From f36c96d59c79a51610bb5a1fc42ac62bd8d08401 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Mon, 23 Jun 2003 19:05:23 +0000 Subject: * s/get_dc_name/rpc_dc_name/g (revert a previous change) * move back to qsort() for sorting IP address in get_dc_list() * remove dc_name_cache in cm_get_dc_name() since it slowed things down more than it helped. I've made a note of where to add in the negative connection cache in the ads code. Will come back to that. * fix rpcclient to use PRINTER_ALL_ACCESS for set printer (instead of MAX_ALLOWED) * only enumerate domain local groups in our domain * simplify ldap search for seqnum in winbindd's rpc backend (This used to be commit f8cab8635b02b205b4031279cedd804c1fb22c5b) --- source3/auth/auth_domain.c | 2 +- source3/libads/ldap.c | 3 ++ source3/libsmb/namequery.c | 11 ++++-- source3/libsmb/namequery_dc.c | 76 +++++---------------------------------- source3/nsswitch/winbindd_cm.c | 71 +++++------------------------------- source3/nsswitch/winbindd_group.c | 16 ++++----- source3/nsswitch/winbindd_rpc.c | 40 ++------------------- source3/rpcclient/cmd_spoolss.c | 2 +- 8 files changed, 43 insertions(+), 178 deletions(-) diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c index 66684cc940..5b2e287f6b 100644 --- a/source3/auth/auth_domain.c +++ b/source3/auth/auth_domain.c @@ -276,7 +276,7 @@ static NTSTATUS find_connect_dc(struct cli_state **cli, struct in_addr dc_ip; fstring srv_name; - if (!get_dc_name(domain, srv_name, &dc_ip)) { + if (!rpc_dc_name(domain, srv_name, &dc_ip)) { DEBUG(0,("find_connect_dc: Failed to find an DCs for %s\n", lp_workgroup())); return NT_STATUS_NO_LOGON_SERVERS; } diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 0a59c4eb8f..0f1f205f9b 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -41,6 +41,9 @@ /* try a connection to a given ldap server, returning True and setting the servers IP in the ads struct if successful + + TODO : add a negative connection cache in here leveraged off of the one + found in the rpc code. --jerry */ static BOOL ads_try_connect(ADS_STRUCT *ads, const char *server, unsigned port) { diff --git a/source3/libsmb/namequery.c b/source3/libsmb/namequery.c index 7f343033d6..3797f03979 100644 --- a/source3/libsmb/namequery.c +++ b/source3/libsmb/namequery.c @@ -1379,10 +1379,17 @@ BOOL get_dc_list(const char *domain, struct in_addr **ip_list, int *count, int * } } + if ( DEBUGLEVEL >= 4 ) { + DEBUG(4,("get_dc_list: returning %d ip addresses in an %sordered list\n", local_count, + *ordered ? "":"un")); + DEBUG(4,("get_dc_list: ")); + for ( i=0; i 1) ) { + qsort(ip_list, count, sizeof(struct in_addr), QSORT_CAST ip_compare); } - /* Finally return first DC that we can contact */ - for (i = 0; i < count; i++) { if (is_zero_ip(ip_list[i])) continue; @@ -281,8 +222,9 @@ BOOL get_dc_name(const char *domain, fstring srv_name, struct in_addr *ip_out) dc_ip = ip_list[i]; goto done; } - } + } } + SAFE_FREE(ip_list); @@ -295,7 +237,7 @@ BOOL get_dc_name(const char *domain, fstring srv_name, struct in_addr *ip_out) the DC is alive and kicking. If we can catch a dead DC before performing a cli_connect() we can avoid a 30-second timeout. */ - DEBUG(3, ("get_dc_name: Returning DC %s (%s) for domain %s\n", srv_name, + DEBUG(3, ("rpc_dc_name: Returning DC %s (%s) for domain %s\n", srv_name, inet_ntoa(dc_ip), domain)); *ip_out = dc_ip; diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c index d2d99a4203..79c63c9347 100644 --- a/source3/nsswitch/winbindd_cm.c +++ b/source3/nsswitch/winbindd_cm.c @@ -129,60 +129,16 @@ static BOOL cm_ads_find_dc(const char *domain, struct in_addr *dc_ip, fstring sr return True; } -static BOOL cm_get_dc_name(const char *domain, fstring srv_name, struct in_addr *ip_out) +/********************************************************************** + wrapper around ads and rpc methods of finds DC's +**********************************************************************/ + +static BOOL cm_get_dc_name(const char *domain, fstring srv_name, + struct in_addr *ip_out) { - static struct get_dc_name_cache *get_dc_name_cache; - struct get_dc_name_cache *dcc; struct in_addr dc_ip; BOOL ret; - /* Check the cache for previous lookups */ - - for (dcc = get_dc_name_cache; dcc; dcc = dcc->next) { - - if (!strequal(domain, dcc->domain_name)) - continue; /* Not our domain */ - - if ((time(NULL) - dcc->lookup_time) > - GET_DC_NAME_CACHE_TIMEOUT) { - - /* Cache entry has expired, delete it */ - - DEBUG(10, ("get_dc_name_cache entry expired for %s\n", domain)); - - DLIST_REMOVE(get_dc_name_cache, dcc); - SAFE_FREE(dcc); - - break; - } - - /* Return a positive or negative lookup for this domain */ - - if (dcc->srv_name[0]) { - DEBUG(10, ("returning positive get_dc_name_cache entry for %s\n", domain)); - fstrcpy(srv_name, dcc->srv_name); - return True; - } else { - DEBUG(10, ("returning negative get_dc_name_cache entry for %s\n", domain)); - return False; - } - } - - /* Add cache entry for this lookup. */ - - DEBUG(10, ("Creating get_dc_name_cache entry for %s\n", domain)); - - if (!(dcc = (struct get_dc_name_cache *) - malloc(sizeof(struct get_dc_name_cache)))) - return False; - - ZERO_STRUCTP(dcc); - - fstrcpy(dcc->domain_name, domain); - dcc->lookup_time = time(NULL); - - DLIST_ADD(get_dc_name_cache, dcc); - zero_ip(&dc_ip); ret = False; @@ -191,21 +147,12 @@ static BOOL cm_get_dc_name(const char *domain, fstring srv_name, struct in_addr if (!ret) { /* fall back on rpc methods if the ADS methods fail */ - ret = get_dc_name(domain, srv_name, &dc_ip); + ret = rpc_dc_name(domain, srv_name, &dc_ip); } - if (!ret) - return False; - - /* We have a name so make the cache entry positive now */ - fstrcpy(dcc->srv_name, srv_name); - - DEBUG(3, ("cm_get_dc_name: Returning DC %s (%s) for domain %s\n", srv_name, - inet_ntoa(dc_ip), domain)); - *ip_out = dc_ip; - return True; + return ret; } /* Choose between anonymous or authenticated connections. We need to use @@ -257,7 +204,7 @@ static NTSTATUS cm_open_connection(const char *domain, const int pipe_index, fstrcpy(new_conn->domain, domain); fstrcpy(new_conn->pipe_name, get_pipe_name_from_index(pipe_index)); - /* connection failure cache has been moved inside of get_dc_name + /* connection failure cache has been moved inside of rpc_dc_name so we can deal with half dead DC's --jerry */ if (!cm_get_dc_name(domain, new_conn->controller, &dc_ip)) { diff --git a/source3/nsswitch/winbindd_group.c b/source3/nsswitch/winbindd_group.c index 11884af4cf..e4b0e78e2e 100644 --- a/source3/nsswitch/winbindd_group.c +++ b/source3/nsswitch/winbindd_group.c @@ -296,14 +296,6 @@ enum winbindd_result winbindd_getgrgid(struct winbindd_cli_state *state) return WINBINDD_ERROR; } - if ( !((name_type==SID_NAME_DOM_GRP) || - ((name_type==SID_NAME_ALIAS) && strequal(lp_workgroup(), domain->name))) ) - { - DEBUG(1, ("name '%s' is not a local or domain group: %d\n", - group_name, name_type)); - return WINBINDD_ERROR; - } - /* Fill in group structure */ domain = find_domain_from_sid(&group_sid); @@ -313,6 +305,14 @@ enum winbindd_result winbindd_getgrgid(struct winbindd_cli_state *state) return WINBINDD_ERROR; } + if ( !((name_type==SID_NAME_DOM_GRP) || + ((name_type==SID_NAME_ALIAS) && strequal(lp_workgroup(), domain->name))) ) + { + DEBUG(1, ("name '%s' is not a local or domain group: %d\n", + group_name, name_type)); + return WINBINDD_ERROR; + } + if (!fill_grent(&state->response.data.gr, dom_name, group_name, state->request.data.gid) || !fill_grent_mem(domain, &group_sid, name_type, diff --git a/source3/nsswitch/winbindd_rpc.c b/source3/nsswitch/winbindd_rpc.c index 7d6055006d..131a7cfd43 100644 --- a/source3/nsswitch/winbindd_rpc.c +++ b/source3/nsswitch/winbindd_rpc.c @@ -734,12 +734,6 @@ static int get_ldap_seq(const char *server, uint32 *seq) if ((ldp = ldap_open_with_timeout(server, LDAP_PORT, 10)) == NULL) return -1; -#if 0 - /* As per tridge comment this doesn't seem to be needed. JRA */ - if ((err = ldap_simple_bind_s(ldp, NULL, NULL)) != 0) - goto done; -#endif - /* Timeout if no response within 20 seconds. */ to.tv_sec = 10; to.tv_usec = 0; @@ -786,38 +780,10 @@ int get_ldap_sequence_number( const char* domain, uint32 *seq) return False; } - if ( !list_ordered ) - { - /* - * Pick a nice close server. Look for DC on local net - * (assuming we don't have a list of preferred DC's) - */ - - for (i = 0; i < count; i++) { - if (is_zero_ip(ip_list[i])) - continue; - - if ( !is_local_net(ip_list[i]) ) - continue; - - if ( (ret = get_ldap_seq( inet_ntoa(ip_list[i]), seq)) == 0 ) - goto done; - - zero_ip(&ip_list[i]); - } + /* sort the list so we can pick a close server */ - - /* - * Secondly try and contact a random PDC/BDC. - */ - - i = (sys_random() % count); - - if ( !is_zero_ip(ip_list[i]) ) { - if ( (ret = get_ldap_seq( inet_ntoa(ip_list[i]), seq)) == 0 ) - goto done; - } - zero_ip(&ip_list[i]); /* Tried and failed. */ + if (!list_ordered && (count > 1) ) { + qsort(ip_list, count, sizeof(struct in_addr), QSORT_CAST ip_compare); } /* Finally return first DC that we can contact */ diff --git a/source3/rpcclient/cmd_spoolss.c b/source3/rpcclient/cmd_spoolss.c index e4ff06a35e..96a4b890ae 100644 --- a/source3/rpcclient/cmd_spoolss.c +++ b/source3/rpcclient/cmd_spoolss.c @@ -487,7 +487,7 @@ static WERROR cmd_spoolss_setprinter(struct cli_state *cli, /* get a printer handle */ result = cli_spoolss_open_printer_ex(cli, mem_ctx, printername, "", - MAXIMUM_ALLOWED_ACCESS, servername, + PRINTER_ALL_ACCESS, servername, user, &pol); if (!W_ERROR_IS_OK(result)) -- cgit