diff options
author | Stefan Metzmacher <metze@samba.org> | 2019-03-21 16:54:31 +0100 |
---|---|---|
committer | Jule Anger <janger@samba.org> | 2023-03-30 15:10:10 +0000 |
commit | f27cff23350dc332515a66d98335418d20e94a0e (patch) | |
tree | d7e589464aad90049948f7c4ae584079cd9654e8 | |
parent | 182410af7de4fdfb8100cc83e53d0371e59d6a81 (diff) | |
download | samba-f27cff23350dc332515a66d98335418d20e94a0e.tar.gz |
idmap_hash: don't return ID_REQUIRE_TYPE if the domain is known in the netsamlogon cache
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit ee820553fd2c6ada966a0160cbb0240049f9d9f7)
-rw-r--r-- | source3/winbindd/idmap_hash/idmap_hash.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/source3/winbindd/idmap_hash/idmap_hash.c b/source3/winbindd/idmap_hash/idmap_hash.c index fb900617ec3..a3430350625 100644 --- a/source3/winbindd/idmap_hash/idmap_hash.c +++ b/source3/winbindd/idmap_hash/idmap_hash.c @@ -25,6 +25,7 @@ #include "ads.h" #include "nss_info.h" #include "../libcli/security/dom_sid.h" +#include "libsmb/samlogon_cache.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_IDMAP @@ -287,6 +288,21 @@ static NTSTATUS idmap_hash_sid_to_id(struct sid_hash_table *hashed_domains, goto return_mapping; } + /* + * Check of last resort: A domain is valid if a user from that + * domain has recently logged in. The samlogon_cache these + * days also stores the domain sid. + */ + if (netsamlogon_cache_have(&sid)) { + /* + * We keep the legacy behavior and + * just return the mapping, but + * the reverse mapping would not + * still not work. + */ + goto return_mapping; + } + if (id->xid.type == ID_TYPE_NOT_SPECIFIED) { /* * idmap_hash used to bounce back the requested type, |