From 8f20c19880f64ddacae07d9c89fee27836758d09 Mon Sep 17 00:00:00 2001
From: Fabiano Fidêncio <fidencio@redhat.com>
Date: Aug 31 2017 20:23:09 +0000
Subject: NEGCACHE: Add root's uid/gid to ncache


As "root" is not handled by SSSD, let's add its uid and gid to the
negative cache as well. The reason it's added without specifying a
domain is to follow how the negative cache is used by cache req's code
when searching something by id.

As the negative cache check for uid/gid, in the cache req code, is done
after resolving the name, we can save one LDAP call to the data
provider.

Related: https://pagure.io/SSSD/sssd/issue/3460

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 3ad33ca77044f9a9d18f7def271b0beb180e567b)
(cherry picked from commit 90b4882537bf7a9b4aededf5acc767dcf0fe4c61)

---

diff --git a/src/responder/common/negcache.c b/src/responder/common/negcache.c
index 984360b..25c5cec 100644
--- a/src/responder/common/negcache.c
+++ b/src/responder/common/negcache.c
@@ -908,6 +908,23 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache,
         }
     }
 
+    /* Also add "root" uid and gid to the negative cache */
+    ret = sss_ncache_set_uid(ncache, true, NULL, 0);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_MINOR_FAILURE,
+              "Failed to store permanent uid filter for root (0) "
+              "(%d [%s])\n",
+              ret, strerror(ret));
+    }
+
+    ret = sss_ncache_set_gid(ncache, true, NULL, 0);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_MINOR_FAILURE,
+              "Failed to store permanent gid filter for root (0) "
+              "(%d [%s])\n",
+              ret, strerror(ret));
+    }
+
     ret = EOK;
 
 done: