From 481f38b7e3670c3eda4177fceec603d09d3c831f Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 2 Feb 2009 00:36:59 +0100 Subject: [PATCH] s3:winbind_user: fix "getent passwd" to allocate new uids. "getent passwd" used to fill the idmap cache with negative cache entries for unmapped user sids. Don't pass domain name unconditionally to idmap_sid_to_[ug]id(). idmap_sid_to_[ug]id() only creates new mappings (allocating idmap backends tdb, tdb2, ldap...) when the domain name passed in is "". Note that it is _wrong_ to directly call the idmap_sid_to_[ug]id() functions here, in the main winbindd. The correct fix would be to send a sid_to_[ug]id request to winbindd itself, but this needs more work to prepare the async mechanisms, and we nee a quick fix for getent passwd now. Michael (cherry picked from commit 877808450bb108ed306ef77db97a3acc7297e579) --- source/winbindd/winbindd_user.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/source/winbindd/winbindd_user.c b/source/winbindd/winbindd_user.c index 2e326430fc1..b01e1847f26 100644 --- a/source/winbindd/winbindd_user.c +++ b/source/winbindd/winbindd_user.c @@ -76,6 +76,7 @@ static bool winbindd_fill_pwent(TALLOC_CTX *ctx, char *dom_name, char *user_name char *mapped_name = NULL; struct winbindd_domain *domain = NULL; NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; + char *dom_name_idmap = ""; if (!pw || !dom_name || !user_name) return False; @@ -87,9 +88,13 @@ static bool winbindd_fill_pwent(TALLOC_CTX *ctx, char *dom_name, char *user_name nt_status = NT_STATUS_NO_SUCH_DOMAIN; } + if (domain->have_idmap_config) { + dom_name_idmap = dom_name; + } + /* Resolve the uid number */ - if (!NT_STATUS_IS_OK(idmap_sid_to_uid(dom_name, user_sid, + if (!NT_STATUS_IS_OK(idmap_sid_to_uid(dom_name_idmap, user_sid, &pw->pw_uid))) { DEBUG(1, ("error getting user id for sid %s\n", sid_string_dbg(user_sid))); @@ -98,7 +103,7 @@ static bool winbindd_fill_pwent(TALLOC_CTX *ctx, char *dom_name, char *user_name /* Resolve the gid number */ - if (!NT_STATUS_IS_OK(idmap_sid_to_gid(dom_name, group_sid, + if (!NT_STATUS_IS_OK(idmap_sid_to_gid(dom_name_idmap, group_sid, &pw->pw_gid))) { DEBUG(1, ("error getting group id for sid %s\n", sid_string_dbg(group_sid))); -- 2.11.4.GIT