smbd: Avoid sending S-1-22- to winbind

Sending S-1-22-x to a typeless sids2xids call will make winbind prime
the reverse xids2sids cache, which is very likely the wrong mapping. Add
a check that avoids bothering the winbind pipe when it's clear this
can't work anyway.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index 6bda783fa03cb4918935ba14d5615620b616e376..bf3ded6683e6fdd85cbb0f10094fc2c2fbd49e86 100644 (file)
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -1489,6 +1489,12 @@ bool sid_to_uid(const struct dom_sid *psid, uid_t *puid)
                return true;
        }
 
+       if (sid_check_is_in_unix_groups(psid)) {
+               DBG_DEBUG("SID %s is a group, failing\n",
+                         dom_sid_str_buf(psid, &buf));
+               return false;
+       }
+
        /* Check the winbindd cache directly. */
        ret = idmap_cache_find_sid2uid(psid, puid, &expired);
 
@@ -1545,6 +1551,12 @@ bool sid_to_gid(const struct dom_sid *psid, gid_t *pgid)
                return true;
        }
 
+       if (sid_check_is_in_unix_users(psid)) {
+               DBG_DEBUG("SID %s is a user, failing\n",
+                         dom_sid_str_buf(psid, &buf));
+               return false;
+       }
+
        /* Check the winbindd cache directly. */
        ret = idmap_cache_find_sid2gid(psid, pgid, &expired);