From: Ralph Boehme <slow@samba.org>
Date: Tue, 4 Apr 2017 12:51:09 +0000 (+0200)
Subject: winbindd: handling of SIDs without domain reference in wb_sids2xids_lookupsids_done()
X-Git-Tag: tdb-1.3.13~137
X-Git-Url: http://git.samba.org/?a=commitdiff_plain;h=1efaeb072e55735421191fbae9cc586db6d07bb1;p=samba.git

winbindd: handling of SIDs without domain reference in wb_sids2xids_lookupsids_done()

This lets wb_sids2xids_lookupsids_done() deal with wp_lookupsids
returning UINT32_MAX as domain index for SIDs from unknown domains.

Call find_domain_from_sid_noinit() to search our list of known
domains. If a matching domain is found, use it's name, otherwise use the
empty string "". This needed to handle Samba DCs which always returns
sid_index UINT32_MAX for unknown SIDs, even from known domains.

Currently the wb_lookupsids adds these fake domains with an empty string
as domain name, but that's not the correct place to do it. We need the
domain name as it gets passed to the idmap child where the choise of
idmap backend is based on the domain name. This will possibly be changed
in the future to be based on domain SIDs, not the name.

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
---

diff --git a/source3/winbindd/wb_sids2xids.c b/source3/winbindd/wb_sids2xids.c
index 9bb8fa87cf8..dc90bdf5ef7 100644
--- a/source3/winbindd/wb_sids2xids.c
+++ b/source3/winbindd/wb_sids2xids.c
@@ -185,20 +185,41 @@ static void wb_sids2xids_lookupsids_done(struct tevent_req *subreq)
 	}
 
 	for (i=0; i<state->num_non_cached; i++) {
+		const struct dom_sid *sid = &state->non_cached[i];
 		struct dom_sid dom_sid;
-		struct lsa_DomainInfo *info;
 		struct lsa_TranslatedName *n = &names->names[i];
 		struct wbint_TransID *t = &state->ids.ids[i];
 		int domain_index;
+		const char *domain_name = NULL;
 
-		sid_copy(&dom_sid, &state->non_cached[i]);
-		sid_split_rid(&dom_sid, &t->rid);
+		if (n->sid_index != UINT32_MAX) {
+			const struct lsa_DomainInfo *info;
 
-		info = &domains->domains[n->sid_index];
-		t->type = lsa_SidType_to_id_type(n->sid_type);
+			info = &domains->domains[n->sid_index];
+			domain_name = info->name.string;
+		}
+		if (domain_name == NULL) {
+			struct winbindd_domain *wb_domain = NULL;
+
+			/*
+			 * This is needed to handle Samba DCs
+			 * which always return sid_index == UINT32_MAX for
+			 * unknown sids.
+			 */
+			wb_domain = find_domain_from_sid_noinit(sid);
+			if (wb_domain != NULL) {
+				domain_name = wb_domain->name;
+			}
+		}
+		if (domain_name == NULL) {
+			domain_name = "";
+		}
 
+		sid_copy(&dom_sid, sid);
+		sid_split_rid(&dom_sid, &t->rid);
+		t->type = lsa_SidType_to_id_type(n->sid_type);
 		domain_index = init_lsa_ref_domain_list(
-			state, &state->idmap_doms, info->name.string, &dom_sid);
+			state, &state->idmap_doms, domain_name, &dom_sid);
 		if (domain_index == -1) {
 			tevent_req_oom(req);
 			return;