CVS update: samba/source/passdb

Mon Nov 27 09:25:56 GMT 2000

On Sun, 26 Nov 2000, Gerald Carter wrote:

> Tim Potter wrote:
> >
> > Eeek!  This is not the correct way to look up names as it isn't
> > portable across non-English NT machines - just ask Mr JF
> > Administrateur about it.  (-:
> >
> > The correct way (which also indirectly solves this lookup
> > problem) is to construct a sid using global_sam_sid and append a
> > well known RID value from rpc_misc.h:
> >
> > DOMAIN_USER_RID_ADMIN for the administrator user
> > DOMAIN_GROUP_RID_ADMINS for the Administrators group
> >
> > and so on.
> >
> > For actual named accounts like root you will probably have to do
> > a lookup.
>
> Tim,  You're my hero :-)
>
> > > This code (indirectly using local_lookup_name()) was making
> > > it impossible to print.  I had a LDAP server providing about
> > > 6,000 accounts.  Simply trying to look at the printer
> > > properties was impossible because of the getpwnam() calls.
> > > local_lookup_name() need to use sys_getpwnam().  We should
> > > deal with machine accounts, but using Get_Pwnam() in
> > > local_lookup_name() has some fairly large implications.
> >
> > Hmm...  So why is this so slow?  Looking up individual users by
> > name shouldn't take that long.  My experience has been that the
> > only killer is when an application does a set/get/endpwent()
> > call.
>
> Because you have one for just about every
> GetPrinterData() call :-(  I can send you a copy
> of the logs which shows a lot of getpwnam() calls
> that fail.  The above code caused 18 failed getpwnam()
> calls using Get_Pwnam() for each GetPrinterData().
>
>
Well, I thought a bit on the issue.
We have this problem:
Windows send us username in various cases as for windows system
usernames
are not case sensitive.

At this point what we need is to match username with all possible cases
to see if any matches a username in system passwd.

Now we do not know witch passwd backend is used by the system so we need
to make many getpw* and this is costly.

But to make a case insensitive search we may use the samba passwd backend
as user need anyway to be present there.
We may simply query the samba database (TDB keys has usernames in
lowercase, smbpasswd may be simply parsed converting usernames retrieved
in lowercase), if a name match we may get the real username (username
field in TDB, a saved string with the username retrieved from smbpasswd
before lowercase conversion) and perform only a check with getpw*
function to be sure the username still exists on the system.
This will reduce the number of getpwnam functions to be always one, and
also solves other languages translations probably as the support may be
integrated in the search function.

Am I insane?

Simo.

-- 
Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano
E-mail: simo.sorce at polimi.it
Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451
-----------------------------------------------------------------
Be happy, use Linux!