From be1dfff02d562e42a7847bd02fed8538630d3f41 Mon Sep 17 00:00:00 2001
From: Dan Sledz <dan.sledz@isilon.com>
Date: Mon, 2 Mar 2009 16:50:19 -0800
Subject: It appears that the first time we see a uid/gid that winbind can't
 map, we end up returning the null sid instead of falling back to the legacy
 code.  Next time through the code we'll hit the negative cache and do the
 right thing, but we still fail the first time.

If we fail the winbind id to sid mapping, call the legacy version.  This
catches the case where we don't have a negative cache entry for the mapping.
This is better than returning the NULL sid to the caller.
---
 source3/passdb/lookup_sid.c | 36 ++++++++++++++++++++++--------------
 1 file changed, 22 insertions(+), 14 deletions(-)

(limited to 'source3/passdb/lookup_sid.c')

diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index 53845117e2..10ff36d51b 100644
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -1308,13 +1308,17 @@ void uid_to_sid(DOM_SID *psid, uid_t uid)
 	if (!ret || expired) {
 		/* Not in cache. Ask winbindd. */
 		if (!winbind_uid_to_sid(psid, uid)) {
-			if (!winbind_ping()) {
-				legacy_uid_to_sid(psid, uid);
-				return;
-			}
-
-			DEBUG(5, ("uid_to_sid: winbind failed to find a sid for uid %u\n",
-				uid));
+			/*
+ 			 * We shouldn't return the NULL SID
+ 			 * here if winbind was running and
+ 			 * couldn't map, as winbind will have
+ 			 * added a negative entry that will
+ 			 * cause us to go though the
+ 			 * legacy_uid_to_sid()
+ 			 * function anyway in the case above
+ 			 * the next time we ask.
+ 			 */
+			legacy_uid_to_sid(psid, uid);
 			return;
 		}
 	}
@@ -1354,13 +1358,17 @@ void gid_to_sid(DOM_SID *psid, gid_t gid)
 	if (!ret || expired) {
 		/* Not in cache. Ask winbindd. */
 		if (!winbind_gid_to_sid(psid, gid)) {
-			if (!winbind_ping()) {
-				legacy_gid_to_sid(psid, gid);
-				return;
-			}
-
-			DEBUG(5, ("gid_to_sid: winbind failed to find a sid for gid %u\n",
-				gid));
+			/*
+ 			 * We shouldn't return the NULL SID
+ 			 * here if winbind was running and
+ 			 * couldn't map, as winbind will have
+ 			 * added a negative entry that will
+ 			 * cause us to go though the
+ 			 * legacy_gid_to_sid()
+ 			 * function anyway in the case above
+ 			 * the next time we ask.
+ 			 */
+			legacy_gid_to_sid(psid, gid);
 			return;
 		}
 	}
-- 
cgit