idmap_autorid: allocate new domain range if the callers knows the sid is valid
authorStefan Metzmacher <metze@samba.org>
Mon, 6 Mar 2017 11:53:09 +0000 (11:53 +0000)
committerJeremy Allison <jra@samba.org>
Wed, 8 Mar 2017 03:06:59 +0000 (04:06 +0100)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12613

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Mar  8 04:06:59 CET 2017 on sn-devel-144

source3/winbindd/idmap_autorid.c

index 786f83965d468db5db915472fb0d60ff4efae4bb..ab89d35ac5d057f837bcc242467e086ac9e4d7d7 100644 (file)
@@ -635,6 +635,19 @@ static NTSTATUS idmap_autorid_sid_to_id(struct idmap_tdb_common_context *common,
                }
        }
 
+       /*
+        * If the caller already did a lookup sid and made sure the
+        * domain sid is valid, we can allocate a new range.
+        *
+        * Currently the winbindd parent already does a lookup sids
+        * first, but hopefully changes in future. If the
+        * caller knows the domain sid, ID_TYPE_BOTH should be
+        * passed instead of ID_TYPE_NOT_SPECIFIED.
+        */
+       if (map->xid.type != ID_TYPE_NOT_SPECIFIED) {
+               goto allocate;
+       }
+
        /*
         * Check of last resort: A domain is valid if a user from that
         * domain has recently logged in. The samlogon_cache these