diff options
author | Andrew Bartlett <abartlet@samba.org> | 2006-09-11 05:11:10 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:18:18 -0500 |
commit | 459a2301a5d63f5a1a6b27996c8a0358b20f2ab2 (patch) | |
tree | 594f24748db7ae48f00817ed7a3878127e9aef79 /source4/rpc_server/lsa | |
parent | f793748f4357f70668d8e8c2b90a88d2ff253566 (diff) | |
download | samba-459a2301a5d63f5a1a6b27996c8a0358b20f2ab2.tar.gz samba-459a2301a5d63f5a1a6b27996c8a0358b20f2ab2.tar.bz2 samba-459a2301a5d63f5a1a6b27996c8a0358b20f2ab2.zip |
r18361: Invert the way we handle LookupSids2/LookupSids3 and LookupNames3/LookupNames4
The latter calls don't supply a policy handle
The latter calls now acquire a policy handle, then call the earlier
calls. This means we still share the codepaths, but don't need to
fetch policy state when it is already provided.
Andrew Bartlett
(This used to be commit 5fa9e96bd0d1f75e208be9a8a04dfc90a854bee9)
Diffstat (limited to 'source4/rpc_server/lsa')
-rw-r--r-- | source4/rpc_server/lsa/dcesrv_lsa.c | 121 |
1 files changed, 85 insertions, 36 deletions
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index e39f461f99..5c0cc79575 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -395,6 +395,9 @@ static NTSTATUS lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_ /* dssetup_DsRoleGetPrimaryDomainInformation + + This is not an LSA call, but is the only call left on the DSSETUP + pipe (after the pipe was truncated), and needs lsa_get_policy_state */ static WERROR dssetup_DsRoleGetPrimaryDomainInformation(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, @@ -1554,11 +1557,11 @@ static NTSTATUS lsa_lookup_sid(struct lsa_policy_state *state, TALLOC_CTX *mem_c /* - lsa_LookupSids3 + lsa_LookupSids2 */ -static NTSTATUS lsa_LookupSids3(struct dcesrv_call_state *dce_call, +static NTSTATUS lsa_LookupSids2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, - struct lsa_LookupSids3 *r) + struct lsa_LookupSids2 *r) { struct lsa_policy_state *state; int i; @@ -1640,32 +1643,56 @@ static NTSTATUS lsa_LookupSids3(struct dcesrv_call_state *dce_call, /* - lsa_LookupSids2 + lsa_LookupSids3 + + Identical to LookupSids2, but doesn't take a policy handle + */ -static NTSTATUS lsa_LookupSids2(struct dcesrv_call_state *dce_call, +static NTSTATUS lsa_LookupSids3(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, - struct lsa_LookupSids2 *r) + struct lsa_LookupSids3 *r) { - struct lsa_LookupSids3 r3; + struct lsa_LookupSids2 r2; + struct lsa_OpenPolicy2 pol; NTSTATUS status; + struct dcesrv_handle *h; - r3.in.sids = r->in.sids; - r3.in.names = r->in.names; - r3.in.level = r->in.level; - r3.in.count = r->in.count; - r3.in.unknown1 = r->in.unknown1; - r3.in.unknown2 = r->in.unknown2; - r3.out.count = r->out.count; - r3.out.names = r->out.names; + /* No policy handle on the wire, so make one up here */ + r2.in.handle = talloc(mem_ctx, struct policy_handle); + if (!r2.in.handle) { + return NT_STATUS_NO_MEMORY; + } - status = lsa_LookupSids3(dce_call, mem_ctx, &r3); + pol.out.handle = r2.in.handle; + pol.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; + pol.in.attr = NULL; + pol.in.system_name = NULL; + status = lsa_OpenPolicy2(dce_call, mem_ctx, &pol); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + /* ensure this handle goes away at the end of this call */ + DCESRV_PULL_HANDLE(h, r2.in.handle, LSA_HANDLE_POLICY); + talloc_steal(mem_ctx, h); + + r2.in.sids = r->in.sids; + r2.in.names = r->in.names; + r2.in.level = r->in.level; + r2.in.count = r->in.count; + r2.in.unknown1 = r->in.unknown1; + r2.in.unknown2 = r->in.unknown2; + r2.out.count = r->out.count; + r2.out.names = r->out.names; + + status = lsa_LookupSids2(dce_call, mem_ctx, &r2); if (dce_call->fault_code != 0) { return status; } - r->out.domains = r3.out.domains; - r->out.names = r3.out.names; - r->out.count = r3.out.count; + r->out.domains = r2.out.domains; + r->out.names = r2.out.names; + r->out.count = r2.out.count; return status; } @@ -2987,20 +3014,20 @@ static NTSTATUS lsa_lookup_name(struct lsa_policy_state *state, TALLOC_CTX *mem_ /* - lsa_LookupNames4 + lsa_LookupNames3 */ -static NTSTATUS lsa_LookupNames4(struct dcesrv_call_state *dce_call, +static NTSTATUS lsa_LookupNames3(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, - struct lsa_LookupNames4 *r) + struct lsa_LookupNames3 *r) { - struct lsa_policy_state *state; + struct lsa_policy_state *policy_state; + struct dcesrv_handle *policy_handle; int i; NTSTATUS status = NT_STATUS_OK; - status = lsa_get_policy_state(dce_call, mem_ctx, &state); - if (!NT_STATUS_IS_OK(status)) { - return status; - } + DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY); + + policy_state = policy_handle->data; r->out.domains = NULL; @@ -3036,7 +3063,7 @@ static NTSTATUS lsa_LookupNames4(struct dcesrv_call_state *dce_call, r->out.sids->sids[i].sid_index = 0xFFFFFFFF; r->out.sids->sids[i].unknown = 0; - status2 = lsa_lookup_name(state, mem_ctx, name, &sid, &atype); + status2 = lsa_lookup_name(policy_state, mem_ctx, name, &sid, &atype); if (!NT_STATUS_IS_OK(status2) || sid->num_auths == 0) { status = STATUS_SOME_UNMAPPED; continue; @@ -3048,7 +3075,7 @@ static NTSTATUS lsa_LookupNames4(struct dcesrv_call_state *dce_call, continue; } - status2 = lsa_authority_list(state, mem_ctx, sid, r->out.domains, &sid_index); + status2 = lsa_authority_list(policy_state, mem_ctx, sid, r->out.domains, &sid_index); if (!NT_STATUS_IS_OK(status2)) { return status2; } @@ -3063,16 +3090,38 @@ static NTSTATUS lsa_LookupNames4(struct dcesrv_call_state *dce_call, } /* - lsa_LookupNames3 + lsa_LookupNames4 + + Identical to LookupNames3, but doesn't take a policy handle + */ -static NTSTATUS lsa_LookupNames3(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, - struct lsa_LookupNames3 *r) +static NTSTATUS lsa_LookupNames4(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + struct lsa_LookupNames4 *r) { - struct lsa_LookupNames4 r2; + struct lsa_LookupNames3 r2; + struct lsa_OpenPolicy2 pol; NTSTATUS status; struct dcesrv_handle *h; - DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY); - + + /* No policy handle on the wire, so make one up here */ + r2.in.handle = talloc(mem_ctx, struct policy_handle); + if (!r2.in.handle) { + return NT_STATUS_NO_MEMORY; + } + + pol.out.handle = r2.in.handle; + pol.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; + pol.in.attr = NULL; + pol.in.system_name = NULL; + status = lsa_OpenPolicy2(dce_call, mem_ctx, &pol); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + /* ensure this handle goes away at the end of this call */ + DCESRV_PULL_HANDLE(h, r2.in.handle, LSA_HANDLE_POLICY); + talloc_steal(mem_ctx, h); + r2.in.num_names = r->in.num_names; r2.in.names = r->in.names; r2.in.sids = r->in.sids; @@ -3083,7 +3132,7 @@ static NTSTATUS lsa_LookupNames3(struct dcesrv_call_state *dce_call, TALLOC_CTX r2.out.sids = r->out.sids; r2.out.count = r->out.count; - status = lsa_LookupNames4(dce_call, mem_ctx, &r2); + status = lsa_LookupNames3(dce_call, mem_ctx, &r2); if (dce_call->fault_code != 0) { return status; } |