s3:winbind: Don't abort when receiving a NULL SID

Source code in winbind_rpc.c states that if the trusted domain
has no SID, winbindd just aborts the session. This happens with
MIT Kerberos realm added as trust to AD and winbindd just returns
without processing further as there is no SID returned for the
Linux system having kerberos support.

This fix makes winbindd to skip the domain having NULL SID instead
of aborting the request completely.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13913

Signed-off-by: Amit Kumar <amitkuma@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c
index ffbaabcfe4922a5b18983e24d84ca915b408344f..793ebe0df569b3285f099e29dd1fa7d92ac91341 100644 (file)
--- a/source3/winbindd/winbindd_rpc.c
+++ b/source3/winbindd/winbindd_rpc.c
@@ -952,26 +952,24 @@ NTSTATUS rpc_trusted_domains(TALLOC_CTX *mem_ctx,
                                return NT_STATUS_NO_MEMORY;
                        }
 
+                       if (dom_list_ex.domains[i].sid == NULL) {
+                               DBG_ERR("Trusted domain %s has no SID, "
+                                       "skipping!\n",
+                                       trust->dns_name);
+                               continue;
+                       }
+
                        if (has_ex) {
                                trust->netbios_name = talloc_move(array,
                                                                  &dom_list_ex.domains[i].netbios_name.string);
                                trust->dns_name = talloc_move(array,
                                                              &dom_list_ex.domains[i].domain_name.string);
-                               if (dom_list_ex.domains[i].sid == NULL) {
-                                       DEBUG(0, ("Trusted Domain %s has no SID, aborting!\n", trust->dns_name));
-                                       return NT_STATUS_INVALID_NETWORK_RESPONSE;
-                               }
                                sid_copy(sid, dom_list_ex.domains[i].sid);
                        } else {
                                trust->netbios_name = talloc_move(array,
                                                                  &dom_list.domains[i].name.string);
                                trust->dns_name = NULL;
 
-                               if (dom_list.domains[i].sid == NULL) {
-                                       DEBUG(0, ("Trusted Domain %s has no SID, aborting!\n", trust->netbios_name));
-                                       return NT_STATUS_INVALID_NETWORK_RESPONSE;
-                               }
-
                                sid_copy(sid, dom_list.domains[i].sid);
                        }