sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-26 21:57:41 +03:00
Code

s3:passdb: speed up pdb_get_group_sid()

Browse Source 
Use the cached version gid_to_sid() instead
of pdb_gid_to_sid().

And also avoid the expensive lookup_sid() call
for wellkown domain groups.

metze
This commit is contained in:
Stefan Metzmacher 2010-02-04 17:16:59 +01:00
parent b99046fed1
commit e10d086956
1 changed files with 28 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
source3/passdb/pdb_get_set.c
View File

@ -192,7 +192,7 @@ const DOM_SID *pdb_get_group_sid(struct samu *sampass)
/* generate the group SID from the user's primary Unix group */ /* generate the group SID from the user's primary Unix group */
if ( !(gsid = TALLOC_P( sampass, DOM_SID )) ) { if ( !(gsid = TALLOC_ZERO_P( sampass, DOM_SID )) ) {
return NULL; return NULL;
} }
@ -212,15 +212,38 @@ const DOM_SID *pdb_get_group_sid(struct samu *sampass)
return NULL; return NULL;
} }
if ( pdb_gid_to_sid(pwd->pw_gid, gsid) ) { gid_to_sid(gsid, pwd->pw_gid);
if (!is_null_sid(gsid)) {
enum lsa_SidType type = SID_NAME_UNKNOWN; enum lsa_SidType type = SID_NAME_UNKNOWN;
TALLOC_CTX *mem_ctx = talloc_init("pdb_get_group_sid"); TALLOC_CTX *mem_ctx;
bool lookup_ret; bool lookup_ret;
const DOM_SID *usid = pdb_get_user_sid(sampass);
DOM_SID dgsid;
uint32_t rid;
sid_copy(&dgsid, gsid);
sid_split_rid(&dgsid, &rid);
if (sid_equal(&dgsid, get_global_sam_sid())) {
/*
* As shortcut for the expensive lookup_sid call
* compare the domain sid part
*/
switch (rid) {
case DOMAIN_RID_ADMINS:
case DOMAIN_RID_USERS:
sampass->group_sid = gsid;
return sampass->group_sid;
}
}
mem_ctx = talloc_init("pdb_get_group_sid");
if (!mem_ctx) { if (!mem_ctx) {
return NULL; return NULL;
} }
DEBUG(10,("do lookup_sid(%s) for group of user %s\n",
sid_string_dbg(gsid), sid_string_dbg(usid)));
/* Now check that it's actually a domain group and not something else */ /* Now check that it's actually a domain group and not something else */
lookup_ret = lookup_sid(mem_ctx, gsid, NULL, NULL, &type); lookup_ret = lookup_sid(mem_ctx, gsid, NULL, NULL, &type);
@ -232,8 +255,8 @@ const DOM_SID *pdb_get_group_sid(struct samu *sampass)
return sampass->group_sid; return sampass->group_sid;
} }
DEBUG(3, ("Primary group for user %s is a %s and not a domain group\n", DEBUG(3, ("Primary group %s for user %s is a %s and not a domain group\n",
pwd->pw_name, sid_type_lookup(type))); sid_string_dbg(gsid), pwd->pw_name, sid_type_lookup(type)));
} }
/* Just set it to the 'Domain Users' RID of 513 which will /* Just set it to the 'Domain Users' RID of 513 which will