diff options
author | Dan Sledz <dan.sledz@isilon.com> | 2009-03-02 16:50:19 -0800 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2009-03-02 16:50:19 -0800 |
commit | be1dfff02d562e42a7847bd02fed8538630d3f41 (patch) | |
tree | 7df538c4a9491e649d7658ec2f6bd66ca4e67f34 /source3 | |
parent | deb73e87b29d59610ab16a8eb021728e782ac8b8 (diff) | |
download | samba-be1dfff02d562e42a7847bd02fed8538630d3f41.tar.gz samba-be1dfff02d562e42a7847bd02fed8538630d3f41.tar.bz2 samba-be1dfff02d562e42a7847bd02fed8538630d3f41.zip |
It appears that the first time we see a uid/gid that winbind can't map,
we end up returning the null sid instead of falling back to the legacy
code. Next time through the code we'll hit the negative cache and do
the right thing, but we still fail the first time.
If we fail the winbind id to sid mapping, call the legacy version. This
catches the case where we don't have a negative cache entry for the mapping.
This is better than returning the NULL sid to the caller.
Diffstat (limited to 'source3')
-rw-r--r-- | source3/passdb/lookup_sid.c | 36 |
1 files changed, 22 insertions, 14 deletions
diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index 53845117e2..10ff36d51b 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -1308,13 +1308,17 @@ void uid_to_sid(DOM_SID *psid, uid_t uid) if (!ret || expired) { /* Not in cache. Ask winbindd. */ if (!winbind_uid_to_sid(psid, uid)) { - if (!winbind_ping()) { - legacy_uid_to_sid(psid, uid); - return; - } - - DEBUG(5, ("uid_to_sid: winbind failed to find a sid for uid %u\n", - uid)); + /* + * We shouldn't return the NULL SID + * here if winbind was running and + * couldn't map, as winbind will have + * added a negative entry that will + * cause us to go though the + * legacy_uid_to_sid() + * function anyway in the case above + * the next time we ask. + */ + legacy_uid_to_sid(psid, uid); return; } } @@ -1354,13 +1358,17 @@ void gid_to_sid(DOM_SID *psid, gid_t gid) if (!ret || expired) { /* Not in cache. Ask winbindd. */ if (!winbind_gid_to_sid(psid, gid)) { - if (!winbind_ping()) { - legacy_gid_to_sid(psid, gid); - return; - } - - DEBUG(5, ("gid_to_sid: winbind failed to find a sid for gid %u\n", - gid)); + /* + * We shouldn't return the NULL SID + * here if winbind was running and + * couldn't map, as winbind will have + * added a negative entry that will + * cause us to go though the + * legacy_gid_to_sid() + * function anyway in the case above + * the next time we ask. + */ + legacy_gid_to_sid(psid, gid); return; } } |