[PATCH] Fix idmap cache pollution with S-1-22-

Uri Simchoni uri at samba.org
Wed Feb 27 19:57:20 UTC 2019

On 2/27/19 9:01 PM, Volker Lendecke via samba-technical wrote:
> On Wed, Feb 27, 2019 at 07:27:21PM +0100, Ralph Böhme wrote:
>> On Wed, Feb 27, 2019 at 07:04:46PM +0100, Volker Lendecke via samba-technical wrote:
>>> Attached find a patchset that fixes a problem in a customer
>>> environment: A short-term hickup in winbind communication for a
>>> uid2sid call made smbd fall back to legacy_uid_to_sid, filling the
>>> idmap cache with S-1-22-1-uid for a week. The main point is that
>>> conversion to S-1-22-x should not be cached, as this is a fallback of
>>> last resort. On that way, this cleans up that code path a bit.
>> I guess I'd love to see this being assigned a bug and backports to the
>> stable branches. What do you thing? From your description it seems to be a
>> real bug anyway.
> If we only want to do a minimum necessary change fix it would look
> differently. It would probably just skip priming the cache in the
> legacy_xx routines.
> Volker
Great! RB+ me.

I've been down that ally before at the end of my near-full-time Samba
gig [1], nice to see this fixed. What I proposed back then might be
considered for backports.

As I recall, the reason for priming the cache in the first place was to
reduce the load on the system with idmap backends which query the
network [2], so skipping the priming altogether might introduce a
regression elsewhere.

[1] https://lists.samba.org/archive/samba-technical/2017-April/119917.html

[2] https://lists.samba.org/archive/samba-technical/2015-January/104693.html


More information about the samba-technical mailing list