summaryrefslogtreecommitdiff
path: root/source3/rpc_server/srv_samr_nt.c
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2005-01-19 16:13:26 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 10:53:59 -0500
commit1ed62fde09f382342a396a047975fdeeea7113bb (patch)
tree046c42700ae66b2fb30cf70a192b35ff7d5eb8d2 /source3/rpc_server/srv_samr_nt.c
parent8f476e5e52e4c72bbcc105bf0c4cba2c5dd3b641 (diff)
downloadsamba-1ed62fde09f382342a396a047975fdeeea7113bb.tar.gz
samba-1ed62fde09f382342a396a047975fdeeea7113bb.tar.bz2
samba-1ed62fde09f382342a396a047975fdeeea7113bb.zip
r4847: Hand over a acb_mask to pdb_setsampwent in load_sampwd_entries().
This allows the ldap-backend to search much more effeciently. Machines will be searched in the ldap_machine_suffix and users in the ldap_users_suffix. (Note that we already use the ldap_group_suffix in ldapsam_setsamgrent for quite some time). Using the specific ldap-bases becomes notably important in large domains: On my testmachine "net rpc trustdom list" has to search through 40k accounts just to list 3 interdomain-trust-accounts, similiar effects show up the non-user query_dispinfo-calls, etc. Also renamed all_machines to only_machines in load_sampwd_entries() since that reflects better what is really meant. Guenther (This used to be commit 6394257cc721ca739bda0e320375f04506913533)
Diffstat (limited to 'source3/rpc_server/srv_samr_nt.c')
-rw-r--r--source3/rpc_server/srv_samr_nt.c20
1 files changed, 13 insertions, 7 deletions
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 515eefb1fa..70c0de7da7 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -56,7 +56,7 @@ struct samr_info {
uint32 status; /* some sort of flag. best to record it. comes from opnum 0x39 */
uint32 acc_granted;
uint16 acb_mask;
- BOOL all_machines;
+ BOOL only_machines;
DISP_INFO disp_info;
TALLOC_CTX *mem_ctx;
@@ -209,34 +209,40 @@ static void samr_clear_sam_passwd(SAM_ACCOUNT *sam_pass)
}
-static NTSTATUS load_sampwd_entries(struct samr_info *info, uint16 acb_mask, BOOL all_machines)
+static NTSTATUS load_sampwd_entries(struct samr_info *info, uint16 acb_mask, BOOL only_machines)
{
SAM_ACCOUNT *pwd = NULL;
SAM_ACCOUNT *pwd_array = NULL;
NTSTATUS nt_status = NT_STATUS_OK;
TALLOC_CTX *mem_ctx = info->mem_ctx;
+ uint16 query_acb_mask = acb_mask;
DEBUG(10,("load_sampwd_entries\n"));
/* if the snapshoot is already loaded, return */
if ((info->disp_info.user_dbloaded==True)
&& (info->acb_mask == acb_mask)
- && (info->all_machines == all_machines)) {
+ && (info->only_machines == only_machines)) {
DEBUG(10,("load_sampwd_entries: already in memory\n"));
return NT_STATUS_OK;
}
free_samr_users(info);
+
+ if (only_machines) {
+ query_acb_mask |= ACB_WSTRUST;
+ query_acb_mask |= ACB_SVRTRUST;
+ }
- if (!pdb_setsampwent(False)) {
+ if (!pdb_setsampwent(False, query_acb_mask)) {
DEBUG(0, ("load_sampwd_entries: Unable to open passdb.\n"));
return NT_STATUS_ACCESS_DENIED;
}
for (; (NT_STATUS_IS_OK(nt_status = pdb_init_sam_talloc(mem_ctx, &pwd)))
&& pdb_getsampwent(pwd) == True; pwd=NULL) {
-
- if (all_machines) {
+
+ if (only_machines) {
if (!((pdb_get_acct_ctrl(pwd) & ACB_WSTRUST)
|| (pdb_get_acct_ctrl(pwd) & ACB_SVRTRUST))) {
DEBUG(5,("load_sampwd_entries: '%s' is not a machine account - ACB: %x - skipping\n", pdb_get_username(pwd), acb_mask));
@@ -277,7 +283,7 @@ static NTSTATUS load_sampwd_entries(struct samr_info *info, uint16 acb_mask, BOO
/* the snapshoot is in memory, we're ready to enumerate fast */
info->acb_mask = acb_mask;
- info->all_machines = all_machines;
+ info->only_machines = only_machines;
info->disp_info.user_dbloaded=True;
DEBUG(10,("load_sampwd_entries: done\n"));
generated by cgit (git 2.34.1) at 2024-07-19 18:19:17 +0000