From b193272b055b858fd3b14ba0d35a5096ab0f07bc Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 19 Jun 2012 17:57:19 +0200
Subject: [PATCH] s3:passdb: don't turn negative cache entries into valid
 idmappings (bug #9002)

It's typical that some file operations set a NTACL, which tries
sid2uid() before sid2gid(), this will create a negative cache entry.

Negative SID2UID entries cause that a valid SID2GID mapping is ignored
and the group is ignored in the UNIX Token.

metze
(cherry picked from commit e19d064b2a23ec083da06fa56af47be694152442)
---
 source3/passdb/lookup_sid.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index 2afa86e0b6d..64a181e420b 100644
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -1437,13 +1437,13 @@ bool sids_to_unix_ids(const struct dom_sid *sids, uint32_t num_sids,
 		}
 		if (idmap_cache_find_sid2uid(&sids[i], &ids[i].id.uid,
 					     &expired)
-		    && !expired) {
+		    && !expired && ids[i].id.uid != (uid_t)-1) {
 			ids[i].type = WBC_ID_TYPE_UID;
 			continue;
 		}
 		if (idmap_cache_find_sid2gid(&sids[i], &ids[i].id.gid,
 					     &expired)
-		    && !expired) {
+		    && !expired && ids[i].id.gid != (gid_t)-1) {
 			ids[i].type = WBC_ID_TYPE_GID;
 			continue;
 		}
-- 
2.11.4.GIT