winbindd: handling of failed lookupsids in wb_lookupsids_single_done()

If lookupsid() failed with NT_STATUS_SOME_NOT_MAPPED or
NT_STATUS_NONE_MAPPED, if we didn't get a domain name, don't add a fake
domain to the lsa_RefDomainList. Just set the domain index in the
translated name to UINT32_MAX.

It's up to callers like wb_sids2xids to handle such failed mappings and
wb_sids2xids_lookupsids_done() has been updated in a previous commit to
deal with it.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

1 files changed, 35 insertions, 47 deletions

diff --git a/source3/winbindd/wb_lookupsids.c b/source3/winbindd/wb_lookupsids.c
index d7f882084be..dbb24fde0aa 100644
--- a/source3/winbindd/wb_lookupsids.c
+++ b/source3/winbindd/wb_lookupsids.c
@@ -23,6 +23,7 @@
 #include "librpc/gen_ndr/ndr_winbind_c.h"
 #include "../libcli/security/security.h"
 #include "passdb/machine_sid.h"
+#include "lsa.h"
 
 struct wb_lookupsids_domain {
 	struct winbindd_domain *domain;
@@ -537,7 +538,8 @@ static void wb_lookupsids_single_done(struct tevent_req *subreq)
 		subreq, struct tevent_req);
 	struct wb_lookupsids_state *state = tevent_req_data(
 		req, struct wb_lookupsids_state);
-	const char *domain_name, *name;
+	const char *domain_name = NULL;
+	const char *name = NULL;
 	enum lsa_SidType type;
 	uint32_t res_sid_index;
 	uint32_t src_rid;
@@ -545,67 +547,53 @@ static void wb_lookupsids_single_done(struct tevent_req *subreq)
 	struct dom_sid src_domain_sid;
 	struct lsa_DomainInfo src_domain;
 	struct lsa_RefDomainList src_domains;
+	struct lsa_RefDomainList *psrc_domains = NULL;
 	struct lsa_TranslatedName src_name;
 
+	uint32_t domain_idx = UINT32_MAX;
 	NTSTATUS status;
+	bool ok;
 
 	status = wb_lookupsid_recv(subreq, talloc_tos(), &type,
 				   &domain_name, &name);
 	TALLOC_FREE(subreq);
-	if (!NT_STATUS_IS_OK(status)) {
-		struct winbindd_domain *wb_domain = NULL;
-		const char *tmpname;
-
-		type = SID_NAME_UNKNOWN;
-
-		res_sid_index = state->single_sids[state->single_sids_done];
-		wb_domain = find_domain_from_sid_noinit(&state->sids[res_sid_index]);
-		if (wb_domain != NULL) {
-			/*
-			 * If the lookupsid failed because the rid not
-			 * found in a domain and we have a reference
-			 * to the lookup domain, use the name from
-			 * there.
-			 *
-			 * Callers like sid2xid will use the domain
-			 * name in the idmap backend to figure out
-			 * which domain to use in processing.
-			 */
-			tmpname = wb_domain->name;
-		} else {
-			tmpname = "";
-		}
-		domain_name = talloc_strdup(talloc_tos(), tmpname);
-		if (tevent_req_nomem(domain_name, req)) {
-			return;
-		}
-		name = talloc_strdup(talloc_tos(), "");
-		if (tevent_req_nomem(name, req)) {
-			return;
-		}
+	if (NT_STATUS_LOOKUP_ERR(status)) {
+		tevent_req_nterror(req, status);
+		return;
 	}
 
-	/*
-	 * Fake up structs for wb_lookupsids_move_name
-	 */
 	res_sid_index = state->single_sids[state->single_sids_done];
 
-	sid_copy(&src_domain_sid, &state->sids[res_sid_index]);
-	sid_split_rid(&src_domain_sid, &src_rid);
-	src_domain.name.string = domain_name;
-	src_domain.sid = &src_domain_sid;
+	if ((domain_name != NULL) && (domain_name[0] != '\0')) {
+		/*
+		 * Build structs with the domain name for
+		 * wb_lookupsids_move_name(). If we didn't get a name, we will
+		 * pass NULL and UINT32_MAX.
+		 */
 
-	src_domains.count = 1;
-	src_domains.domains = &src_domain;
+		sid_copy(&src_domain_sid, &state->sids[res_sid_index]);
+		sid_split_rid(&src_domain_sid, &src_rid);
+
+		src_domain.name.string = domain_name;
+		src_domain.sid = &src_domain_sid;
+
+		src_domains.count = 1;
+		src_domains.domains = &src_domain;
+		psrc_domains = &src_domains;
+
+		domain_idx = 0;
+	}
 
 	src_name.sid_type = type;
 	src_name.name.string = name;
-	src_name.sid_index = 0;
-
-	if (!wb_lookupsids_move_name(
-		    &src_domains, &src_name,
-		    state->res_domains, state->res_names,
-		    res_sid_index)) {
+	src_name.sid_index = domain_idx;
+
+	ok = wb_lookupsids_move_name(psrc_domains,
+				     &src_name,
+				     state->res_domains,
+				     state->res_names,
+				     res_sid_index);
+	if (!ok) {
 		tevent_req_oom(req);
 		return;
 	}