summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2010-02-03 11:32:41 +0100
committerKarolin Seeger <kseeger@samba.org>2010-02-15 14:46:55 +0100
commitadaaf2cda06fc32045b2e71b278c52b50f2d46e6 (patch)
treecb10d50cf104c2ca0b931a3b16840a7384e73201
parent9cae496868261e0f21add61df9c86c5089d39d67 (diff)
downloadsamba-adaaf2cda06fc32045b2e71b278c52b50f2d46e6.tar.gz
samba-adaaf2cda06fc32045b2e71b278c52b50f2d46e6.tar.xz
samba-adaaf2cda06fc32045b2e71b278c52b50f2d46e6.zip
s3:pdb_ldap: optimize ldapsam_alias_memberships() and cache ldap searches.
ldapsam_alias_memberships() does the same LDAP search twice, triggered via add_aliases() from create_local_nt_token(). This happens when no domain aliases are used. metze (cherry picked from commit 49ace81e19de231825216cbf07c7422687131bb6) (cherry picked from commit cb31c1df92b195b3fb80b6e21bfba83b8cd867fd) Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 8f1c7c117b3bca058024daa34f777efa5ece88f8)
-rw-r--r--source3/include/smbldap.h5
-rw-r--r--source3/passdb/pdb_ldap.c36
2 files changed, 34 insertions, 7 deletions
diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h
index 726d5f7ce41..7383670a0a4 100644
--- a/source3/include/smbldap.h
+++ b/source3/include/smbldap.h
@@ -196,6 +196,11 @@ struct ldapsam_privates {
/* ldap server location parameter */
char *location;
+
+ struct {
+ char *filter;
+ LDAPMessage *result;
+ } search_cache;
};
/* Functions shared between pdb_ldap.c and pdb_nds.c. */
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 5423e322164..e1ae8a3f913 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -3791,8 +3791,11 @@ static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods,
int rc;
char *filter;
enum lsa_SidType type = SID_NAME_USE_NONE;
+ bool is_builtin = false;
+ bool sid_added = false;
if (sid_check_is_builtin(domain_sid)) {
+ is_builtin = true;
type = SID_NAME_ALIAS;
}
@@ -3822,11 +3825,20 @@ static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods,
return NT_STATUS_NO_MEMORY;
}
- rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_suffix(),
- LDAP_SCOPE_SUBTREE, filter, attrs, 0, &result);
-
- if (rc != LDAP_SUCCESS)
- return NT_STATUS_UNSUCCESSFUL;
+ if (is_builtin &&
+ ldap_state->search_cache.filter &&
+ strcmp(ldap_state->search_cache.filter, filter) == 0) {
+ filter = talloc_move(filter, &ldap_state->search_cache.filter);
+ result = ldap_state->search_cache.result;
+ ldap_state->search_cache.result = NULL;
+ } else {
+ rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_suffix(),
+ LDAP_SCOPE_SUBTREE, filter, attrs, 0, &result);
+ if (rc != LDAP_SUCCESS) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ talloc_autofree_ldapmsg(filter, result);
+ }
ldap_struct = ldap_state->smbldap_state->ldap_struct;
@@ -3850,14 +3862,24 @@ static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods,
if (!sid_peek_check_rid(domain_sid, &sid, &rid))
continue;
+ sid_added = true;
+
if (!add_rid_to_array_unique(mem_ctx, rid, pp_alias_rids,
p_num_alias_rids)) {
- ldap_msgfree(result);
return NT_STATUS_NO_MEMORY;
}
}
- ldap_msgfree(result);
+ if (!is_builtin && !sid_added) {
+ TALLOC_FREE(ldap_state->search_cache.filter);
+ /*
+ * Note: result is a talloc child of filter because of the
+ * talloc_autofree_ldapmsg() usage
+ */
+ ldap_state->search_cache.filter = talloc_move(ldap_state, &filter);
+ ldap_state->search_cache.result = result;
+ }
+
return NT_STATUS_OK;
}