From 71f99cb132f4c26f9febac6cb7dcd79f4940216a Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Mon, 25 Sep 2017 15:39:39 +0200
Subject: winbindd: pass domain SID to wbint_UnixIDs2Sids

This makes the domain SID available to the idmap child for
wbint_UnixIDs2Sids mapping request. It's not used yet anywhere, this
comes in the next commit.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13052

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
---
 librpc/idl/winbind.idl               | 1 +
 source3/include/idmap.h              | 5 +++++
 source3/winbindd/idmap.c             | 4 +++-
 source3/winbindd/idmap_proto.h       | 3 ++-
 source3/winbindd/wb_xids2sids.c      | 5 +++--
 source3/winbindd/winbindd_dual_srv.c | 3 ++-
 6 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/librpc/idl/winbind.idl b/librpc/idl/winbind.idl
index 737d66abe70..f5e3507bff5 100644
--- a/librpc/idl/winbind.idl
+++ b/librpc/idl/winbind.idl
@@ -58,6 +58,7 @@ interface winbind
 
     NTSTATUS wbint_UnixIDs2Sids(
 	[in,string,charset(UTF8)] char *domain_name,
+	[in] dom_sid domain_sid,
 	[in] uint32 num_ids,
 	[in,out] unixid xids[num_ids],
 	[out] dom_sid sids[num_ids]
diff --git a/source3/include/idmap.h b/source3/include/idmap.h
index 75d2e45b174..8d80643e6e9 100644
--- a/source3/include/idmap.h
+++ b/source3/include/idmap.h
@@ -37,6 +37,11 @@ struct wbint_userinfo;
 
 struct idmap_domain {
 	const char *name;
+	/*
+	 * dom_sid is currently only initialized in the unixids_to_sids request,
+	 * so don't rely on this being filled out everywhere!
+	 */
+	struct dom_sid dom_sid;
 	struct idmap_methods *methods;
 	NTSTATUS (*query_user)(struct idmap_domain *domain,
 			       struct wbint_userinfo *info);
diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c
index 6e70b44c425..bfac7f86432 100644
--- a/source3/winbindd/idmap.c
+++ b/source3/winbindd/idmap.c
@@ -600,7 +600,8 @@ NTSTATUS idmap_allocate_gid(struct unixid *id)
 }
 
 NTSTATUS idmap_backend_unixids_to_sids(struct id_map **maps,
-				       const char *domain_name)
+				       const char *domain_name,
+				       struct dom_sid domain_sid)
 {
 	struct idmap_domain *dom = NULL;
 	NTSTATUS status;
@@ -621,6 +622,7 @@ NTSTATUS idmap_backend_unixids_to_sids(struct id_map **maps,
 		return NT_STATUS_NONE_MAPPED;
 	}
 
+	dom->dom_sid = domain_sid;
 	status = dom->methods->unixids_to_sids(dom, maps);
 
 	DBG_DEBUG("unixid_to_sids for domain %s returned %s\n",
diff --git a/source3/winbindd/idmap_proto.h b/source3/winbindd/idmap_proto.h
index f4fc2c22739..a36d6c2f5bb 100644
--- a/source3/winbindd/idmap_proto.h
+++ b/source3/winbindd/idmap_proto.h
@@ -34,7 +34,8 @@ void idmap_close(void);
 NTSTATUS idmap_allocate_uid(struct unixid *id);
 NTSTATUS idmap_allocate_gid(struct unixid *id);
 NTSTATUS idmap_backend_unixids_to_sids(struct id_map **maps,
-				       const char *domain_name);
+				       const char *domain_name,
+				       struct dom_sid domain_sid);
 struct idmap_domain *idmap_find_domain(const char *domname);
 
 /* The following definitions come from winbindd/idmap_nss.c  */
diff --git a/source3/winbindd/wb_xids2sids.c b/source3/winbindd/wb_xids2sids.c
index 8850e63c8b4..a2a4493bde8 100644
--- a/source3/winbindd/wb_xids2sids.c
+++ b/source3/winbindd/wb_xids2sids.c
@@ -306,7 +306,7 @@ static struct tevent_req *wb_xids2sids_dom_send(
 
 	child = idmap_child();
 	subreq = dcerpc_wbint_UnixIDs2Sids_send(
-		state, ev, child->binding_handle, dom_map->name,
+		state, ev, child->binding_handle, dom_map->name, dom_map->sid,
 		state->num_dom_xids, state->dom_xids, state->dom_sids);
 	if (tevent_req_nomem(subreq, req)) {
 		return tevent_req_post(req, ev);
@@ -409,7 +409,8 @@ static void wb_xids2sids_dom_gotdc(struct tevent_req *subreq)
 	child = idmap_child();
 	subreq = dcerpc_wbint_UnixIDs2Sids_send(
 		state, state->ev, child->binding_handle, state->dom_map->name,
-		state->num_dom_xids, state->dom_xids, state->dom_sids);
+		state->dom_map->sid, state->num_dom_xids,
+		state->dom_xids, state->dom_sids);
 	if (tevent_req_nomem(subreq, req)) {
 		return;
 	}
diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c
index f79915c7e69..9fb15e9b0ab 100644
--- a/source3/winbindd/winbindd_dual_srv.c
+++ b/source3/winbindd/winbindd_dual_srv.c
@@ -230,7 +230,8 @@ NTSTATUS _wbint_UnixIDs2Sids(struct pipes_struct *p,
 		maps[i]->xid = r->in.xids[i];
 	}
 
-	status = idmap_backend_unixids_to_sids(maps, r->in.domain_name);
+	status = idmap_backend_unixids_to_sids(maps, r->in.domain_name,
+					       r->in.domain_sid);
 	if (!NT_STATUS_IS_OK(status)) {
 		TALLOC_FREE(maps);
 		return status;
-- 
cgit v1.2.1