diff options
| author | Volker Lendecke <vlendec@samba.org> | 2005-02-20 13:47:16 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:55:41 -0500 |
| commit | a90a58ff221a4469d6e87df655cb2201d68e237b (patch) | |
| tree | 7602dac1a9184c80be808f70044edf8cdf53e157 /source3/rpc_server | |
| parent | 8a10eb6d4ea93c15bfe4b0c08bcea5467009d394 (diff) | |
| download | samba-a90a58ff221a4469d6e87df655cb2201d68e237b.tar.gz samba-a90a58ff221a4469d6e87df655cb2201d68e237b.tar.bz2 samba-a90a58ff221a4469d6e87df655cb2201d68e237b.zip | |
r5467: Optimize _samr_query_groupmem with LDAP backend for large domains.
Could someone else please look at this patch, verifying that I did not break
the ldapsam:trusted = False fallback to the old behaviour? It works fine for
me, but you never know. You're certainly free to review the new code as well :-)
Thanks,
Volker
(This used to be commit e1c3ca182b299dc65da1fa39aadb69876b5e16b8)
Diffstat (limited to 'source3/rpc_server')
| -rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 52 |
1 files changed, 14 insertions, 38 deletions
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index ec85981cbe..7a436e23e9 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -3434,18 +3434,17 @@ static BOOL get_memberuids(gid_t gid, uid_t **uids, int *num) NTSTATUS _samr_query_groupmem(pipes_struct *p, SAMR_Q_QUERY_GROUPMEM *q_u, SAMR_R_QUERY_GROUPMEM *r_u) { - int final_num_rids, i; DOM_SID group_sid; fstring group_sid_str; - uid_t *uids; - int num; - gid_t gid; + int i, num_members; uint32 *rid=NULL; uint32 *attr=NULL; uint32 acc_granted; + NTSTATUS result; + /* find the policy handle. open a policy on it. */ if (!get_lsa_policy_samr_sid(p, &q_u->group_pol, &group_sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; @@ -3464,46 +3463,23 @@ NTSTATUS _samr_query_groupmem(pipes_struct *p, SAMR_Q_QUERY_GROUPMEM *q_u, SAMR_ DEBUG(10, ("lookup on Domain SID\n")); - if (!NT_STATUS_IS_OK(sid_to_gid(&group_sid, &gid))) - return NT_STATUS_NO_SUCH_GROUP; + become_root(); + result = pdb_enum_group_members(p->mem_ctx, &group_sid, + &rid, &num_members); + unbecome_root(); - if(!get_memberuids(gid, &uids, &num)) - return NT_STATUS_NO_SUCH_GROUP; + if (!NT_STATUS_IS_OK(result)) + return result; - rid=TALLOC_ZERO_ARRAY(p->mem_ctx, uint32, num); - attr=TALLOC_ZERO_ARRAY(p->mem_ctx, uint32, num); + attr=TALLOC_ZERO_ARRAY(p->mem_ctx, uint32, num_members); - if (num!=0 && (rid==NULL || attr==NULL)) + if ((num_members!=0) && (rid==NULL)) return NT_STATUS_NO_MEMORY; - final_num_rids = 0; - - for (i=0; i<num; i++) { - DOM_SID sid; - - if (!NT_STATUS_IS_OK(uid_to_sid(&sid, uids[i]))) { - DEBUG(1, ("Could not map member uid to SID\n")); - continue; - } - - if (!sid_check_is_in_our_domain(&sid)) { - DEBUG(1, ("Inconsistent SAM -- group member uid not " - "in our domain\n")); - continue; - } - - sid_peek_rid(&sid, &rid[final_num_rids]); - - /* Hmm. In a trace I got the constant 7 here from NT. */ - attr[final_num_rids] = SID_NAME_USER; - - final_num_rids += 1; - } - - SAFE_FREE(uids); + for (i=0; i<num_members; i++) + attr[i] = SID_NAME_USER; - init_samr_r_query_groupmem(r_u, final_num_rids, rid, attr, - NT_STATUS_OK); + init_samr_r_query_groupmem(r_u, num_members, rid, attr, NT_STATUS_OK); return NT_STATUS_OK; } |