>From ea6700f321c4b6b2b0b59d7f371f0732a529cd3e Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 28 Sep 2016 11:26:04 -0700
Subject: [PATCH] s3: winbind: Trust name2sid mappings from the PAC.

Don't refresh sequence number in parent as the
mapping comes from a trusted DC.

Signed-off-by: Jeremy Allison <jra@samba.org>
---
 source3/winbindd/winbindd_cache.c | 19 +++++++++++++++++++
 source3/winbindd/winbindd_pam.c   |  2 +-
 source3/winbindd/winbindd_proto.h |  5 +++++
 3 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
index 2bce12d..3e01ff0 100644
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -3339,6 +3339,25 @@ bool lookup_cached_name(const char *domain_name,
 	return NT_STATUS_IS_OK(status);
 }
 
+/*
+ * Cache a name to sid without checking the sequence number.
+ * Used when caching from a trusted PAC.
+ */
+
+void cache_name2sid_trusted(struct winbindd_domain *domain,
+			const char *domain_name,
+			const char *name,
+			enum lsa_SidType type,
+			const struct dom_sid *sid)
+{
+	wcache_save_name_to_sid(domain,
+				NT_STATUS_OK,
+				domain_name,
+				name,
+				sid,
+				type);
+}
+
 void cache_name2sid(struct winbindd_domain *domain, 
 		    const char *domain_name, const char *name,
 		    enum lsa_SidType type, const struct dom_sid *sid)
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index da874c7..8456876 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -2598,7 +2598,7 @@ NTSTATUS winbindd_pam_auth_pac_send(struct winbindd_cli_state *state,
 				info3_copy->base.domain_sid,
 				info3_copy->base.rid);
 
-			cache_name2sid(domain,
+			cache_name2sid_trusted(domain,
 				info3_copy->base.logon_domain.string,
 				info3_copy->base.account_name.string,
 				SID_NAME_USER,
diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h
index 4d99927..5e3d9fb 100644
--- a/source3/winbindd/winbindd_proto.h
+++ b/source3/winbindd/winbindd_proto.h
@@ -86,6 +86,11 @@ bool lookup_cached_name(const char *domain_name,
 			const char *name,
 			struct dom_sid *sid,
 			enum lsa_SidType *type);
+void cache_name2sid_trusted(struct winbindd_domain *domain,
+			const char *domain_name,
+			const char *name,
+			enum lsa_SidType type,
+			const struct dom_sid *sid);
 void cache_name2sid(struct winbindd_domain *domain, 
 		    const char *domain_name, const char *name,
 		    enum lsa_SidType type, const struct dom_sid *sid);
-- 
2.7.4