summaryrefslogtreecommitdiff
path: root/source4/auth
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2009-07-16 17:37:36 +1000
committerAndrew Bartlett <abartlet@samba.org>2009-07-17 08:26:49 +1000
commit19bc4ce95ca9b2a985313f5eb887275aa6fe3599 (patch)
tree0a8f1df46ecd030986493ca6d9b7b7bb6c88adf3 /source4/auth
parentd7b31ff853ac06d5021314be698109f8487770f9 (diff)
downloadsamba-19bc4ce95ca9b2a985313f5eb887275aa6fe3599.tar.gz
samba-19bc4ce95ca9b2a985313f5eb887275aa6fe3599.tar.bz2
samba-19bc4ce95ca9b2a985313f5eb887275aa6fe3599.zip
s4:kdc Rework KDC to pull in less attributes for krbtgt lookups
Each attribute we request from LDB comes with a small cost, so don't lookup any more than we must for the (very) frequent krbtgt lookup case. Similarly, we don't need to build a PAC for a server (as a target), so don't ask for the PAC attributes here either. Andrew Bartlett
Diffstat (limited to 'source4/auth')
-rw-r--r--source4/auth/auth.h2
-rw-r--r--source4/auth/sam.c42
2 files changed, 29 insertions, 15 deletions
diff --git a/source4/auth/auth.h b/source4/auth/auth.h
index 6bad017862..8a0f12efd8 100644
--- a/source4/auth/auth.h
+++ b/source4/auth/auth.h
@@ -23,6 +23,8 @@
#include "librpc/gen_ndr/ndr_krb5pac.h"
+extern const char *krbtgt_attrs[];
+extern const char *server_attrs[];
extern const char *user_attrs[];
union netr_Validation;
diff --git a/source4/auth/sam.c b/source4/auth/sam.c
index c396662c12..635d94242f 100644
--- a/source4/auth/sam.c
+++ b/source4/auth/sam.c
@@ -32,25 +32,37 @@
#include "param/param.h"
#include "auth/auth_sam.h"
-const char *user_attrs[] = {
- /* required for the krb5 kdc */
- "objectClass",
- "sAMAccountName",
- "userPrincipalName",
- "servicePrincipalName",
- "msDS-KeyVersionNumber",
- "supplementalCredentials",
+#define KRBTGT_ATTRS \
+ /* required for the krb5 kdc */ \
+ "objectClass", \
+ "sAMAccountName", \
+ "userPrincipalName", \
+ "servicePrincipalName", \
+ "msDS-KeyVersionNumber", \
+ "supplementalCredentials", \
+ \
+ /* passwords */ \
+ "dBCSPwd", \
+ "unicodePwd", \
+ \
+ "userAccountControl", \
+ "objectSid", \
+ \
+ "pwdLastSet", \
+ "accountExpires"
+
+const char *krbtgt_attrs[] = {
+ KRBTGT_ATTRS
+};
- /* passwords */
- "dBCSPwd",
- "unicodePwd",
+const char *server_attrs[] = {
+ KRBTGT_ATTRS
+};
- "userAccountControl",
+const char *user_attrs[] = {
+ KRBTGT_ATTRS,
- "pwdLastSet",
- "accountExpires",
"logonHours",
- "objectSid",
/* check 'allowed workstations' */
"userWorkstations",