diff options
-rw-r--r-- | source3/nsswitch/winbindd_sid.c | 4 | ||||
-rw-r--r-- | source3/sam/idmap.c | 27 |
2 files changed, 29 insertions, 2 deletions
diff --git a/source3/nsswitch/winbindd_sid.c b/source3/nsswitch/winbindd_sid.c index 97e676813d..060e66fbc2 100644 --- a/source3/nsswitch/winbindd_sid.c +++ b/source3/nsswitch/winbindd_sid.c @@ -219,7 +219,7 @@ enum winbindd_result winbindd_sid_to_uid(struct winbindd_cli_state *state) if (NT_STATUS_IS_OK(result)) return WINBINDD_OK; - DEBUG(1, ("Could not get uid for sid %s\n", state->request.data.sid)); + DEBUG(4, ("Could not get uid for sid %s\n", state->request.data.sid)); return WINBINDD_ERROR; } @@ -337,7 +337,7 @@ enum winbindd_result winbindd_sid_to_gid(struct winbindd_cli_state *state) if (NT_STATUS_IS_OK(result)) return WINBINDD_OK; - DEBUG(1, ("Could not get gid for sid %s\n", state->request.data.sid)); + DEBUG(4, ("Could not get gid for sid %s\n", state->request.data.sid)); return WINBINDD_ERROR; } diff --git a/source3/sam/idmap.c b/source3/sam/idmap.c index d541776f39..4de37f0e49 100644 --- a/source3/sam/idmap.c +++ b/source3/sam/idmap.c @@ -200,6 +200,7 @@ NTSTATUS idmap_get_id_from_sid(unid_t *id, int *id_type, const DOM_SID *sid) { NTSTATUS ret; int loc_type; + unid_t loc_id; if (proxyonly) return NT_STATUS_UNSUCCESSFUL; @@ -223,6 +224,32 @@ NTSTATUS idmap_get_id_from_sid(unid_t *id, int *id_type, const DOM_SID *sid) return ret; } + /* Before forking out to the possibly slow remote map, lets see if we + * already have the sid as uid when asking for a gid or vice versa. */ + + loc_type = *id_type & ID_TYPEMASK; + + switch (loc_type) { + case ID_USERID: + loc_type = ID_GROUPID; + break; + case ID_GROUPID: + loc_type = ID_USERID; + break; + default: + loc_type = ID_EMPTY; + } + + loc_type |= ID_QUERY_ONLY; + + ret = cache_map->get_id_from_sid(&loc_id, &loc_type, sid); + + if (NT_STATUS_IS_OK(ret)) { + /* Ok, we have the uid as gid or vice versa. The remote map + * would not know anything different, so return here. */ + return NT_STATUS_UNSUCCESSFUL; + } + /* Ok, the mapping was not in the cache, give the remote map a second try. */ |