svn commit: samba r18361 - in branches/SAMBA_4_0/source/rpc_server/lsa: .

abartlet at samba.org abartlet at samba.org
Mon Sep 11 05:11:11 GMT 2006 

Author: abartlet
Date: 2006-09-11 05:11:10 +0000 (Mon, 11 Sep 2006)
New Revision: 18361

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=18361

Log:
Invert the way we handle LookupSids2/LookupSids3 and LookupNames3/LookupNames4

The latter calls don't supply a policy handle 

The latter calls now acquire a policy handle, then call the earlier
calls.  This means we still share the codepaths, but don't need to
fetch policy state when it is already provided.

Andrew Bartlett


Modified:
   branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c


Changeset:
Modified: branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c
===================================================================
--- branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c	2006-09-11 04:47:56 UTC (rev 18360)
+++ branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c	2006-09-11 05:11:10 UTC (rev 18361)
@@ -395,6 +395,9 @@
 
 /* 
   dssetup_DsRoleGetPrimaryDomainInformation 
+
+  This is not an LSA call, but is the only call left on the DSSETUP
+  pipe (after the pipe was truncated), and needs lsa_get_policy_state
 */
 static WERROR dssetup_DsRoleGetPrimaryDomainInformation(struct dcesrv_call_state *dce_call, 
 						 TALLOC_CTX *mem_ctx,
@@ -1554,11 +1557,11 @@
 
 
 /*
-  lsa_LookupSids3
+  lsa_LookupSids2
 */
-static NTSTATUS lsa_LookupSids3(struct dcesrv_call_state *dce_call,
+static NTSTATUS lsa_LookupSids2(struct dcesrv_call_state *dce_call,
 				TALLOC_CTX *mem_ctx,
-				struct lsa_LookupSids3 *r)
+				struct lsa_LookupSids2 *r)
 {
 	struct lsa_policy_state *state;
 	int i;
@@ -1640,32 +1643,56 @@
 
 
 /*
-  lsa_LookupSids2
+  lsa_LookupSids3
+
+  Identical to LookupSids2, but doesn't take a policy handle
+  
 */
-static NTSTATUS lsa_LookupSids2(struct dcesrv_call_state *dce_call,
+static NTSTATUS lsa_LookupSids3(struct dcesrv_call_state *dce_call,
 				TALLOC_CTX *mem_ctx,
-				struct lsa_LookupSids2 *r)
+				struct lsa_LookupSids3 *r)
 {
-	struct lsa_LookupSids3 r3;
+	struct lsa_LookupSids2 r2;
+	struct lsa_OpenPolicy2 pol;
 	NTSTATUS status;
+	struct dcesrv_handle *h;
 
-	r3.in.sids     = r->in.sids;
-	r3.in.names    = r->in.names;
-	r3.in.level    = r->in.level;
-	r3.in.count    = r->in.count;
-	r3.in.unknown1 = r->in.unknown1;
-	r3.in.unknown2 = r->in.unknown2;
-	r3.out.count   = r->out.count;
-	r3.out.names   = r->out.names;
+	/* No policy handle on the wire, so make one up here */
+	r2.in.handle = talloc(mem_ctx, struct policy_handle);
+	if (!r2.in.handle) {
+		return NT_STATUS_NO_MEMORY;
+	}
 
-	status = lsa_LookupSids3(dce_call, mem_ctx, &r3);
+	pol.out.handle = r2.in.handle;
+	pol.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	pol.in.attr = NULL;
+	pol.in.system_name = NULL;
+	status = lsa_OpenPolicy2(dce_call, mem_ctx, &pol);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	/* ensure this handle goes away at the end of this call */
+	DCESRV_PULL_HANDLE(h, r2.in.handle, LSA_HANDLE_POLICY);
+	talloc_steal(mem_ctx, h);
+
+	r2.in.sids     = r->in.sids;
+	r2.in.names    = r->in.names;
+	r2.in.level    = r->in.level;
+	r2.in.count    = r->in.count;
+	r2.in.unknown1 = r->in.unknown1;
+	r2.in.unknown2 = r->in.unknown2;
+	r2.out.count   = r->out.count;
+	r2.out.names   = r->out.names;
+
+	status = lsa_LookupSids2(dce_call, mem_ctx, &r2);
 	if (dce_call->fault_code != 0) {
 		return status;
 	}
 
-	r->out.domains = r3.out.domains;
-	r->out.names   = r3.out.names;
-	r->out.count   = r3.out.count;
+	r->out.domains = r2.out.domains;
+	r->out.names   = r2.out.names;
+	r->out.count   = r2.out.count;
 
 	return status;
 }
@@ -2987,21 +3014,21 @@
 
 
 /*
-  lsa_LookupNames4
+  lsa_LookupNames3
 */
-static NTSTATUS lsa_LookupNames4(struct dcesrv_call_state *dce_call,
+static NTSTATUS lsa_LookupNames3(struct dcesrv_call_state *dce_call,
 				 TALLOC_CTX *mem_ctx,
-				 struct lsa_LookupNames4 *r)
+				 struct lsa_LookupNames3 *r)
 {
-	struct lsa_policy_state *state;
+	struct lsa_policy_state *policy_state;
+	struct dcesrv_handle *policy_handle;
 	int i;
 	NTSTATUS status = NT_STATUS_OK;
 
-	status = lsa_get_policy_state(dce_call, mem_ctx, &state);
-	if (!NT_STATUS_IS_OK(status)) {
-		return status;
-	}
+	DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY);
 
+	policy_state = policy_handle->data;
+
 	r->out.domains = NULL;
 
 	r->out.domains = talloc_zero(mem_ctx,  struct lsa_RefDomainList);
@@ -3036,7 +3063,7 @@
 		r->out.sids->sids[i].sid_index   = 0xFFFFFFFF;
 		r->out.sids->sids[i].unknown     = 0;
 
-		status2 = lsa_lookup_name(state, mem_ctx, name, &sid, &atype);
+		status2 = lsa_lookup_name(policy_state, mem_ctx, name, &sid, &atype);
 		if (!NT_STATUS_IS_OK(status2) || sid->num_auths == 0) {
 			status = STATUS_SOME_UNMAPPED;
 			continue;
@@ -3048,7 +3075,7 @@
 			continue;
 		}
 
-		status2 = lsa_authority_list(state, mem_ctx, sid, r->out.domains, &sid_index);
+		status2 = lsa_authority_list(policy_state, mem_ctx, sid, r->out.domains, &sid_index);
 		if (!NT_STATUS_IS_OK(status2)) {
 			return status2;
 		}
@@ -3063,16 +3090,38 @@
 }
 
 /* 
-  lsa_LookupNames3
+  lsa_LookupNames4
+
+  Identical to LookupNames3, but doesn't take a policy handle
+  
 */
-static NTSTATUS lsa_LookupNames3(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
-				 struct lsa_LookupNames3 *r)
+static NTSTATUS lsa_LookupNames4(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+				 struct lsa_LookupNames4 *r)
 {
-	struct lsa_LookupNames4 r2;
+	struct lsa_LookupNames3 r2;
+	struct lsa_OpenPolicy2 pol;
 	NTSTATUS status;
 	struct dcesrv_handle *h;
-	DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY);
-	
+
+	/* No policy handle on the wire, so make one up here */
+	r2.in.handle = talloc(mem_ctx, struct policy_handle);
+	if (!r2.in.handle) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	pol.out.handle = r2.in.handle;
+	pol.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	pol.in.attr = NULL;
+	pol.in.system_name = NULL;
+	status = lsa_OpenPolicy2(dce_call, mem_ctx, &pol);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	/* ensure this handle goes away at the end of this call */
+	DCESRV_PULL_HANDLE(h, r2.in.handle, LSA_HANDLE_POLICY);
+	talloc_steal(mem_ctx, h);
+
 	r2.in.num_names = r->in.num_names;
 	r2.in.names = r->in.names;
 	r2.in.sids = r->in.sids;
@@ -3083,7 +3132,7 @@
 	r2.out.sids = r->out.sids;
 	r2.out.count = r->out.count;
 	
-	status = lsa_LookupNames4(dce_call, mem_ctx, &r2);
+	status = lsa_LookupNames3(dce_call, mem_ctx, &r2);
 	if (dce_call->fault_code != 0) {
 		return status;
 	}

More information about the samba-cvs mailing list