diff options
author | Simo Sorce <idra@samba.org> | 2010-02-18 15:11:25 -0500 |
---|---|---|
committer | Simo Sorce <idra@samba.org> | 2010-02-23 12:46:50 -0500 |
commit | 1203de99b178a2d7f6c7c6534c42d05242322fe3 (patch) | |
tree | 06ec84ac7e0fe21b01322c0517cabb04743dacf3 /source4/auth | |
parent | 1d0938c629904e14c3769036d1a8d1a6d7b3f34b (diff) | |
download | samba-1203de99b178a2d7f6c7c6534c42d05242322fe3.tar.gz samba-1203de99b178a2d7f6c7c6534c42d05242322fe3.tar.bz2 samba-1203de99b178a2d7f6c7c6534c42d05242322fe3.zip |
s4:schannel merge code with s3
After looking at the s4 side of the (s)channel :) I found out that it makes
more sense to simply make it use the tdb based code than redo the same changes
done to s3 to simplify the interface.
Ldb is slow, to the point it needs haks to pre-open the db to speed it up, yet
that does not solve the lookup speed, with ldb it is always going to be slower.
Looking through the history it is evident that the schannel database doesn't
really need greate expanadability. And lookups are always done with a single
Key. This seem a perfet fit for tdb while ldb looks unnecessarily complicated.
The schannel database is not really a persistent one. It can be discared during
an upgrade without causing any real issue. all it contains is temproary session
data.
Diffstat (limited to 'source4/auth')
-rw-r--r-- | source4/auth/gensec/config.mk | 12 | ||||
-rw-r--r-- | source4/auth/gensec/schannel.c | 15 |
2 files changed, 5 insertions, 22 deletions
diff --git a/source4/auth/gensec/config.mk b/source4/auth/gensec/config.mk index 947a91e852..6e86aab34f 100644 --- a/source4/auth/gensec/config.mk +++ b/source4/auth/gensec/config.mk @@ -67,7 +67,7 @@ $(eval $(call proto_header_template,$(gensecsrcdir)/spnego_proto.h,$(gensec_spne [MODULE::gensec_schannel] SUBSYSTEM = gensec INIT_FUNCTION = gensec_schannel_init -PRIVATE_DEPENDENCIES = SCHANNELDB NDR_SCHANNEL CREDENTIALS LIBNDR auth_session +PRIVATE_DEPENDENCIES = COMMON_SCHANNELDB NDR_SCHANNEL CREDENTIALS LIBNDR auth_session OUTPUT_TYPE = MERGED_OBJ # End MODULE gensec_schannel ################################################ @@ -75,16 +75,6 @@ OUTPUT_TYPE = MERGED_OBJ gensec_schannel_OBJ_FILES = $(addprefix $(gensecsrcdir)/, schannel.o) ../libcli/auth/schannel_sign.o $(eval $(call proto_header_template,$(gensecsrcdir)/schannel_proto.h,$(gensec_schannel_OBJ_FILES:.o=.c))) -################################################ -# Start SUBSYSTEM SCHANNELDB -[SUBSYSTEM::SCHANNELDB] -PRIVATE_DEPENDENCIES = LDB_WRAP COMMON_SCHANNELDB -# End SUBSYSTEM SCHANNELDB -################################################ - -SCHANNELDB_OBJ_FILES = $(addprefix $(gensecsrcdir)/, schannel_state.o) -$(eval $(call proto_header_template,$(gensecsrcdir)/schannel_state.h,$(SCHANNELDB_OBJ_FILES:.o=.c))) - [PYTHON::pygensec] PRIVATE_DEPENDENCIES = gensec PYTALLOC pyparam_util LIBRARY_REALNAME = samba/gensec.$(SHLIBEXT) diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c index 7b8bdec27a..939a383a04 100644 --- a/source4/auth/gensec/schannel.c +++ b/source4/auth/gensec/schannel.c @@ -27,7 +27,6 @@ #include "auth/gensec/gensec.h" #include "auth/gensec/gensec_proto.h" #include "../libcli/auth/schannel.h" -#include "auth/gensec/schannel_state.h" #include "librpc/rpc/dcerpc.h" #include "param/param.h" @@ -51,7 +50,6 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_ struct NL_AUTH_MESSAGE bind_schannel; struct NL_AUTH_MESSAGE bind_schannel_ack; struct netlogon_creds_CredentialState *creds; - struct ldb_context *schannel_ldb; const char *workstation; const char *domain; uint32_t required_flags; @@ -138,15 +136,10 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_ return NT_STATUS_LOGON_FAILURE; } - schannel_ldb = schannel_db_connect(out_mem_ctx, gensec_security->event_ctx, - gensec_security->settings->lp_ctx); - if (!schannel_ldb) { - return NT_STATUS_ACCESS_DENIED; - } - /* pull the session key for this client */ - status = schannel_fetch_session_key_ldb(schannel_ldb, - out_mem_ctx, workstation, &creds); - talloc_unlink(out_mem_ctx, schannel_ldb); + status = schannel_get_creds_state(out_mem_ctx, + gensec_security->settings->iconv_convenience, + lp_private_dir(gensec_security->settings->lp_ctx), + workstation, &creds); if (!NT_STATUS_IS_OK(status)) { DEBUG(3, ("Could not find session key for attempted schannel connection from %s: %s\n", workstation, nt_errstr(status))); |