[PATCH] bug 11259 - get smbd to use winbindd to prime the netsamlogon and name2sid caches.
jra at samba.org
Thu Oct 13 20:54:09 UTC 2016
On Thu, Oct 13, 2016 at 11:46:32PM +0300, Uri Simchoni wrote:
> Some things I don't quite get:
> 1. When we store the name2sid in the cache without refreshing sequence
> number, we store it with the parent winbindd's sequence number, but when
> we fetch it, it's done with the child sequence number (each process has
> its own copy of the domain object). Perhaps we need to refresh the
> sequence number from tdb first, using fetch_cache_seqnum() ?
Oh - that's good catch - I missed that !
I'll follow up with a patch for that problem.
> 2. I don't quite get this whole seqnum business. It seems to be about
> EARLY expiration of cache data, because entries expire if either of the
> following is true:
> a. The sequence number has changed
> b. They are older than "winbind cache time".
> However, the USN is also cached for "winbind cache time" seconds,
> meaning that this early expiration is not that dramatic. Maybe it's a
> coherence mechanism - if there are several related cached items, this
> mechanism makes sure that if one expires, so do the rest.
> 3. The function names and patch comments on the last patch - I can't see
> why it's about trust. Seems to me that we only store things we trust.
> It's just that we're taking the risk that the entry will expire sooner
> (because we haven't taken care of the USN), because we don't want the
> blocking call at the parent winbindd process.
It was the best name I could come up with at the time :-).
Feel free to suggest a change.
More information about the samba-technical