From cc1c764effd07bb124b5b5cf03fb5a4565c8ed36 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 11 Feb 2009 11:47:41 +0100
Subject: [PATCH] s3:auth: only create_local_token() should add S-1-22-X-Y sids

metze
(cherry picked from commit e7f7ed8bf6281ef01aca53ea44acdd4af4c51aa7)
---
 source/auth/auth_util.c | 27 ---------------------------
 1 file changed, 27 deletions(-)

diff --git a/source/auth/auth_util.c b/source/auth/auth_util.c
index 7fc23c869fc..b84c1688d83 100644
--- a/source/auth/auth_util.c
+++ b/source/auth/auth_util.c
@@ -555,9 +555,6 @@ NTSTATUS make_server_info_sam(auth_serversupplied_info **server_info,
 	struct passwd *pwd;
 	gid_t *gids;
 	auth_serversupplied_info *result;
-	int i;
-	size_t num_gids;
-	DOM_SID unix_group_sid;
 	const char *username = pdb_get_username(sampass);
 	NTSTATUS status;
 
@@ -629,30 +626,6 @@ NTSTATUS make_server_info_sam(auth_serversupplied_info **server_info,
 		}
 	}
 
-	/* Add the "Unix Group" SID for each gid to catch mapped groups
-	   and their Unix equivalent.  This is to solve the backwards 
-	   compatibility problem of 'valid users = +ntadmin' where 
-	   ntadmin has been paired with "Domain Admins" in the group 
-	   mapping table.  Otherwise smb.conf would need to be changed
-	   to 'valid user = "Domain Admins"'.  --jerry */
-	
-	num_gids = result->num_sids;
-	for ( i=0; i<num_gids; i++ ) {
-		if ( !gid_to_unix_groups_sid( gids[i], &unix_group_sid ) ) {
-			DEBUG(1,("make_server_info_sam: Failed to create SID "
-				"for gid %d!\n", gids[i]));
-			continue;
-		}
-		status = add_sid_to_array_unique(result, &unix_group_sid,
-						 &result->sids,
-						 &result->num_sids);
-		if (!NT_STATUS_IS_OK(status)) {
-			result->sam_account = NULL; /* Don't free on error exit. */
-			TALLOC_FREE(result);
-			return status;
-		}
-	}
-
 	/* For now we throw away the gids and convert via sid_to_gid
 	 * later. This needs fixing, but I'd like to get the code straight and
 	 * simple first. */
-- 
2.11.4.GIT