From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 6 Mar 2017 11:53:09 +0000 (+0000)
Subject: idmap_autorid: allocate new domain range if the callers knows the sid is valid
X-Git-Tag: tdb-1.3.13~629
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e015748657e9ee755b04f55f088c78bd025378cc;p=thirdparty%2Fsamba.git

idmap_autorid: allocate new domain range if the callers knows the sid is valid

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12613

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Mar  8 04:06:59 CET 2017 on sn-devel-144
---

diff --git a/source3/winbindd/idmap_autorid.c b/source3/winbindd/idmap_autorid.c
index 786f83965d4..ab89d35ac5d 100644
--- a/source3/winbindd/idmap_autorid.c
+++ b/source3/winbindd/idmap_autorid.c
@@ -635,6 +635,19 @@ static NTSTATUS idmap_autorid_sid_to_id(struct idmap_tdb_common_context *common,
 		}
 	}
 
+	/*
+	 * If the caller already did a lookup sid and made sure the
+	 * domain sid is valid, we can allocate a new range.
+	 *
+	 * Currently the winbindd parent already does a lookup sids
+	 * first, but hopefully changes in future. If the
+	 * caller knows the domain sid, ID_TYPE_BOTH should be
+	 * passed instead of ID_TYPE_NOT_SPECIFIED.
+	 */
+	if (map->xid.type != ID_TYPE_NOT_SPECIFIED) {
+		goto allocate;
+	}
+
 	/*
 	 * Check of last resort: A domain is valid if a user from that
 	 * domain has recently logged in. The samlogon_cache these