summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2006-06-19 16:00:32 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 11:17:37 -0500
commitc6a47bb4f31390ed975abc7b6788663e231193ba (patch)
treecbac5b5a65e935ea061d7e1ce9291f7e7c292330 /source3
parentc53262d6772ef3f8e66f29d8c291f8dad611dc80 (diff)
downloadsamba-c6a47bb4f31390ed975abc7b6788663e231193ba.tar.gz
samba-c6a47bb4f31390ed975abc7b6788663e231193ba.tar.bz2
samba-c6a47bb4f31390ed975abc7b6788663e231193ba.zip
r16349: Another fix to make winbind more robust in large domains:
We may only feed rpc_useraliases with chunks of 1024 entries. This is important as the token generation otherwise fails when a user is member of more then 1024 groups. Volker, please check. Guenther (This used to be commit d8fd94648f965eb043f957b154ce63b245a90328)
Diffstat (limited to 'source3')
-rw-r--r--source3/nsswitch/winbindd_rpc.c63
1 files changed, 52 insertions, 11 deletions
diff --git a/source3/nsswitch/winbindd_rpc.c b/source3/nsswitch/winbindd_rpc.c
index de4dbc9a79..322d284e0c 100644
--- a/source3/nsswitch/winbindd_rpc.c
+++ b/source3/nsswitch/winbindd_rpc.c
@@ -473,9 +473,14 @@ NTSTATUS msrpc_lookup_useraliases(struct winbindd_domain *domain,
{
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
POLICY_HND dom_pol;
- DOM_SID2 *sid2;
+ DOM_SID2 *query_sids;
+ uint32 num_query_sids = 0;
int i;
struct rpc_pipe_client *cli;
+ uint32 *alias_rids_query, num_aliases_query;
+ int rangesize = MAX_SAM_ENTRIES_W2K;
+ uint32 total_sids = 0;
+ int num_queries = 1;
*num_aliases = 0;
*alias_rids = NULL;
@@ -486,19 +491,55 @@ NTSTATUS msrpc_lookup_useraliases(struct winbindd_domain *domain,
if (!NT_STATUS_IS_OK(result))
return result;
- sid2 = TALLOC_ARRAY(mem_ctx, DOM_SID2, num_sids);
+ do {
+ /* prepare query */
- if (sid2 == NULL)
- return NT_STATUS_NO_MEMORY;
+ num_query_sids = MIN(num_sids - total_sids, rangesize);
- for (i=0; i<num_sids; i++) {
- sid_copy(&sid2[i].sid, &sids[i]);
- sid2[i].num_auths = sid2[i].sid.num_auths;
- }
+ DEBUG(10,("rpc: lookup_useraliases: entering query %d for %d sids\n",
+ num_queries, num_query_sids));
+
+
+ query_sids = TALLOC_ARRAY(mem_ctx, DOM_SID2, num_query_sids);
+ if (query_sids == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ for (i=0; i<num_query_sids; i++) {
+ sid_copy(&query_sids[i].sid, &sids[total_sids++]);
+ query_sids[i].num_auths = query_sids[i].sid.num_auths;
+ }
+
+ /* do request */
+
+ result = rpccli_samr_query_useraliases(cli, mem_ctx, &dom_pol,
+ num_query_sids, query_sids,
+ &num_aliases_query,
+ &alias_rids_query);
+
+ if (!NT_STATUS_IS_OK(result)) {
+ *num_aliases = 0;
+ *alias_rids = NULL;
+ TALLOC_FREE(query_sids);
+ goto done;
+ }
+
+ /* process output */
+
+ for (i=0; i<num_aliases_query; i++) {
+ add_rid_to_array_unique(mem_ctx, alias_rids_query[i],
+ alias_rids, num_aliases);
+ }
+
+ TALLOC_FREE(query_sids);
+
+ num_queries++;
+
+ } while (total_sids < num_sids);
- result = rpccli_samr_query_useraliases(cli, mem_ctx, &dom_pol,
- num_sids, sid2,
- num_aliases, alias_rids);
+ done:
+ DEBUG(10,("rpc: lookup_useraliases: got %d aliases in %d queries "
+ "(rangesize: %d)\n", *num_aliases, num_queries, rangesize));
return result;
}