58 lines
1.9 KiB
Diff
58 lines
1.9 KiB
Diff
|
From 3ad33ca77044f9a9d18f7def271b0beb180e567b Mon Sep 17 00:00:00 2001
|
||
|
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
|
||
|
Date: Mon, 14 Aug 2017 13:31:45 +0200
|
||
|
Subject: [PATCH 69/93] NEGCACHE: Add root's uid/gid to ncache
|
||
|
MIME-Version: 1.0
|
||
|
Content-Type: text/plain; charset=UTF-8
|
||
|
Content-Transfer-Encoding: 8bit
|
||
|
|
||
|
As "root" is not handled by SSSD, let's add its uid and gid to the
|
||
|
negative cache as well. The reason it's added without specifying a
|
||
|
domain is to follow how the negative cache is used by cache req's code
|
||
|
when searching something by id.
|
||
|
|
||
|
As the negative cache check for uid/gid, in the cache req code, is done
|
||
|
after resolving the name, we can save one LDAP call to the data
|
||
|
provider.
|
||
|
|
||
|
Related: https://pagure.io/SSSD/sssd/issue/3460
|
||
|
|
||
|
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
|
||
|
|
||
|
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
||
|
---
|
||
|
src/responder/common/negcache.c | 17 +++++++++++++++++
|
||
|
1 file changed, 17 insertions(+)
|
||
|
|
||
|
diff --git a/src/responder/common/negcache.c b/src/responder/common/negcache.c
|
||
|
index 00487a2245b12f084714c60d850dc837d43d9d43..b751d89ee9e67eea32ec4ed0935fcd67d3e92f47 100644
|
||
|
--- a/src/responder/common/negcache.c
|
||
|
+++ b/src/responder/common/negcache.c
|
||
|
@@ -1073,6 +1073,23 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache,
|
||
|
}
|
||
|
}
|
||
|
|
||
|
+ /* Also add "root" uid and gid to the negative cache */
|
||
|
+ ret = sss_ncache_set_uid(ncache, true, NULL, 0);
|
||
|
+ if (ret != EOK) {
|
||
|
+ DEBUG(SSSDBG_MINOR_FAILURE,
|
||
|
+ "Failed to store permanent uid filter for root (0) "
|
||
|
+ "(%d [%s])\n",
|
||
|
+ ret, strerror(ret));
|
||
|
+ }
|
||
|
+
|
||
|
+ ret = sss_ncache_set_gid(ncache, true, NULL, 0);
|
||
|
+ if (ret != EOK) {
|
||
|
+ DEBUG(SSSDBG_MINOR_FAILURE,
|
||
|
+ "Failed to store permanent gid filter for root (0) "
|
||
|
+ "(%d [%s])\n",
|
||
|
+ ret, strerror(ret));
|
||
|
+ }
|
||
|
+
|
||
|
ret = EOK;
|
||
|
|
||
|
done:
|
||
|
--
|
||
|
2.14.1
|
||
|
|