From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 10485 invoked by alias); 18 Jul 2014 19:18:23 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 10465 invoked by uid 89); 18 Jul 2014 19:18:22 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-5.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.3.2 X-HELO: calimero.vinschen.de Received: from aquarius.hirmke.de (HELO calimero.vinschen.de) (217.91.18.234) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 18 Jul 2014 19:18:21 +0000 Received: by calimero.vinschen.de (Postfix, from userid 500) id 290018E0600; Fri, 18 Jul 2014 21:18:19 +0200 (CEST) Date: Fri, 18 Jul 2014 19:18:00 -0000 From: Corinna Vinschen To: cygwin@cygwin.com Subject: Re: timeout in LDAP access Message-ID: <20140718191819.GH15332@calimero.vinschen.de> Reply-To: cygwin@cygwin.com Mail-Followup-To: cygwin@cygwin.com References: <20140707110714.GJ1803@calimero.vinschen.de> <19B9F8D8-7FD6-4A7B-AC83-BBF8D152319D@Denis-Excoffier.org> <20140709101256.GD26447@calimero.vinschen.de> <20140714095107.GB10401@calimero.vinschen.de> <20140714134836.GA2637@calimero.vinschen.de> <79A8CE40-E412-4479-B058-378823313FA8@Denis-Excoffier.org> <20140716135151.GC8520@calimero.vinschen.de> <4457DF49-B4C7-4A7C-A189-AB6F4D94794E@Denis-Excoffier.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="jZNlLGxhPb4urluq" Content-Disposition: inline In-Reply-To: <4457DF49-B4C7-4A7C-A189-AB6F4D94794E@Denis-Excoffier.org> User-Agent: Mutt/1.5.23 (2014-03-12) X-SW-Source: 2014-07/txt/msg00224.txt.bz2 --jZNlLGxhPb4urluq Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-length: 3535 On Jul 17 08:33, Denis Excoffier wrote: > On 2014-07-16 15:51, Corinna Vinschen wrote: > > It occured to me that there's another way to do that. The problem > > you're mentioning above could be alleviated if the first Cygwin process > > in a process tree fetches all POSIX offsets of all trusted domains right > > at the start, rather than fetching the POSIX offsets only on demand by > > whatever process needs it. This would slow down the startup of the > > first process slightly (one LDAP request per trusted domain, but only > > asking your primary DC), but this would have two advantages: > >=20 > > - After fetching all POSIX offsets, we could filter out all POSIX > > offsets which don't make sense. These would be set using the fake > > offset setting mechanism. "No sense" would include offsets < 0x110000 > > or offsets > 0xff000000. If the first process in the tree=20 > >=20 > > - The UID/GID values would be stable throughout the process tree. > >=20 > > - The UID/GID values would be stable systemwide when utilizing cygserve= r. > >=20 > > That's a bit of work, but Cygwin 1.7.31 will still come without this > > AD integration code anyway, so we still have time to turn everything > > upside down. > I buy this of course, but i=E2=80=99m still not convinced that we have to > workaround. After all, since i don=E2=80=99t care the other domains in my= daily > work, i=E2=80=99m not affected at all. Most of the users will never be af= fected > i suppose. And if Cygwin happens to circumvent a null posixOffset by > providing its own, there will be even less chances for collisions and > for collisions being reported. >=20 > But we can consider the other way and for that i will use a comparison: > using special characters (like =E2=80=98\n=E2=80=99) gratuitously in the = middle of filenames > is usually considered as a bad practice, but always possible by > doing =E2=80=98char *filename =3D "a\nb"; fopen(filename, "w")=E2=80=99. = Now, once this > file is created, you can use =E2=80=98ls=E2=80=99 in the folder. Do you t= hink =E2=80=98ls' > should respect user decision and display the raw \n in its output or > try to workaround by using some substitution character (like =E2=80=98?= =E2=80=99) in order > not to wrap at unexpected locations? The answer is that =E2=80=98ls=E2=80= =99 substitutes > by default, but also provides a full group of related options to change t= his > behavior (--quoting-style=3DWORD, --hide-control-chars). >=20 > Of course, adding options (eg in nsswitch.conf) to orientate the assignme= nt > of posixOffsets to various substitutes would be useless. Even assigning > the null posixOffsets to non-null values, i=E2=80=99m not convinced of. We really should do that to avoid collisions with system accounts, IMHO. But maybe we should handle it as a border case of a border case, and reliably. Rather than using the default fake mechanism, what if we use default offsets for the two cases: Case 1: posix offset is < 0x100000 =3D=3D> Enforce posix 0ffset 0xfe80000 Case 2: posix offset can't be fetched (this points to a local user having no access to this kind of domain information) =3D=3D> Enforce posix offset 0xfe000000. This would result in potential collisions in very rare border cases, but it would result in reliable mappings throught all processes. And, the complexity would be quite small. Corinna --=20 Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat --jZNlLGxhPb4urluq Content-Type: application/pgp-signature Content-length: 819 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJTyXL7AAoJEPU2Bp2uRE+gcasP/0JQYEaRQxY6Igr99oSSBxDe VcvWqKwKwfU7YJuHR9qs02gMdBJOqd9m5ahBxFSX+3RzJ1TV+8nZMvtJ8BjICpfT L52VHI9pwtciD69L6jMZGera5cxqpQ2b95xiI16xyxhv6XjmbxBluBey4CVBiaOM 6PHk/SwNuUqy5C/+YC/8kk3u+RZNOqfq0pyaJzevLOcc4JTDI+/a4odC9fFExjeT xZkewVBjsoLm0CFKau3iMAeH+Lw436wv/rRnR9VB9O+wqmSXB1PbobhMxM2pPjZX IPPEWrsr6dDyBGmwKykMIrsyIfJ+IvLfHaGlCwFoFKI//NmQfqTat+vbEapJF9ae WSMbbNR/gVtVfM7KUQQTD1Gk8oFDHGLkCpJDqcB+41qUSL9uSPYmAIoL1iqOlc3W LG+aIIaqPzIFdk1XYca0LPKPF0XmEDvgRl8qbqPI2ye2IxF5OkHqcoa2/AROK59r NRPMIHbfQ4pqsk2LrwsBl//Ov5snC/zaj2F21x6mcbBy1T5veEY4CxgBjY1OZU9G +nKVVrfX8rAgnOdmEDbgWAyTCxp2IoLddUNnGAF2ROUzyvvwXEkCsC5fKv1uqQHA TO8OENv2vDzzDXojJBNcE/29ijheVIebk7Z3ow9FW7wWEP2LRLNz6QI7QBmdJaH5 8GEh3mJ27O1AkMxzTyQ3 =Iu1u -----END PGP SIGNATURE----- --jZNlLGxhPb4urluq--