summaryrefslogtreecommitdiff
path: root/source4/rpc_server/netlogon
diff options
context:
space:
mode:
authorSimo Sorce <idra@samba.org>2010-02-18 15:11:25 -0500
committerSimo Sorce <idra@samba.org>2010-02-23 12:46:50 -0500
commit1203de99b178a2d7f6c7c6534c42d05242322fe3 (patch)
tree06ec84ac7e0fe21b01322c0517cabb04743dacf3 /source4/rpc_server/netlogon
parent1d0938c629904e14c3769036d1a8d1a6d7b3f34b (diff)
downloadsamba-1203de99b178a2d7f6c7c6534c42d05242322fe3.tar.gz
samba-1203de99b178a2d7f6c7c6534c42d05242322fe3.tar.bz2
samba-1203de99b178a2d7f6c7c6534c42d05242322fe3.zip
s4:schannel merge code with s3
After looking at the s4 side of the (s)channel :) I found out that it makes more sense to simply make it use the tdb based code than redo the same changes done to s3 to simplify the interface. Ldb is slow, to the point it needs haks to pre-open the db to speed it up, yet that does not solve the lookup speed, with ldb it is always going to be slower. Looking through the history it is evident that the schannel database doesn't really need greate expanadability. And lookups are always done with a single Key. This seem a perfet fit for tdb while ldb looks unnecessarily complicated. The schannel database is not really a persistent one. It can be discared during an upgrade without causing any real issue. all it contains is temproary session data.
Diffstat (limited to 'source4/rpc_server/netlogon')
-rw-r--r--source4/rpc_server/netlogon/dcerpc_netlogon.c39
1 files changed, 15 insertions, 24 deletions
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 27186d8f0f..6f58e9c88c 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -28,7 +28,6 @@
#include "dsdb/samdb/samdb.h"
#include "../lib/util/util_ldb.h"
#include "../libcli/auth/schannel.h"
-#include "auth/gensec/schannel_state.h"
#include "libcli/security/security.h"
#include "param/param.h"
#include "lib/messaging/irpc.h"
@@ -75,7 +74,6 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca
struct netlogon_server_pipe_state *pipe_state =
talloc_get_type(dce_call->context->private_data, struct netlogon_server_pipe_state);
struct netlogon_creds_CredentialState *creds;
- struct ldb_context *schannel_ldb;
struct ldb_context *sam_ctx;
struct samr_Password *mach_pwd;
uint32_t user_account_control;
@@ -248,13 +246,10 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca
creds->sid = samdb_result_dom_sid(creds, msgs[0], "objectSid");
- schannel_ldb = schannel_db_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx);
- if (!schannel_ldb) {
- return NT_STATUS_ACCESS_DENIED;
- }
-
- nt_status = schannel_store_session_key_ldb(schannel_ldb, mem_ctx, creds);
- talloc_unlink(mem_ctx, schannel_ldb);
+ nt_status = schannel_save_creds_state(mem_ctx,
+ lp_iconv_convenience(dce_call->conn->dce_ctx->lp_ctx),
+ lp_private_dir(dce_call->conn->dce_ctx->lp_ctx),
+ creds);
return nt_status;
}
@@ -352,7 +347,6 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc
struct netlogon_creds_CredentialState **creds_out)
{
NTSTATUS nt_status;
- struct ldb_context *ldb;
struct dcerpc_auth *auth_info = dce_call->conn->auth_state.auth_info;
bool schannel_global_required = false; /* Should be lp_schannel_server() == true */
@@ -365,15 +359,13 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc
}
}
- ldb = schannel_db_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx);
- if (!ldb) {
- return NT_STATUS_ACCESS_DENIED;
- }
- nt_status = schannel_creds_server_step_check_ldb(ldb, mem_ctx,
- computer_name,
- received_authenticator,
- return_authenticator, creds_out);
- talloc_unlink(mem_ctx, ldb);
+ nt_status = schannel_check_creds_state(mem_ctx,
+ lp_iconv_convenience(dce_call->conn->dce_ctx->lp_ctx),
+ lp_private_dir(dce_call->conn->dce_ctx->lp_ctx),
+ computer_name,
+ received_authenticator,
+ return_authenticator,
+ creds_out);
return nt_status;
}
@@ -697,12 +689,11 @@ static NTSTATUS dcesrv_netr_LogonSamLogonEx(struct dcesrv_call_state *dce_call,
{
NTSTATUS nt_status;
struct netlogon_creds_CredentialState *creds;
- struct ldb_context *ldb = schannel_db_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx);
- if (!ldb) {
- return NT_STATUS_ACCESS_DENIED;
- }
- nt_status = schannel_fetch_session_key_ldb(ldb, mem_ctx, r->in.computer_name, &creds);
+ nt_status = schannel_get_creds_state(mem_ctx,
+ lp_iconv_convenience(dce_call->conn->dce_ctx->lp_ctx),
+ lp_private_dir(dce_call->conn->dce_ctx->lp_ctx),
+ r->in.computer_name, &creds);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}