winbindd: idmap_rid: don't rely on the static domain list

The domain list in the idmap child is inherited from the parent winbindd
process and may not contain all domains in case enumerating trusted
domains didn't finish before the first winbind request that triggers the
idmap child fork comes along.

The previous commits added the domain SID as an additional argument to
the wbint_UnixIDs2Sids request, storing the domain SID in struct
idmap_domain.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13052

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

diff --git a/source3/winbindd/idmap_rid.c b/source3/winbindd/idmap_rid.c
index 10088b5a27ad83ed307ad2d893218f20f92553dd..6ebb4a191a84d9969499d98a3cb77690a0c1213a 100644 (file)
--- a/source3/winbindd/idmap_rid.c
+++ b/source3/winbindd/idmap_rid.c
@@ -54,7 +54,6 @@ static NTSTATUS idmap_rid_initialize(struct idmap_domain *dom)
 
 static NTSTATUS idmap_rid_id_to_sid(struct idmap_domain *dom, struct id_map *map)
 {
-       struct winbindd_domain *domain;
        struct idmap_rid_context *ctx;
 
        ctx = talloc_get_type(dom->private_data, struct idmap_rid_context);
@@ -66,12 +65,13 @@ static NTSTATUS idmap_rid_id_to_sid(struct idmap_domain *dom, struct id_map *map
                return NT_STATUS_NONE_MAPPED;
        }
 
-       domain = find_domain_from_name_noinit(dom->name);
-       if (domain == NULL ) {
+       if (is_null_sid(&dom->dom_sid)) {
+               DBG_INFO("idmap domain '%s' without SID\n", dom->name);
                return NT_STATUS_NO_SUCH_DOMAIN;
        }
 
-       sid_compose(map->sid, &domain->sid, map->xid.id - dom->low_id + ctx->base_rid);
+       sid_compose(map->sid, &dom->dom_sid,
+                   map->xid.id - dom->low_id + ctx->base_rid);
 
        map->status = ID_MAPPED;
        map->xid.type = ID_TYPE_BOTH;