mirror of
https://github.com/PowerShell/openssh-portable.git
synced 2025-08-14 22:38:37 +02:00
8bb672aa4d
Current group membership resolution though very effective, is very slow. In a typical domain joined enterprise machine, adding a simple entry like the following in sshd_config AllowGroups administrators will incur a long delay in remote session establishment as sshd tried to pull all groups associated with the domain user. Changes in this PR optimize the general case scenarios where no wild cards are in use. Specifically rules like this are processed promptly: AllowGroups group1, group2, group3 //with no wild cards Match Group group1 //single group with no negation and wild cards Optimization is done by resolve the groupname in rule immediately to SID and checking its membership against user token. Enumerating the entire group membership is done on a lazy on-demand basis. Beyond the optimization, there are 2 functional changes - removed domain prefix for builtin groups - removed domain prefix'ed versions of local groups since we are strictly following the convention that local principals shouldn't have any domain qualification.
5 lines
52 B
C
5 lines
52 B
C
#ifndef COMPAT_GRP_H
|
|
#define COMPAT_GRP_H 1
|
|
|
|
#endif
|