[RFC] handle id-map cache pollution by "unix users" SIDs

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[RFC] handle id-map cache pollution by "unix users" SIDs

Samba - samba-technical mailing list

Recently I've encountered a case where some unix uids that fall in the
range of the primary domain got mapped to a unix sid (S-1-22-1-xxx). I'm
not sure yet how could this happen, it must have been a transient error.
But this mapping created a long-lasting cached entry.

So regardless of how it happened, there should not be such a long
lasting cache entry IMHO.

Possible solutions:
1. Cache unix sids for a shorter time, because usually they represent
incomplete or incorrect configuration - that's simplest, see attached patch.
2. In the legacy uid->sid, first verify the uid is not in the range of a
configured domain, and do the caching only if not in any known
3. Others?

Comments welcome.


short-cache-unix.patch.txt (1K) Download Attachment