[PATCH] Fix idmap cache pollution with S-1-22-

Volker Lendecke Volker.Lendecke at SerNet.DE
Wed Feb 27 19:01:56 UTC 2019

On Wed, Feb 27, 2019 at 07:27:21PM +0100, Ralph Böhme wrote:
> On Wed, Feb 27, 2019 at 07:04:46PM +0100, Volker Lendecke via samba-technical wrote:
> > Attached find a patchset that fixes a problem in a customer
> > environment: A short-term hickup in winbind communication for a
> > uid2sid call made smbd fall back to legacy_uid_to_sid, filling the
> > idmap cache with S-1-22-1-uid for a week. The main point is that
> > conversion to S-1-22-x should not be cached, as this is a fallback of
> > last resort. On that way, this cleans up that code path a bit.
> I guess I'd love to see this being assigned a bug and backports to the
> stable branches. What do you thing? From your description it seems to be a
> real bug anyway.

If we only want to do a minimum necessary change fix it would look
differently. It would probably just skip priming the cache in the
legacy_xx routines.


SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: 0551-370000-0, mailto:kontakt at sernet.de
Gesch.F.: Dr. Johannes Loxen und Reinhild Jung
AG Göttingen: HR-B 2816 - http://www.sernet.de

More information about the samba-technical mailing list