summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/nsswitch/winbindd_sid.c4
-rw-r--r--source3/sam/idmap.c27
2 files changed, 29 insertions, 2 deletions
diff --git a/source3/nsswitch/winbindd_sid.c b/source3/nsswitch/winbindd_sid.c
index 97e676813d..060e66fbc2 100644
--- a/source3/nsswitch/winbindd_sid.c
+++ b/source3/nsswitch/winbindd_sid.c
@@ -219,7 +219,7 @@ enum winbindd_result winbindd_sid_to_uid(struct winbindd_cli_state *state)
if (NT_STATUS_IS_OK(result))
return WINBINDD_OK;
- DEBUG(1, ("Could not get uid for sid %s\n", state->request.data.sid));
+ DEBUG(4, ("Could not get uid for sid %s\n", state->request.data.sid));
return WINBINDD_ERROR;
}
@@ -337,7 +337,7 @@ enum winbindd_result winbindd_sid_to_gid(struct winbindd_cli_state *state)
if (NT_STATUS_IS_OK(result))
return WINBINDD_OK;
- DEBUG(1, ("Could not get gid for sid %s\n", state->request.data.sid));
+ DEBUG(4, ("Could not get gid for sid %s\n", state->request.data.sid));
return WINBINDD_ERROR;
}
diff --git a/source3/sam/idmap.c b/source3/sam/idmap.c
index d541776f39..4de37f0e49 100644
--- a/source3/sam/idmap.c
+++ b/source3/sam/idmap.c
@@ -200,6 +200,7 @@ NTSTATUS idmap_get_id_from_sid(unid_t *id, int *id_type, const DOM_SID *sid)
{
NTSTATUS ret;
int loc_type;
+ unid_t loc_id;
if (proxyonly)
return NT_STATUS_UNSUCCESSFUL;
@@ -223,6 +224,32 @@ NTSTATUS idmap_get_id_from_sid(unid_t *id, int *id_type, const DOM_SID *sid)
return ret;
}
+ /* Before forking out to the possibly slow remote map, lets see if we
+ * already have the sid as uid when asking for a gid or vice versa. */
+
+ loc_type = *id_type & ID_TYPEMASK;
+
+ switch (loc_type) {
+ case ID_USERID:
+ loc_type = ID_GROUPID;
+ break;
+ case ID_GROUPID:
+ loc_type = ID_USERID;
+ break;
+ default:
+ loc_type = ID_EMPTY;
+ }
+
+ loc_type |= ID_QUERY_ONLY;
+
+ ret = cache_map->get_id_from_sid(&loc_id, &loc_type, sid);
+
+ if (NT_STATUS_IS_OK(ret)) {
+ /* Ok, we have the uid as gid or vice versa. The remote map
+ * would not know anything different, so return here. */
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
/* Ok, the mapping was not in the cache, give the remote map a
second try. */