X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:to:subject:message-id:reply-to :references:mime-version:content-type:in-reply-to; q=dns; s= default; b=xlu70Uep3O6Ekb0c2aUPVwDjFvKNb5ge/oaaStY+GEeofLp0EF75m 5mQJjgDJfruU3FQ4kZxG0KjN+KLucsjPqdqEo5XY25kHNK2OTZIB8MIyA5PCYJZR FbdX99k6hWb91mSVzcBVoWUYvxqVtFsFnxUSLoG7y6xwpnenuSPmsE= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:to:subject:message-id:reply-to :references:mime-version:content-type:in-reply-to; s=default; bh=mwzeVXEiMew34viNTErAB8zXeCk=; b=TMtfLaz5fO1WCNaAb0mD0C6PHQ4o dVXVn+SYO4JfxQFTPLRMyRu3CynPT+yQrxCuRukcPC4ld/PSM2/Phlze86z4NNDz xgkpkX3fyz8qgpJ6sZ5H0AuXLpz+93P6yhfuSDpCNWdv5QNsesx0LkU2N5LPMcdx ML4j7ufncb0RKUo= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-5.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.3.2 X-HELO: calimero.vinschen.de Date: Fri, 18 Jul 2014 21:18:19 +0200 From: Corinna Vinschen To: cygwin AT cygwin DOT com Subject: Re: timeout in LDAP access Message-ID: <20140718191819.GH15332@calimero.vinschen.de> Reply-To: cygwin AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com References: <20140707110714 DOT GJ1803 AT calimero DOT vinschen DOT de> <19B9F8D8-7FD6-4A7B-AC83-BBF8D152319D AT Denis-Excoffier DOT org> <20140709101256 DOT GD26447 AT calimero DOT vinschen DOT de> <20140714095107 DOT GB10401 AT calimero DOT vinschen DOT de> <20140714134836 DOT GA2637 AT calimero DOT vinschen DOT de> <79A8CE40-E412-4479-B058-378823313FA8 AT Denis-Excoffier DOT org> <20140716135151 DOT GC8520 AT calimero DOT vinschen DOT de> <4457DF49-B4C7-4A7C-A189-AB6F4D94794E AT Denis-Excoffier DOT org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="jZNlLGxhPb4urluq" Content-Disposition: inline In-Reply-To: <4457DF49-B4C7-4A7C-A189-AB6F4D94794E@Denis-Excoffier.org> User-Agent: Mutt/1.5.23 (2014-03-12) --jZNlLGxhPb4urluq Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Jul 17 08:33, Denis Excoffier wrote: > On 2014-07-16 15:51, Corinna Vinschen wrote: > > It occured to me that there's another way to do that. The problem > > you're mentioning above could be alleviated if the first Cygwin process > > in a process tree fetches all POSIX offsets of all trusted domains right > > at the start, rather than fetching the POSIX offsets only on demand by > > whatever process needs it. This would slow down the startup of the > > first process slightly (one LDAP request per trusted domain, but only > > asking your primary DC), but this would have two advantages: > >=20 > > - After fetching all POSIX offsets, we could filter out all POSIX > > offsets which don't make sense. These would be set using the fake > > offset setting mechanism. "No sense" would include offsets < 0x110000 > > or offsets > 0xff000000. If the first process in the tree=20 > >=20 > > - The UID/GID values would be stable throughout the process tree. > >=20 > > - The UID/GID values would be stable systemwide when utilizing cygserve= r. > >=20 > > That's a bit of work, but Cygwin 1.7.31 will still come without this > > AD integration code anyway, so we still have time to turn everything > > upside down. > I buy this of course, but i=E2=80=99m still not convinced that we have to > workaround. After all, since i don=E2=80=99t care the other domains in my= daily > work, i=E2=80=99m not affected at all. Most of the users will never be af= fected > i suppose. And if Cygwin happens to circumvent a null posixOffset by > providing its own, there will be even less chances for collisions and > for collisions being reported. >=20 > But we can consider the other way and for that i will use a comparison: > using special characters (like =E2=80=98\n=E2=80=99) gratuitously in the = middle of filenames > is usually considered as a bad practice, but always possible by > doing =E2=80=98char *filename =3D "a\nb"; fopen(filename, "w")=E2=80=99. = Now, once this > file is created, you can use =E2=80=98ls=E2=80=99 in the folder. Do you t= hink =E2=80=98ls' > should respect user decision and display the raw \n in its output or > try to workaround by using some substitution character (like =E2=80=98?= =E2=80=99) in order > not to wrap at unexpected locations? The answer is that =E2=80=98ls=E2=80= =99 substitutes > by default, but also provides a full group of related options to change t= his > behavior (--quoting-style=3DWORD, --hide-control-chars). >=20 > Of course, adding options (eg in nsswitch.conf) to orientate the assignme= nt > of posixOffsets to various substitutes would be useless. Even assigning > the null posixOffsets to non-null values, i=E2=80=99m not convinced of. We really should do that to avoid collisions with system accounts, IMHO. But maybe we should handle it as a border case of a border case, and reliably. Rather than using the default fake mechanism, what if we use default offsets for the two cases: Case 1: posix offset is < 0x100000 =3D=3D> Enforce posix 0ffset 0xfe80000 Case 2: posix offset can't be fetched (this points to a local user having no access to this kind of domain information) =3D=3D> Enforce posix offset 0xfe000000. This would result in potential collisions in very rare border cases, but it would result in reliable mappings throught all processes. And, the complexity would be quite small. Corinna --=20 Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat --jZNlLGxhPb4urluq Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJTyXL7AAoJEPU2Bp2uRE+gcasP/0JQYEaRQxY6Igr99oSSBxDe VcvWqKwKwfU7YJuHR9qs02gMdBJOqd9m5ahBxFSX+3RzJ1TV+8nZMvtJ8BjICpfT L52VHI9pwtciD69L6jMZGera5cxqpQ2b95xiI16xyxhv6XjmbxBluBey4CVBiaOM 6PHk/SwNuUqy5C/+YC/8kk3u+RZNOqfq0pyaJzevLOcc4JTDI+/a4odC9fFExjeT xZkewVBjsoLm0CFKau3iMAeH+Lw436wv/rRnR9VB9O+wqmSXB1PbobhMxM2pPjZX IPPEWrsr6dDyBGmwKykMIrsyIfJ+IvLfHaGlCwFoFKI//NmQfqTat+vbEapJF9ae WSMbbNR/gVtVfM7KUQQTD1Gk8oFDHGLkCpJDqcB+41qUSL9uSPYmAIoL1iqOlc3W LG+aIIaqPzIFdk1XYca0LPKPF0XmEDvgRl8qbqPI2ye2IxF5OkHqcoa2/AROK59r NRPMIHbfQ4pqsk2LrwsBl//Ov5snC/zaj2F21x6mcbBy1T5veEY4CxgBjY1OZU9G +nKVVrfX8rAgnOdmEDbgWAyTCxp2IoLddUNnGAF2ROUzyvvwXEkCsC5fKv1uqQHA TO8OENv2vDzzDXojJBNcE/29ijheVIebk7Z3ow9FW7wWEP2LRLNz6QI7QBmdJaH5 8GEh3mJ27O1AkMxzTyQ3 =Iu1u -----END PGP SIGNATURE----- --jZNlLGxhPb4urluq--