From 19bc4ce95ca9b2a985313f5eb887275aa6fe3599 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 16 Jul 2009 17:37:36 +1000
Subject: s4:kdc Rework KDC to pull in less attributes for krbtgt lookups

Each attribute we request from LDB comes with a small cost, so don't
lookup any more than we must for the (very) frequent krbtgt lookup
case.  Similarly, we don't need to build a PAC for a server (as a
target), so don't ask for the PAC attributes here either.

Andrew Bartlett
---
 source4/auth/sam.c | 42 +++++++++++++++++++++++++++---------------
 1 file changed, 27 insertions(+), 15 deletions(-)

(limited to 'source4/auth/sam.c')

diff --git a/source4/auth/sam.c b/source4/auth/sam.c
index c396662c12..635d94242f 100644
--- a/source4/auth/sam.c
+++ b/source4/auth/sam.c
@@ -32,25 +32,37 @@
 #include "param/param.h"
 #include "auth/auth_sam.h"
 
-const char *user_attrs[] = {
-	/* required for the krb5 kdc */
-	"objectClass",
-	"sAMAccountName",
-	"userPrincipalName",
-	"servicePrincipalName",
-	"msDS-KeyVersionNumber",
-	"supplementalCredentials",
+#define KRBTGT_ATTRS \
+	/* required for the krb5 kdc */		\
+	"objectClass",				\
+	"sAMAccountName",			\
+	"userPrincipalName",			\
+	"servicePrincipalName",			\
+	"msDS-KeyVersionNumber",		\
+	"supplementalCredentials",		\
+						\
+	/* passwords */				\
+	"dBCSPwd",				\
+	"unicodePwd",				\
+						\
+	"userAccountControl",			\
+	"objectSid",				\
+						\
+	"pwdLastSet",				\
+	"accountExpires"			
+
+const char *krbtgt_attrs[] = {
+	KRBTGT_ATTRS
+};
 
-	/* passwords */
-	"dBCSPwd", 
-	"unicodePwd",
+const char *server_attrs[] = {
+	KRBTGT_ATTRS
+};
 
-	"userAccountControl",
+const char *user_attrs[] = {
+	KRBTGT_ATTRS,
 
-	"pwdLastSet",
-	"accountExpires",
 	"logonHours",
-	"objectSid",
 
 	/* check 'allowed workstations' */
 	"userWorkstations",
-- 
cgit