nss: Use negcache for getbysid requests

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
author: Jakub Hrozek <jhrozek@redhat.com> 2015-03-30 18:34:42 +0200
committer: Jakub Hrozek <jhrozek@redhat.com> 2015-04-24 16:46:57 +0200
commit: 6a074a5917a83c8414949b8c9c2b6d044bb652e6 (patch)
tree: 5e8437bf83cbc281a3c0f0adf54cd561cdfa3ba6
parent: ce6f3b6b2925d2c3ec02a76c3a1b6fbe4c7b145e (diff)
download: sssd-6a074a5917a83c8414949b8c9c2b6d044bb652e6.tar.gz
sssd-6a074a5917a83c8414949b8c9c2b6d044bb652e6.tar.xz
sssd-6a074a5917a83c8414949b8c9c2b6d044bb652e6.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
index 72da865d0..45d657173 100644
--- a/src/responder/nss/nsssrv_cmd.c
+++ b/src/responder/nss/nsssrv_cmd.c
@@ -4539,6 +4539,15 @@ static errno_t nss_cmd_getbysid_search(struct nss_dom_ctx *dctx)
         return EIO;
     }
 
+    /* verify this user has not yet been negatively cached,
+        * or has been permanently filtered */
+    ret = sss_ncache_check_sid(nctx->ncache, nctx->neg_timeout, cmdctx->secid);
+    if (ret == EEXIST) {
+        DEBUG(SSSDBG_TRACE_FUNC,
+              "SID [%s] does not exist! (negative cache)\n", cmdctx->secid);
+        return ENOENT;
+    }
+
     ret = sysdb_search_object_by_sid(cmdctx, dom, cmdctx->secid, NULL,
                                      &dctx->res);
     if (ret == ENOENT) {
author	Jakub Hrozek <jhrozek@redhat.com>	2015-03-30 18:34:42 +0200
committer	Jakub Hrozek <jhrozek@redhat.com>	2015-04-24 16:46:57 +0200
commit	6a074a5917a83c8414949b8c9c2b6d044bb652e6 (patch)
tree	5e8437bf83cbc281a3c0f0adf54cd561cdfa3ba6
parent	ce6f3b6b2925d2c3ec02a76c3a1b6fbe4c7b145e (diff)
download	sssd-6a074a5917a83c8414949b8c9c2b6d044bb652e6.tar.gz sssd-6a074a5917a83c8414949b8c9c2b6d044bb652e6.tar.xz sssd-6a074a5917a83c8414949b8c9c2b6d044bb652e6.zip