winbind: Fix "wbinfo -u" on a Samba AD DC with >1000 usersv4-18-test

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15366

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue May  9 02:58:45 UTC 2023 on atb-devel-224

(cherry picked from commit 6206e15b4de0ba67d713124c2be353dabf3878c8)

Autobuild-User(v4-18-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-18-test): Fri May 12 15:58:34 UTC 2023 on atb-devel-224

2 files changed, 62 insertions, 41 deletions

diff --git a/selftest/knownfail.d/wbinfo_u_large_ad b/selftest/knownfail.d/wbinfo_u_large_ad
deleted file mode 100644
index a7814a95cc2..00000000000
--- a/selftest/knownfail.d/wbinfo_u_large_ad
+++ /dev/null
@@ -1 +0,0 @@
-^samba.wbinfo_u_large_ad.\(ad_dc:local\).*
\ No newline at end of file
diff --git a/source3/winbindd/winbindd_samr.c b/source3/winbindd/winbindd_samr.c
index ebf9c24b9e4..92dd1851abd 100644
--- a/source3/winbindd/winbindd_samr.c
+++ b/source3/winbindd/winbindd_samr.c
@@ -914,8 +914,6 @@ static NTSTATUS sam_rids_to_names(struct winbindd_domain *domain,
 	struct rpc_pipe_client *samr_pipe = NULL;
 	struct dcerpc_binding_handle *h = NULL;
 	struct policy_handle dom_pol = { .handle_type = 0, };
-	struct lsa_Strings lsa_names = { .count = 0, };
-	struct samr_Ids samr_types = { .count = 0, };
 	enum lsa_SidType *types = NULL;
 	char **names = NULL;
 	const char *domain_name = NULL;
@@ -997,49 +995,73 @@ again:
 	}
 	h = samr_pipe->binding_handle;
 
-	status = dcerpc_samr_LookupRids(
-		h,
-		tmp_ctx,
-		&dom_pol,
-		num_rids,
-		rids,
-		&lsa_names,
-		&samr_types,
-		&result);
-
-	if (!retry && reset_connection_on_error(domain, samr_pipe, status)) {
-		retry = true;
-		goto again;
-	}
+	/*
+	 * Magic number 1000 comes from samr.idl
+	 */
 
-	if (!NT_STATUS_IS_OK(status)) {
-		DBG_DEBUG("dcerpc_samr_LookupRids failed: %s\n",
-			  nt_errstr(status));
-		goto fail;
-	}
-	if (!NT_STATUS_IS_OK(result) &&
-	    !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED)) {
-		DBG_DEBUG("dcerpc_samr_LookupRids resulted in %s\n",
-			  nt_errstr(result));
-		status = result;
-		goto fail;
-	}
+	for (i = 0; i < num_rids; i += 1000) {
+		uint32_t num_lookup_rids = MIN(num_rids - i, 1000);
+		struct lsa_Strings lsa_names = {
+			.count = 0,
+		};
+		struct samr_Ids samr_types = {
+			.count = 0,
+		};
+		uint32_t j;
+
+		status = dcerpc_samr_LookupRids(h,
+						tmp_ctx,
+						&dom_pol,
+						num_lookup_rids,
+						&rids[i],
+						&lsa_names,
+						&samr_types,
+						&result);
+
+		if (!retry &&
+		    reset_connection_on_error(domain, samr_pipe, status)) {
+			retry = true;
+			goto again;
+		}
 
-	for (i=0; i<num_rids; i++) {
-		types[i] = samr_types.ids[i];
-		names[i] = talloc_move(
-			names,
-			discard_const_p(char *, &lsa_names.names[i].string));
+		if (!NT_STATUS_IS_OK(status)) {
+			DBG_DEBUG("dcerpc_samr_LookupRids failed: %s\n",
+				  nt_errstr(status));
+			goto fail;
+		}
+		if (!NT_STATUS_IS_OK(result) &&
+		    !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED)) {
+			DBG_DEBUG("dcerpc_samr_LookupRids resulted in %s\n",
+				  nt_errstr(result));
+			status = result;
+			goto fail;
+		}
 
-		if (names[i] != NULL) {
-			char *normalized = NULL;
-			NTSTATUS nstatus = normalize_name_map(
-				names, domain_name, names[i], &normalized);
-			if (NT_STATUS_IS_OK(nstatus) ||
-			    NT_STATUS_EQUAL(nstatus, NT_STATUS_FILE_RENAMED)) {
-				names[i] = normalized;
+		for (j = 0; j < num_lookup_rids; j++) {
+			uint32_t dst = i + j;
+
+			types[dst] = samr_types.ids[j];
+			names[dst] = talloc_move(
+				names,
+				discard_const_p(char *,
+						&lsa_names.names[j].string));
+			if (names[dst] != NULL) {
+				char *normalized = NULL;
+				NTSTATUS nstatus =
+					normalize_name_map(names,
+							   domain_name,
+							   names[dst],
+							   &normalized);
+				if (NT_STATUS_IS_OK(nstatus) ||
+				    NT_STATUS_EQUAL(nstatus,
+						    NT_STATUS_FILE_RENAMED)) {
+					names[dst] = normalized;
+				}
 			}
 		}
+
+		TALLOC_FREE(samr_types.ids);
+		TALLOC_FREE(lsa_names.names);
 	}
 
 done: