diff options
| author | Jeremy Allison <jra@samba.org> | 2005-11-17 22:40:10 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:05:27 -0500 |
| commit | d09beee040b62d9b783869bc9af7f17301e3f5e0 (patch) | |
| tree | 68ec6d331e2d72971f3a0f9d66a482c47a961deb /source3/rpc_server | |
| parent | 394f87b9146fab2ebf6a635c8bd4d17e4959fc36 (diff) | |
| download | samba-d09beee040b62d9b783869bc9af7f17301e3f5e0.tar.gz samba-d09beee040b62d9b783869bc9af7f17301e3f5e0.tar.bz2 samba-d09beee040b62d9b783869bc9af7f17301e3f5e0.zip | |
r11769: Looking at a performance problem enumerating accounts, wondered
if changing to support samr_connect5 might help so quickly coded
it up. No it doesn't :-(. Don't merge this for 3.0.21 please.
Jeremy.
(This used to be commit bff1df678a8948d382f4555e83a1df23146a4b12)
Diffstat (limited to 'source3/rpc_server')
| -rw-r--r-- | source3/rpc_server/srv_samr.c | 34 | ||||
| -rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 54 |
2 files changed, 87 insertions, 1 deletions
diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c index ffb7882e11..520bf47a31 100644 --- a/source3/rpc_server/srv_samr.c +++ b/source3/rpc_server/srv_samr.c @@ -679,6 +679,37 @@ static BOOL api_samr_connect4(pipes_struct *p) return True; } +/******************************************************************* + api_samr_connect5 + ********************************************************************/ + +static BOOL api_samr_connect5(pipes_struct *p) +{ + SAMR_Q_CONNECT5 q_u; + SAMR_R_CONNECT5 r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* grab the samr open policy */ + if(!samr_io_q_connect5("", &q_u, data, 0)) { + DEBUG(0,("api_samr_connect5: unable to unmarshall SAMR_Q_CONNECT5.\n")); + return False; + } + + r_u.status = _samr_connect5(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!samr_io_r_connect5("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_connect5: unable to marshall SAMR_R_CONNECT5.\n")); + return False; + } + + return True; +} + /********************************************************************** api_samr_lookup_domain **********************************************************************/ @@ -1492,7 +1523,8 @@ static struct api_struct api_samr_cmds [] = {"SAMR_GET_USRDOM_PWINFO" , SAMR_GET_USRDOM_PWINFO, api_samr_get_usrdom_pwinfo}, {"SAMR_UNKNOWN_2E" , SAMR_UNKNOWN_2E , api_samr_unknown_2e }, {"SAMR_SET_DOMAIN_INFO" , SAMR_SET_DOMAIN_INFO , api_samr_set_dom_info }, - {"SAMR_CONNECT4" , SAMR_CONNECT4 , api_samr_connect4 } + {"SAMR_CONNECT4" , SAMR_CONNECT4 , api_samr_connect4 }, + {"SAMR_CONNECT5" , SAMR_CONNECT5 , api_samr_connect5 } }; void samr_get_pipe_fns( struct api_struct **fns, int *n_fns ) diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 71272a9a98..bfc96ea0f6 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -2293,6 +2293,60 @@ NTSTATUS _samr_connect4(pipes_struct *p, SAMR_Q_CONNECT4 *q_u, SAMR_R_CONNECT4 * return r_u->status; } +/******************************************************************* + samr_connect5 + ********************************************************************/ + +NTSTATUS _samr_connect5(pipes_struct *p, SAMR_Q_CONNECT5 *q_u, SAMR_R_CONNECT5 *r_u) +{ + struct samr_info *info = NULL; + SEC_DESC *psd = NULL; + uint32 acc_granted; + uint32 des_access = q_u->access_mask; + NTSTATUS nt_status; + POLICY_HND pol; + size_t sd_size; + + + DEBUG(5,("_samr_connect5: %d\n", __LINE__)); + + ZERO_STRUCTP(r_u); + + /* Access check */ + + if (!pipe_access_check(p)) { + DEBUG(3, ("access denied to samr_connect5\n")); + r_u->status = NT_STATUS_ACCESS_DENIED; + return r_u->status; + } + + make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &sam_generic_mapping, NULL, 0); + se_map_generic(&des_access, &sam_generic_mapping); + + nt_status = access_check_samr_object(psd, p->pipe_user.nt_user_token, + NULL, 0, des_access, &acc_granted, "_samr_connect5"); + + if ( !NT_STATUS_IS_OK(nt_status) ) + return nt_status; + + /* associate the user's SID and access granted with the new handle. */ + if ((info = get_samr_info_by_sid(NULL)) == NULL) + return NT_STATUS_NO_MEMORY; + + info->acc_granted = acc_granted; + info->status = q_u->access_mask; + + /* get a (unique) handle. open a policy on it. */ + if (!create_policy_hnd(p, &pol, free_samr_info, (void *)info)) + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + + DEBUG(5,("_samr_connect: %d\n", __LINE__)); + + init_samr_r_connect5(r_u, &pol, NT_STATUS_OK); + + return r_u->status; +} + /********************************************************************** api_samr_lookup_domain **********************************************************************/ |