diff options
| author | Sumit Bose <sbose@redhat.com> | 2013-08-08 12:04:11 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-08-19 22:32:34 +0200 |
| commit | 75dd4b05e1dacc76dc9d5f16be31978f84a71dc5 (patch) | |
| tree | c01533ef057253df9b22d83db188744a554923c2 /src/providers | |
| parent | fd04fbbf93d33db729404cdc4408f59226025ea6 (diff) | |
| download | sssd-75dd4b05e1dacc76dc9d5f16be31978f84a71dc5.tar.gz sssd-75dd4b05e1dacc76dc9d5f16be31978f84a71dc5.tar.bz2 sssd-75dd4b05e1dacc76dc9d5f16be31978f84a71dc5.zip | |
sysdb_add_incomplete_group: store SID string is available
During initgroups request we read the SID of a group from the server but
do not save it to the cache. This patch fixes this and might help to
avoid an additional lookup of the SID later.
Diffstat (limited to 'src/providers')
| -rw-r--r-- | src/providers/ldap/sdap_async_initgroups.c | 25 | ||||
| -rw-r--r-- | src/providers/ldap/sdap_async_initgroups_ad.c | 2 |
2 files changed, 18 insertions, 9 deletions
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index 9a46dc9b..aa0ea4c1 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -48,7 +48,7 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, bool in_transaction = false; bool posix; time_t now; - char *sid_str; + char *sid_str = NULL; bool use_id_mapping; char *tmp_name; @@ -127,16 +127,24 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, if (strcmp(groupname, missing[i]) == 0) { posix = true; + ret = sdap_attrs_get_sid_str( + tmp_ctx, opts->idmap_ctx, ldap_groups[ai], + opts->group_map[SDAP_AT_GROUP_OBJECTSID].sys_name, + &sid_str); + if (ret != EOK && ret != ENOENT) goto done; + if (use_id_mapping) { + if (sid_str == NULL) { + DEBUG(SSSDBG_MINOR_FAILURE, ("No SID for group [%s] " \ + "while id-mapping.\n", + groupname)); + ret = EINVAL; + goto done; + } + DEBUG(SSSDBG_TRACE_LIBS, ("Mapping group [%s] objectSID to unix ID\n", groupname)); - ret = sdap_attrs_get_sid_str( - tmp_ctx, opts->idmap_ctx, ldap_groups[ai], - opts->group_map[SDAP_AT_GROUP_OBJECTSID].sys_name, - &sid_str); - if (ret != EOK) goto done; - DEBUG(SSSDBG_TRACE_INTERNAL, ("Group [%s] has objectSID [%s]\n", groupname, sid_str)); @@ -187,7 +195,8 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, DEBUG(SSSDBG_TRACE_INTERNAL, ("Adding fake group %s to sysdb\n", groupname)); ret = sysdb_add_incomplete_group(sysdb, domain, groupname, gid, - original_dn, posix, now); + original_dn, sid_str, posix, + now); if (ret != EOK) { goto done; } diff --git a/src/providers/ldap/sdap_async_initgroups_ad.c b/src/providers/ldap/sdap_async_initgroups_ad.c index 89789204..e5649a2b 100644 --- a/src/providers/ldap/sdap_async_initgroups_ad.c +++ b/src/providers/ldap/sdap_async_initgroups_ad.c @@ -496,7 +496,7 @@ sdap_get_ad_tokengroups_initgroups_lookup_done(struct tevent_req *subreq) ret = sysdb_add_incomplete_group(state->sysdb, state->domain, group_name, gid, - NULL, false, now); + NULL, sid_str, false, now); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not create incomplete group: [%s]\n", |