From 26316d9770cc3ee103fceba2124d2a9f026e5547 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Fri, 31 Mar 2017 15:20:07 +0000
Subject: [PATCH 01/11] idmap_rfc2307: Don't stop after 30 entries

We start over again and again, so we need to search in the whole list.
This is a quick hack generating a bad O(n^2). The real fix is to
call idmap_rfc2307_find_map with "maps" starting at the right offset,
but that's an optimization for later when it's restructured

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit 54a0e7e3d7332f420f36a3a20dd62156e6adea46)
---
 source3/winbindd/idmap_rfc2307.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/source3/winbindd/idmap_rfc2307.c b/source3/winbindd/idmap_rfc2307.c
index 34cc5cd..fcb950d 100644
--- a/source3/winbindd/idmap_rfc2307.c
+++ b/source3/winbindd/idmap_rfc2307.c
@@ -521,10 +521,7 @@ static struct id_map* idmap_rfc2307_find_map(struct idmap_rfc2307_map *maps,
 
 	DEBUG(10, ("Looking for name %s, type %d\n", name, type));
 
-	for (i = 0; i < IDMAP_LDAP_MAX_IDS; i++) {
-		if (maps[i].map == NULL) { /* end of the run */
-			return NULL;
-		}
+	for (i = 0; maps[i].map != NULL; i++) {
 		DEBUG(10, ("Entry %d: name %s, type %d\n",
 			   i, maps[i].name, maps[i].type));
 		if (type == maps[i].type && strcmp(name, maps[i].name) == 0) {
-- 
1.8.3.1


From 54f3f3e77a50db393a1168c660637af64d24f126 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Fri, 31 Mar 2017 15:23:39 +0000
Subject: [PATCH 02/11] idmap_rfc2307: "ldap_next_entry" needs the previous
 entry, not the start

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit 17563f295ffa7379daa5bf7cc89540df4ae4f7b3)
---
 source3/winbindd/idmap_rfc2307.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/winbindd/idmap_rfc2307.c b/source3/winbindd/idmap_rfc2307.c
index fcb950d..1102790 100644
--- a/source3/winbindd/idmap_rfc2307.c
+++ b/source3/winbindd/idmap_rfc2307.c
@@ -553,7 +553,7 @@ static void idmap_rfc2307_map_xid_results(struct idmap_rfc2307_context *ctx,
 		if (i == 0) {
 			entry = ldap_first_entry(ctx->ldap, result);
 		} else {
-			entry = ldap_next_entry(ctx->ldap, result);
+			entry = ldap_next_entry(ctx->ldap, entry);
 		}
 		if (!entry) {
 			DEBUG(2, ("Unable to fetch entry.\n"));
-- 
1.8.3.1


From 1fb3e5790897c8069b9872984eb25c15b48cbb7f Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Tue, 4 Apr 2017 14:15:26 +0200
Subject: [PATCH 03/11] test_idmap_rfc2307: Remove the correct file

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit 9e816ea2f8d21d392b4e9050e443ef936629202e)
---
 nsswitch/tests/test_idmap_rfc2307.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nsswitch/tests/test_idmap_rfc2307.sh b/nsswitch/tests/test_idmap_rfc2307.sh
index 90e32a7..a125f77 100755
--- a/nsswitch/tests/test_idmap_rfc2307.sh
+++ b/nsswitch/tests/test_idmap_rfc2307.sh
@@ -102,7 +102,7 @@ EOF
 
 testit "add second ldap group mapping record" $VALGRIND $ldbadd -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD $PREFIX/tmpldb
 
-rm -f $PREFIX/tmpldbmodify
+rm -f $PREFIX/tmpldb
 
 testit "wbinfo --name-to-sid" $wbinfo --name-to-sid "$DOMAIN/$USERNAME" || failed=$(expr $failed + 1)
 user_sid=$($wbinfo -n "$DOMAIN/$USERNAME" | cut -d " " -f1)
-- 
1.8.3.1


From 592a779076537db9b0e4f5975baa0e03a7ab4f88 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Tue, 4 Apr 2017 14:15:26 +0200
Subject: [PATCH 04/11] test_idmap_rfc2307: Avoid a tmpfile

We can << directly into ldbadd

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit 1893bb9bc48d9251820a185c95c65562f2878074)
---
 nsswitch/tests/test_idmap_rfc2307.sh | 27 ++++++++++-----------------
 1 file changed, 10 insertions(+), 17 deletions(-)

diff --git a/nsswitch/tests/test_idmap_rfc2307.sh b/nsswitch/tests/test_idmap_rfc2307.sh
index a125f77..b5f8ce5 100755
--- a/nsswitch/tests/test_idmap_rfc2307.sh
+++ b/nsswitch/tests/test_idmap_rfc2307.sh
@@ -45,14 +45,14 @@ $VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "$LDA
 
 # Add id mapping information to LDAP
 
-cat > $PREFIX/tmpldb <<EOF
+testit "add ldap prefix" $VALGRIND $ldbadd -H ldap://$DC_SERVER \
+        -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD <<EOF
 dn: $LDAPPREFIX
 objectclass: organizationalUnit
 EOF
 
-testit "add ldap prefix" $VALGRIND $ldbadd -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD $PREFIX/tmpldb
-
-cat > $PREFIX/tmpldb <<EOF
+testit "add ldap user mapping record" $VALGRIND $ldbadd -H ldap://$DC_SERVER \
+        -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD <<EOF
 dn: cn=$USERNAME,$LDAPPREFIX
 objectClass: organizationalPerson
 objectClass: posixAccount
@@ -64,9 +64,8 @@ gidNumber: 1
 homeDirectory: /home/admin
 EOF
 
-testit "add ldap user mapping record" $VALGRIND $ldbadd -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD $PREFIX/tmpldb
-
-cat > $PREFIX/tmpldb <<EOF
+testit "add second ldap user mapping record" $VALGRIND $ldbadd \
+       -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD <<EOF
 dn: cn=$USERNAME2,$LDAPPREFIX
 objectClass: organizationalPerson
 objectClass: posixAccount
@@ -78,9 +77,8 @@ gidNumber: 2
 homeDirectory: /home/admin
 EOF
 
-testit "add second ldap user mapping record" $VALGRIND $ldbadd -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD $PREFIX/tmpldb
-
-cat > $PREFIX/tmpldb <<EOF
+testit "add ldap group mapping record" $VALGRIND $ldbadd \
+       -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD <<EOF
 dn: cn=$GROUPNAME,$LDAPPREFIX
 objectClass: posixGroup
 objectClass: groupOfNames
@@ -89,9 +87,8 @@ gidNumber: $GROUPGID
 member: cn=$USERNAME,$LDAPPREFIX
 EOF
 
-testit "add ldap group mapping record" $VALGRIND $ldbadd -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD $PREFIX/tmpldb
-
-cat > $PREFIX/tmpldb <<EOF
+testit "add second ldap group mapping record" $VALGRIND $ldbadd \
+       -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD <<EOF
 dn: cn=$GROUPNAME2,$LDAPPREFIX
 objectClass: posixGroup
 objectClass: groupOfNames
@@ -100,10 +97,6 @@ gidNumber: $GROUPGID2
 member: cn=$USERNAME,$LDAPPREFIX
 EOF
 
-testit "add second ldap group mapping record" $VALGRIND $ldbadd -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD $PREFIX/tmpldb
-
-rm -f $PREFIX/tmpldb
-
 testit "wbinfo --name-to-sid" $wbinfo --name-to-sid "$DOMAIN/$USERNAME" || failed=$(expr $failed + 1)
 user_sid=$($wbinfo -n "$DOMAIN/$USERNAME" | cut -d " " -f1)
 echo "$DOMAIN/$USERNAME resolved to $user_sid"
-- 
1.8.3.1


From ffe0aa72922f3a3931e19dce3939d02810ddf96b Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Tue, 4 Apr 2017 14:59:45 +0200
Subject: [PATCH 05/11] test_idmap_rfc2307: Correct usage

We already have 13 args at this point, and growing

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit f34ff621edbfd8b7c99cdadec166a80ae9c5646c)
---
 nsswitch/tests/test_idmap_rfc2307.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nsswitch/tests/test_idmap_rfc2307.sh b/nsswitch/tests/test_idmap_rfc2307.sh
index b5f8ce5..6e4e041 100755
--- a/nsswitch/tests/test_idmap_rfc2307.sh
+++ b/nsswitch/tests/test_idmap_rfc2307.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 # Test id mapping through idmap_rfc2307 module
-if [ $# -lt 9 ]; then
+if [ $# -lt 13 ]; then
 	echo Usage: $0 DOMAIN USERNAME UID USERNAME2 UID2 GROUPNAME GID GROUPNAME2 GID2 LDAPPREFIX DC_SERVER DC_USERNAME DC_PASSWORD
 	exit 1
 fi
-- 
1.8.3.1


From 9779b1c700153680413cc79452bfbe78c01b7402 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Tue, 4 Apr 2017 15:12:02 +0200
Subject: [PATCH 06/11] test_idmap_rfc2307: Do a recursive delete in ou=idmap

We'll create more posix objects soon

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit 1f5097e3fbf9931c830880637622bb0b05863466)
---
 nsswitch/tests/test_idmap_rfc2307.sh | 23 +++++++++++++++--------
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/nsswitch/tests/test_idmap_rfc2307.sh b/nsswitch/tests/test_idmap_rfc2307.sh
index 6e4e041..e0f550d 100755
--- a/nsswitch/tests/test_idmap_rfc2307.sh
+++ b/nsswitch/tests/test_idmap_rfc2307.sh
@@ -22,6 +22,11 @@ DC_PASSWORD="$4"
 
 wbinfo="$VALGRIND $BINDIR/wbinfo"
 
+ldbsearch="ldbsearch"
+if [ -x "$BINDIR/ldbsearch" ]; then
+	ldbsearch="$BINDIR/ldbsearch"
+fi
+
 ldbadd="ldbadd"
 if [ -x "$BINDIR/ldbadd" ]; then
 	ldbadd="$BINDIR/ldbadd"
@@ -37,10 +42,11 @@ failed=0
 . `dirname $0`/../../testprogs/blackbox/subunit.sh
 
 # Delete LDAP records
-$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$USERNAME,$LDAPPREFIX"
-$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$USERNAME2,$LDAPPREFIX"
-$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$GROUPNAME,$LDAPPREFIX"
-$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$GROUPNAME2,$LDAPPREFIX"
+$VALGRIND $ldbsearch -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD \
+	  -s one -b "$LDAPPREFIX" | grep '^dn:' | cut -d ' ' -f 2- |
+    xargs -d '\n' -n 1 -IDEL_DN \
+	  $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD \
+	  "DEL_DN"
 $VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "$LDAPPREFIX"
 
 # Add id mapping information to LDAP
@@ -141,10 +147,11 @@ echo "SID $group_sid2 resolved to $group_name2"
 testit "test $group_name2 = $DOMAIN/$GROUPNAME2" test "$(echo $group_name2 | tr A-Z a-z)" = "$(echo $DOMAIN/$GROUPNAME2 | tr A-Z a-z)" || failed=$(expr $failed + 1)
 
 # Delete LDAP records
-$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$USERNAME,$LDAPPREFIX"
-$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$USERNAME2,$LDAPPREFIX"
-$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$GROUPNAME,$LDAPPREFIX"
-$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$GROUPNAME2,$LDAPPREFIX"
+$VALGRIND $ldbsearch -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD \
+	  -s one -b "$LDAPPREFIX" | grep '^dn:' | cut -d ' ' -f 2- |
+    xargs -d '\n' -n 1 -IDEL_DN \
+	  $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD \
+	  "DEL_DN"
 $VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "$LDAPPREFIX"
 
 exit $failed
-- 
1.8.3.1


From 005b8913f1e51a74a7ff92818b74465bfbe92925 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Tue, 4 Apr 2017 15:28:36 +0200
Subject: [PATCH 07/11] test_idmap_rfc2307: Test wbinfo -r for 35 supplementary
 group memberships

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit e663357b4d7d5cb0c4d8a0ebc97cfcb58429b894)
---
 nsswitch/tests/test_idmap_rfc2307.sh | 66 ++++++++++++++++++++++++++++++++----
 source3/selftest/tests.py            | 12 ++++++-
 2 files changed, 71 insertions(+), 7 deletions(-)

diff --git a/nsswitch/tests/test_idmap_rfc2307.sh b/nsswitch/tests/test_idmap_rfc2307.sh
index e0f550d..5fabdc6 100755
--- a/nsswitch/tests/test_idmap_rfc2307.sh
+++ b/nsswitch/tests/test_idmap_rfc2307.sh
@@ -1,7 +1,9 @@
 #!/bin/sh
 # Test id mapping through idmap_rfc2307 module
-if [ $# -lt 13 ]; then
-	echo Usage: $0 DOMAIN USERNAME UID USERNAME2 UID2 GROUPNAME GID GROUPNAME2 GID2 LDAPPREFIX DC_SERVER DC_USERNAME DC_PASSWORD
+if [ $# -lt 15 ]; then
+    echo Usage: $0 DOMAIN USERNAME UID USERNAME2 UID2 \
+	 GROUPNAME GID GROUPNAME2 GID2 GID_START NUMGROUPS \
+	 LDAPPREFIX DC_SERVER DC_USERNAME DC_PASSWORD
 	exit 1
 fi
 
@@ -15,12 +17,15 @@ GROUPGID="$7"
 GROUPNAME2="$8"
 GROUPGID2="$9"
 shift 9
-LDAPPREFIX="$1"
-DC_SERVER="$2"
-DC_USERNAME="$3"
-DC_PASSWORD="$4"
+GID_START="$1"
+NUMGROUPS="$2"
+LDAPPREFIX="$3"
+DC_SERVER="$4"
+DC_USERNAME="$5"
+DC_PASSWORD="$6"
 
 wbinfo="$VALGRIND $BINDIR/wbinfo"
+net="$VALGRIND $BINDIR/net"
 
 ldbsearch="ldbsearch"
 if [ -x "$BINDIR/ldbsearch" ]; then
@@ -146,6 +151,55 @@ echo "SID $group_sid2 resolved to $group_name2"
 
 testit "test $group_name2 = $DOMAIN/$GROUPNAME2" test "$(echo $group_name2 | tr A-Z a-z)" = "$(echo $DOMAIN/$GROUPNAME2 | tr A-Z a-z)" || failed=$(expr $failed + 1)
 
+i=0
+while [ ${i} -lt ${NUMGROUPS} ] ; do
+    GRP=$(printf "test_rfc2307_group_%3.3d" "$i")
+    GRP_GID=$(expr "$GID_START" + "$i")
+    testit "Add group $GRP" $net rpc group add "$GRP" -S "$DC_SERVER" \
+	   -U"${DOMAIN}\\${DC_USERNAME}"%"${DC_PASSWORD}" ||
+	failed=$(expr $failed + 1)
+    testit "Add groupmem $GRP $USERNAME" \
+	   $net rpc group addmem "$GRP" "$USERNAME" \
+	   -S "$DC_SERVER" \
+	   -U"${DOMAIN}\\${DC_USERNAME}"%"${DC_PASSWORD}" ||
+	failed=$(expr $failed + 1)
+    testit "Add group object for $GRP $GRP_GID" \
+	   $VALGRIND $ldbadd \
+       -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD <<EOF
+dn: cn=$GRP,$LDAPPREFIX
+objectClass: posixGroup
+objectClass: groupOfNames
+cn: $GRP
+gidNumber: $GRP_GID
+member: cn=$USERNAME,$LDAPPREFIX
+EOF
+    i=$(expr "$i" + 1)
+done
+
+# Test whether wbinfo -r shows all groups
+
+EXPECTED_USERGROUPS="1000000/1000001/2000002/"
+i=0
+while [ ${i} -lt ${NUMGROUPS} ] ; do
+    EXPECTED_USERGROUPS="$EXPECTED_USERGROUPS$(expr ${i} + ${GID_START})/"
+    i=$(expr "$i" + 1)
+done
+
+USERGROUPS=$($wbinfo -r $DOMAIN/$USERNAME | sort -n | tr '\n' '/')
+
+testit "Testing for expected group memberships" \
+       test "$USERGROUPS" = "$EXPECTED_USERGROUPS" ||
+       failed=$(expr $failed + 1)
+
+i=0
+while [ ${i} -lt ${NUMGROUPS} ] ; do
+    GRP=$(printf "test_rfc2307_group_%3.3d" ${i})
+    testit "Del group $GRP" $net rpc group delete "$GRP" -S "$DC_SERVER" \
+	   -U"${DOMAIN}\\${DC_USERNAME}"%"${DC_PASSWORD}" ||
+	failed=$(expr $failed + 1)
+    i=$(expr "$i" + 1)
+done
+
 # Delete LDAP records
 $VALGRIND $ldbsearch -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD \
 	  -s one -b "$LDAPPREFIX" | grep '^dn:' | cut -d ' ' -f 2- |
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 5bc37cd..dfe7866 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -393,7 +393,17 @@ for t in tests:
         plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/write-list-tmp -U$USERNAME%$PASSWORD')
         plansmbtorture4testsuite(t, "ad_dc", '//$SERVER/tmp -U$USERNAME%$PASSWORD')
     elif t == "idmap.rfc2307":
-        plantestsuite(t, "ad_member_rfc2307", [os.path.join(samba3srcdir, "../nsswitch/tests/test_idmap_rfc2307.sh"), '$DOMAIN', 'Administrator', '2000000', 'Guest', '2000001', '"Domain Users"', '2000002', 'DnsAdmins', '2000003', 'ou=idmap,dc=samba,dc=example,dc=com', '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD'])
+        plantestsuite(t, "ad_member_rfc2307",
+                      [os.path.join(samba3srcdir,
+                                    "../nsswitch/tests/test_idmap_rfc2307.sh"),
+                       '$DOMAIN',
+                       'Administrator', '2000000',
+                       'Guest', '2000001',
+                       '"Domain Users"', '2000002',
+                       'DnsAdmins', '2000003',
+                       '2000005', '35',
+                       'ou=idmap,dc=samba,dc=example,dc=com',
+                       '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD'])
     elif t == "idmap.alloc":
         plantestsuite(t, "ad_member_rfc2307", [os.path.join(samba3srcdir, "../nsswitch/tests/test_idmap_nss.sh"), '$DOMAIN'])
     elif t == "idmap.rid":
-- 
1.8.3.1


From 3e6a47ece6709f8322588d3fb635f9e7aa4f859d Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Fri, 31 Mar 2017 15:20:07 +0000
Subject: [PATCH 08/11] idmap_rfc2307: Don't stop after 30 entries

We start over again and again, so we need to search in the whole list.
This is a quick hack generating a bad O(n^2). The real fix is to
call idmap_rfc2307_find_map with "maps" starting at the right offset,
but that's an optimization for later when it's restructured

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit c0f12170e8b9fb3ab75f53bba637c72f6465192e)
---
 source3/winbindd/idmap_util.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/source3/winbindd/idmap_util.c b/source3/winbindd/idmap_util.c
index 196b4ad..fd2ae4a 100644
--- a/source3/winbindd/idmap_util.c
+++ b/source3/winbindd/idmap_util.c
@@ -52,10 +52,7 @@ struct id_map *idmap_find_map_by_id(struct id_map **maps, enum id_type type,
 {
 	int i;
 
-	for (i = 0; i < IDMAP_LDAP_MAX_IDS; i++) {
-		if (maps[i] == NULL) { /* end of the run */
-			return NULL;
-		}
+	for (i = 0; maps[i] != NULL; i++) {
 		if ((maps[i]->xid.type == type) && (maps[i]->xid.id == id)) {
 			return maps[i];
 		}
-- 
1.8.3.1


From bbbec95d7371d2153765fda91b7ec75a307e5618 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Fri, 31 Mar 2017 15:23:39 +0000
Subject: [PATCH 09/11] idmap_rfc2307: "ldap_next_entry" needs the previous
 entry, not the start

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit 803ea2d2b7820939d03f7eb381c3cf719a00ff4a)
---
 source3/winbindd/idmap_rfc2307.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/winbindd/idmap_rfc2307.c b/source3/winbindd/idmap_rfc2307.c
index 1102790..0e0311a 100644
--- a/source3/winbindd/idmap_rfc2307.c
+++ b/source3/winbindd/idmap_rfc2307.c
@@ -236,7 +236,7 @@ static void idmap_rfc2307_map_sid_results(struct idmap_rfc2307_context *ctx,
 		if (i == 0) {
 			entry = ldap_first_entry(ctx->ldap, result);
 		} else {
-			entry = ldap_next_entry(ctx->ldap, result);
+			entry = ldap_next_entry(ctx->ldap, entry);
 		}
 		if (!entry) {
 			DEBUG(2, ("Unable to fetch entry.\n"));
-- 
1.8.3.1


From dc52bc654daceb86fa1d41f02d6fb6f3746e11b5 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Tue, 4 Apr 2017 17:15:10 +0200
Subject: [PATCH 10/11] selftest: Avoid idmap caching when testing
 idmap_rfc2307

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit da7481f835ddc1fab16d11ccbaf7f33c213af23a)
---
 selftest/target/Samba3.pm | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index d81e4a4..fb6d0f4 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -507,6 +507,8 @@ sub setup_admember_rfc2307($$$$)
 	security = ads
         workgroup = $dcvars->{DOMAIN}
         realm = $dcvars->{REALM}
+        idmap cache time = 0
+        idmap negative cache time = 0
         idmap config * : backend = autorid
         idmap config * : range = 1000000-1999999
         idmap config * : rangesize = 100000
-- 
1.8.3.1


From 6fd81b7d83853117663ad2984955f4ce7dfb05ad Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Thu, 6 Apr 2017 12:50:08 +0200
Subject: [PATCH 11/11] idmap_rfc2307: Test unix-ids-to-sids with 35 groups

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit ee3b17ba4674a17a411c9ec4271e087c8cd7dad1)
---
 nsswitch/tests/test_idmap_rfc2307.sh | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/nsswitch/tests/test_idmap_rfc2307.sh b/nsswitch/tests/test_idmap_rfc2307.sh
index 5fabdc6..c62da5d 100755
--- a/nsswitch/tests/test_idmap_rfc2307.sh
+++ b/nsswitch/tests/test_idmap_rfc2307.sh
@@ -176,6 +176,20 @@ EOF
     i=$(expr "$i" + 1)
 done
 
+# Test whether wbinfo --xids-to-sids finds everything
+
+GIDS=""
+i=0
+while [ ${i} -lt ${NUMGROUPS} ] ; do
+    GIDS="$GIDS g$(expr ${i} + ${GID_START})"
+    i=$(expr "$i" + 1)
+done
+NUM_VALID_SIDS=$($wbinfo --unix-ids-to-sids="$GIDS" | grep -v ^S-0-0 | wc -l)
+
+testit "Count number of valid sids found" \
+       test ${NUM_VALID_SIDS} = ${NUMGROUPS} ||
+       failed=$(expr $failed + 1)
+
 # Test whether wbinfo -r shows all groups
 
 EXPECTED_USERGROUPS="1000000/1000001/2000002/"
-- 
1.8.3.1