From: Andrew Bartlett <abartlet-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
To: Jeff Layton <jlayton-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
Cc: Richard Sharpe
<realrichardsharpe-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
smfrench-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org,
samba-technical
<samba-technical-w/Ol4Ecudpl8XjKLYN78aQ@public.gmane.org>,
linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: [PATCH] cifs: Support for an upcall to map SID to an uid and a gid
Date: Sun, 12 Dec 2010 14:48:04 +1100 [thread overview]
Message-ID: <1292125684.7313.4.camel@ruth> (raw)
In-Reply-To: <20101211221159.36e6c814-4QP7MXygkU+dMjc06nkz3ljfA9RmPOcC@public.gmane.org>
[-- Attachment #1: Type: text/plain, Size: 1993 bytes --]
On Sat, 2010-12-11 at 22:11 -0500, Jeff Layton wrote:
> On Sat, 11 Dec 2010 19:57:11 -0500
> Richard Sharpe <realrichardsharpe-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
> > On Sat, Dec 11, 2010 at 7:30 PM, Jeff Layton <jlayton-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org> wrote:
> > >>
> > >> Will look into this. One thing that concerns me is if a cached etnry
> > >> for a SID with its name and an id (either an uid or a gid), if that SID
> > >> now represents a different object and has differernt name, would
> > >> not cached info be incorrect? Not sure if this can ever happen
> > >> or how would it happen and if it does, what would be a trigger
> > >> for a cache revalidation and purges!
> > >>
> > >
> > > Sure, mappings can change. But, you still have the same problem with
> > > what you're proposing in these patches. The userspace program isn't
> > > setting a timeout on the key. Once a mapping is put in the keyring,
> > > it's there until it's revoked. You probably want to set a max TTL for
> > > the entries in the cache regardless of what scheme is used.
> >
> > I was under the impression that SIDs are never reused. Perhaps I am mistaken.
> >
>
> That may be, but the mapping of a SID is dependent upon settings in
> config files that could change. It seems reasonable to me to only cache
> these mappings for a period of time in the event that they do. That
> period of time could default to being rather long and be tunable.
I think that instead some explicit signal should be made to indicate
that a mapping has changed, so you don't have to worry about cache
times. It should change *very* rarely and only on specific
administrator intervention. We do a lot of things to avoid this
happening in the normal course of events.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 190 bytes --]
next prev parent reply other threads:[~2010-12-12 3:48 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-12-07 17:11 [PATCH] cifs: Support for an upcall to map SID to an uid and a gid shirishpargaonkar-Re5JQEeQqe8AvxtiuMwx3w
[not found] ` <20101211111716.1e21be41@corrin.poochiereds.net>
[not found] ` <20101211111716.1e21be41-4QP7MXygkU+dMjc06nkz3ljfA9RmPOcC@public.gmane.org>
2010-12-11 21:47 ` Shirish Pargaonkar
2010-12-12 0:30 ` Jeff Layton
2010-12-12 0:57 ` Richard Sharpe
[not found] ` <AANLkTiniGp28dxZuoTcjyp0OMEoQ-7E0yE6T8B+VHOLj-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2010-12-12 3:11 ` Jeff Layton
[not found] ` <20101211221159.36e6c814-4QP7MXygkU+dMjc06nkz3ljfA9RmPOcC@public.gmane.org>
2010-12-12 3:48 ` Andrew Bartlett [this message]
2010-12-12 11:39 ` Jeff Layton
[not found] ` <20101212063929.77a619e4-9yPaYZwiELC+kQycOl6kW4xkIHaj4LzF@public.gmane.org>
2010-12-13 3:22 ` Andrew Bartlett
2010-12-13 11:16 ` Jeff Layton
2010-12-14 22:29 ` Shirish Pargaonkar
[not found] ` <20101213061622.7e78e475-9yPaYZwiELC+kQycOl6kW4xkIHaj4LzF@public.gmane.org>
2010-12-14 22:42 ` Andrew Bartlett
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1292125684.7313.4.camel@ruth \
--to=abartlet-eunubhrolfbytjvyw6ydsg@public.gmane.org \
--cc=dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=jlayton-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org \
--cc=linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=realrichardsharpe-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=samba-technical-w/Ol4Ecudpl8XjKLYN78aQ@public.gmane.org \
--cc=smfrench-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox