[RFC][WIP] cache-only name lookups in smbd

[Uri Simchoni]

On 11/28/2016 11:26 AM, Volker Lendecke wrote:
> Hi, Uri!
> 
> Question -- the cache invalidation of winbindd_cache.tdb is fishy at
> best. For this type of caching that is pretty much public information,
> wouldn't it be better to go to gencache.tdb? In the caching case, we
> would avoid the roundtrip to winbind.
> 
> Volker
> 
You mean introduce another cache or leverage an existing one? There are
already two of them at least - the winbindd_cache (used to be "backend")
and the RPC parent-child cache - I can save the round-trip to the child
by using that.

Thanks,
Uri.
> On Mon, Nov 28, 2016 at 09:42:08AM +0200, Uri Simchoni wrote:
>> I'm trying to allow smbd to serve files in the presence of short
>> interruptions in the connection to AD. One challenge is that shares
>> defined in smb.conf have user / group names in their access lists (read
>> list, write list, valid users, ...) and those names are converted to
>> SIDs on each tree connect. Sometimes this conversion causes a network
>> lookup. When a few minute outage occurs, the first user to try the
>> network lookup experience a Windows Explorer freeze, and that creates
>> support calls. Subsequent users find winbindd in a different mood
>> (offline) and get service.
>>
>> One approach I've tried to handle this challenge is to:
>> a. constantly prime the winbindd cache
>> b. introduce a cache-only lookup (essentially equivalent to the lookup
>> in offline state - no check for expiration)
>> c. since the current and new approach represent different tradeoffs,
>> I've made it configurable.
>>
>> This approach is in the attached patch - adding a "priming daemon" and
>> an API to winbindd to do cache-only lookups. The patch set is still
>> rough around the edges, doesn't handle SIGHUP, the primed restart (which
>> I've copied from notifyd) doesn't work reliably, but you can get the
>> general idea.
>>
>> I'd appreciate feedback as to whether this approach is desirable at all
>> in samba. Some of my thoughts are:
>>
>> 1. An alternative approach is to use the RPC-managed share ACLs,
>> everything there is in SIDs, or pre-translate names to SIDs and put the
>> SIDs in smb.conf. From an appliance point of view, this shifts the added
>> complexity outside of Samba.
>>
>> 2. It complicates things, and having two modes of lookup is likely to
>> make one mode bit-rot, esp. since it's difficult to simulate network outage.
>>
>> 3. It can't possibly handle all parameter substitutions - another source
>> of conceptual complication (some lookups are cached and some aren't)
>>
>> 4. So far I haven't managed to avoid some code duplication between the
>> lazy evaluation code in share_access.c and primed. The netgroups kind of
>> make this hard.
>>
>> Despite all of the above, in the cases where it works (no substitutions
>> and no configuration errors), this does make for more robust operation,
>> and may prove useful to others.
>>
>> Thanks,
>> Uri.
> 
>> From 7a23003437a70af0e40ecf3e1ebd396fab445e32 Mon Sep 17 00:00:00 2001
>> From: Uri Simchoni <uri at samba.org>
>> Date: Mon, 28 Nov 2016 08:40:50 +0200
>> Subject: [PATCH 1/9] s3-passdb - add LOOKUP_NAME_CACHE_ONLY lookup flag
>>
>> This flag shall be used later by lookup_name() and
>> internally by winbindd