diff options
author | Fabiano FidĂȘncio <fidencio@redhat.com> | 2017-08-14 13:31:45 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2017-08-28 20:55:22 +0200 |
commit | 3ad33ca77044f9a9d18f7def271b0beb180e567b (patch) | |
tree | dd7be81e1ccc1626006eb40458b3dd220493658e /src/responder | |
parent | 431c7508e0d256b9c712cb9dcb9aa4cb635f4a0b (diff) | |
download | sssd-3ad33ca77044f9a9d18f7def271b0beb180e567b.tar.gz sssd-3ad33ca77044f9a9d18f7def271b0beb180e567b.tar.xz sssd-3ad33ca77044f9a9d18f7def271b0beb180e567b.zip |
NEGCACHE: Add root's uid/gid to ncache
As "root" is not handled by SSSD, let's add its uid and gid to the
negative cache as well. The reason it's added without specifying a
domain is to follow how the negative cache is used by cache req's code
when searching something by id.
As the negative cache check for uid/gid, in the cache req code, is done
after resolving the name, we can save one LDAP call to the data
provider.
Related: https://pagure.io/SSSD/sssd/issue/3460
Signed-off-by: Fabiano FidĂȘncio <fidencio@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/responder')
-rw-r--r-- | src/responder/common/negcache.c | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/src/responder/common/negcache.c b/src/responder/common/negcache.c index 00487a224..b751d89ee 100644 --- a/src/responder/common/negcache.c +++ b/src/responder/common/negcache.c @@ -1073,6 +1073,23 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache, } } + /* Also add "root" uid and gid to the negative cache */ + ret = sss_ncache_set_uid(ncache, true, NULL, 0); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, + "Failed to store permanent uid filter for root (0) " + "(%d [%s])\n", + ret, strerror(ret)); + } + + ret = sss_ncache_set_gid(ncache, true, NULL, 0); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, + "Failed to store permanent gid filter for root (0) " + "(%d [%s])\n", + ret, strerror(ret)); + } + ret = EOK; done: |