Patch to handle sid compression for consideration ...
realrichardsharpe at gmail.com
Mon Jun 16 11:19:30 MDT 2014
On Mon, Jun 16, 2014 at 10:14 AM, Hemanth Thummala
<hemanth.thummala at gmail.com> wrote:
> Hi Richard,
> I have a query. In the patch, If merge_resource_sids() failed for some
> reason, netsamlogon cache update is skipped and just return from there. Is
> this intentional? Shouldn't we update the primary group and or existing
> extra SID information to netsamlogon cache before we return. If there is
> some problem with copying resource group information, we will never be able
> to update the group membership netsam logon cache. Please correct me if I am
Sure, but the only reason it will fail, IMO, is that we have run out
of memory. In that case, the logon will fail anyway.
> On Mon, Jun 16, 2014 at 9:07 PM, Richard Sharpe
> <realrichardsharpe at gmail.com> wrote:
>> On Mon, Jun 16, 2014 at 7:56 AM, Simo <simo at samba.org> wrote:
>> > On Mon, 2014-06-16 at 07:45 -0700, Richard Sharpe wrote:
>> >> Hi folks,
>> >> Attached is a cleaned up patch to handle sid compression in master.
>> >> I have implemented Volker's suggestion to not mess with SID internals
>> >> and use compose_sid instead.
>> >> I have also moved things around a bit to fit better into the existing
>> >> code and not expose too many internal functions.
>> >> Finally, I added a call to winbindd_pam where needed.
>> >> This is a first pass at handling SID compression, and if we find we
>> >> need to handle resource SIDs differently depending on which domain
>> >> they are in, then the function merge_resource_sids_and_cache can
>> >> absorb that code.
>> >> Review please, and if acceptable, please push.
>> > Wouldn't it be better to copy info3 first and then modify the copy ?
>> Sure, I could do that. What advantage do you see? We actually need the
>> modified info3 later when we create the token, at least in one path.
>> Richard Sharpe
More information about the samba-technical