14539 – winbindd should avoid lookupsids for idmapping if not required

Bug 14539 - winbindd should avoid lookupsids for idmapping if not required

Summary: winbindd should avoid lookupsids for idmapping if not required

Status:	ASSIGNED

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	Winbind (show other bugs)
Version:	4.13.0
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Stefan Metzmacher
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2020-10-20 15:14 UTC by Stefan Metzmacher
Modified:	2020-10-23 14:31 UTC (History)
CC List:	3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Metzmacher 2020-10-20 15:14:07 UTC

If the idmap backend already knows how to map a given SID it's not required
to do a lookupsids just to find out if the sid belongs to a user or group.

Also backends supporting ID_TYPE_BOTH only care if the domain exists,
with that it should be possible to accept kerberos authentication
without contacting any domain controller.

Comment 1 Samba QA Contact 2020-10-23 04:48:14 UTC

This bug was referenced in samba master:

1576421dbdd2cfe9a47516224cb54bf15ba51132
58e9b62222ad62c81cdf11d704859a227cb2902b
f5eec89011cf7b577375d83247524587f170b592
95b0dac0af5bc7ee85c6c8099dda135c36c9684b
7518a0ca32cade2b8b9eac0e2b5416ae685ffcff
7dbe5b4897448aa71b5a8a2175850b4010316b88
5cc21a9d319e00397ad98900d81ffb9d1d70514f
1694de1ae6ce63377d0afc47e84e55e4745905d7
2103543629004a3a22e7bf60305bb15bf3b316be
cd9a9702c1f97c47bd3447e2014eeff3e56268cf
209e81a2ea8c972ee57e2f0c9579da843c0e2ac7
a8f57c94fc2294c309ecb18ea79d0acac86c495b
d42aaeba6e0820acd17f204ff7ab6d1aede1b303
82fd07793f065e150729848566e7c30f4f4d472e
b8c74b7b46d1c7f6b66e565ee08f8c88d6dc2cc4
28e020c0a863411cfa95e3b1ed943d922b8635bd
79c1d3aaf6d465a8edd1871edb85211f8715fea1
04956350a5725325954b2caba662ecd6dace7829
797b11f198e819300007997ce536bc6d05f19843
231c8d04b19a1c17937f988d142ca5c0f889d4e0
f6bb0ed21f82f2cf1f238f9f00cd049ecf8673af
cda61f592a0b33d36da8da9b6837312396cceec4
19c8b6a8b188e45a6342a3d1308085800388a38e
374acc2e5fcc3c4b40f41906d0349499e3304841
3f4626ea6d235470195918b77af35ac2cfeb227c
c55f4f37589130a0d8952489da175bbcf53f6748
493f5d6b078e0b0f80d1ef25043e2834cb4fcb87
54b4d2d3cb307019a260d15c6e6b4a3fb7fc337c

Comment 2 Stefan Metzmacher 2020-10-23 14:25:48 UTC

https://gitlab.com/samba-team/samba/-/merge_requests/1636 is also needed

Comment 3 Stefan Metzmacher 2020-10-23 14:27:53 UTC

I'm not sure if we should backport this. I guess I'd at least avoid 4.12,
maybe 4.13, but only if someone asks for it.

Comment 4 Andreas Schneider 2020-10-23 14:31:08 UTC

I think 4.13 would be nice.