s3:winbind_user: fix "getent passwd" to allocate new uids.

"getent passwd" used to fill the idmap cache with negative
cache entries for unmapped user sids.

Don't pass domain name unconditionally to idmap_sid_to_[ug]id().
idmap_sid_to_[ug]id() only creates new mappings (allocating
idmap backends tdb, tdb2, ldap...) when the domain name passed
in is "".

Note that it is _wrong_ to directly call the idmap_sid_to_[ug]id()
functions here, in the main winbindd. The correct fix would be
to send a sid_to_[ug]id request to winbindd itself, but this needs
more work to prepare the async mechanisms, and we nee a quick
fix for getent passwd now.

Michael

diff --git a/source3/winbindd/winbindd_user.c b/source3/winbindd/winbindd_user.c
index 2e326430fc10fb83558078ae07aec60da6c4f350..b01e1847f26369d5a3b14735a8bed2b4a34882ee 100644 (file)
--- a/source3/winbindd/winbindd_user.c
+++ b/source3/winbindd/winbindd_user.c
@@ -76,6 +76,7 @@ static bool winbindd_fill_pwent(TALLOC_CTX *ctx, char *dom_name, char *user_name
        char *mapped_name = NULL;
        struct winbindd_domain *domain = NULL;
        NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
+       char *dom_name_idmap = "";
 
        if (!pw || !dom_name || !user_name)
                return False;
@@ -87,9 +88,13 @@ static bool winbindd_fill_pwent(TALLOC_CTX *ctx, char *dom_name, char *user_name
                nt_status = NT_STATUS_NO_SUCH_DOMAIN;
        }
 
+       if (domain->have_idmap_config) {
+               dom_name_idmap = dom_name;
+       }
+
        /* Resolve the uid number */
 
-       if (!NT_STATUS_IS_OK(idmap_sid_to_uid(dom_name, user_sid,
+       if (!NT_STATUS_IS_OK(idmap_sid_to_uid(dom_name_idmap, user_sid,
                                              &pw->pw_uid))) {
                DEBUG(1, ("error getting user id for sid %s\n",
                          sid_string_dbg(user_sid)));
@@ -98,7 +103,7 @@ static bool winbindd_fill_pwent(TALLOC_CTX *ctx, char *dom_name, char *user_name
 
        /* Resolve the gid number */
 
-       if (!NT_STATUS_IS_OK(idmap_sid_to_gid(dom_name, group_sid,
+       if (!NT_STATUS_IS_OK(idmap_sid_to_gid(dom_name_idmap, group_sid,
                                              &pw->pw_gid))) {
                DEBUG(1, ("error getting group id for sid %s\n",
                          sid_string_dbg(group_sid)));