idmap: centrally check that unix IDs returned by the idmap backends are in range
authorMichael Adam <obnox@samba.org>
Tue, 9 Aug 2016 16:25:12 +0000 (18:25 +0200)
committerMichael Adam <obnox@samba.org>
Tue, 16 Aug 2016 23:21:39 +0000 (01:21 +0200)
Note: in the long run, it might be good to move this kind of
exit check (before handing the result back to the client)
to the parent winbindd code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12155

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Wed Aug 17 01:21:39 CEST 2016 on sn-devel-144

source3/winbindd/winbindd_dual_srv.c

index fb65e9d..0484e19 100644 (file)
@@ -189,6 +189,10 @@ NTSTATUS _wbint_Sids2UnixIDs(struct pipes_struct *p,
        for (i=0; i<num_ids; i++) {
                struct id_map *m = id_map_ptrs[i];
 
+               if (!idmap_unix_id_is_in_range(m->xid.id, dom)) {
+                       m->status = ID_UNMAPPED;
+               }
+
                if (m->status == ID_MAPPED) {
                        ids[i].xid = m->xid;
                } else {