summaryrefslogtreecommitdiff
path: root/src/providers/ldap
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2013-08-08 12:04:11 +0200
committerJakub Hrozek <jhrozek@redhat.com>2013-08-19 22:32:34 +0200
commit75dd4b05e1dacc76dc9d5f16be31978f84a71dc5 (patch)
treec01533ef057253df9b22d83db188744a554923c2 /src/providers/ldap
parentfd04fbbf93d33db729404cdc4408f59226025ea6 (diff)
downloadsssd-75dd4b05e1dacc76dc9d5f16be31978f84a71dc5.tar.gz
sssd-75dd4b05e1dacc76dc9d5f16be31978f84a71dc5.tar.bz2
sssd-75dd4b05e1dacc76dc9d5f16be31978f84a71dc5.zip
sysdb_add_incomplete_group: store SID string is available
During initgroups request we read the SID of a group from the server but do not save it to the cache. This patch fixes this and might help to avoid an additional lookup of the SID later.
Diffstat (limited to 'src/providers/ldap')
-rw-r--r--src/providers/ldap/sdap_async_initgroups.c25
-rw-r--r--src/providers/ldap/sdap_async_initgroups_ad.c2
2 files changed, 18 insertions, 9 deletions
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c
index 9a46dc9b..aa0ea4c1 100644
--- a/src/providers/ldap/sdap_async_initgroups.c
+++ b/src/providers/ldap/sdap_async_initgroups.c
@@ -48,7 +48,7 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb,
bool in_transaction = false;
bool posix;
time_t now;
- char *sid_str;
+ char *sid_str = NULL;
bool use_id_mapping;
char *tmp_name;
@@ -127,16 +127,24 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb,
if (strcmp(groupname, missing[i]) == 0) {
posix = true;
+ ret = sdap_attrs_get_sid_str(
+ tmp_ctx, opts->idmap_ctx, ldap_groups[ai],
+ opts->group_map[SDAP_AT_GROUP_OBJECTSID].sys_name,
+ &sid_str);
+ if (ret != EOK && ret != ENOENT) goto done;
+
if (use_id_mapping) {
+ if (sid_str == NULL) {
+ DEBUG(SSSDBG_MINOR_FAILURE, ("No SID for group [%s] " \
+ "while id-mapping.\n",
+ groupname));
+ ret = EINVAL;
+ goto done;
+ }
+
DEBUG(SSSDBG_TRACE_LIBS,
("Mapping group [%s] objectSID to unix ID\n", groupname));
- ret = sdap_attrs_get_sid_str(
- tmp_ctx, opts->idmap_ctx, ldap_groups[ai],
- opts->group_map[SDAP_AT_GROUP_OBJECTSID].sys_name,
- &sid_str);
- if (ret != EOK) goto done;
-
DEBUG(SSSDBG_TRACE_INTERNAL,
("Group [%s] has objectSID [%s]\n",
groupname, sid_str));
@@ -187,7 +195,8 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb,
DEBUG(SSSDBG_TRACE_INTERNAL,
("Adding fake group %s to sysdb\n", groupname));
ret = sysdb_add_incomplete_group(sysdb, domain, groupname, gid,
- original_dn, posix, now);
+ original_dn, sid_str, posix,
+ now);
if (ret != EOK) {
goto done;
}
diff --git a/src/providers/ldap/sdap_async_initgroups_ad.c b/src/providers/ldap/sdap_async_initgroups_ad.c
index 89789204..e5649a2b 100644
--- a/src/providers/ldap/sdap_async_initgroups_ad.c
+++ b/src/providers/ldap/sdap_async_initgroups_ad.c
@@ -496,7 +496,7 @@ sdap_get_ad_tokengroups_initgroups_lookup_done(struct tevent_req *subreq)
ret = sysdb_add_incomplete_group(state->sysdb,
state->domain,
group_name, gid,
- NULL, false, now);
+ NULL, sid_str, false, now);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
("Could not create incomplete group: [%s]\n",