s3:winbind: unmapped Unix users must be resolved locally

Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Reviewed-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Sep 29 18:33:21 CEST 2017 on sn-devel-144

diff --git a/source3/winbindd/wb_getpwsid.c b/source3/winbindd/wb_getpwsid.c
index e9ffc33a323225a64c37d866e2ae2ac4685728a3..dcb249287d9e9bcb86fbddda06765c6c9801b177 100644 (file)
--- a/source3/winbindd/wb_getpwsid.c
+++ b/source3/winbindd/wb_getpwsid.c
@@ -47,6 +47,12 @@ struct tevent_req *wb_getpwsid_send(TALLOC_CTX *mem_ctx,
        state->ev = ev;
        state->pw = pw;
 
+       if (dom_sid_in_domain(&global_sid_Unix_Users, user_sid)) {
+               /* unmapped Unix users must be resolved locally */
+               tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+               return tevent_req_post(req, ev);
+       }
+
        subreq = wb_queryuser_send(state, ev, &state->sid);
        if (tevent_req_nomem(subreq, req)) {
                return tevent_req_post(req, ev);