From 5dc8fca4465bfbe00191859989087113f1c15f57 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Wed, 21 Dec 2016 11:29:08 +0100
Subject: [PATCH 1/3] idmap: Pass up the xid2sids unix-ids from the idmap child

When asking for gid2sid with an idmap backend that does ID_TYPE_BOTH
and the sid in question is actually a user, the parent winbind needs
to know about it. The next commit will prime the gencache also after
xid2sid calls, and if we filled it with a ID_TYPE_GID entry, a later
sid2uid call would fail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12484

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 9079dc4f4501c4e868f46de41b82927b69dc78d5)
---
 librpc/idl/winbind.idl               | 2 +-
 source3/winbindd/winbindd_dual_srv.c | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/librpc/idl/winbind.idl b/librpc/idl/winbind.idl
index 60c875b..ec472c5 100644
--- a/librpc/idl/winbind.idl
+++ b/librpc/idl/winbind.idl
@@ -59,7 +59,7 @@ interface winbind
     NTSTATUS wbint_UnixIDs2Sids(
 	[in,string,charset(UTF8)] char *domain_name,
 	[in] uint32 num_ids,
-	[in] unixid xids[num_ids],
+	[in,out] unixid xids[num_ids],
 	[out] dom_sid sids[num_ids]
 	);
 
diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c
index 0484e19..b386d75 100644
--- a/source3/winbindd/winbindd_dual_srv.c
+++ b/source3/winbindd/winbindd_dual_srv.c
@@ -233,6 +233,7 @@ NTSTATUS _wbint_UnixIDs2Sids(struct pipes_struct *p,
 	}
 
 	for (i=0; i<r->in.num_ids; i++) {
+		r->out.xids[i] = maps[i]->xid;
 		sid_copy(&r->out.sids[i], maps[i]->sid);
 	}
 
-- 
2.9.3


From fd284de0a375b9805aa6823658c768df6e818405 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Tue, 20 Dec 2016 16:22:48 +0100
Subject: [PATCH 2/3] idmap: Prime gencache after xids2sids calls

This fixes a performance regression for "hide unreadable". With an empty
gencache, we only do xid2sid calls when reading a large number of acls. We
lost caching the xid2sid calls while implmenting the multiple-id calls,
probably because at that time the bug with ID_TYPE_BOTH backends was still
pending. This patch restores the xid2sid caching hopefully correctly.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12484

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit f7f49a2354c99d95a302f070fe3aa97a949063c8)
---
 source3/winbindd/wb_xids2sids.c | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/source3/winbindd/wb_xids2sids.c b/source3/winbindd/wb_xids2sids.c
index 7fc8a72..e154c3b 100644
--- a/source3/winbindd/wb_xids2sids.c
+++ b/source3/winbindd/wb_xids2sids.c
@@ -262,7 +262,20 @@ static void wb_xids2sids_dom_done(struct tevent_req *subreq)
 			continue;
 		}
 
-		sid_copy(&state->all_sids[i], &state->dom_sids[dom_sid_idx++]);
+		sid_copy(&state->all_sids[i], &state->dom_sids[dom_sid_idx]);
+
+		/*
+		 * Prime the cache after an xid2sid call. It's
+		 * important that we use state->dom_xids for the xid
+		 * value, not state->all_xids: state->all_xids carries
+		 * what we asked for, e.g. a
+		 * ID_TYPE_UID. state->dom_xids holds something the
+		 * idmap child possibly changed to ID_TYPE_BOTH.
+		 */
+		idmap_cache_set_sid2unixid(
+			&state->all_sids[i], &state->dom_xids[dom_sid_idx]);
+
+		dom_sid_idx += 1;
 	}
 
 	tevent_req_done(req);
-- 
2.9.3


From 354d436c81ccdd45f96678634d0b867246281a48 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Tue, 27 Dec 2016 10:19:17 +0000
Subject: [PATCH 3/3] winbindd: Use idmap cache in xids2sids

Typically smbd should have looked into the idmap cache itself before
contacting winbind. But winbind has internal users of this API (getpwuid
and getgrgid for example), and those need to use the cache too.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12484

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Wed Dec 28 00:06:41 CET 2016 on sn-devel-144

(cherry picked from commit 91d027554e414f371b3237110d1c92033d929992)
---
 source3/winbindd/wb_xids2sids.c | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/source3/winbindd/wb_xids2sids.c b/source3/winbindd/wb_xids2sids.c
index e154c3b..7ac1998 100644
--- a/source3/winbindd/wb_xids2sids.c
+++ b/source3/winbindd/wb_xids2sids.c
@@ -353,6 +353,32 @@ struct tevent_req *wb_xids2sids_send(TALLOC_CTX *mem_ctx,
 		return tevent_req_post(req, ev);
 	}
 
+	if (winbindd_use_idmap_cache()) {
+		uint32_t i;
+
+		for (i=0; i<num_xids; i++) {
+			struct dom_sid sid;
+			bool ok, expired;
+
+			switch (xids[i].type) {
+			    case ID_TYPE_UID:
+				    ok = idmap_cache_find_uid2sid(
+					    xids[i].id, &sid, &expired);
+				    break;
+			    case ID_TYPE_GID:
+				    ok = idmap_cache_find_gid2sid(
+					    xids[i].id, &sid, &expired);
+				    break;
+			    default:
+				    ok = false;
+			}
+
+			if (ok && !expired) {
+				sid_copy(&state->sids[i], &sid);
+			}
+		}
+	}
+
 	wb_xids2sids_init_dom_maps();
 	num_domains = talloc_array_length(dom_maps);
 
-- 
2.9.3