diff options
| author | Gerald Carter <jerry@samba.org> | 2003-06-23 19:05:23 +0000 |
|---|---|---|
| committer | Gerald Carter <jerry@samba.org> | 2003-06-23 19:05:23 +0000 |
| commit | f36c96d59c79a51610bb5a1fc42ac62bd8d08401 (patch) | |
| tree | 69560bd452906389aab36ac7eb8109de7ff32ccc | |
| parent | d21358308a2a2c86b4e9d23922c7c940b5d1b012 (diff) | |
| download | samba-f36c96d59c79a51610bb5a1fc42ac62bd8d08401.tar.gz samba-f36c96d59c79a51610bb5a1fc42ac62bd8d08401.tar.bz2 samba-f36c96d59c79a51610bb5a1fc42ac62bd8d08401.zip | |
* s/get_dc_name/rpc_dc_name/g (revert a previous change)
* move back to qsort() for sorting IP address in get_dc_list()
* remove dc_name_cache in cm_get_dc_name() since it slowed
things down more than it helped. I've made a note of where
to add in the negative connection cache in the ads code.
Will come back to that.
* fix rpcclient to use PRINTER_ALL_ACCESS for set printer (instead
of MAX_ALLOWED)
* only enumerate domain local groups in our domain
* simplify ldap search for seqnum in winbindd's rpc backend
(This used to be commit f8cab8635b02b205b4031279cedd804c1fb22c5b)
| -rw-r--r-- | source3/auth/auth_domain.c | 2 | ||||
| -rw-r--r-- | source3/libads/ldap.c | 3 | ||||
| -rw-r--r-- | source3/libsmb/namequery.c | 11 | ||||
| -rw-r--r-- | source3/libsmb/namequery_dc.c | 76 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd_cm.c | 71 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd_group.c | 16 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd_rpc.c | 40 | ||||
| -rw-r--r-- | source3/rpcclient/cmd_spoolss.c | 2 |
8 files changed, 43 insertions, 178 deletions
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c index 66684cc940..5b2e287f6b 100644 --- a/source3/auth/auth_domain.c +++ b/source3/auth/auth_domain.c @@ -276,7 +276,7 @@ static NTSTATUS find_connect_dc(struct cli_state **cli, struct in_addr dc_ip; fstring srv_name; - if (!get_dc_name(domain, srv_name, &dc_ip)) { + if (!rpc_dc_name(domain, srv_name, &dc_ip)) { DEBUG(0,("find_connect_dc: Failed to find an DCs for %s\n", lp_workgroup())); return NT_STATUS_NO_LOGON_SERVERS; } diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 0a59c4eb8f..0f1f205f9b 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -41,6 +41,9 @@ /* try a connection to a given ldap server, returning True and setting the servers IP in the ads struct if successful + + TODO : add a negative connection cache in here leveraged off of the one + found in the rpc code. --jerry */ static BOOL ads_try_connect(ADS_STRUCT *ads, const char *server, unsigned port) { diff --git a/source3/libsmb/namequery.c b/source3/libsmb/namequery.c index 7f343033d6..3797f03979 100644 --- a/source3/libsmb/namequery.c +++ b/source3/libsmb/namequery.c @@ -1379,10 +1379,17 @@ BOOL get_dc_list(const char *domain, struct in_addr **ip_list, int *count, int * } } + if ( DEBUGLEVEL >= 4 ) { + DEBUG(4,("get_dc_list: returning %d ip addresses in an %sordered list\n", local_count, + *ordered ? "":"un")); + DEBUG(4,("get_dc_list: ")); + for ( i=0; i<local_count; i++ ) + DEBUGADD(4,("%s ", inet_ntoa(return_iplist[i]))); + DEBUGADD(4,("\n")); + } + *ip_list = return_iplist; *count = local_count; - - DEBUG(8,("get_dc_list: return %d ip addresses\n", *count)); return (*count != 0); } diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c index c162e34027..ac1f9a54de 100644 --- a/source3/libsmb/namequery_dc.c +++ b/source3/libsmb/namequery_dc.c @@ -160,7 +160,7 @@ void flush_negative_conn_cache( void ) valid since we have already done a name_status_find on it ***************************************************************************/ -BOOL get_dc_name(const char *domain, fstring srv_name, struct in_addr *ip_out) +BOOL rpc_dc_name(const char *domain, fstring srv_name, struct in_addr *ip_out) { struct in_addr *ip_list = NULL, dc_ip, exclude_ip; int count, i; @@ -176,7 +176,7 @@ BOOL get_dc_name(const char *domain, fstring srv_name, struct in_addr *ip_out) if ( use_pdc_only && get_pdc_ip(domain, &dc_ip) ) { - DEBUG(10,("get_dc_name: Atempting to lookup PDC to avoid sam sync delays\n")); + DEBUG(10,("rpc_dc_name: Atempting to lookup PDC to avoid sam sync delays\n")); /* check the connection cache and perform the node status lookup only if the IP is not found to be bad */ @@ -206,71 +206,12 @@ BOOL get_dc_name(const char *domain, fstring srv_name, struct in_addr *ip_out) } } - if ( !list_ordered ) - { - /* - * Pick a nice close server. Look for DC on local net - * (assuming we don't have a list of preferred DC's) - */ - - for (i = 0; i < count; i++) { - if (is_zero_ip(ip_list[i])) - continue; - - if ( !is_local_net(ip_list[i]) ) - continue; - - if (name_status_find(domain, 0x1c, 0x20, ip_list[i], srv_name)) { - result = check_negative_conn_cache( domain, srv_name ); - if ( NT_STATUS_IS_OK(result) ) { - dc_ip = ip_list[i]; - goto done; - } - } - - zero_ip(&ip_list[i]); - } - - /* - * Try looking in the name status cache for an - * entry we already have. We know that already - * resolved ok. - */ - - for (i = 0; i < count; i++) { - if (is_zero_ip(ip_list[i])) - continue; - - if (namecache_status_fetch(domain, 0x1c, 0x20, - ip_list[i], srv_name)) { - result = check_negative_conn_cache( domain, srv_name ); - if ( NT_STATUS_IS_OK(result) ) { - dc_ip = ip_list[i]; - goto done; - } - } - } - - /* - * Secondly try and contact a random PDC/BDC. - */ - - i = (sys_random() % count); - - if ( !is_zero_ip(ip_list[i]) ) { - if ( name_status_find(domain, 0x1c, 0x20, ip_list[i], srv_name)) { - result = check_negative_conn_cache( domain, srv_name ); - if ( NT_STATUS_IS_OK(result) ) { - dc_ip = ip_list[i]; - goto done; - } - } - zero_ip(&ip_list[i]); /* Tried and failed. */ - } + /* Pick a nice close server, but only if the list was not ordered */ + + if (!list_ordered && (count > 1) ) { + qsort(ip_list, count, sizeof(struct in_addr), QSORT_CAST ip_compare); } - /* Finally return first DC that we can contact */ - for (i = 0; i < count; i++) { if (is_zero_ip(ip_list[i])) continue; @@ -281,8 +222,9 @@ BOOL get_dc_name(const char *domain, fstring srv_name, struct in_addr *ip_out) dc_ip = ip_list[i]; goto done; } - } + } } + SAFE_FREE(ip_list); @@ -295,7 +237,7 @@ BOOL get_dc_name(const char *domain, fstring srv_name, struct in_addr *ip_out) the DC is alive and kicking. If we can catch a dead DC before performing a cli_connect() we can avoid a 30-second timeout. */ - DEBUG(3, ("get_dc_name: Returning DC %s (%s) for domain %s\n", srv_name, + DEBUG(3, ("rpc_dc_name: Returning DC %s (%s) for domain %s\n", srv_name, inet_ntoa(dc_ip), domain)); *ip_out = dc_ip; diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c index d2d99a4203..79c63c9347 100644 --- a/source3/nsswitch/winbindd_cm.c +++ b/source3/nsswitch/winbindd_cm.c @@ -129,60 +129,16 @@ static BOOL cm_ads_find_dc(const char *domain, struct in_addr *dc_ip, fstring sr return True; } -static BOOL cm_get_dc_name(const char *domain, fstring srv_name, struct in_addr *ip_out) +/********************************************************************** + wrapper around ads and rpc methods of finds DC's +**********************************************************************/ + +static BOOL cm_get_dc_name(const char *domain, fstring srv_name, + struct in_addr *ip_out) { - static struct get_dc_name_cache *get_dc_name_cache; - struct get_dc_name_cache *dcc; struct in_addr dc_ip; BOOL ret; - /* Check the cache for previous lookups */ - - for (dcc = get_dc_name_cache; dcc; dcc = dcc->next) { - - if (!strequal(domain, dcc->domain_name)) - continue; /* Not our domain */ - - if ((time(NULL) - dcc->lookup_time) > - GET_DC_NAME_CACHE_TIMEOUT) { - - /* Cache entry has expired, delete it */ - - DEBUG(10, ("get_dc_name_cache entry expired for %s\n", domain)); - - DLIST_REMOVE(get_dc_name_cache, dcc); - SAFE_FREE(dcc); - - break; - } - - /* Return a positive or negative lookup for this domain */ - - if (dcc->srv_name[0]) { - DEBUG(10, ("returning positive get_dc_name_cache entry for %s\n", domain)); - fstrcpy(srv_name, dcc->srv_name); - return True; - } else { - DEBUG(10, ("returning negative get_dc_name_cache entry for %s\n", domain)); - return False; - } - } - - /* Add cache entry for this lookup. */ - - DEBUG(10, ("Creating get_dc_name_cache entry for %s\n", domain)); - - if (!(dcc = (struct get_dc_name_cache *) - malloc(sizeof(struct get_dc_name_cache)))) - return False; - - ZERO_STRUCTP(dcc); - - fstrcpy(dcc->domain_name, domain); - dcc->lookup_time = time(NULL); - - DLIST_ADD(get_dc_name_cache, dcc); - zero_ip(&dc_ip); ret = False; @@ -191,21 +147,12 @@ static BOOL cm_get_dc_name(const char *domain, fstring srv_name, struct in_addr if (!ret) { /* fall back on rpc methods if the ADS methods fail */ - ret = get_dc_name(domain, srv_name, &dc_ip); + ret = rpc_dc_name(domain, srv_name, &dc_ip); } - if (!ret) - return False; - - /* We have a name so make the cache entry positive now */ - fstrcpy(dcc->srv_name, srv_name); - - DEBUG(3, ("cm_get_dc_name: Returning DC %s (%s) for domain %s\n", srv_name, - inet_ntoa(dc_ip), domain)); - *ip_out = dc_ip; - return True; + return ret; } /* Choose between anonymous or authenticated connections. We need to use @@ -257,7 +204,7 @@ static NTSTATUS cm_open_connection(const char *domain, const int pipe_index, fstrcpy(new_conn->domain, domain); fstrcpy(new_conn->pipe_name, get_pipe_name_from_index(pipe_index)); - /* connection failure cache has been moved inside of get_dc_name + /* connection failure cache has been moved inside of rpc_dc_name so we can deal with half dead DC's --jerry */ if (!cm_get_dc_name(domain, new_conn->controller, &dc_ip)) { diff --git a/source3/nsswitch/winbindd_group.c b/source3/nsswitch/winbindd_group.c index 11884af4cf..e4b0e78e2e 100644 --- a/source3/nsswitch/winbindd_group.c +++ b/source3/nsswitch/winbindd_group.c @@ -296,14 +296,6 @@ enum winbindd_result winbindd_getgrgid(struct winbindd_cli_state *state) return WINBINDD_ERROR; } - if ( !((name_type==SID_NAME_DOM_GRP) || - ((name_type==SID_NAME_ALIAS) && strequal(lp_workgroup(), domain->name))) ) - { - DEBUG(1, ("name '%s' is not a local or domain group: %d\n", - group_name, name_type)); - return WINBINDD_ERROR; - } - /* Fill in group structure */ domain = find_domain_from_sid(&group_sid); @@ -313,6 +305,14 @@ enum winbindd_result winbindd_getgrgid(struct winbindd_cli_state *state) return WINBINDD_ERROR; } + if ( !((name_type==SID_NAME_DOM_GRP) || + ((name_type==SID_NAME_ALIAS) && strequal(lp_workgroup(), domain->name))) ) + { + DEBUG(1, ("name '%s' is not a local or domain group: %d\n", + group_name, name_type)); + return WINBINDD_ERROR; + } + if (!fill_grent(&state->response.data.gr, dom_name, group_name, state->request.data.gid) || !fill_grent_mem(domain, &group_sid, name_type, diff --git a/source3/nsswitch/winbindd_rpc.c b/source3/nsswitch/winbindd_rpc.c index 7d6055006d..131a7cfd43 100644 --- a/source3/nsswitch/winbindd_rpc.c +++ b/source3/nsswitch/winbindd_rpc.c @@ -734,12 +734,6 @@ static int get_ldap_seq(const char *server, uint32 *seq) if ((ldp = ldap_open_with_timeout(server, LDAP_PORT, 10)) == NULL) return -1; -#if 0 - /* As per tridge comment this doesn't seem to be needed. JRA */ - if ((err = ldap_simple_bind_s(ldp, NULL, NULL)) != 0) - goto done; -#endif - /* Timeout if no response within 20 seconds. */ to.tv_sec = 10; to.tv_usec = 0; @@ -786,38 +780,10 @@ int get_ldap_sequence_number( const char* domain, uint32 *seq) return False; } - if ( !list_ordered ) - { - /* - * Pick a nice close server. Look for DC on local net - * (assuming we don't have a list of preferred DC's) - */ - - for (i = 0; i < count; i++) { - if (is_zero_ip(ip_list[i])) - continue; - - if ( !is_local_net(ip_list[i]) ) - continue; - - if ( (ret = get_ldap_seq( inet_ntoa(ip_list[i]), seq)) == 0 ) - goto done; - - zero_ip(&ip_list[i]); - } + /* sort the list so we can pick a close server */ - - /* - * Secondly try and contact a random PDC/BDC. - */ - - i = (sys_random() % count); - - if ( !is_zero_ip(ip_list[i]) ) { - if ( (ret = get_ldap_seq( inet_ntoa(ip_list[i]), seq)) == 0 ) - goto done; - } - zero_ip(&ip_list[i]); /* Tried and failed. */ + if (!list_ordered && (count > 1) ) { + qsort(ip_list, count, sizeof(struct in_addr), QSORT_CAST ip_compare); } /* Finally return first DC that we can contact */ diff --git a/source3/rpcclient/cmd_spoolss.c b/source3/rpcclient/cmd_spoolss.c index e4ff06a35e..96a4b890ae 100644 --- a/source3/rpcclient/cmd_spoolss.c +++ b/source3/rpcclient/cmd_spoolss.c @@ -487,7 +487,7 @@ static WERROR cmd_spoolss_setprinter(struct cli_state *cli, /* get a printer handle */ result = cli_spoolss_open_printer_ex(cli, mem_ctx, printername, "", - MAXIMUM_ALLOWED_ACCESS, servername, + PRINTER_ALL_ACCESS, servername, user, &pol); if (!W_ERROR_IS_OK(result)) |