Reviewing b58e4f6b3d7329....
Karolin Seeger
ks at sernet.de
Mon Jun 30 06:58:39 GMT 2008
Jerry,
On Sat, Jun 28, 2008 at 09:31:01AM -0400, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Karolin,
>
> I'm not sure this is correct.
>
> commit b58e4f6b3d73294d8448c0dff4341183c52e5b7c
> Author: Karolin Seeger <kseeger at samba.org>
> Date: Mon Jun 16 15:21:28 2008 +0200
>
> winbind cache: Don't create SN cache entries during name-to-sid queries.
>
> Clients can request name-to-sid queries for different combinations of
> upper and lower case names. We don't want to create the reverse caching
> entries for each combination used.
>
> This avoids inconsistent answers on sid-to-name queries.
>
> Would you provide an exampole of what bug is it suposed to fix?
> Thanks.
The problem was that sid_to_name requests were returning inconsistent values.
During name_to_sid requests, a reverse caching entry was added to the
Winbindd cache. Name_to_sid requests can be made for different
combinations of lower case and upper case as it depends on the user/client.
Following sid_to_name requests were taken out of the cache and returned the
name in the same notation as the name was given in a sid_to_name request
before.
Example (without patch):
-----8<------------------snip--------------8<--------------
bando:~ # wbinfo -n EXAMPLE\\administrator
S-1-5-21-3786053481-691478466-3450209754-500 User (1)
bando:~ # tdbdump /var/lib/samba/winbindd_cache.tdb
{
key(17) = "TRUSTDOMS/EXAMPLE"
data(61) =
"\00\00\00\00\A7\07\00\00\01\00\00\00\05PEPPY\00)S-1-5-21-2080687722-1173791329-1542289999"
}
{
key(10) = "SN/S-1-5-2"
data(35) =
"\00\00\00\00\A7\07\00\00\05\00\00\00\0DNT-AUTORIT\C3\84T\08NETZWERK"
}
{
key(10) = "SN/S-1-1-0"
data(19) = "\00\00\00\00\A7\07\00\00\05\00\00\00\00\05Jeder"
}
{
key(24) = "NS/EXAMPLE/ADMINISTRATOR"
data(57) =
"\00\00\00\00\A7\07\00\00\01\00\00\00,S-1-5-21-3786053481-691478466-3450209754-500"
}
{
key(47) = "SN/S-1-5-21-3786053481-691478466-3450209754-500"
data(34) =
"\00\00\00\00\A7\07\00\00\01\00\00\00\07EXAMPLE\0Dadministrator"
}
{
key(15) = "SEQNUM/EXAMPLE\00"
data(8) = "\A7\07\00\00\E5~hH"
}
bando:~ # wbinfo -s S-1-5-21-3786053481-691478466-3450209754-500
EXAMPLE\administrator 1
----->8------------------snap-------------->8--------------
'wbinfo -s' returns EXAMPLE\administrator although the real name is
EXAMPLE\Administrator.
The patch ensures that no reverse caching entries are created and Winbindd
asks the DC for sid_to_name requests.
Please inform me as soon as possible if this patch should be removed
before we ship the final release.
Cheers,
Karolin
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20080630/f2c323d9/attachment.bin
More information about the samba-technical
mailing list