From 49ace81e19de231825216cbf07c7422687131bb6 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 3 Feb 2010 11:32:41 +0100 Subject: s3:pdb_ldap: optimize ldapsam_alias_memberships() and cache ldap searches. ldapsam_alias_memberships() does the same LDAP search twice, triggered via add_aliases() from create_local_nt_token(). This happens when no domain aliases are used. metze --- source3/include/smbldap.h | 5 +++++ source3/passdb/pdb_ldap.c | 36 +++++++++++++++++++++++++++++------- 2 files changed, 34 insertions(+), 7 deletions(-) diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index e3b03d4948..ec0e9f5c18 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -196,6 +196,11 @@ struct ldapsam_privates { /* ldap server location parameter */ char *location; + + struct { + char *filter; + LDAPMessage *result; + } search_cache; }; /* Functions shared between pdb_ldap.c and pdb_nds.c. */ diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index 197e405ff4..224e8687fc 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -3803,11 +3803,14 @@ static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods, int rc; char *filter; enum lsa_SidType type = SID_NAME_USE_NONE; + bool is_builtin = false; + bool sid_added = false; *pp_alias_rids = NULL; *p_num_alias_rids = 0; if (sid_check_is_builtin(domain_sid)) { + is_builtin = true; type = SID_NAME_ALIAS; } @@ -3841,11 +3844,20 @@ static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods, return NT_STATUS_NO_MEMORY; } - rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_suffix(), - LDAP_SCOPE_SUBTREE, filter, attrs, 0, &result); - - if (rc != LDAP_SUCCESS) - return NT_STATUS_UNSUCCESSFUL; + if (is_builtin && + ldap_state->search_cache.filter && + strcmp(ldap_state->search_cache.filter, filter) == 0) { + filter = talloc_move(filter, &ldap_state->search_cache.filter); + result = ldap_state->search_cache.result; + ldap_state->search_cache.result = NULL; + } else { + rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_suffix(), + LDAP_SCOPE_SUBTREE, filter, attrs, 0, &result); + if (rc != LDAP_SUCCESS) { + return NT_STATUS_UNSUCCESSFUL; + } + talloc_autofree_ldapmsg(filter, result); + } ldap_struct = ldap_state->smbldap_state->ldap_struct; @@ -3869,14 +3881,24 @@ static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods, if (!sid_peek_check_rid(domain_sid, &sid, &rid)) continue; + sid_added = true; + if (!add_rid_to_array_unique(mem_ctx, rid, pp_alias_rids, p_num_alias_rids)) { - ldap_msgfree(result); return NT_STATUS_NO_MEMORY; } } - ldap_msgfree(result); + if (!is_builtin && !sid_added) { + TALLOC_FREE(ldap_state->search_cache.filter); + /* + * Note: result is a talloc child of filter because of the + * talloc_autofree_ldapmsg() usage + */ + ldap_state->search_cache.filter = talloc_move(ldap_state, &filter); + ldap_state->search_cache.result = result; + } + return NT_STATUS_OK; } -- cgit