From d75b3913c9e03ff97336aa7a6e1cbac2eb03f230 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 2 Feb 2009 00:46:57 +0100 Subject: s3:winbind_group: fix "getent group" to allocate new gids. "getent group" used to fill the idmap cache with negative cache entries for unmapped group sids. Don't pass domain name unconditionally to idmap_sid_to_gid(). idmap_sid_to_gid() only creates new mappings (allocating idmap backends tdb, tdb2, ldap...) when the domain name passed in is "". Note that it is _wrong_ to directly call the idmap_sid_to_gid() functions here, in the main winbindd. The correct fix would be to send a sid_to_gid request to winbindd itself, but this needs more work to prepare the async mechanisms, and we nee a quick fix for getent passwd now. Michael --- source3/winbindd/winbindd_group.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'source3/winbindd') diff --git a/source3/winbindd/winbindd_group.c b/source3/winbindd/winbindd_group.c index bc532bbce7..48e6577902 100644 --- a/source3/winbindd/winbindd_group.c +++ b/source3/winbindd/winbindd_group.c @@ -1306,6 +1306,7 @@ void winbindd_getgrent(struct winbindd_cli_state *state) char *gr_mem; DOM_SID group_sid; struct winbindd_domain *domain; + char *domain_name_idmap; /* Do we need to fetch another chunk of groups? */ @@ -1353,8 +1354,13 @@ void winbindd_getgrent(struct winbindd_cli_state *state) sid_copy(&group_sid, &domain->sid); sid_append_rid(&group_sid, name_list[ent->sam_entry_index].rid); - if (!NT_STATUS_IS_OK(idmap_sid_to_gid(domain->name, &group_sid, - &group_gid))) { + domain_name_idmap = domain->have_idmap_config + ? domain->name + : ""; + + if (!NT_STATUS_IS_OK(idmap_sid_to_gid(domain_name_idmap, + &group_sid, &group_gid))) + { union unid_t id; enum lsa_SidType type; -- cgit