1 files changed, 15 insertions, 5 deletions

diff --git a/source3/winbindd/idmap_hash/idmap_hash.c b/source3/winbindd/idmap_hash/idmap_hash.c
index a3430350625..e9d90e3d02b 100644
--- a/source3/winbindd/idmap_hash/idmap_hash.c
+++ b/source3/winbindd/idmap_hash/idmap_hash.c
@@ -295,12 +295,11 @@ static NTSTATUS idmap_hash_sid_to_id(struct sid_hash_table *hashed_domains,
 	 */
 	if (netsamlogon_cache_have(&sid)) {
 		/*
-		 * We keep the legacy behavior and
-		 * just return the mapping, but
-		 * the reverse mapping would not
-		 * still not work.
+		 * The domain is valid, so we'll
+		 * remember it in order to
+		 * allow reverse mappings to work.
 		 */
-		goto return_mapping;
+		goto remember_domain;
 	}
 
 	if (id->xid.type == ID_TYPE_NOT_SPECIFIED) {
@@ -323,6 +322,17 @@ static NTSTATUS idmap_hash_sid_to_id(struct sid_hash_table *hashed_domains,
 	}
 
 	/*
+	 * Now we're sure the domain exist, remember
+	 * the domain in order to return reverse mappings
+	 * in future.
+	 */
+remember_domain:
+	hashed_domains[h_domain].sid = dom_sid_dup(hashed_domains, &sid);
+	if (hashed_domains[h_domain].sid == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/*
 	 * idmap_hash used to bounce back the requested type,
 	 * which was ID_TYPE_UID, ID_TYPE_GID or
 	 * ID_TYPE_NOT_SPECIFIED before as the winbindd parent