[PATCHES] winbindd: fix sid->xid for SID History SIDs

[Uri Simchoni]

On 04/10/2017 08:24 PM, Ralph Böhme wrote:
> On Fri, Apr 07, 2017 at 09:23:43PM +0300, Uri Simchoni wrote:
>> On 04/07/2017 08:32 PM, Ralph Böhme wrote:
>>> On Mon, Apr 03, 2017 at 07:50:08AM +0300, Uri Simchoni via samba-technical wrote:
>>>> Hi,
>>>>
>>>> Here's a V2 of the patch set.
>>>
>>> just fyi, I have this on my list.
>>>
>>> -slow
>>>
>> Thanks.
>> Here's a rebased patch set, with 4/6 adapted to the recent change in
>> wb_lookupsids_bulk(). Otherwise the same.
> 
> looks like this still has the O(N^2) performance issue I mentioned or did I miss
> anything?
> 
> Besides that, attached is a simple fix for sids2xids on-top of my proposed
> cleanup for wb_lookupsids [1] that should already address the SID-history if the
> domain is still around.
> 
> Your patch could go on-top as a more complete patch for the case that the
> "historic domain" is behind a one-way trust (where we don't have the domain in
> our list of trusted domains).
> 
> Thoughts?
> 
> -slow
> 
> [1] <https://lists.samba.org/archive/samba-technical/2017-April/119944.html>
> 

Pushed the simple fix, I think for backports we can use just "no
match->default domain", or, if we want the bugfix to be based on
backported patches, only backport [1/6] of the recent simplification
patch set and the "don_sid_in_donain" fix.

Regarding my patch and O(N^2) - the search is O(NxM) where M is the
number of added domain sids in the lookup. Notice that the domain sids
are added, unconditionally, to the back of the resolving list, and the
subsequent search is over the added stuff only.

Please indicate if you'd like me to rebase this patch set on top of
recent commits or drop this - as far as I'm concerned, the main
objective of not polluting the id-mapping cache is achieved, and
anything else is just trying to get it right for more cases.

Thanks,
Uri.