winbind cache: Don't create SN cache entries during name-to-sid queries.

Clients can request name-to-sid queries for different combinations of
upper and lower case names. We don't want to create the reverse caching
entries for each combination used.

This avoids inconsistent answers on sid-to-name queries.

Please review!

Karolin
(This used to be commit b58e4f6b3d73294d8448c0dff4341183c52e5b7c)

diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
index 60403717c18f7c7bac4e33cbed4c25ddccc30542..03512b9745460cdee5245f3bc3e38e41bebeae00 100644 (file)
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -1451,13 +1451,13 @@ do_query:
        if (domain->online &&
            (NT_STATUS_IS_OK(status) || NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED))) {
                wcache_save_name_to_sid(domain, status, domain_name, name, sid, *type);
+       
+       /* Don't add SN cache entries for sid-to-name queries during this operation.
+        * It leads to inconsistent answers during sid-to-name queries as the
+        * client can ask for different combinations of lower case and upper case
+        * names in these name-to-sid queries.
+        */
 
-               /* Only save the reverse mapping if this was not a UPN */
-               if (!strchr(name, '@')) {
-                       strupper_m(CONST_DISCARD(char *,domain_name));
-                       strlower_m(CONST_DISCARD(char *,name));
-                       wcache_save_sid_to_name(domain, status, sid, domain_name, name, *type);
-               }
        }
        
        return status;