From 9abd755b264c953798d45b6eccad8f8b4102c55a Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 17 Feb 2023 16:51:42 +0100 Subject: [PATCH] idmap_autorid: fix ID_REQUIRE_TYPE for more than one SID for an unknown domain When we see a trusted domain SID for the first time, idmap_autorid returns ID_REQUIRE_TYPE only for the first sid and leaves the others with ID_TYPE_NOT_SPECIFIED. It means the winbindd parent only retries the first sid. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15318 Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison (cherry picked from commit a9583b5f96fe3fbf9c1ee545fa868fd705aef3e0) --- source3/winbindd/idmap_autorid.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/source3/winbindd/idmap_autorid.c b/source3/winbindd/idmap_autorid.c index c7d56a37684..bf5947a9b43 100644 --- a/source3/winbindd/idmap_autorid.c +++ b/source3/winbindd/idmap_autorid.c @@ -697,9 +697,10 @@ static NTSTATUS idmap_autorid_sids_to_unixids(struct idmap_domain *dom, { struct idmap_tdb_common_context *commoncfg; NTSTATUS ret; - int i; - int num_tomap = 0; - int num_mapped = 0; + size_t i; + size_t num_tomap = 0; + size_t num_mapped = 0; + size_t num_required = 0; /* initialize the status to avoid surprise */ for (i = 0; ids[i]; i++) { @@ -713,6 +714,12 @@ static NTSTATUS idmap_autorid_sids_to_unixids(struct idmap_domain *dom, for (i = 0; ids[i]; i++) { ret = idmap_autorid_sid_to_id(commoncfg, dom, ids[i]); + if (NT_STATUS_EQUAL(ret, NT_STATUS_SOME_NOT_MAPPED) && + ids[i]->status == ID_REQUIRE_TYPE) + { + num_required++; + continue; + } if ((!NT_STATUS_IS_OK(ret)) && (!NT_STATUS_EQUAL(ret, NT_STATUS_NONE_MAPPED))) { struct dom_sid_buf buf; @@ -729,6 +736,8 @@ static NTSTATUS idmap_autorid_sids_to_unixids(struct idmap_domain *dom, if (num_tomap == num_mapped) { return NT_STATUS_OK; + } else if (num_required > 0) { + return STATUS_SOME_UNMAPPED; } else if (num_mapped == 0) { return NT_STATUS_NONE_MAPPED; } -- 2.34.1