X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=xlu70Uep3O6Ekb0c2aUPVwDjFvKNb5ge/oaaStY+GEeofLp0EF75m
	5mQJjgDJfruU3FQ4kZxG0KjN+KLucsjPqdqEo5XY25kHNK2OTZIB8MIyA5PCYJZR
	FbdX99k6hWb91mSVzcBVoWUYvxqVtFsFnxUSLoG7y6xwpnenuSPmsE=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	 bh=mwzeVXEiMew34viNTErAB8zXeCk=; b=TMtfLaz5fO1WCNaAb0mD0C6PHQ4o
	dVXVn+SYO4JfxQFTPLRMyRu3CynPT+yQrxCuRukcPC4ld/PSM2/Phlze86z4NNDz
	xgkpkX3fyz8qgpJ6sZ5H0AuXLpz+93P6yhfuSDpCNWdv5QNsesx0LkU2N5LPMcdx
	ML4j7ufncb0RKUo=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-5.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.3.2
X-HELO: calimero.vinschen.de
Date: Fri, 18 Jul 2014 21:18:19 +0200
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: timeout in LDAP access
Message-ID: <20140718191819.GH15332@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <E3509AAC-C4A0-4293-988F-E94BF2421180 AT free DOT fr> <20140707110714 DOT GJ1803 AT calimero DOT vinschen DOT de> <19B9F8D8-7FD6-4A7B-AC83-BBF8D152319D AT Denis-Excoffier DOT org> <20140709101256 DOT GD26447 AT calimero DOT vinschen DOT de> <BA09D7D8-96E6-431F-9434-8BA8A2AB4952 AT Denis-Excoffier DOT org> <20140714095107 DOT GB10401 AT calimero DOT vinschen DOT de> <20140714134836 DOT GA2637 AT calimero DOT vinschen DOT de> <79A8CE40-E412-4479-B058-378823313FA8 AT Denis-Excoffier DOT org> <20140716135151 DOT GC8520 AT calimero DOT vinschen DOT de> <4457DF49-B4C7-4A7C-A189-AB6F4D94794E AT Denis-Excoffier DOT org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;	protocol="application/pgp-signature"; boundary="jZNlLGxhPb4urluq"
Content-Disposition: inline
In-Reply-To: <4457DF49-B4C7-4A7C-A189-AB6F4D94794E@Denis-Excoffier.org>
User-Agent: Mutt/1.5.23 (2014-03-12)

--jZNlLGxhPb4urluq
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Jul 17 08:33, Denis Excoffier wrote:
> On 2014-07-16 15:51, Corinna Vinschen wrote:
> > It occured to me that there's another way to do that.  The problem
> > you're mentioning above could be alleviated if the first Cygwin process
> > in a process tree fetches all POSIX offsets of all trusted domains right
> > at the start, rather than fetching the POSIX offsets only on demand by
> > whatever process needs it.  This would slow down the startup of the
> > first process slightly (one LDAP request per trusted domain, but only
> > asking your primary DC), but this would have two advantages:
> >=20
> > - After fetching all POSIX offsets, we could filter out all POSIX
> >  offsets which don't make sense.  These would be set using the fake
> >  offset setting mechanism.  "No sense" would include offsets < 0x110000
> >  or offsets > 0xff000000.  If the first process in the tree=20
> >=20
> > - The UID/GID values would be stable throughout the process tree.
> >=20
> > - The UID/GID values would be stable systemwide when utilizing cygserve=
r.
> >=20
> > That's a bit of work, but Cygwin 1.7.31 will still come without this
> > AD integration code anyway, so we still have time to turn everything
> > upside down.
> I buy this of course, but i=E2=80=99m still not convinced that we have to
> workaround. After all, since i don=E2=80=99t care the other domains in my=
 daily
> work, i=E2=80=99m not affected at all. Most of the users will never be af=
fected
> i suppose. And if Cygwin happens to circumvent a null posixOffset by
> providing its own, there will be even less chances for collisions and
> for collisions being reported.
>=20
> But we can consider the other way and for that i will use a comparison:
> using special characters (like =E2=80=98\n=E2=80=99) gratuitously in the =
middle of filenames
> is usually considered as a bad practice, but always possible by
> doing =E2=80=98char *filename =3D "a\nb"; fopen(filename, "w")=E2=80=99. =
Now, once this
> file is created, you can use =E2=80=98ls=E2=80=99 in the folder. Do you t=
hink =E2=80=98ls'
> should respect user decision and display the raw \n in its output or
> try to workaround by using some substitution character (like =E2=80=98?=
=E2=80=99) in order
> not to wrap at unexpected locations? The answer is that =E2=80=98ls=E2=80=
=99 substitutes
> by default, but also provides a full group of related options to change t=
his
> behavior (--quoting-style=3DWORD, --hide-control-chars).
>=20
> Of course, adding options (eg in nsswitch.conf) to orientate the assignme=
nt
> of posixOffsets to various substitutes would be useless. Even assigning
> the null posixOffsets to non-null values, i=E2=80=99m not convinced of.

We really should do that to avoid collisions with system accounts, IMHO.

But maybe we should handle it as a border case of a border case, and
reliably.  Rather than using the default fake mechanism, what if
we use default offsets for the two cases:

Case 1: posix offset is < 0x100000  =3D=3D> Enforce posix 0ffset 0xfe80000
Case 2: posix offset can't be fetched (this points to a local user
        having no access to this kind of domain information)
	=3D=3D> Enforce posix offset 0xfe000000.

This would result in potential collisions in very rare border cases,
but it would result in reliable mappings throught all processes.
And, the complexity would be quite small.


Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--jZNlLGxhPb4urluq
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJTyXL7AAoJEPU2Bp2uRE+gcasP/0JQYEaRQxY6Igr99oSSBxDe
VcvWqKwKwfU7YJuHR9qs02gMdBJOqd9m5ahBxFSX+3RzJ1TV+8nZMvtJ8BjICpfT
L52VHI9pwtciD69L6jMZGera5cxqpQ2b95xiI16xyxhv6XjmbxBluBey4CVBiaOM
6PHk/SwNuUqy5C/+YC/8kk3u+RZNOqfq0pyaJzevLOcc4JTDI+/a4odC9fFExjeT
xZkewVBjsoLm0CFKau3iMAeH+Lw436wv/rRnR9VB9O+wqmSXB1PbobhMxM2pPjZX
IPPEWrsr6dDyBGmwKykMIrsyIfJ+IvLfHaGlCwFoFKI//NmQfqTat+vbEapJF9ae
WSMbbNR/gVtVfM7KUQQTD1Gk8oFDHGLkCpJDqcB+41qUSL9uSPYmAIoL1iqOlc3W
LG+aIIaqPzIFdk1XYca0LPKPF0XmEDvgRl8qbqPI2ye2IxF5OkHqcoa2/AROK59r
NRPMIHbfQ4pqsk2LrwsBl//Ov5snC/zaj2F21x6mcbBy1T5veEY4CxgBjY1OZU9G
+nKVVrfX8rAgnOdmEDbgWAyTCxp2IoLddUNnGAF2ROUzyvvwXEkCsC5fKv1uqQHA
TO8OENv2vDzzDXojJBNcE/29ijheVIebk7Z3ow9FW7wWEP2LRLNz6QI7QBmdJaH5
8GEh3mJ27O1AkMxzTyQ3
=Iu1u
-----END PGP SIGNATURE-----

--jZNlLGxhPb4urluq--