s3: winbind: Trust name2sid mappings from the PAC.

Don't refresh sequence number in parent as the
mapping comes from a trusted DC.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
index 2bce12da9a7063cdd4e9b3ce87b6cc89335d597c..3e01ff04022bf1ab52c0973e65fa76d3cd193b0b 100644 (file)
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -3339,6 +3339,25 @@ bool lookup_cached_name(const char *domain_name,
        return NT_STATUS_IS_OK(status);
 }
 
+/*
+ * Cache a name to sid without checking the sequence number.
+ * Used when caching from a trusted PAC.
+ */
+
+void cache_name2sid_trusted(struct winbindd_domain *domain,
+                       const char *domain_name,
+                       const char *name,
+                       enum lsa_SidType type,
+                       const struct dom_sid *sid)
+{
+       wcache_save_name_to_sid(domain,
+                               NT_STATUS_OK,
+                               domain_name,
+                               name,
+                               sid,
+                               type);
+}
+
 void cache_name2sid(struct winbindd_domain *domain, 
                    const char *domain_name, const char *name,
                    enum lsa_SidType type, const struct dom_sid *sid)

diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index da874c74a0a2a0e18d21c4725bbd89dcdac162df..8456876b20efd8e178f597e936694d5fa4de3c0b 100644 (file)
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -2598,7 +2598,7 @@ NTSTATUS winbindd_pam_auth_pac_send(struct winbindd_cli_state *state,
                                info3_copy->base.domain_sid,
                                info3_copy->base.rid);
 
-                       cache_name2sid(domain,
+                       cache_name2sid_trusted(domain,
                                info3_copy->base.logon_domain.string,
                                info3_copy->base.account_name.string,
                                SID_NAME_USER,

diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h
index 4d99927aa88c396f95ce3ab0af2e4e0ddc70ed55..5e3d9fbdbc8d93fb6f3320159f8533f87028a084 100644 (file)
--- a/source3/winbindd/winbindd_proto.h
+++ b/source3/winbindd/winbindd_proto.h
@@ -86,6 +86,11 @@ bool lookup_cached_name(const char *domain_name,
                        const char *name,
                        struct dom_sid *sid,
                        enum lsa_SidType *type);
+void cache_name2sid_trusted(struct winbindd_domain *domain,
+                       const char *domain_name,
+                       const char *name,
+                       enum lsa_SidType type,
+                       const struct dom_sid *sid);
 void cache_name2sid(struct winbindd_domain *domain, 
                    const char *domain_name, const char *name,
                    enum lsa_SidType type, const struct dom_sid *sid);