From 3ad33ca77044f9a9d18f7def271b0beb180e567b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Mon, 14 Aug 2017 13:31:45 +0200 Subject: [PATCH 69/93] NEGCACHE: Add root's uid/gid to ncache MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As "root" is not handled by SSSD, let's add its uid and gid to the negative cache as well. The reason it's added without specifying a domain is to follow how the negative cache is used by cache req's code when searching something by id. As the negative cache check for uid/gid, in the cache req code, is done after resolving the name, we can save one LDAP call to the data provider. Related: https://pagure.io/SSSD/sssd/issue/3460 Signed-off-by: Fabiano FidĂȘncio Reviewed-by: Jakub Hrozek --- src/responder/common/negcache.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/src/responder/common/negcache.c b/src/responder/common/negcache.c index 00487a2245b12f084714c60d850dc837d43d9d43..b751d89ee9e67eea32ec4ed0935fcd67d3e92f47 100644 --- a/src/responder/common/negcache.c +++ b/src/responder/common/negcache.c @@ -1073,6 +1073,23 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache, } } + /* Also add "root" uid and gid to the negative cache */ + ret = sss_ncache_set_uid(ncache, true, NULL, 0); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, + "Failed to store permanent uid filter for root (0) " + "(%d [%s])\n", + ret, strerror(ret)); + } + + ret = sss_ncache_set_gid(ncache, true, NULL, 0); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, + "Failed to store permanent gid filter for root (0) " + "(%d [%s])\n", + ret, strerror(ret)); + } + ret = EOK; done: -- 2.14.1