From 9d8fbd6e199f52fb4b491be4923bd30d1a1f81f0 Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Sat, 1 Apr 2017 16:44:45 +0200
Subject: [PATCH 1/4] s3/include: add NT_STATUS_LOOKUP_ERR

Useful helper macro to check the return value of LSA and SAMR
translations.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12728

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit fc37c7327dc7e4ad4405e324fc88d4bbf9b6ef9e)
---
 source3/include/lsa.h | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/source3/include/lsa.h b/source3/include/lsa.h
index 7681aed..c23e942 100644
--- a/source3/include/lsa.h
+++ b/source3/include/lsa.h
@@ -22,4 +22,8 @@ int init_lsa_ref_domain_list(TALLOC_CTX *mem_ctx,
 			     const char *dom_name,
 			     struct dom_sid *dom_sid);
 
+#define NT_STATUS_LOOKUP_ERR(status) \
+	(!NT_STATUS_IS_OK(status) && \
+	 !NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED) && \
+	 !NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED))
 #endif
-- 
2.9.3


From 88e3b6975479ab83c4337358ccff9069eae667a1 Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Sat, 1 Apr 2017 16:56:39 +0200
Subject: [PATCH 2/4] s3/rpc_client: use NT_STATUS_LOOKUP_ERR

No change in behaviour.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12728

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 0e7e4ebad31caa1ccb392f2fe20c67929149b8c9)
---
 source3/rpc_client/cli_lsarpc.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c
index f50a5e9..cfa1f4a 100644
--- a/source3/rpc_client/cli_lsarpc.c
+++ b/source3/rpc_client/cli_lsarpc.c
@@ -256,10 +256,7 @@ static NTSTATUS dcerpc_lsa_lookup_sids_noalloc(struct dcerpc_binding_handle *h,
 		return status;
 	}
 
-	if (!NT_STATUS_IS_OK(result) &&
-	    !NT_STATUS_EQUAL(result, NT_STATUS_NONE_MAPPED) &&
-	    !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED))
-	{
+	if (NT_STATUS_LOOKUP_ERR(result)) {
 		*presult = result;
 		return status;
 	}
-- 
2.9.3


From a096165bafea79d2f72237d95416502a0f7b1c10 Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Sat, 1 Apr 2017 16:51:07 +0200
Subject: [PATCH 3/4] s3/rpc_client: lookupsids error handling of
 NT_STATUS_NONE_MAPPED

NT_STATUS_NONE_MAPPED is not a fatal error, it just means we must return
all lsa_TranslatedName's as type SID_NAME_UNKNOWN.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12728

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 416c74e8c89dc2fb2083beaaa9ac8a6e975ec873)
---
 source3/rpc_client/cli_lsarpc.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c
index cfa1f4a..fdfae30 100644
--- a/source3/rpc_client/cli_lsarpc.c
+++ b/source3/rpc_client/cli_lsarpc.c
@@ -28,6 +28,7 @@
 #include "rpc_client/cli_lsarpc.h"
 #include "rpc_client/init_lsa.h"
 #include "../libcli/security/security.h"
+#include "lsa.h"
 
 /** @defgroup lsa LSA - Local Security Architecture
  *  @ingroup rpc_client
@@ -221,7 +222,7 @@ static NTSTATUS dcerpc_lsa_lookup_sids_noalloc(struct dcerpc_binding_handle *h,
 			return status;
 		}
 
-		if(!NT_STATUS_IS_ERR(result)) {
+		if (!NT_STATUS_LOOKUP_ERR(result)) {
 			lsa_names.count = lsa_names2.count;
 			lsa_names.names = talloc_array(mem_ctx,
 						       struct lsa_TranslatedName,
-- 
2.9.3


From 03f49302f6b27d9739c8748428b85f09a2d6de3c Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Sun, 26 Mar 2017 08:22:13 +0200
Subject: [PATCH 4/4] winbindd: error handling in rpc_lookup_sids()

NT_STATUS_NONE_MAPPED and NT_STATUS_SOME_NOT_MAPPED should not be
treated as fatal error. We should continue processing the results and
not bail out.

In case we got NT_STATUS_NONE_MAPPED we must have to ensure all
lsa_TranslatedName are of type SID_NAME_UNKNOWN.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12728

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 8dfbba59d768b10f6b088cfc49e5dbe6de4834e1)
---
 source3/winbindd/winbindd_rpc.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c
index 528d360..9fb2240 100644
--- a/source3/winbindd/winbindd_rpc.c
+++ b/source3/winbindd/winbindd_rpc.c
@@ -32,6 +32,7 @@
 #include "rpc_client/cli_samr.h"
 #include "rpc_client/cli_lsarpc.h"
 #include "../libcli/security/security.h"
+#include "lsa.h"
 
 /* Query display info for a domain */
 NTSTATUS rpc_query_user_list(TALLOC_CTX *mem_ctx,
@@ -994,7 +995,7 @@ static NTSTATUS rpc_try_lookup_sids3(TALLOC_CTX *mem_ctx,
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
 	}
-	if (NT_STATUS_IS_ERR(result)) {
+	if (NT_STATUS_LOOKUP_ERR(result)) {
 		return result;
 	}
 	if (sids->num_sids != lsa_names2.count) {
@@ -1023,7 +1024,7 @@ static NTSTATUS rpc_try_lookup_sids3(TALLOC_CTX *mem_ctx,
 			return NT_STATUS_INVALID_NETWORK_RESPONSE;
 		}
 	}
-	return result;
+	return NT_STATUS_OK;
 }
 
 NTSTATUS rpc_lookup_sids(TALLOC_CTX *mem_ctx,
@@ -1056,7 +1057,7 @@ NTSTATUS rpc_lookup_sids(TALLOC_CTX *mem_ctx,
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
 	}
-	if (NT_STATUS_IS_ERR(result)) {
+	if (NT_STATUS_LOOKUP_ERR(result)) {
 		return result;
 	}
 
@@ -1076,5 +1077,5 @@ NTSTATUS rpc_lookup_sids(TALLOC_CTX *mem_ctx,
 		}
 	}
 
-	return result;
+	return NT_STATUS_OK;
 }
-- 
2.9.3