| delorie.com/archives/browse.cgi | search |
| DMARC-Filter: | OpenDMARC Filter v1.4.2 delorie.com 53AAILvi3207269 |
| Authentication-Results: | delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com |
| Authentication-Results: | delorie.com; spf=pass smtp.mailfrom=cygwin.com |
| DKIM-Filter: | OpenDKIM Filter v2.11.0 delorie.com 53AAILvi3207269 |
| Authentication-Results: | delorie.com; |
| dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=oSN3+4PD | |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DKIM-Filter: | OpenDKIM Filter v2.11.0 sourceware.org F30963839433 |
| DKIM-Signature: | v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com; |
| s=default; t=1744280299; | |
| bh=W2BsUWaz69Grhgfv1dOFfQbKwgsST8zQt4ISD1Nm/Gs=; | |
| h=Date:To:Subject:References:In-Reply-To:List-Id:List-Unsubscribe: | |
| List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: | |
| From; | |
| b=oSN3+4PDUuIGZYYpub9e/8eq3TKcEq9uRfz3RcI5tZ/DlWyrqr0+UYysLd9iVNUhU | |
| mDjvPhq+TwMJbdLa5fnd2CmUtVRbt4c9B7pt3dB+m+I2XpV8X2bZWZD09+9uaA5LBG | |
| g0gnh/3snP02aJzQF5l7HycMQJ65HlpA8Uj57/MU= | |
| X-Original-To: | cygwin AT cygwin DOT com |
| Delivered-To: | cygwin AT cygwin DOT com |
| DKIM-Filter: | OpenDKIM Filter v2.11.0 sourceware.org 95E31385ED4A |
| Date: | Thu, 10 Apr 2025 12:17:13 +0200 |
| To: | =?utf-8?B?TGx1w61z?= Batlle i Rossell <viric AT viric DOT name> |
| Subject: | Re: On dropping Capability SIDs |
| Message-ID: | <Z_eaqRStWb2SiXEu@calimero.vinschen.de> |
| Mail-Followup-To: | =?utf-8?B?TGx1w61z?= Batlle i Rossell <viric AT viric DOT name>, |
| cygwin AT cygwin DOT com | |
| References: | <pbli6jecn5go2h7heebwivkwz6xf5h2stvq5fxna4u6pql6uht AT 7xpentpxjiak> |
| MIME-Version: | 1.0 |
| In-Reply-To: | <pbli6jecn5go2h7heebwivkwz6xf5h2stvq5fxna4u6pql6uht@7xpentpxjiak> |
| X-BeenThere: | cygwin AT cygwin DOT com |
| X-Mailman-Version: | 2.1.30 |
| List-Id: | General Cygwin discussions and problem reports <cygwin.cygwin.com> |
| List-Unsubscribe: | <https://cygwin.com/mailman/options/cygwin>, |
| <mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe> | |
| List-Archive: | <https://cygwin.com/pipermail/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-request AT cygwin DOT com?subject=help> |
| List-Subscribe: | <https://cygwin.com/mailman/listinfo/cygwin>, |
| <mailto:cygwin-request AT cygwin DOT com?subject=subscribe> | |
| From: | Corinna Vinschen via Cygwin <cygwin AT cygwin DOT com> |
| Reply-To: | cygwin AT cygwin DOT com |
| Cc: | Corinna Vinschen <corinna-cygwin AT cygwin DOT com>, cygwin AT cygwin DOT com |
| Errors-To: | cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com |
| Sender: | "Cygwin" <cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com> |
| X-MIME-Autoconverted: | from base64 to 8bit by delorie.com id 53AAILvi3207269 |
Hi LluÃs, On Apr 10 09:52, LluÃs Batlle i Rossell via Cygwin wrote: > Hello, > > I saw this change to cygwin to ignore S-1-15-3-* SIDs: > https://www.cygwin.com/cgit/newlib-cygwin/commit/?id=271f187b7b59a6645e24e9c36b60ba31f6527556 > > I think, though, that the current code doesn't completely skip > resolving those never-resolving SIDs. > > I'm annoyed by those SIDs because they slow down any 'stat()' syscall, > specially with active directory. Here are strace microsecond times > (500ms): > > 387924 540348 [main] stat 1327 pwdgrp::fetch_account_from_windows: > LookupAccountSid(S-1-15-3-65536-3323407561-2172269196-3486974656-4132058316-2250862433-3856296919-434318741-3760235072), > Win32 error 1332 > 186045 726814 [main] stat 1327 pwdgrp::fetch_account_from_windows: > LookupAccountSid(S-1-15-3-65536-3323407561-2172269196-3486974656-4132058316-2250862433-3856296919-434318741-3760235072), > Win32 error 1332 > > That slows down a lot things like TAB-completion executing, depending on > the latency of the AD connection. Yeah, the numbers are really bad. I can't reproduce these bad timings, mine are in the vicinity of 5 ms, so I guess I just don't suffer from the latency to AD. > I think that the early part of fetch_account_from_windows should filter > out S-1-15-3-* SIDs as well, instead of asking AD. Sounds like the right thing to do. Actually fetch_account_from_windows performs a lot of its job only after calling one of the Lookup functions, but we know that some of these SIDs never resolve. In case of the capability SIDs, some of them resolve (some of the well-known ones, see https://devblogs.microsoft.com/oldnewthing/20220503-00/?p=106557) but we don't handle them at all and just ignore them. I pushed a patch which skips not only Capability SIDs, but also AzureAD SIDs, IIS APPPOOL SIDs and Samba-generated SIDs. https://sourceware.org/cgit/newlib-cygwin/commit/?id=e04891d67ac7 Please give the next test release cygwin-3.7.0-0.52.ge04891d67ac7 a try. Thanks, Corinna -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |