From dbe86be6f24681a314e6e1b5089e6540548f603a Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 24 May 2012 09:08:21 +0200
Subject: [PATCH] s3:winbindd: do not expose negative cache idmap entries as
 valid mappings (bug #9002)

metze
(cherry picked from commit a1a0babdbd89b229a9d539993c2ad3791b654952)
---
 source3/winbindd/winbindd_sids_to_xids.c | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/source3/winbindd/winbindd_sids_to_xids.c b/source3/winbindd/winbindd_sids_to_xids.c
index b3699d06f80..62f09f0d627 100644
--- a/source3/winbindd/winbindd_sids_to_xids.c
+++ b/source3/winbindd/winbindd_sids_to_xids.c
@@ -256,21 +256,26 @@ NTSTATUS winbindd_sids_to_xids_recv(struct tevent_req *req,
 
 	for (i=0; i<state->num_sids; i++) {
 		char type;
-		uint64_t unix_id = (uint64_t)-1;
+		uint32_t unix_id = UINT32_MAX;
 		bool found = true;
 
 		if (state->cached[i].sid != NULL) {
 			unix_id = state->cached[i].xid.id;
-			if (state->cached[i].xid.type == ID_TYPE_UID) {
+
+			switch (state->cached[i].xid.type) {
+			case ID_TYPE_UID:
 				type = 'U';
-			} else {
+				break;
+			case ID_TYPE_GID:
 				type = 'G';
+				break;
+			default:
+				found = false;
+				break;
 			}
 		} else {
 			unix_id = state->ids.ids[num_non_cached].unix_id;
-			if (unix_id == -1) {
-				found = false;
-			}
+
 			switch(state->ids.ids[num_non_cached].type) {
 			case WBC_ID_TYPE_UID:
 				type = 'U';
@@ -286,10 +291,15 @@ NTSTATUS winbindd_sids_to_xids_recv(struct tevent_req *req,
 				break;
 			default:
 				found = false;
+				break;
 			}
 			num_non_cached += 1;
 		}
 
+		if (unix_id == UINT32_MAX) {
+			found = false;
+		}
+
 		if (found) {
 			result = talloc_asprintf_append_buffer(
 				result, "%c%lu\n", type,
-- 
2.11.4.GIT