[PATCH] passdb: Cache output from pdb_[ug]id_to_sid
Volker Lendecke
Volker.Lendecke at SerNet.DE
Tue Jan 6 00:21:57 MST 2015
On Mon, Jan 05, 2015 at 04:12:08PM -0800, Jeremy Allison wrote:
> So Volker's code should only be catching the
> case where pdb_id_to_sid() returns false,
> so will only be adding the cache entry
> in the:
>
> /* This is an unmapped user */
>
> uid_to_unix_users_sid(uid, psid);
>
> case inside legacy_uid_to_sid(). So in
> this case we *know* the id.type is ID_TYPE_UID
> (and is ID_TYPE_GID in the legacy_gid_to_sid()
> case).
>
> Volker - how about moving the additional
> idmap_cache_set_sid2unixid() calls to the
> "This is an unmapped user" or "This is an unmapped group"
> cases ?
>
> Does that fix the customer lookup problem ?
Yes, it's the unmapped id's that hit the customer pretty
hard. So we should move the new code to above the "done"?
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------
From 6e0eff15beeba845519de2beb7bbf4fa8ae2c128 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Mon, 5 Jan 2015 16:34:29 +0100
Subject: [PATCH] passdb: Cache output from pdb_[ug]id_to_sid
A customer complained that after upgrading to Samba 4.0 fileserver
its LDAP server was flooded with uid2sid and gid2sid request for id
0. With 4.0 we do a lot more user-space ACL checking which involves
uid2sid/gid2sid. This caches the corresponding results.
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/passdb/lookup_sid.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index 494a840..c5b28d8 100644
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -1049,6 +1049,13 @@ static void legacy_uid_to_sid(struct dom_sid *psid, uid_t uid)
uid_to_unix_users_sid(uid, psid);
+ {
+ struct unixid xid = {
+ .id = uid, .type = ID_TYPE_UID
+ };
+ idmap_cache_set_sid2unixid(psid, &xid);
+ }
+
done:
DEBUG(10,("LEGACY: uid %u -> sid %s\n", (unsigned int)uid,
sid_string_dbg(psid)));
@@ -1083,6 +1090,13 @@ static void legacy_gid_to_sid(struct dom_sid *psid, gid_t gid)
gid_to_unix_groups_sid(gid, psid);
+ {
+ struct unixid xid = {
+ .id = gid, .type = ID_TYPE_GID
+ };
+ idmap_cache_set_sid2unixid(psid, &xid);
+ }
+
done:
DEBUG(10,("LEGACY: gid %u -> sid %s\n", (unsigned int)gid,
sid_string_dbg(psid)));
--
1.9.1
More information about the samba-technical
mailing list