From: Jeremy Allison <jra@samba.org>
Date: Wed, 28 Sep 2016 18:26:04 +0000 (-0700)
Subject: s3: winbind: Trust name2sid mappings from the PAC.
X-Git-Url: http://git.samba.org/?p=metze%2Fsamba%2Fwip.git;a=commitdiff_plain;h=1017b22f68e798a080e0738d3beecf008b2284ef

s3: winbind: Trust name2sid mappings from the PAC.

Don't refresh sequence number in parent as the
mapping comes from a trusted DC.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
---

diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
index 2bce12da9a70..3e01ff04022b 100644
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -3339,6 +3339,25 @@ bool lookup_cached_name(const char *domain_name,
 	return NT_STATUS_IS_OK(status);
 }
 
+/*
+ * Cache a name to sid without checking the sequence number.
+ * Used when caching from a trusted PAC.
+ */
+
+void cache_name2sid_trusted(struct winbindd_domain *domain,
+			const char *domain_name,
+			const char *name,
+			enum lsa_SidType type,
+			const struct dom_sid *sid)
+{
+	wcache_save_name_to_sid(domain,
+				NT_STATUS_OK,
+				domain_name,
+				name,
+				sid,
+				type);
+}
+
 void cache_name2sid(struct winbindd_domain *domain, 
 		    const char *domain_name, const char *name,
 		    enum lsa_SidType type, const struct dom_sid *sid)
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index da874c74a0a2..8456876b20ef 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -2598,7 +2598,7 @@ NTSTATUS winbindd_pam_auth_pac_send(struct winbindd_cli_state *state,
 				info3_copy->base.domain_sid,
 				info3_copy->base.rid);
 
-			cache_name2sid(domain,
+			cache_name2sid_trusted(domain,
 				info3_copy->base.logon_domain.string,
 				info3_copy->base.account_name.string,
 				SID_NAME_USER,
diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h
index 4d99927aa88c..5e3d9fbdbc8d 100644
--- a/source3/winbindd/winbindd_proto.h
+++ b/source3/winbindd/winbindd_proto.h
@@ -86,6 +86,11 @@ bool lookup_cached_name(const char *domain_name,
 			const char *name,
 			struct dom_sid *sid,
 			enum lsa_SidType *type);
+void cache_name2sid_trusted(struct winbindd_domain *domain,
+			const char *domain_name,
+			const char *name,
+			enum lsa_SidType type,
+			const struct dom_sid *sid);
 void cache_name2sid(struct winbindd_domain *domain, 
 		    const char *domain_name, const char *name,
 		    enum lsa_SidType type, const struct dom_sid *sid);