Use a separate tdb for mutexes

Another preparation to convert secrets.c to dbwrap: The dbwrap API does not
provide a sane tdb_lock_with_timeout abstraction. In the clustered case the DC
mutex is needed per-node anyway, so it is perfectly fine to use a local mutex
only.
(This used to be commit f94a63cd8f94490780ad9331da229c0bcb2ca5d6)

1 files changed, 6 insertions, 9 deletions

diff --git a/source3/libads/kerberos_verify.c b/source3/libads/kerberos_verify.c
index f112dd34e3..6b482ecd20 100644
--- a/source3/libads/kerberos_verify.c
+++ b/source3/libads/kerberos_verify.c
@@ -330,8 +330,8 @@ NTSTATUS ads_verify_ticket(TALLOC_CTX *mem_ctx,
 	krb5_const_principal client_principal = NULL;
 	char *host_princ_s = NULL;
 	bool auth_ok = False;
-	bool got_replay_mutex = False;
 	bool got_auth_data = False;
+	struct named_mutex *mutex = NULL;
 
 	ZERO_STRUCT(packet);
 	ZERO_STRUCT(auth_data);
@@ -395,15 +395,15 @@ NTSTATUS ads_verify_ticket(TALLOC_CTX *mem_ctx,
 		   locking in the MIT krb5 code surrounding the replay 
 		   cache... */
 
-		if (!grab_server_mutex("replay cache mutex")) {
+		mutex = grab_named_mutex(talloc_tos(), "replay cache mutex",
+					 10);
+		if (mutex == NULL) {
 			DEBUG(1,("ads_verify_ticket: unable to protect "
 				 "replay cache with mutex.\n"));
 			ret = KRB5_CC_IO;
 			goto out;
 		}
 
-		got_replay_mutex = True;
-
 		/* JRA. We must set the rcache here. This will prevent 
 		   replay attacks. */
 		
@@ -443,8 +443,7 @@ NTSTATUS ads_verify_ticket(TALLOC_CTX *mem_ctx,
 	}
 
 	if ( use_replay_cache ) {		
-		release_server_mutex();
-		got_replay_mutex = False;
+		TALLOC_FREE(mutex);
 #if 0
 		/* Heimdal leaks here, if we fix the leak, MIT crashes */
 		if (rcache) {
@@ -539,9 +538,7 @@ NTSTATUS ads_verify_ticket(TALLOC_CTX *mem_ctx,
 
  out:
 
-	if (got_replay_mutex) {
-		release_server_mutex();
-	}
+	TALLOC_FREE(mutex);
 
 	if (!NT_STATUS_IS_OK(sret)) {
 		data_blob_free(&auth_data);