timeout in LDAP access
Mon Jul 28 09:21:00 GMT 2014
On Jul 18 21:18, Corinna Vinschen wrote:
> On Jul 17 08:33, Denis Excoffier wrote:
> > On 2014-07-16 15:51, Corinna Vinschen wrote:
> > > It occured to me that there's another way to do that. The problem
> > > you're mentioning above could be alleviated if the first Cygwin process
> > > in a process tree fetches all POSIX offsets of all trusted domains right
> > > at the start, rather than fetching the POSIX offsets only on demand by
> > > whatever process needs it. This would slow down the startup of the
> > > first process slightly (one LDAP request per trusted domain, but only
> > > asking your primary DC), but this would have two advantages:
> > >
> > > - After fetching all POSIX offsets, we could filter out all POSIX
> > > offsets which don't make sense. These would be set using the fake
> > > offset setting mechanism. "No sense" would include offsets < 0x110000
> > > or offsets > 0xff000000. If the first process in the tree
> > >
> > > - The UID/GID values would be stable throughout the process tree.
> > >
> > > - The UID/GID values would be stable systemwide when utilizing cygserver.
> > >
> > > That's a bit of work, but Cygwin 1.7.31 will still come without this
> > > AD integration code anyway, so we still have time to turn everything
> > > upside down.
> > I buy this of course, but i’m still not convinced that we have to
> > workaround. After all, since i don’t care the other domains in my daily
> > work, i’m not affected at all. Most of the users will never be affected
> > i suppose. And if Cygwin happens to circumvent a null posixOffset by
> > providing its own, there will be even less chances for collisions and
> > for collisions being reported.
> > But we can consider the other way and for that i will use a comparison:
> > using special characters (like ‘\n’) gratuitously in the middle of filenames
> > is usually considered as a bad practice, but always possible by
> > doing ‘char *filename = "a\nb"; fopen(filename, "w")’. Now, once this
> > file is created, you can use ‘ls’ in the folder. Do you think ‘ls'
> > should respect user decision and display the raw \n in its output or
> > try to workaround by using some substitution character (like ‘?’) in order
> > not to wrap at unexpected locations? The answer is that ‘ls’ substitutes
> > by default, but also provides a full group of related options to change this
> > behavior (--quoting-style=WORD, --hide-control-chars).
> > Of course, adding options (eg in nsswitch.conf) to orientate the assignment
> > of posixOffsets to various substitutes would be useless. Even assigning
> > the null posixOffsets to non-null values, i’m not convinced of.
> We really should do that to avoid collisions with system accounts, IMHO.
> But maybe we should handle it as a border case of a border case, and
> reliably. Rather than using the default fake mechanism, what if
> we use default offsets for the two cases:
> Case 1: posix offset is < 0x100000 ==> Enforce posix 0ffset 0xfe80000
> Case 2: posix offset can't be fetched (this points to a local user
> having no access to this kind of domain information)
> ==> Enforce posix offset 0xfe000000.
> This would result in potential collisions in very rare border cases,
> but it would result in reliable mappings throught all processes.
> And, the complexity would be quite small.
any feedback on this one? Shall I create a snapshot with a matching
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 819 bytes
Desc: not available
More information about the Cygwin