[PATCH] passdb: Cache output from pdb_[ug]id_to_sid

Tue Jan 6 00:21:57 MST 2015

On Mon, Jan 05, 2015 at 04:12:08PM -0800, Jeremy Allison wrote:
> So Volker's code should only be catching the
> case where pdb_id_to_sid() returns false,
> so will only be adding the cache entry
> in the:
> 
>         /* This is an unmapped user */
> 
>         uid_to_unix_users_sid(uid, psid);
> 
> case inside legacy_uid_to_sid(). So in
> this case we *know* the id.type is ID_TYPE_UID
> (and is ID_TYPE_GID in the legacy_gid_to_sid()
> case).
> 
> Volker - how about moving the additional
> idmap_cache_set_sid2unixid() calls to the
> "This is an unmapped user" or "This is an unmapped group"
> cases ?
> 
> Does that fix the customer lookup problem ?

Yes, it's the unmapped id's that hit the customer pretty
hard. So we should move the new code to above the "done"?

Volker

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------
From 6e0eff15beeba845519de2beb7bbf4fa8ae2c128 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Mon, 5 Jan 2015 16:34:29 +0100
Subject: [PATCH] passdb: Cache output from pdb_[ug]id_to_sid

A customer complained that after upgrading to Samba 4.0 fileserver
its LDAP server was flooded with uid2sid and gid2sid request for id
0. With 4.0 we do a lot more user-space ACL checking which involves
uid2sid/gid2sid. This caches the corresponding results.

Signed-off-by: Volker Lendecke <vl at samba.org>
---
 source3/passdb/lookup_sid.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index 494a840..c5b28d8 100644
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -1049,6 +1049,13 @@ static void legacy_uid_to_sid(struct dom_sid *psid, uid_t uid)
 
 	uid_to_unix_users_sid(uid, psid);
 
+	{
+		struct unixid xid = {
+			.id = uid, .type = ID_TYPE_UID
+		};
+		idmap_cache_set_sid2unixid(psid, &xid);
+	}
+
  done:
 	DEBUG(10,("LEGACY: uid %u -> sid %s\n", (unsigned int)uid,
 		  sid_string_dbg(psid)));
@@ -1083,6 +1090,13 @@ static void legacy_gid_to_sid(struct dom_sid *psid, gid_t gid)
 
 	gid_to_unix_groups_sid(gid, psid);
 
+	{
+		struct unixid xid = {
+			.id = gid, .type = ID_TYPE_GID
+		};
+		idmap_cache_set_sid2unixid(psid, &xid);
+	}
+
  done:
 	DEBUG(10,("LEGACY: gid %u -> sid %s\n", (unsigned int)gid,
 		  sid_string_dbg(psid)));
-- 
1.9.1

