[PATCH] passdb: Cache output from pdb_[ug]id_to_sid
Jeremy Allison
jra at samba.org
Tue Jan 6 09:29:56 MST 2015
On Tue, Jan 06, 2015 at 08:21:57AM +0100, Volker Lendecke wrote:
> On Mon, Jan 05, 2015 at 04:12:08PM -0800, Jeremy Allison wrote:
> > So Volker's code should only be catching the
> > case where pdb_id_to_sid() returns false,
> > so will only be adding the cache entry
> > in the:
> >
> > /* This is an unmapped user */
> >
> > uid_to_unix_users_sid(uid, psid);
> >
> > case inside legacy_uid_to_sid(). So in
> > this case we *know* the id.type is ID_TYPE_UID
> > (and is ID_TYPE_GID in the legacy_gid_to_sid()
> > case).
> >
> > Volker - how about moving the additional
> > idmap_cache_set_sid2unixid() calls to the
> > "This is an unmapped user" or "This is an unmapped group"
> > cases ?
> >
> > Does that fix the customer lookup problem ?
>
> Yes, it's the unmapped id's that hit the customer pretty
> hard. So we should move the new code to above the "done"?
OK - LGTM, I'm happy to push this.
Andrew, I'll give you a day or so to comment
as I know you're in LinuxConf.au but this new
code is only being invoked when pdb_id_to_sid() returns false
(otherwise it would already have been cached)
and the unmapped global_sid_Unix_Users or
global_sid_Unix_Groups is being returned,
so I'm pretty confident this doesn't hit the
case you're worried about.
Cheers,
Jeremy.
> --
> SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
> phone: +49-551-370000-0, fax: +49-551-370000-9
> AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
> http://www.sernet.de, mailto:kontakt at sernet.de
> From 6e0eff15beeba845519de2beb7bbf4fa8ae2c128 Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Mon, 5 Jan 2015 16:34:29 +0100
> Subject: [PATCH] passdb: Cache output from pdb_[ug]id_to_sid
>
> A customer complained that after upgrading to Samba 4.0 fileserver
> its LDAP server was flooded with uid2sid and gid2sid request for id
> 0. With 4.0 we do a lot more user-space ACL checking which involves
> uid2sid/gid2sid. This caches the corresponding results.
>
> Signed-off-by: Volker Lendecke <vl at samba.org>
> ---
> source3/passdb/lookup_sid.c | 14 ++++++++++++++
> 1 file changed, 14 insertions(+)
>
> diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
> index 494a840..c5b28d8 100644
> --- a/source3/passdb/lookup_sid.c
> +++ b/source3/passdb/lookup_sid.c
> @@ -1049,6 +1049,13 @@ static void legacy_uid_to_sid(struct dom_sid *psid, uid_t uid)
>
> uid_to_unix_users_sid(uid, psid);
>
> + {
> + struct unixid xid = {
> + .id = uid, .type = ID_TYPE_UID
> + };
> + idmap_cache_set_sid2unixid(psid, &xid);
> + }
> +
> done:
> DEBUG(10,("LEGACY: uid %u -> sid %s\n", (unsigned int)uid,
> sid_string_dbg(psid)));
> @@ -1083,6 +1090,13 @@ static void legacy_gid_to_sid(struct dom_sid *psid, gid_t gid)
>
> gid_to_unix_groups_sid(gid, psid);
>
> + {
> + struct unixid xid = {
> + .id = gid, .type = ID_TYPE_GID
> + };
> + idmap_cache_set_sid2unixid(psid, &xid);
> + }
> +
> done:
> DEBUG(10,("LEGACY: gid %u -> sid %s\n", (unsigned int)gid,
> sid_string_dbg(psid)));
> --
> 1.9.1
>
More information about the samba-technical
mailing list