Package: winbind Version: 2:4.2.10+dfsg-0+deb8u3 Severity: important Tags: patch
Hi, with the update to the 4.2.10 based samba a regression has been introduced. Resolving of user/group names is extremely slow. An 'ls -l' which normally takes significantly less than a second now takes a minute or more. Filling as 'important' since this degenerates the usability considerably. I could identify the problem with a git-bisect. It's upstream bug #11852 [0]. And has been fixed with commit aec25b0 [1]. The upstream patch applies cleanly on top of 2:4.2.10+dfsg-0+deb8u3 (see attached patch). I have tested it and it resolves the problem in my use case. Thanks. [0]: https://bugzilla.samba.org/show_bug.cgi?id=11852 [1]: https://git.samba.org/?p=samba.git;a=commitdiff;h=aec25b0cc232286c3e4d85de7f00483c09f7c66e
From aec25b0cc232286c3e4d85de7f00483c09f7c66e Mon Sep 17 00:00:00 2001 From: Uri Simchoni <u...@samba.org> Date: Mon, 18 Apr 2016 23:08:38 +0300 Subject: [PATCH] libads: record session expiry for spnego sasl binds With the move to gensec-based spnego, record the session expiry in tgs_expire, so that libads users such as winbindd can use this info to determine how long to keep the connection. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11852 Signed-off-by: Uri Simchoni <u...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> Autobuild-User(master): Uri Simchoni <u...@samba.org> Autobuild-Date(master): Tue Apr 19 16:53:57 CEST 2016 on sn-devel-144 (cherry picked from commit 34482eb7cc3d74c8de510309332e8ab176d0f3c0) Autobuild-User(v4-2-test): Karolin Seeger <ksee...@samba.org> Autobuild-Date(v4-2-test): Tue Apr 26 12:00:48 CEST 2016 on sn-devel-104 --- source3/libads/sasl.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c index 22aa9cf..b8d4527 100644 --- a/source3/libads/sasl.c +++ b/source3/libads/sasl.c @@ -134,6 +134,7 @@ static ADS_STATUS ads_sasl_spnego_gensec_bind(ADS_STRUCT *ads, struct auth_generic_state *auth_generic_state; bool use_spnego_principal = lp_client_use_spnego_principal(); const char *sasl_list[] = { sasl, NULL }; + NTTIME end_nt_time; nt_status = auth_generic_client_prepare(NULL, &auth_generic_state); if (!NT_STATUS_IS_OK(nt_status)) { @@ -307,6 +308,14 @@ static ADS_STATUS ads_sasl_spnego_gensec_bind(ADS_STRUCT *ads, } } + ads->auth.tgs_expire = LONG_MAX; + end_nt_time = gensec_expire_time(auth_generic_state->gensec_security); + if (end_nt_time != GENSEC_EXPIRE_TIME_INFINITY) { + struct timeval tv; + nttime_to_timeval(&tv, end_nt_time); + ads->auth.tgs_expire = tv.tv_sec; + } + if (ads->ldap.wrap_type > ADS_SASLWRAP_TYPE_PLAIN) { size_t max_wrapped = gensec_max_wrapped_size(auth_generic_state->gensec_security); ads->ldap.out.max_unwrapped = gensec_max_input_size(auth_generic_state->gensec_security); -- 1.9.1
signature.asc
Description: OpenPGP digital signature
