diff options
| author | Volker Lendecke <vlendec@samba.org> | 2004-11-05 23:34:00 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:53:09 -0500 |
| commit | 154d5f913b4ce60f731227eb1bb3650c45fcde93 (patch) | |
| tree | 6dcd8538e9cc97c4d891082280055d8fe3c8366a /source3/groupdb | |
| parent | 55fe875a44bd63de766d4fbdb91bcc26be146a21 (diff) | |
| download | samba-154d5f913b4ce60f731227eb1bb3650c45fcde93.tar.gz samba-154d5f913b4ce60f731227eb1bb3650c45fcde93.tar.bz2 samba-154d5f913b4ce60f731227eb1bb3650c45fcde93.zip | |
r3566: Completely replace the queryuseraliases call. The previous implementation does
not exactly match what you would expect.
XP workstations during login actually do this, so we should better become a
bit more correct. The LDAP query issued is not really fully optimal, but it is
a lot faster and more correct than what was there before. The change in
passdb.h makes it possible that queryuseraliases is done with a single ldap
query.
Volker
(This used to be commit 2508d4ed1e16c268fc9f3676b0c6a122e070f93d)
Diffstat (limited to 'source3/groupdb')
| -rw-r--r-- | source3/groupdb/mapping.c | 35 |
1 files changed, 25 insertions, 10 deletions
diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 50064415f9..072304ed18 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -496,21 +496,19 @@ static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, /* This operation happens on session setup, so it should better be fast. We * store a list of aliases a SID is member of hanging off MEMBEROF/SID. */ -static NTSTATUS alias_memberships(const DOM_SID *sid, DOM_SID **sids, int *num) +static NTSTATUS one_alias_membership(const DOM_SID *member, + DOM_SID **sids, int *num) { fstring key, string_sid; TDB_DATA kbuf, dbuf; const char *p; - *num = 0; - *sids = NULL; - if (!init_group_mapping()) { DEBUG(0,("failed to initialize group mapping\n")); return NT_STATUS_ACCESS_DENIED; } - sid_to_string(string_sid, sid); + sid_to_string(string_sid, member); slprintf(key, sizeof(key), "%s%s", MEMBEROF_PREFIX, string_sid); kbuf.dsize = strlen(key)+1; @@ -531,7 +529,7 @@ static NTSTATUS alias_memberships(const DOM_SID *sid, DOM_SID **sids, int *num) if (!string_to_sid(&alias, string_sid)) continue; - add_sid_to_array(&alias, sids, num); + add_sid_to_array_unique(&alias, sids, num); if (sids == NULL) return NT_STATUS_NO_MEMORY; @@ -541,6 +539,22 @@ static NTSTATUS alias_memberships(const DOM_SID *sid, DOM_SID **sids, int *num) return NT_STATUS_OK; } +static NTSTATUS alias_memberships(const DOM_SID *members, int num_members, + DOM_SID **sids, int *num) +{ + int i; + + *num = 0; + *sids = NULL; + + for (i=0; i<num_members; i++) { + NTSTATUS status = one_alias_membership(&members[i], sids, num); + if (!NT_STATUS_IS_OK(status)) + return status; + } + return NT_STATUS_OK; +} + static BOOL is_aliasmem(const DOM_SID *alias, const DOM_SID *member) { DOM_SID *sids; @@ -548,7 +562,7 @@ static BOOL is_aliasmem(const DOM_SID *alias, const DOM_SID *member) /* This feels the wrong way round, but the on-disk data structure * dictates it this way. */ - if (!NT_STATUS_IS_OK(alias_memberships(member, &sids, &num))) + if (!NT_STATUS_IS_OK(alias_memberships(member, 1, &sids, &num))) return False; for (i=0; i<num; i++) { @@ -707,7 +721,7 @@ static NTSTATUS del_aliasmem(const DOM_SID *alias, const DOM_SID *member) pstring key; fstring sid_string; - result = alias_memberships(member, &sids, &num); + result = alias_memberships(member, 1, &sids, &num); if (!NT_STATUS_IS_OK(result)) return result; @@ -1343,10 +1357,11 @@ NTSTATUS pdb_default_enum_aliasmem(struct pdb_methods *methods, } NTSTATUS pdb_default_alias_memberships(struct pdb_methods *methods, - const DOM_SID *sid, + const DOM_SID *members, + int num_members, DOM_SID **aliases, int *num) { - return alias_memberships(sid, aliases, num); + return alias_memberships(members, num_members, aliases, num); } /********************************************************************** |