[PATCH] passdb: Cache output from pdb_[ug]id_to_sid

Jeremy Allison jra at samba.org
Tue Jan 6 09:29:56 MST 2015 

On Tue, Jan 06, 2015 at 08:21:57AM +0100, Volker Lendecke wrote:
> On Mon, Jan 05, 2015 at 04:12:08PM -0800, Jeremy Allison wrote:
> > So Volker's code should only be catching the
> > case where pdb_id_to_sid() returns false,
> > so will only be adding the cache entry
> > in the:
> > 
> >         /* This is an unmapped user */
> > 
> >         uid_to_unix_users_sid(uid, psid);
> > 
> > case inside legacy_uid_to_sid(). So in
> > this case we *know* the id.type is ID_TYPE_UID
> > (and is ID_TYPE_GID in the legacy_gid_to_sid()
> > case).
> > 
> > Volker - how about moving the additional
> > idmap_cache_set_sid2unixid() calls to the
> > "This is an unmapped user" or "This is an unmapped group"
> > cases ?
> > 
> > Does that fix the customer lookup problem ?
> 
> Yes, it's the unmapped id's that hit the customer pretty
> hard. So we should move the new code to above the "done"?

OK - LGTM, I'm happy to push this.

Andrew, I'll give you a day or so to comment
as I know you're in LinuxConf.au but this new
code is only being invoked when pdb_id_to_sid() returns false
(otherwise it would already have been cached)
and the unmapped global_sid_Unix_Users or
global_sid_Unix_Groups is being returned,
so I'm pretty confident this doesn't hit the
case you're worried about.

Cheers,

	Jeremy.

> -- 
> SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
> phone: +49-551-370000-0, fax: +49-551-370000-9
> AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
> http://www.sernet.de, mailto:kontakt at sernet.de

> From 6e0eff15beeba845519de2beb7bbf4fa8ae2c128 Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Mon, 5 Jan 2015 16:34:29 +0100
> Subject: [PATCH] passdb: Cache output from pdb_[ug]id_to_sid
> 
> A customer complained that after upgrading to Samba 4.0 fileserver
> its LDAP server was flooded with uid2sid and gid2sid request for id
> 0. With 4.0 we do a lot more user-space ACL checking which involves
> uid2sid/gid2sid. This caches the corresponding results.
> 
> Signed-off-by: Volker Lendecke <vl at samba.org>
> ---
>  source3/passdb/lookup_sid.c | 14 ++++++++++++++
>  1 file changed, 14 insertions(+)
> 
> diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
> index 494a840..c5b28d8 100644
> --- a/source3/passdb/lookup_sid.c
> +++ b/source3/passdb/lookup_sid.c
> @@ -1049,6 +1049,13 @@ static void legacy_uid_to_sid(struct dom_sid *psid, uid_t uid)
>  
>  	uid_to_unix_users_sid(uid, psid);
>  
> +	{
> +		struct unixid xid = {
> +			.id = uid, .type = ID_TYPE_UID
> +		};
> +		idmap_cache_set_sid2unixid(psid, &xid);
> +	}
> +
>   done:
>  	DEBUG(10,("LEGACY: uid %u -> sid %s\n", (unsigned int)uid,
>  		  sid_string_dbg(psid)));
> @@ -1083,6 +1090,13 @@ static void legacy_gid_to_sid(struct dom_sid *psid, gid_t gid)
>  
>  	gid_to_unix_groups_sid(gid, psid);
>  
> +	{
> +		struct unixid xid = {
> +			.id = gid, .type = ID_TYPE_GID
> +		};
> +		idmap_cache_set_sid2unixid(psid, &xid);
> +	}
> +
>   done:
>  	DEBUG(10,("LEGACY: gid %u -> sid %s\n", (unsigned int)gid,
>  		  sid_string_dbg(psid)));
> -- 
> 1.9.1
>

More information about the samba-technical mailing list