From 2eeb53890bba81a0fce18c3eb185c337c9222202 Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Fri, 24 Mar 2017 16:54:39 +0100 Subject: winbindd: remove lookupsid() fallback for a failed lookupsids() If lookupsids() returned any other error then OK, SOME_NOT_MAPPED or NONE_MAPPED we must just bail out. If some or all SIDs could not be mapped via lookupds(), don't fallback to lookupsid(), it will just fail again. The retry logic with going through the single sids lookup at the end added a fake domain with an empty string. The wb_lookupsids caller wb_sids2xids needed this, as it wasn't doing the needed error handling itself. As wb_sids2xids has been fixed to cope, we can just fail the lookupsids here. Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison --- source3/winbindd/wb_lookupsids.c | 24 ++++-------------------- 1 file changed, 4 insertions(+), 20 deletions(-) diff --git a/source3/winbindd/wb_lookupsids.c b/source3/winbindd/wb_lookupsids.c index 219afb38c92..f6052a528ac 100644 --- a/source3/winbindd/wb_lookupsids.c +++ b/source3/winbindd/wb_lookupsids.c @@ -471,7 +471,6 @@ static void wb_lookupsids_done(struct tevent_req *subreq) req, struct wb_lookupsids_state); struct wb_lookupsids_domain *d; uint32_t i; - bool fallback = false; NTSTATUS status, result; @@ -480,25 +479,8 @@ static void wb_lookupsids_done(struct tevent_req *subreq) if (tevent_req_nterror(req, status)) { return; } - - d = &state->domains[state->domains_done]; - - if (NT_STATUS_IS_ERR(result)) { - fallback = true; - } else if (state->tmp_names.count != d->sids.num_sids) { - fallback = true; - } - - if (fallback) { - for (i=0; i < d->sids.num_sids; i++) { - uint32_t res_sid_index = d->sid_indexes[i]; - - state->single_sids[state->num_single_sids] = - res_sid_index; - state->num_single_sids += 1; - } - state->domains_done += 1; - wb_lookupsids_next(req, state); + if (NT_STATUS_LOOKUP_ERR(result)) { + tevent_req_nterror(req, result); return; } @@ -506,6 +488,8 @@ static void wb_lookupsids_done(struct tevent_req *subreq) * Look at the individual states in the translated names. */ + d = &state->domains[state->domains_done]; + for (i=0; itmp_names.count; i++) { uint32_t res_sid_index = d->sid_indexes[i]; -- cgit v1.2.1