winbindd: idmap_rid: don't rely on the static domain list

The domain list in the idmap child is inherited from the parent winbindd
process and may not contain all domains in case enumerating trusted
domains didn't finish before the first winbind request that triggers the
idmap child fork comes along.

The previous commits added the domain SID as an additional argument to
the wbint_UnixIDs2Sids request, storing the domain SID in struct
idmap_domain.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13052

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 108675c4cf4c3d5bd29468255743423a56bd1471)

diff --git a/source3/winbindd/idmap_rid.c b/source3/winbindd/idmap_rid.c
index ac537053e529998a5db0e9b4d06de527d0d3c6a2..95e24db5290f1acc8bdb02ef9b59b0383358d3f3 100644 (file)
--- a/source3/winbindd/idmap_rid.c
+++ b/source3/winbindd/idmap_rid.c
@@ -68,7 +68,6 @@ failed:
 
 static NTSTATUS idmap_rid_id_to_sid(struct idmap_domain *dom, struct id_map *map)
 {
-       struct winbindd_domain *domain;
        struct idmap_rid_context *ctx;
 
        ctx = talloc_get_type(dom->private_data, struct idmap_rid_context);
@@ -80,12 +79,13 @@ static NTSTATUS idmap_rid_id_to_sid(struct idmap_domain *dom, struct id_map *map
                return NT_STATUS_NONE_MAPPED;
        }
 
-       domain = find_domain_from_name_noinit(dom->name);
-       if (domain == NULL ) {
+       if (is_null_sid(&dom->dom_sid)) {
+               DBG_INFO("idmap domain '%s' without SID\n", dom->name);
                return NT_STATUS_NO_SUCH_DOMAIN;
        }
 
-       sid_compose(map->sid, &domain->sid, map->xid.id - dom->low_id + ctx->base_rid);
+       sid_compose(map->sid, &dom->dom_sid,
+                   map->xid.id - dom->low_id + ctx->base_rid);
 
        map->status = ID_MAPPED;
        map->xid.type = ID_TYPE_BOTH;