diff options
| author | Günther Deschner <gd@samba.org> | 2005-01-19 16:13:26 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:53:59 -0500 |
| commit | 1ed62fde09f382342a396a047975fdeeea7113bb (patch) | |
| tree | 046c42700ae66b2fb30cf70a192b35ff7d5eb8d2 /source3/rpc_server | |
| parent | 8f476e5e52e4c72bbcc105bf0c4cba2c5dd3b641 (diff) | |
| download | samba-1ed62fde09f382342a396a047975fdeeea7113bb.tar.gz samba-1ed62fde09f382342a396a047975fdeeea7113bb.tar.bz2 samba-1ed62fde09f382342a396a047975fdeeea7113bb.zip | |
r4847: Hand over a acb_mask to pdb_setsampwent in load_sampwd_entries().
This allows the ldap-backend to search much more effeciently. Machines
will be searched in the ldap_machine_suffix and users in the
ldap_users_suffix. (Note that we already use the ldap_group_suffix in
ldapsam_setsamgrent for quite some time).
Using the specific ldap-bases becomes notably important in large
domains: On my testmachine "net rpc trustdom list" has to search through
40k accounts just to list 3 interdomain-trust-accounts, similiar effects
show up the non-user query_dispinfo-calls, etc.
Also renamed all_machines to only_machines in load_sampwd_entries()
since that reflects better what is really meant.
Guenther
(This used to be commit 6394257cc721ca739bda0e320375f04506913533)
Diffstat (limited to 'source3/rpc_server')
| -rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 515eefb1fa..70c0de7da7 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -56,7 +56,7 @@ struct samr_info { uint32 status; /* some sort of flag. best to record it. comes from opnum 0x39 */ uint32 acc_granted; uint16 acb_mask; - BOOL all_machines; + BOOL only_machines; DISP_INFO disp_info; TALLOC_CTX *mem_ctx; @@ -209,34 +209,40 @@ static void samr_clear_sam_passwd(SAM_ACCOUNT *sam_pass) } -static NTSTATUS load_sampwd_entries(struct samr_info *info, uint16 acb_mask, BOOL all_machines) +static NTSTATUS load_sampwd_entries(struct samr_info *info, uint16 acb_mask, BOOL only_machines) { SAM_ACCOUNT *pwd = NULL; SAM_ACCOUNT *pwd_array = NULL; NTSTATUS nt_status = NT_STATUS_OK; TALLOC_CTX *mem_ctx = info->mem_ctx; + uint16 query_acb_mask = acb_mask; DEBUG(10,("load_sampwd_entries\n")); /* if the snapshoot is already loaded, return */ if ((info->disp_info.user_dbloaded==True) && (info->acb_mask == acb_mask) - && (info->all_machines == all_machines)) { + && (info->only_machines == only_machines)) { DEBUG(10,("load_sampwd_entries: already in memory\n")); return NT_STATUS_OK; } free_samr_users(info); + + if (only_machines) { + query_acb_mask |= ACB_WSTRUST; + query_acb_mask |= ACB_SVRTRUST; + } - if (!pdb_setsampwent(False)) { + if (!pdb_setsampwent(False, query_acb_mask)) { DEBUG(0, ("load_sampwd_entries: Unable to open passdb.\n")); return NT_STATUS_ACCESS_DENIED; } for (; (NT_STATUS_IS_OK(nt_status = pdb_init_sam_talloc(mem_ctx, &pwd))) && pdb_getsampwent(pwd) == True; pwd=NULL) { - - if (all_machines) { + + if (only_machines) { if (!((pdb_get_acct_ctrl(pwd) & ACB_WSTRUST) || (pdb_get_acct_ctrl(pwd) & ACB_SVRTRUST))) { DEBUG(5,("load_sampwd_entries: '%s' is not a machine account - ACB: %x - skipping\n", pdb_get_username(pwd), acb_mask)); @@ -277,7 +283,7 @@ static NTSTATUS load_sampwd_entries(struct samr_info *info, uint16 acb_mask, BOO /* the snapshoot is in memory, we're ready to enumerate fast */ info->acb_mask = acb_mask; - info->all_machines = all_machines; + info->only_machines = only_machines; info->disp_info.user_dbloaded=True; DEBUG(10,("load_sampwd_entries: done\n")); |