From 75dd4b05e1dacc76dc9d5f16be31978f84a71dc5 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Thu, 8 Aug 2013 12:04:11 +0200
Subject: sysdb_add_incomplete_group: store SID string is available

During initgroups request we read the SID of a group from the server but
do not save it to the cache. This patch fixes this and might help to
avoid an additional lookup of the SID later.
---
 src/providers/ldap/sdap_async_initgroups.c    | 25 +++++++++++++++++--------
 src/providers/ldap/sdap_async_initgroups_ad.c |  2 +-
 2 files changed, 18 insertions(+), 9 deletions(-)

(limited to 'src/providers')

diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c
index 9a46dc9b9..aa0ea4c1b 100644
--- a/src/providers/ldap/sdap_async_initgroups.c
+++ b/src/providers/ldap/sdap_async_initgroups.c
@@ -48,7 +48,7 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb,
     bool in_transaction = false;
     bool posix;
     time_t now;
-    char *sid_str;
+    char *sid_str = NULL;
     bool use_id_mapping;
     char *tmp_name;
 
@@ -127,16 +127,24 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb,
             if (strcmp(groupname, missing[i]) == 0) {
                 posix = true;
 
+                ret = sdap_attrs_get_sid_str(
+                        tmp_ctx, opts->idmap_ctx, ldap_groups[ai],
+                        opts->group_map[SDAP_AT_GROUP_OBJECTSID].sys_name,
+                        &sid_str);
+                if (ret != EOK && ret != ENOENT) goto done;
+
                 if (use_id_mapping) {
+                    if (sid_str == NULL) {
+                        DEBUG(SSSDBG_MINOR_FAILURE, ("No SID for group [%s] " \
+                                                     "while id-mapping.\n",
+                                                     groupname));
+                        ret = EINVAL;
+                        goto done;
+                    }
+
                     DEBUG(SSSDBG_TRACE_LIBS,
                           ("Mapping group [%s] objectSID to unix ID\n", groupname));
 
-                    ret = sdap_attrs_get_sid_str(
-                            tmp_ctx, opts->idmap_ctx, ldap_groups[ai],
-                            opts->group_map[SDAP_AT_GROUP_OBJECTSID].sys_name,
-                            &sid_str);
-                    if (ret != EOK) goto done;
-
                     DEBUG(SSSDBG_TRACE_INTERNAL,
                           ("Group [%s] has objectSID [%s]\n",
                            groupname, sid_str));
@@ -187,7 +195,8 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb,
                 DEBUG(SSSDBG_TRACE_INTERNAL,
                       ("Adding fake group %s to sysdb\n", groupname));
                 ret = sysdb_add_incomplete_group(sysdb, domain, groupname, gid,
-                                                 original_dn, posix, now);
+                                                 original_dn, sid_str, posix,
+                                                 now);
                 if (ret != EOK) {
                     goto done;
                 }
diff --git a/src/providers/ldap/sdap_async_initgroups_ad.c b/src/providers/ldap/sdap_async_initgroups_ad.c
index 89789204a..e5649a2b9 100644
--- a/src/providers/ldap/sdap_async_initgroups_ad.c
+++ b/src/providers/ldap/sdap_async_initgroups_ad.c
@@ -496,7 +496,7 @@ sdap_get_ad_tokengroups_initgroups_lookup_done(struct tevent_req *subreq)
             ret = sysdb_add_incomplete_group(state->sysdb,
                                              state->domain,
                                              group_name, gid,
-                                             NULL, false, now);
+                                             NULL, sid_str, false, now);
             if (ret != EOK) {
                 DEBUG(SSSDBG_MINOR_FAILURE,
                       ("Could not create incomplete group: [%s]\n",
-- 
cgit