idmap_rfc2307: Do not return SID from unixids_to_sids on type mismatch

The call to winbind_lookup_name already wrote the result in the id_map
array. The later check for the type detected a mismatch, but that did
not remove the SID from the result struct.

Change this by first assigning the SID to a temporary variable and only
write it to the id_map array after the type checks.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14663

Signed-off-by: Christof Schmitt <cs@samba.org>

source3/winbindd/idmap_rfc2307.c

@@ -229,6 +229,7 @@ static void idmap_rfc2307_map_sid_results(struct idmap_rfc2307_context *ctx,
 
 	for (i = 0; i < count; i++) {
 		char *name;
+		struct dom_sid sid;
 		enum lsa_SidType lsa_type;
 		struct id_map *map;
 		uint32_t id;
@@ -277,7 +278,7 @@ static void idmap_rfc2307_map_sid_results(struct idmap_rfc2307_context *ctx,
 		   the following call will not recurse so this is safe */
 		(void)winbind_on();
 		/* Lookup name from PDC using lsa_lookup_names() */
-		b = winbind_lookup_name(dom_name, name, map->sid, &lsa_type);
+		b = winbind_lookup_name(dom_name, name, &sid, &lsa_type);
 		(void)winbind_off();
 
 		if (!b) {
@@ -301,6 +302,7 @@ static void idmap_rfc2307_map_sid_results(struct idmap_rfc2307_context *ctx,
 		}
 
 		map->status = ID_MAPPED;
+		sid_copy(map->sid, &sid);
 	}
 }
 

source3/winbindd/winbindd_dual_srv.c

@@ -286,6 +286,8 @@ NTSTATUS _wbint_UnixIDs2Sids(struct pipes_struct *p,
 		if (maps[i]->status == ID_MAPPED) {
 			r->out.xids[i] = maps[i]->xid;
 			sid_copy(&r->out.sids[i], maps[i]->sid);
+		} else {
+			r->out.sids[i] = (struct dom_sid) { 0 };
 		}
 	}