svn commit: samba r23086 - in branches/SAMBA_3_0_26/source/rpc_client: .

obnox at samba.org obnox at samba.org
Tue May 22 22:07:57 GMT 2007 

Author: obnox
Date: 2007-05-22 22:07:56 +0000 (Tue, 22 May 2007)
New Revision: 23086

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=23086

Log:
Port r23070 and r23073 from 3_0. Original comment:

The lsa rpc lookup sids call has a maximum number of SIDS to be
looked up at one time. This limit is at 20480 for w2k3.       
Our rpccli_lsa_lookup_sids function ignores this limit, so when
we give the server too long a list of SIDs, then we will get  
nothing back. Since typically rpccli_lsa_lookup_sids is given                         
one SID  (or a small number of SIDS), this did not do harm       
up to now. But since I want to use lsa_lookup_sids in a subsequent
modification to winbindd_ads.c:lookup_groupmem to get rid of
a vast number of dn_lookup calls to the server, I had to make
sure we do it correctly.

I have added a function rpccli_lsa_lookup_sids_all function
that has the same prototype but internally splits the list
of SIDs up into hunks of a (conservative, hard coded) 1000
SIDs each for a first go.

If this approach is agreed upon, the new function could replace
the original rpccli_lsa_lookup_sids function.

Michael


Modified:
   branches/SAMBA_3_0_26/source/rpc_client/cli_lsarpc.c


Changeset:
Modified: branches/SAMBA_3_0_26/source/rpc_client/cli_lsarpc.c
===================================================================
--- branches/SAMBA_3_0_26/source/rpc_client/cli_lsarpc.c	2007-05-22 22:00:16 UTC (rev 23085)
+++ branches/SAMBA_3_0_26/source/rpc_client/cli_lsarpc.c	2007-05-22 22:07:56 UTC (rev 23086)
@@ -169,6 +169,215 @@
 	return result;
 }
 
+/* Lookup a list of sids
+ *
+ * internal version withOUT memory allocation of the target arrays.
+ * this assumes suffciently sized arrays to store domains, names and types. */
+
+static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli,
+					       TALLOC_CTX *mem_ctx,
+					       POLICY_HND *pol,
+					       int num_sids,
+					       const DOM_SID *sids,
+					       char **domains,
+					       char **names,
+					       uint32 *types)
+{
+	prs_struct qbuf, rbuf;
+	LSA_Q_LOOKUP_SIDS q;
+	LSA_R_LOOKUP_SIDS r;
+	DOM_R_REF ref;
+	LSA_TRANS_NAME_ENUM t_names;
+	NTSTATUS result = NT_STATUS_OK;
+	TALLOC_CTX *tmp_ctx = NULL;
+	int i;
+
+	tmp_ctx = talloc_new(mem_ctx);
+	if (!tmp_ctx) {
+		DEBUG(0, ("rpccli_lsa_lookup_sids_noalloc: out of memory!\n"));
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	init_q_lookup_sids(tmp_ctx, &q, pol, num_sids, sids, 1);
+
+	ZERO_STRUCT(ref);
+	ZERO_STRUCT(t_names);
+
+	r.dom_ref = &ref;
+	r.names = &t_names;
+
+	CLI_DO_RPC( cli, tmp_ctx, PI_LSARPC, LSA_LOOKUPSIDS,
+			q, r,
+			qbuf, rbuf,
+			lsa_io_q_lookup_sids,
+			lsa_io_r_lookup_sids,
+			NT_STATUS_UNSUCCESSFUL );
+
+	if (!NT_STATUS_IS_OK(r.status) &&
+	    !NT_STATUS_EQUAL(r.status, STATUS_SOME_UNMAPPED)) 
+	{
+		/* An actual error occured */
+		result = r.status;
+		goto done;
+	}
+
+	/* Return output parameters */
+
+	if (r.mapped_count == 0) {
+		result = NT_STATUS_NONE_MAPPED;
+		goto done;
+	}
+
+	for (i = 0; i < num_sids; i++) {
+		fstring name, dom_name;
+		uint32 dom_idx = t_names.name[i].domain_idx;
+
+		/* Translate optimised name through domain index array */
+
+		if (dom_idx != 0xffffffff) {
+
+			rpcstr_pull_unistr2_fstring(
+                                dom_name, &ref.ref_dom[dom_idx].uni_dom_name);
+			rpcstr_pull_unistr2_fstring(
+                                name, &t_names.uni_name[i]);
+
+			(names)[i] = talloc_strdup(mem_ctx, name);
+			(domains)[i] = talloc_strdup(mem_ctx, dom_name);
+			(types)[i] = t_names.name[i].sid_name_use;
+			
+			if (((names)[i] == NULL) || ((domains)[i] == NULL)) {
+				DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
+				result = NT_STATUS_UNSUCCESSFUL;
+				goto done;
+			}
+
+		} else {
+			(names)[i] = NULL;
+			(domains)[i] = NULL;
+			(types)[i] = SID_NAME_UNKNOWN;
+		}
+	}
+
+done:
+	TALLOC_FREE(tmp_ctx);
+	return result;
+}
+
+/* Lookup a list of sids 
+ *
+ * do it the right way: there is a limit (of 20480 for w2k3) entries
+ * returned by this call. when the sids list contains more entries,
+ * empty lists are returned. This version of lsa_lookup_sids passes
+ * the list of sids in hunks of LOOKUP_SIDS_HUNK_SIZE to the lsa call. */
+
+/* This constant defines the limit of how many sids to look up
+ * in one call (maximum). the limit from the server side is
+ * at 20480 for win2k3, but we keep it at a save 1000 for now. */
+#define LOOKUP_SIDS_HUNK_SIZE 1000
+
+NTSTATUS rpccli_lsa_lookup_sids_all(struct rpc_pipe_client *cli,
+				    TALLOC_CTX *mem_ctx,
+				    POLICY_HND *pol, 
+				    int num_sids,
+				    const DOM_SID *sids, 
+				    char ***domains,
+				    char ***names,
+				    uint32 **types)
+{
+	NTSTATUS result = NT_STATUS_OK;
+	int sids_left = 0;
+	int sids_processed = 0;
+	const DOM_SID *hunk_sids = sids;
+	char **hunk_domains = NULL;
+	char **hunk_names = NULL;
+	uint32 *hunk_types = NULL;
+
+	if (num_sids) {
+		if (!((*domains) = TALLOC_ARRAY(mem_ctx, char *, num_sids))) {
+			DEBUG(0, ("rpccli_lsa_lookup_sids_all(): out of memory\n"));
+			result = NT_STATUS_NO_MEMORY;
+			goto done;
+		}
+
+		if (!((*names) = TALLOC_ARRAY(mem_ctx, char *, num_sids))) {
+			DEBUG(0, ("rpccli_lsa_lookup_sids_all(): out of memory\n"));
+			result = NT_STATUS_NO_MEMORY;
+			goto done;
+		}
+
+		if (!((*types) = TALLOC_ARRAY(mem_ctx, enum lsa_SidType, num_sids))) {
+			DEBUG(0, ("rpccli_lsa_lookup_sids_all(): out of memory\n"));
+			result = NT_STATUS_NO_MEMORY;
+			goto done;
+		}
+	} else {
+		(*domains) = NULL;
+		(*names) = NULL;
+		(*types) = NULL;
+	}
+	
+	sids_left = num_sids;
+	hunk_domains = *domains;
+	hunk_names = *names;
+	hunk_types = *types;
+
+	while (sids_left > 0) {
+		int hunk_num_sids;
+		NTSTATUS hunk_result = NT_STATUS_OK;
+
+		hunk_num_sids = ((sids_left > LOOKUP_SIDS_HUNK_SIZE) 
+				? LOOKUP_SIDS_HUNK_SIZE 
+				: sids_left);
+
+		DEBUG(10, ("rpccli_lsa_lookup_sids_all: processing items "
+			   "%d -- %d of %d.\n", 
+			   sids_processed, 
+			   sids_processed + hunk_num_sids - 1,
+			   num_sids));
+
+		hunk_result = rpccli_lsa_lookup_sids_noalloc(cli,
+							     mem_ctx,
+							     pol,
+							     hunk_num_sids, 
+							     hunk_sids,
+							     hunk_domains,
+							     hunk_names,
+							     hunk_types);
+
+		if (!NT_STATUS_IS_OK(hunk_result) &&
+		    !NT_STATUS_EQUAL(hunk_result, STATUS_SOME_UNMAPPED) &&
+		    !NT_STATUS_EQUAL(hunk_result, NT_STATUS_NONE_MAPPED)) 
+		{
+			/* An actual error occured */
+			goto done;
+		}
+
+		/* adapt overall result */
+		if (( NT_STATUS_IS_OK(result) && 
+		     !NT_STATUS_IS_OK(hunk_result)) 
+		    ||
+		    ( NT_STATUS_EQUAL(result, NT_STATUS_NONE_MAPPED) &&
+		     !NT_STATUS_EQUAL(hunk_result, NT_STATUS_NONE_MAPPED)))
+		{
+			result = STATUS_SOME_UNMAPPED;
+		}
+
+		sids_left -= hunk_num_sids;
+		sids_processed += hunk_num_sids; /* only used in DEBUG */
+		hunk_sids += hunk_num_sids;
+		hunk_domains += hunk_num_sids;
+		hunk_names += hunk_num_sids;
+		hunk_types += hunk_num_sids;
+	}
+
+done:
+	return result;
+}
+
 /** Lookup a list of sids */
 
 NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli,

More information about the samba-cvs mailing list