Bug 12442 - net groupmap delete: IDMAP/GID2SID/<GID> entry remains in gencache.tdb
net groupmap delete: IDMAP/GID2SID/<GID> entry remains in gencache.tdb
Status: NEW
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Tools
4.5.1
All All
: P5 normal
: ---
Assigned To: Andrew Bartlett
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-11-23 16:42 UTC by SATOH Fumiyasu
Modified: 2016-11-23 16:42 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description SATOH Fumiyasu 2016-11-23 16:42:42 UTC
"net groupmap delete ntgroup=xxxgroup" does NOT delete the cache entry "IDMAP/GID2SID/<GID>" in gencache.tdb, thus Samba does not recognize new SID for the group.

How to reproduce the issue:

0. Environment:

  # id xxxuser
  uid=20005(xxxuser) gid=20006(xxxgroup) groups=20006(xxxgroup)
  # testparm -s
  Load smb config files from /usr/local/samba/etc/samba/smb.conf
  rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
  Loaded services file OK.
  Server role: ROLE_STANDALONE

  # Global parameters
  [global]
	  idmap config * : backend = tdb
  # id xxxuser
  uid=20005(xxxuser) gid=20006(xxxgroup) groups=20006(xxxgroup)

1. Create a Samba user:

  # pdbedit --create xxxuser
  new password:
  retype new password:
  Unix username:        xxxuser
  NT username:
  Account Flags:        [U          ]
  User SID:             S-1-5-21-563935124-3443185349-1134518957-1020
  Primary Group SID:    S-1-5-21-563935124-3443185349-1134518957-513
  ...(snip)...

2. Add a groupmap for xxxgroup (xxxuser's primary group):

  # net groupmap add unixgroup=xxxgroup
  No rid or sid specified, choosing a RID
  Got RID 1021
  Successfully added group xxxgroup to the mapping db as a domain group

3. Check the primary group SID of xxxuser (expected result):

  # pdbedit -Lv xxxuser |grep 'Primary Group SID:'
  Primary Group SID:    S-1-5-21-563935124-3443185349-1134518957-1021

4. Delete the groupmap for xxxgroup:

  # net groupmap delete ntgroup=xxxgroup
  Successfully removed xxxgroup from the mapping db
  # pdbedit -Lv xxxuser |grep 'Primary Group SID:'
  Primary Group SID:    S-1-5-21-563935124-3443185349-1134518957-513

5. Re-add the groupmap for xxxgroup (new SID is assgined):

  # net groupmap add unixgroup=xxxgroup
  No rid or sid specified, choosing a RID
  Got RID 1022
  Successfully added group xxxgroup to the mapping db as a domain group

6. Check the primary group SID of xxxuser (wrong result):

  # pdbedit -Lv xxxuser |grep 'Primary Group SID:'
  Primary Group SID:    S-1-5-21-563935124-3443185349-1134518957-513

7. Show cache entries in gencache.tdb:

  # net cache list
  Key: IDMAP/GID2SID/20006         Timeout: Thu Dec  1 01:17:42 2016       Value: S-1-5-21-563935124-3443185349-1134518957-1021
  Key: IDMAP/SID2XID/S-1-22-2-20006        Timeout: Thu Dec  1 01:16:55 2016       Value: 20006:G
  Key: IDMAP/SID2XID/S-1-5-21-563935124-3443185349-1134518957-1021         Timeout: Thu Dec  1 01:17:42 2016   Value: 20006:G

8. Delete the cache entry "IDMAP/GID2SID/20006" in gencache.tdb:

  # net cache del IDMAP/GID2SID/20006
  Entry deleted.

9. Check the primary group SID of xxxuser (expected result):

  # pdbedit -Lv xxxuser |grep 'Primary Group SID:'
  Primary Group SID:    S-1-5-21-563935124-3443185349-1134518957-1022