From: Michael Adam Date: Sun, 1 Feb 2009 23:36:59 +0000 (+0100) Subject: s3:winbind_user: fix "getent passwd" to allocate new uids. X-Git-Tag: samba-4.0.0alpha7~417^2~173 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a0d05192006c4bade760bd945ab91b5268ca47a6;p=thirdparty%2Fsamba.git s3:winbind_user: fix "getent passwd" to allocate new uids. "getent passwd" used to fill the idmap cache with negative cache entries for unmapped user sids. Don't pass domain name unconditionally to idmap_sid_to_[ug]id(). idmap_sid_to_[ug]id() only creates new mappings (allocating idmap backends tdb, tdb2, ldap...) when the domain name passed in is "". Note that it is _wrong_ to directly call the idmap_sid_to_[ug]id() functions here, in the main winbindd. The correct fix would be to send a sid_to_[ug]id request to winbindd itself, but this needs more work to prepare the async mechanisms, and we nee a quick fix for getent passwd now. Michael --- diff --git a/source3/winbindd/winbindd_user.c b/source3/winbindd/winbindd_user.c index 2e326430fc1..b01e1847f26 100644 --- a/source3/winbindd/winbindd_user.c +++ b/source3/winbindd/winbindd_user.c @@ -76,6 +76,7 @@ static bool winbindd_fill_pwent(TALLOC_CTX *ctx, char *dom_name, char *user_name char *mapped_name = NULL; struct winbindd_domain *domain = NULL; NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; + char *dom_name_idmap = ""; if (!pw || !dom_name || !user_name) return False; @@ -87,9 +88,13 @@ static bool winbindd_fill_pwent(TALLOC_CTX *ctx, char *dom_name, char *user_name nt_status = NT_STATUS_NO_SUCH_DOMAIN; } + if (domain->have_idmap_config) { + dom_name_idmap = dom_name; + } + /* Resolve the uid number */ - if (!NT_STATUS_IS_OK(idmap_sid_to_uid(dom_name, user_sid, + if (!NT_STATUS_IS_OK(idmap_sid_to_uid(dom_name_idmap, user_sid, &pw->pw_uid))) { DEBUG(1, ("error getting user id for sid %s\n", sid_string_dbg(user_sid))); @@ -98,7 +103,7 @@ static bool winbindd_fill_pwent(TALLOC_CTX *ctx, char *dom_name, char *user_name /* Resolve the gid number */ - if (!NT_STATUS_IS_OK(idmap_sid_to_gid(dom_name, group_sid, + if (!NT_STATUS_IS_OK(idmap_sid_to_gid(dom_name_idmap, group_sid, &pw->pw_gid))) { DEBUG(1, ("error getting group id for sid %s\n", sid_string_dbg(group_sid)));