From 79dd4b133c37451c98fe7f7c45da881e89e91ffc Mon Sep 17 00:00:00 2001 From: Christof Schmitt Date: Fri, 5 Mar 2021 16:01:13 -0700 Subject: [PATCH] idmap_rfc2307: Do not return SID from unixids_to_sids on type mismatch The call to winbind_lookup_name already wrote the result in the id_map array. The later check for the type detected a mismatch, but that did not remove the SID from the result struct. Change this by first assigning the SID to a temporary variable and only write it to the id_map array after the type checks. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14663 Signed-off-by: Christof Schmitt --- source3/winbindd/idmap_rfc2307.c | 4 +++- source3/winbindd/winbindd_dual_srv.c | 2 ++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/source3/winbindd/idmap_rfc2307.c b/source3/winbindd/idmap_rfc2307.c index 05259bf8344..4870ca30485 100644 --- a/source3/winbindd/idmap_rfc2307.c +++ b/source3/winbindd/idmap_rfc2307.c @@ -229,6 +229,7 @@ static void idmap_rfc2307_map_sid_results(struct idmap_rfc2307_context *ctx, for (i = 0; i < count; i++) { char *name; + struct dom_sid sid; enum lsa_SidType lsa_type; struct id_map *map; uint32_t id; @@ -277,7 +278,7 @@ static void idmap_rfc2307_map_sid_results(struct idmap_rfc2307_context *ctx, the following call will not recurse so this is safe */ (void)winbind_on(); /* Lookup name from PDC using lsa_lookup_names() */ - b = winbind_lookup_name(dom_name, name, map->sid, &lsa_type); + b = winbind_lookup_name(dom_name, name, &sid, &lsa_type); (void)winbind_off(); if (!b) { @@ -301,6 +302,7 @@ static void idmap_rfc2307_map_sid_results(struct idmap_rfc2307_context *ctx, } map->status = ID_MAPPED; + sid_copy(map->sid, &sid); } } diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c index 8a0301bf2d6..32d11e1fa57 100644 --- a/source3/winbindd/winbindd_dual_srv.c +++ b/source3/winbindd/winbindd_dual_srv.c @@ -286,6 +286,8 @@ NTSTATUS _wbint_UnixIDs2Sids(struct pipes_struct *p, if (maps[i]->status == ID_MAPPED) { r->out.xids[i] = maps[i]->xid; sid_copy(&r->out.sids[i], maps[i]->sid); + } else { + r->out.sids[i] = (struct dom_sid) { 0 }; } }