Bug 14539 - winbindd should avoid lookupsids for idmapping if not required
Summary: winbindd should avoid lookupsids for idmapping if not required
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 4.13.0
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-10-20 15:14 UTC by Stefan Metzmacher
Modified: 2023-06-29 07:40 UTC (History)
5 users (show)

See Also:


Attachments
Additional patch for v4-14-test (3.33 KB, patch)
2021-01-22 12:55 UTC, Stefan Metzmacher
no flags Details
Additional patch for v4-14-test (3.45 KB, patch)
2021-01-27 10:29 UTC, Stefan Metzmacher
slow: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Metzmacher 2020-10-20 15:14:07 UTC
If the idmap backend already knows how to map a given SID it's not required
to do a lookupsids just to find out if the sid belongs to a user or group.

Also backends supporting ID_TYPE_BOTH only care if the domain exists,
with that it should be possible to accept kerberos authentication
without contacting any domain controller.
Comment 1 Samba QA Contact 2020-10-23 04:48:14 UTC
This bug was referenced in samba master:

1576421dbdd2cfe9a47516224cb54bf15ba51132
58e9b62222ad62c81cdf11d704859a227cb2902b
f5eec89011cf7b577375d83247524587f170b592
95b0dac0af5bc7ee85c6c8099dda135c36c9684b
7518a0ca32cade2b8b9eac0e2b5416ae685ffcff
7dbe5b4897448aa71b5a8a2175850b4010316b88
5cc21a9d319e00397ad98900d81ffb9d1d70514f
1694de1ae6ce63377d0afc47e84e55e4745905d7
2103543629004a3a22e7bf60305bb15bf3b316be
cd9a9702c1f97c47bd3447e2014eeff3e56268cf
209e81a2ea8c972ee57e2f0c9579da843c0e2ac7
a8f57c94fc2294c309ecb18ea79d0acac86c495b
d42aaeba6e0820acd17f204ff7ab6d1aede1b303
82fd07793f065e150729848566e7c30f4f4d472e
b8c74b7b46d1c7f6b66e565ee08f8c88d6dc2cc4
28e020c0a863411cfa95e3b1ed943d922b8635bd
79c1d3aaf6d465a8edd1871edb85211f8715fea1
04956350a5725325954b2caba662ecd6dace7829
797b11f198e819300007997ce536bc6d05f19843
231c8d04b19a1c17937f988d142ca5c0f889d4e0
f6bb0ed21f82f2cf1f238f9f00cd049ecf8673af
cda61f592a0b33d36da8da9b6837312396cceec4
19c8b6a8b188e45a6342a3d1308085800388a38e
374acc2e5fcc3c4b40f41906d0349499e3304841
3f4626ea6d235470195918b77af35ac2cfeb227c
c55f4f37589130a0d8952489da175bbcf53f6748
493f5d6b078e0b0f80d1ef25043e2834cb4fcb87
54b4d2d3cb307019a260d15c6e6b4a3fb7fc337c
Comment 2 Stefan Metzmacher 2020-10-23 14:25:48 UTC
https://gitlab.com/samba-team/samba/-/merge_requests/1636 is also needed
Comment 3 Stefan Metzmacher 2020-10-23 14:27:53 UTC
I'm not sure if we should backport this. I guess I'd at least avoid 4.12,
maybe 4.13, but only if someone asks for it.
Comment 4 Andreas Schneider 2020-10-23 14:31:08 UTC
I think 4.13 would be nice.
Comment 5 Stefan Metzmacher 2021-01-22 12:55:45 UTC
Created attachment 16402 [details]
Additional patch for v4-14-test
Comment 6 Stefan Metzmacher 2021-01-27 10:29:50 UTC
Created attachment 16409 [details]
Additional patch for v4-14-test

Added the missing Reviewed-by: Ralph Boehme <slow@samba.org>
Comment 7 Ralph Böhme 2021-01-27 10:46:36 UTC
Reassigning to Karolin for inclusion in 4.14.
Comment 8 Karolin Seeger 2021-01-27 11:31:08 UTC
(In reply to Ralph Böhme from comment #7)
Pushed to autobuild-v4-14-test.
Comment 9 Samba QA Contact 2021-01-29 13:53:49 UTC
This bug was referenced in samba master:

d8339056eef2845805f573bd8b0f3323370ecc8f
Comment 10 Samba QA Contact 2021-01-29 13:55:53 UTC
This bug was referenced in samba v4-14-test:

99673b77b069674a6145552eb870de8829dfa503
Comment 11 Samba QA Contact 2021-02-04 08:27:24 UTC
This bug was referenced in samba v4-14-stable (Release samba-4.14.0rc2):

99673b77b069674a6145552eb870de8829dfa503
Comment 12 Samba QA Contact 2021-11-09 18:24:10 UTC
This bug was referenced in samba v4-13-stable (Release samba-4.13.14):

05b27742da44524e6007631a401dfef0b7180d53
0792d340860a44ccfb98b231e2518db751a98a59
340e2153c7e0d8e8c5593fb6431854d16d53718c
337cb0847bfe3ddb91017821acb83994ea28d585
68a823fd032ca2cdf0d731b7d23562defbef42cb
d4c9be23183f85dbdc3d88d483d31fdd6452ab38
861bc4ddd8ddd84937bc5756d552e51227720fbb
39da0df37c4d7a618f070c4216dbd7eae91f489a
b7b4bb1c55ba4476bd5b78bd2f3bc4197fe4d6b1
aebe4cec6c55ee180cda345fda0921fb9cc3818f
f3957ca5ce206e1224874e6495780b5130d6de0c
5e04b985acc4c774e0057056887a9f1ed05faf9b
a3cca16fac5d834f2f29e1daa31ced38938fada9
12fb0f40f60ba55cae3f92a2f642a7c32f8802c1
be81631363655e3437cae4303ab39c22500165fd
3812930e641d10d1ead10b52ddc7240dd585d0f6
713f9c960073df0a515279478f5e34b656cbe4ba
e226e0a163a463b67b9cad194cf07264d820a2aa
27b73f9d343821881221ea95d486acaba0098952
ca5cf8d35b9756c9d65831718c5032533612c94a
5e4491e84555fbf32b50ec08e3a8027f9ab38e9c
ab4f028db000b76a7d800ad5f42c9f44de525c09
ed7664036183256d109a652aee39ff9842680d47
0ec6beec7dafa70dd9ce7dd7b97be5e61a75b7af
69c53f9c3174b0a93a425dbdf80d6cb8f5722ec3
ed1542b9f37734bc77906c4ba49ea6ea3be09af8
04e10a843187810e97bf565731ddc5d70b0f4245
bd12ce56f03ab05a5a4652344efbabe11261e46c
4925a110c4e0586ca74566beca2450bbc4d18e4c
Comment 13 Samba QA Contact 2021-11-09 18:48:07 UTC
This bug was referenced in samba v4-13-test:

05b27742da44524e6007631a401dfef0b7180d53
0792d340860a44ccfb98b231e2518db751a98a59
340e2153c7e0d8e8c5593fb6431854d16d53718c
337cb0847bfe3ddb91017821acb83994ea28d585
68a823fd032ca2cdf0d731b7d23562defbef42cb
d4c9be23183f85dbdc3d88d483d31fdd6452ab38
861bc4ddd8ddd84937bc5756d552e51227720fbb
39da0df37c4d7a618f070c4216dbd7eae91f489a
b7b4bb1c55ba4476bd5b78bd2f3bc4197fe4d6b1
aebe4cec6c55ee180cda345fda0921fb9cc3818f
f3957ca5ce206e1224874e6495780b5130d6de0c
5e04b985acc4c774e0057056887a9f1ed05faf9b
a3cca16fac5d834f2f29e1daa31ced38938fada9
12fb0f40f60ba55cae3f92a2f642a7c32f8802c1
be81631363655e3437cae4303ab39c22500165fd
3812930e641d10d1ead10b52ddc7240dd585d0f6
713f9c960073df0a515279478f5e34b656cbe4ba
e226e0a163a463b67b9cad194cf07264d820a2aa
27b73f9d343821881221ea95d486acaba0098952
ca5cf8d35b9756c9d65831718c5032533612c94a
5e4491e84555fbf32b50ec08e3a8027f9ab38e9c
ab4f028db000b76a7d800ad5f42c9f44de525c09
ed7664036183256d109a652aee39ff9842680d47
0ec6beec7dafa70dd9ce7dd7b97be5e61a75b7af
69c53f9c3174b0a93a425dbdf80d6cb8f5722ec3
ed1542b9f37734bc77906c4ba49ea6ea3be09af8
04e10a843187810e97bf565731ddc5d70b0f4245
bd12ce56f03ab05a5a4652344efbabe11261e46c
4925a110c4e0586ca74566beca2450bbc4d18e4c