From 9aba116607c0b85a371c3556a6483bc662c769a3 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 22 Dec 2004 16:58:43 +0000 Subject: r4331: Implement SAMR query_dom_info-call info-level 8 server- and client-side, based on samba4-idl. This saves us an enormous amount of totally unnecessary ldap-traffic when several hundreds of winbind-daemons query a Samba3 DC just to get the fake SAM-sequence-number (time(NULL)) by enumerating all users, all groups and all aliases when query-dom-info level 2 is used. Note that we apparently never get the sequence number right (we parse a uint32, although it's a uint64, at least in samba4 idl). For the time being, I would propose to stay with that behaviour. Guenther (This used to be commit f9ab15a986626581000d4b93961184c501f36b93) --- source3/nsswitch/winbindd_rpc.c | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) (limited to 'source3/nsswitch/winbindd_rpc.c') diff --git a/source3/nsswitch/winbindd_rpc.c b/source3/nsswitch/winbindd_rpc.c index de7f2ff76f..e6edb70f07 100644 --- a/source3/nsswitch/winbindd_rpc.c +++ b/source3/nsswitch/winbindd_rpc.c @@ -807,10 +807,10 @@ static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq) TALLOC_CTX *mem_ctx; CLI_POLICY_HND *hnd; SAM_UNK_CTR ctr; - uint16 switch_value = 2; NTSTATUS result; POLICY_HND dom_pol; BOOL got_dom_pol = False; + BOOL got_seq_num = False; uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED; int retry; @@ -856,10 +856,27 @@ static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq) /* Query domain info */ result = cli_samr_query_dom_info(hnd->cli, mem_ctx, &dom_pol, - switch_value, &ctr); + 8, &ctr); if (NT_STATUS_IS_OK(result)) { - *seq = ctr.info.inf2.seq_num; + *seq = ctr.info.inf8.seq_num.low; + got_seq_num = True; + goto seq_num; + } + + /* retry with info-level 2 in case the dc does not support info-level 8 + * (like all older samba2 and samba3 dc's - Guenther */ + + result = cli_samr_query_dom_info(hnd->cli, mem_ctx, &dom_pol, + 2, &ctr); + + if (NT_STATUS_IS_OK(result)) { + *seq = ctr.info.inf2.seq_num.low; + got_seq_num = True; + } + + seq_num: + if (got_seq_num) { DEBUG(10,("domain_sequence_number: for domain %s is %u\n", domain->name, (unsigned)*seq)); } else { DEBUG(10,("domain_sequence_number: failed to get sequence number (%u) for domain %s\n", -- cgit