#3706 Hide debug message domain not found for well known sid
Closed: Fixed 4 months ago by pbrezina. Opened 6 months ago by pbrezina.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1565761

Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.

Description of problem:
Some SID which are well known & static should not be lookup in AD example https
://support.microsoft.com/en-in/help/243330/well-known-security-identifiers-in-w
indows-operating-systems

lookups of these well-known SIDs should not be necessary (due to the static
nature, the data could be buillt-on for faster lookups)

We see entries like

[sdap_ad_tokengroups_get_posix_members] (0x0080): Domain not found for SID
S-1-5-32-573

Grep for identical entries reveals the full list of well-known SIDs with logs
entries as follows:

  S-1-5-32-545
  S-1-5-32-548
  S-1-5-32-549
  S-1-5-32-550
  S-1-5-32-551
  S-1-5-32-555
  S-1-5-32-573

Looks this code will fix the issue:
sdap_ad_save_group_membership_with_idmapping(){ ./src/providers/ldap/sdap_async_initgroups_ad.c
const char domptr;
const char
nameptr;
if(well_known_sid_to_name(sid,&domptr, &nameptr) != EOK){ <<<<<<<
domain = sss_get_domain_by_sid_ldap_fallback(user_dom, sid);
if (domain == NULL) {
DEBUG(SSSDBG_MINOR_FAILURE, "Domain not found for SID %s\n", sid);
continue;
}
} <<<<<<<
}

But need to test it.

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 1.16.2
- Issue tagged with: easyfix

6 months ago

@amitkumar25nov yes, I think something like this, although I think it might be better to only call the well_known function in the fail handler to avoid printing the debug message, otherwise we would convert the sid to name needlessly.

It might be cleanest to add is_well_known_sid function, but I'm not sure if it's worth extending the API because of this single use-case..

Metadata Update from @jhrozek:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1565761

6 months ago

Metadata Update from @jhrozek:
- Issue tagged with: PR, bug

4 months ago

Metadata Update from @jhrozek:
- Issue assigned to jhrozek

4 months ago

Metadata Update from @jhrozek:
- Issue priority set to: minor

4 months ago

Metadata Update from @fidencio:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

4 months ago

Login to comment on this ticket.

Metadata