free_response(&response);
return(do_list(1,rq));
case WINBINDD_GETGRENT:
+ case WINBINDD_GETGRLST:
nsd_logprintf(NSD_LOG_MIN,
"callback (winbind) - %d GETGRENT responses\n",
response.data.num_entries);
NSS_STATUS ret;
static struct winbindd_request request;
static int called_again;
+ enum winbindd_cmd cmd;
#ifdef DEBUG_NSS
fprintf(stderr, "[%5d]: getgrent\n", getpid());
request.data.num_entries = MAX_GETGRENT_USERS;
- ret = winbindd_request(WINBINDD_GETGRENT, &request,
+ /* this is a hack to work around the fact that posix doesn't
+ define a 'list groups' call and listing all group members can
+ be *very* expensive. We use an environment variable to give
+ us a saner call (tridge) */
+ if (getenv("WINBIND_GETGRLST")) {
+ cmd = WINBINDD_GETGRLST;
+ } else {
+ cmd = WINBINDD_GETGRENT;
+ }
+
+ ret = winbindd_request(cmd, &request,
&getgrent_response);
if (ret == NSS_STATUS_SUCCESS) {
{ WINBINDD_SETGRENT, winbindd_setgrent, "SETGRENT" },
{ WINBINDD_ENDGRENT, winbindd_endgrent, "ENDGRENT" },
{ WINBINDD_GETGRENT, winbindd_getgrent, "GETGRENT" },
+ { WINBINDD_GETGRLST, winbindd_getgrent, "GETGRLST" },
/* PAM auth functions */
break;
case WINBINDD_GETGRENT:
+ case WINBINDD_GETGRLST:
winbindd_setgrent(&state);
break;
default:
*num_gr_mem = 0;
if (group_name_type != SID_NAME_DOM_GRP) {
- DEBUG(1, ("rid %d in domain %s isn't a " "domain group\n",
+ DEBUG(1, ("rid %d in domain %s isn't a domain group\n",
group_rid, domain->name));
goto done;
}
goto done;
}
- /* Get group membership */
+ group_list[group_list_ndx].num_gr_mem = 0;
+ gr_mem = NULL;
+ gr_mem_len = 0;
- result = fill_grent_mem(
- domain,
- name_list[ent->sam_entry_index].rid,
- SID_NAME_DOM_GRP,
- &group_list[group_list_ndx].num_gr_mem,
- &gr_mem, &gr_mem_len);
+ /* Get group membership */
+ if (state->request.cmd == WINBINDD_GETGRLST) {
+ result = True;
+ } else {
+ result = fill_grent_mem(
+ domain,
+ name_list[ent->sam_entry_index].rid,
+ SID_NAME_DOM_GRP,
+ &group_list[group_list_ndx].num_gr_mem,
+ &gr_mem, &gr_mem_len);
+ }
}
if (result) {
WINBINDD_WINS_BYIP,
WINBINDD_WINS_BYNAME,
+ /* this is like GETGRENT but gives an empty group list */
+ WINBINDD_GETGRLST,
+
/* Placeholder for end of cmd list */
WINBINDD_NUM_CMDS
uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
int i;
+ DEBUG(3,("rpc: query_user_list\n"));
+
*num_entries = 0;
*info = NULL;
*num_entries = 0;
*info = NULL;
+ DEBUG(3,("rpc: enum_dom_groups\n"));
+
if (!(hnd = cm_get_sam_handle(domain->name))) {
return NT_STATUS_UNSUCCESSFUL;
}
uint32 *types = NULL;
const char *full_name;
+ DEBUG(3,("rpc: name_to_sid name=%s\n", name));
+
if (!(mem_ctx = talloc_init_named("name_to_sid[rpc] for [%s]\\[%s]", domain->name, name))) {
DEBUG(0, ("talloc_init failed!\n"));
return NT_STATUS_NO_MEMORY;
uint32 *types;
NTSTATUS status;
+ DEBUG(3,("rpc: sid_to_name\n"));
+
if (!(hnd = cm_get_lsa_handle(domain->name)))
return NT_STATUS_UNSUCCESSFUL;
BOOL got_dom_pol = False, got_user_pol = False;
SAM_USERINFO_CTR *ctr;
+ DEBUG(3,("rpc: query_user rid=%u\n", user_rid));
+
/* Get sam handle */
if (!(hnd = cm_get_sam_handle(domain->name)))
goto done;
DOM_GID *user_groups;
int i;
+ DEBUG(3,("rpc: lookup_usergroups rid=%u\n", user_rid));
+
*num_groups = 0;
/* First try cached universal groups from logon */
uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
BOOL got_dom_pol = False, got_group_pol = False;
+ DEBUG(3,("rpc: lookup_groupmem rid=%u\n", group_rid));
+
*num_names = 0;
/* Get sam handle */
BOOL got_dom_pol = False;
uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
+ DEBUG(3,("rpc: sequence_number\n"));
+
*seq = DOM_SEQUENCE_NONE;
if (!(mem_ctx = talloc_init_named("sequence_number[rpc]")))
uint32 enum_ctx = 0;
uint32 pref_num_domains = 5;
+ DEBUG(3,("rpc: trusted_domains\n"));
+
*num_domains = 0;
if (!(hnd = cm_get_lsa_handle(lp_workgroup())))
CLI_POLICY_HND *hnd;
fstring level5_dom;
+ DEBUG(3,("rpc: domain_sid\n"));
+
if (!(mem_ctx = talloc_init_named("domain_sid[rpc]")))
return NT_STATUS_NO_MEMORY;