[PATCHES] winbindd: use idmap cache in getpwuid and getgrgid

Tue Dec 27 10:29:24 UTC 2016

On Tue, Dec 27, 2016 at 10:44:15AM +0100, Volker Lendecke wrote:
> Hi, Uri!
> 
> On Sun, Dec 25, 2016 at 08:48:23PM +0200, Uri Simchoni wrote:
> > The attached patch set makes sure that the winbindd getpwuid() and
> > getgrgid() implementations use the idmap cache if available (this seems
> > to be a 4.5.x regression due to the xids->sids cleanup).
> 
> That might well be the case. I wonder if this could be done directly
> in the xids2sids call without the wrappers.
> 
> While there -- attached find two patches that also prime the cache in
> the xids2sids calls, which was lost also.

What do you think about the attached patch?

This deliberately does not do the is_domain_online() business, just
because I don't fully understand the relevance here.

Currently I am trying to fully understand all the online/offline
implementation, that from my point of view is a bit clumsy. I am open
for any hints how this is supposed to work and what corner cases we
need to take cover with it. My current understanding is that
online/offline is mainly for interactive workstation style offline
logons. Is it relevant at all for the pure file server workload?

For file servers we can't cache credentials anyway, so there is no
real point in trying to continue when the DC is not around beyond the
caching we do anyway. What am I missing here?

Volker
-------------- next part --------------
>From d907e95b62e0f564a08577975f50b5e976b56004 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 27 Dec 2016 10:19:17 +0000
Subject: [PATCH] winbindd: Use idmap cache in xids2sids

Typically smbd should have looked into the idmap cache itself before
contacting winbind. But winbind has internal users of this API (getpwuid
and getgrgid for example), and those need to use the cache too.

Signed-off-by: Volker Lendecke <vl at samba.org>
---
 source3/winbindd/wb_xids2sids.c | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/source3/winbindd/wb_xids2sids.c b/source3/winbindd/wb_xids2sids.c
index e154c3b4774..7ac199884c2 100644
--- a/source3/winbindd/wb_xids2sids.c
+++ b/source3/winbindd/wb_xids2sids.c
@@ -353,6 +353,32 @@ struct tevent_req *wb_xids2sids_send(TALLOC_CTX *mem_ctx,
 		return tevent_req_post(req, ev);
 	}
 
+	if (winbindd_use_idmap_cache()) {
+		uint32_t i;
+
+		for (i=0; i<num_xids; i++) {
+			struct dom_sid sid;
+			bool ok, expired;
+
+			switch (xids[i].type) {
+			    case ID_TYPE_UID:
+				    ok = idmap_cache_find_uid2sid(
+					    xids[i].id, &sid, &expired);
+				    break;
+			    case ID_TYPE_GID:
+				    ok = idmap_cache_find_gid2sid(
+					    xids[i].id, &sid, &expired);
+				    break;
+			    default:
+				    ok = false;
+			}
+
+			if (ok && !expired) {
+				sid_copy(&state->sids[i], &sid);
+			}
+		}
+	}
+
 	wb_xids2sids_init_dom_maps();
 	num_domains = talloc_array_length(dom_maps);
 
-- 
2.11.0

