Regression in new wb_lookupname path
Steven Danneman
steven.danneman at isilon.com
Tue Aug 18 22:14:45 MDT 2009
Hey Volker,
I've just started to look at the new winbindd asynchronous architecture.
With only a little time looking, it feels much cleaner and more regular.
I think I may have found a regression specific to the wb_lookupname_*
path. In hunting down a separate bug involving tree-root trusts, I
noticed that the wb_lookupname_recv path functions differently from the
old winbindd_async.c:lookupname_recv() path.
Specifically, if the first lookup fails, because the DC we contact
doesn't know that name, then we would fall back to contacting the forest
root DC (probably the GC). This fallback seems to be missing in the new
async code.
This is important when you have a domain topology such as:
Domain A - Forest Root
Domain B - Tree Root in same forest as Domain A
Server - Joined to Domain B
With the old code a getpwnam() request on a user in Domain A from the
Server would succeed. With the new code it fails.
I'm guessing this was probably just an oversight with all your code
changes?
Falling back on the forest root isn't actually the best response we
could do. Rather, I think we should probably track which domain in our
forest is acting as the Global Catalog and fallback to contacting it. I
don't know that we currently store this information in the winbindd
parent though.
-Steven
More information about the samba-technical
mailing list