From c19ee2bfa89ec13845f8c1d057749ecc4923f6ec Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 4 Feb 2010 17:16:59 +0100 Subject: [PATCH] s3:passdb: speed up pdb_get_group_sid() Use the cached version gid_to_sid() instead of pdb_gid_to_sid(). And also avoid the expensive lookup_sid() call for wellkown domain groups. metze (cherry picked from commit e10d0869567436902c8b8cfb50f8c64148d554cb) (cherry picked from commit b0c8ff971934ef8aa21abece8693807e0a2ca722) Signed-off-by: Stefan Metzmacher (cherry picked from commit 5d97d5703dcf62f2c610316b2ba47483652368b3) --- source3/passdb/pdb_get_set.c | 33 ++++++++++++++++++++++++++++----- 1 file changed, 28 insertions(+), 5 deletions(-) diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c index c79caf2d36b..39a85fa91ba 100644 --- a/source3/passdb/pdb_get_set.c +++ b/source3/passdb/pdb_get_set.c @@ -191,7 +191,7 @@ const DOM_SID *pdb_get_group_sid(struct samu *sampass) /* generate the group SID from the user's primary Unix group */ - if ( !(gsid = TALLOC_P( sampass, DOM_SID )) ) { + if ( !(gsid = TALLOC_ZERO_P( sampass, DOM_SID )) ) { return NULL; } @@ -211,15 +211,38 @@ const DOM_SID *pdb_get_group_sid(struct samu *sampass) return NULL; } - if ( pdb_gid_to_sid(pwd->pw_gid, gsid) ) { + gid_to_sid(gsid, pwd->pw_gid); + if (!is_null_sid(gsid)) { enum lsa_SidType type = SID_NAME_UNKNOWN; - TALLOC_CTX *mem_ctx = talloc_init("pdb_get_group_sid"); + TALLOC_CTX *mem_ctx; bool lookup_ret; + const DOM_SID *usid = pdb_get_user_sid(sampass); + DOM_SID dgsid; + uint32_t rid; + + sid_copy(&dgsid, gsid); + sid_split_rid(&dgsid, &rid); + if (sid_equal(&dgsid, get_global_sam_sid())) { + /* + * As shortcut for the expensive lookup_sid call + * compare the domain sid part + */ + switch (rid) { + case DOMAIN_RID_ADMINS: + case DOMAIN_RID_USERS: + sampass->group_sid = gsid; + return sampass->group_sid; + } + } + mem_ctx = talloc_init("pdb_get_group_sid"); if (!mem_ctx) { return NULL; } + DEBUG(10,("do lookup_sid(%s) for group of user %s\n", + sid_string_dbg(gsid), sid_string_dbg(usid))); + /* Now check that it's actually a domain group and not something else */ lookup_ret = lookup_sid(mem_ctx, gsid, NULL, NULL, &type); @@ -231,8 +254,8 @@ const DOM_SID *pdb_get_group_sid(struct samu *sampass) return sampass->group_sid; } - DEBUG(3, ("Primary group for user %s is a %s and not a domain group\n", - pwd->pw_name, sid_type_lookup(type))); + DEBUG(3, ("Primary group %s for user %s is a %s and not a domain group\n", + sid_string_dbg(gsid), pwd->pw_name, sid_type_lookup(type))); } /* Just set it to the 'Domain Users' RID of 512 which will -- 2.11.4.GIT