Bug 9002 - don't turn negative cache entries into valid idmappings
Summary: don't turn negative cache entries into valid idmappings
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.6
Classification: Unclassified
Component: File services (show other bugs)
Version: 3.6.5
Hardware: All All
: P5 major
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-06-19 16:37 UTC by Stefan Metzmacher
Modified: 2012-06-30 11:20 UTC (History)
3 users (show)

See Also:


Attachments
Patch for v3-6-test (5.62 KB, patch)
2012-06-19 17:09 UTC, Stefan Metzmacher
obnox: review-
Details
Possible patches for v3-6-test (6.99 KB, patch)
2012-06-20 11:41 UTC, Stefan Metzmacher
no flags Details
Possible patches for master (3.77 KB, patch)
2012-06-20 12:19 UTC, Stefan Metzmacher
obnox: review+
Details
Patches for v3-6-test (7.17 KB, patch)
2012-06-21 13:52 UTC, Stefan Metzmacher
obnox: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Metzmacher 2012-06-19 16:37:14 UTC
It's typical that some file operations set a NTACL, which tries
sid2uid() before sid2gid(), this will create a negative cache entry.

Negative SID2UID entries cause that a valid SID2GID mapping is ignored
and the group is ignored in the UNIX Token.
Comment 1 Stefan Metzmacher 2012-06-19 17:09:25 UTC
Created attachment 7661 [details]
Patch for v3-6-test
Comment 2 Michael Adam 2012-06-19 20:31:10 UTC
Comment on attachment 7661 [details]
Patch for v3-6-test

I think the last patch is not complete or not even fully correct: we should at least set "map->status = ID_UNMAPPED" for gid / uid == -1. Also if gid cache entry is -1, shouldn't we try the uid cache?
Comment 3 Stefan Metzmacher 2012-06-20 11:41:02 UTC
Created attachment 7662 [details]
Possible patches for v3-6-test
Comment 4 Stefan Metzmacher 2012-06-20 12:19:32 UTC
Created attachment 7663 [details]
Possible patches for master
Comment 5 Stefan Metzmacher 2012-06-21 13:52:32 UTC
Created attachment 7667 [details]
Patches for v3-6-test
Comment 6 Michael Adam 2012-06-21 14:06:36 UTC
Comment on attachment 7667 [details]
Patches for v3-6-test

ACK, as discussed and tested
Comment 7 Michael Adam 2012-06-21 14:07:33 UTC
==> Karolin for inclusion into 3.6.X
Comment 8 Karolin Seeger 2012-06-30 11:20:09 UTC
Pushed to v3-6-test.
Closing out bug report.

Thanks!