diff options
author | Sumit Bose <sbose@redhat.com> | 2013-08-08 12:04:11 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-08-19 22:32:34 +0200 |
commit | 75dd4b05e1dacc76dc9d5f16be31978f84a71dc5 (patch) | |
tree | c01533ef057253df9b22d83db188744a554923c2 /src/providers | |
parent | fd04fbbf93d33db729404cdc4408f59226025ea6 (diff) | |
download | sssd-75dd4b05e1dacc76dc9d5f16be31978f84a71dc5.tar.gz sssd-75dd4b05e1dacc76dc9d5f16be31978f84a71dc5.tar.xz sssd-75dd4b05e1dacc76dc9d5f16be31978f84a71dc5.zip |
sysdb_add_incomplete_group: store SID string is available
During initgroups request we read the SID of a group from the server but
do not save it to the cache. This patch fixes this and might help to
avoid an additional lookup of the SID later.
Diffstat (limited to 'src/providers')
-rw-r--r-- | src/providers/ldap/sdap_async_initgroups.c | 25 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_initgroups_ad.c | 2 |
2 files changed, 18 insertions, 9 deletions
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index 9a46dc9b9..aa0ea4c1b 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -48,7 +48,7 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, bool in_transaction = false; bool posix; time_t now; - char *sid_str; + char *sid_str = NULL; bool use_id_mapping; char *tmp_name; @@ -127,16 +127,24 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, if (strcmp(groupname, missing[i]) == 0) { posix = true; + ret = sdap_attrs_get_sid_str( + tmp_ctx, opts->idmap_ctx, ldap_groups[ai], + opts->group_map[SDAP_AT_GROUP_OBJECTSID].sys_name, + &sid_str); + if (ret != EOK && ret != ENOENT) goto done; + if (use_id_mapping) { + if (sid_str == NULL) { + DEBUG(SSSDBG_MINOR_FAILURE, ("No SID for group [%s] " \ + "while id-mapping.\n", + groupname)); + ret = EINVAL; + goto done; + } + DEBUG(SSSDBG_TRACE_LIBS, ("Mapping group [%s] objectSID to unix ID\n", groupname)); - ret = sdap_attrs_get_sid_str( - tmp_ctx, opts->idmap_ctx, ldap_groups[ai], - opts->group_map[SDAP_AT_GROUP_OBJECTSID].sys_name, - &sid_str); - if (ret != EOK) goto done; - DEBUG(SSSDBG_TRACE_INTERNAL, ("Group [%s] has objectSID [%s]\n", groupname, sid_str)); @@ -187,7 +195,8 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, DEBUG(SSSDBG_TRACE_INTERNAL, ("Adding fake group %s to sysdb\n", groupname)); ret = sysdb_add_incomplete_group(sysdb, domain, groupname, gid, - original_dn, posix, now); + original_dn, sid_str, posix, + now); if (ret != EOK) { goto done; } diff --git a/src/providers/ldap/sdap_async_initgroups_ad.c b/src/providers/ldap/sdap_async_initgroups_ad.c index 89789204a..e5649a2b9 100644 --- a/src/providers/ldap/sdap_async_initgroups_ad.c +++ b/src/providers/ldap/sdap_async_initgroups_ad.c @@ -496,7 +496,7 @@ sdap_get_ad_tokengroups_initgroups_lookup_done(struct tevent_req *subreq) ret = sysdb_add_incomplete_group(state->sysdb, state->domain, group_name, gid, - NULL, false, now); + NULL, sid_str, false, now); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not create incomplete group: [%s]\n", |