From af20caf353a881eae918aa0e117f8bdc79c18aa1 Mon Sep 17 00:00:00 2001
From: Julia Bremer <bremer@univention.de>
Date: Thu, 5 Dec 2019 15:12:22 +0100
Subject: [PATCH] Fix Windows Explorer crash on S-1-22-* SIDs in NTACL

Windows Explorer crashes when opening the security tab for files
or directories that have S-1-22 Unix SIDs in their NTACLs.

Before Samba 4.9 the Samba/AD DC (rather Winbind) returned
NT_STATUS_SOME_NOT_MAPPED, which was fine for Windows, but since some
commit, I guess d7780c66866, the dom_sid_lookup_predefinied_sid call
returns NT_STATUS_INVALID_SID.

This patch, adds the Unix-SIDs to the predefined_domains, so that
Samba recognizes the Sids S-1-22* as valid.
---
 libcli/security/util_sid.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/libcli/security/util_sid.c b/libcli/security/util_sid.c
index 531d3809565..ecbc0f48f05 100644
--- a/libcli/security/util_sid.c
+++ b/libcli/security/util_sid.c
@@ -686,6 +686,16 @@ static const struct predefined_name_mapping predefined_names_S_1_7[] = {
 };
 
 /*
+ * S-1-22
+ */
+static const struct predefined_name_mapping predefined_names_S_1_22[] = {
+	{
+		.name = "Unix",
+		.type = SID_NAME_DOMAIN,
+		.sid = _SID0(22), /* S-1-22 */
+	},
+};
+/*
  * S-1-16
  */
 static const struct predefined_name_mapping predefined_names_S_1_16[] = {
@@ -807,6 +817,12 @@ static const struct predefined_domain_mapping predefined_domains[] = {
 		.num_names = ARRAY_SIZE(predefined_names_S_1_16),
 		.names = predefined_names_S_1_16,
 	},
+	{
+		.domain = "Unix",
+		.sid = _SID0(22), /* S-1-22 */
+		.num_names = ARRAY_SIZE(predefined_names_S_1_22),
+		.names = predefined_names_S_1_22,
+	},
 };
 
 NTSTATUS dom_sid_lookup_predefined_name(const char *name,
-- 
2.11.0