From 6a074a5917a83c8414949b8c9c2b6d044bb652e6 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Mon, 30 Mar 2015 18:34:42 +0200
Subject: nss: Use negcache for getbysid requests
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
---
 src/responder/nss/nsssrv_cmd.c | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'src/responder')

diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
index 72da865d0..45d657173 100644
--- a/src/responder/nss/nsssrv_cmd.c
+++ b/src/responder/nss/nsssrv_cmd.c
@@ -4539,6 +4539,15 @@ static errno_t nss_cmd_getbysid_search(struct nss_dom_ctx *dctx)
         return EIO;
     }
 
+    /* verify this user has not yet been negatively cached,
+        * or has been permanently filtered */
+    ret = sss_ncache_check_sid(nctx->ncache, nctx->neg_timeout, cmdctx->secid);
+    if (ret == EEXIST) {
+        DEBUG(SSSDBG_TRACE_FUNC,
+              "SID [%s] does not exist! (negative cache)\n", cmdctx->secid);
+        return ENOENT;
+    }
+
     ret = sysdb_search_object_by_sid(cmdctx, dom, cmdctx->secid, NULL,
                                      &dctx->res);
     if (ret == ENOENT) {
-- 
cgit