idmap: centrally check that unix IDs returned by the idmap backends are in range

Note: in the long run, it might be good to move this kind of
exit check (before handing the result back to the client)
to the parent winbindd code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12155

Signed-off-by: Michael Adam <obnox@samba.org>
(Backported from master commit b2bf61307cffd8ff7b6fb9852c107ab763653119.)

diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c
index cdd9bbd61680830bf4acb1cd50b97e2df5604f09..630d28af3bdd3a76810da9a92ae74cf71d894793 100644 (file)
--- a/source3/winbindd/winbindd_dual_srv.c
+++ b/source3/winbindd/winbindd_dual_srv.c
@@ -203,6 +203,10 @@ NTSTATUS _wbint_Sids2UnixIDs(struct pipes_struct *p,
                for (j=0; j<num_ids; j++) {
                        struct wbint_TransID *id = &r->in.ids->ids[id_idx[j]];
 
+                       if (!idmap_unix_id_is_in_range(ids[j].xid.id, dom)) {
+                               ids[j].status = ID_UNMAPPED;
+                       }
+
                        if (ids[j].status != ID_MAPPED) {
                                id->xid.id = UINT32_MAX;
                                id->xid.type = ID_TYPE_NOT_SPECIFIED;