) {
 
-		/* fallback to rid mapping if enabled */
+		/* Fallback to algorithmic rid mapping if enabled */
 
 		if ( lp_enable_rid_algorithm() ) {
 
@@ -1324,7 +1329,7 @@ BOOL local_sid_to_gid(gid_t *pgid, const DOM_SID *psid, enum SID_NAME_USE *name_
 
 			DEBUG(10,("local_sid_to_gid: Fall back to algorithmic mapping\n"));
 
-			if (fallback_pdb_rid_is_user(rid)) {
+			if (algorithmic_pdb_rid_is_user(rid)) {
 				DEBUG(3, ("local_sid_to_gid: SID %s is *NOT* a group\n", sid_string_static(psid)));
 				return False;
 			} else {
@@ -2257,11 +2262,11 @@ BOOL get_free_rid_range(uint32 *low, uint32 *high)
 		return False;
 	}
 
-	*low = fallback_pdb_uid_to_user_rid(id_low);
-	if (fallback_pdb_user_rid_to_uid((uint32)-1) < id_high) {
+	*low = algorithmic_pdb_uid_to_user_rid(id_low);
+	if (algorithmic_pdb_user_rid_to_uid((uint32)-1) < id_high) {
 		*high = (uint32)-1;
 	} else {
-		*high = fallback_pdb_uid_to_user_rid(id_high);
+		*high = algorithmic_pdb_uid_to_user_rid(id_high);
 	}
 
 	return True;