6 files changed, 22 insertions, 51 deletions
diff --git a/libcli/auth/config.mk b/libcli/auth/config.mk
index bda9850db4..bc198f3f8e 100644
--- a/libcli/auth/config.mk
+++ b/libcli/auth/config.mk
@@ -21,6 +21,6 @@ LIBCLI_AUTH_OBJ_FILES = $(addprefix $(libclicommonsrcdir)/auth/, \
 PUBLIC_HEADERS += ../libcli/auth/credentials.h
 
 [SUBSYSTEM::COMMON_SCHANNELDB]
-PRIVATE_DEPENDENCIES = LDB_WRAP
+PRIVATE_DEPENDENCIES = TDB_WRAP
 
-COMMON_SCHANNELDB_OBJ_FILES = $(addprefix $(libclicommonsrcdir)/auth/, schannel_state_ldb.o)
+COMMON_SCHANNELDB_OBJ_FILES = $(addprefix $(libclicommonsrcdir)/auth/, schannel_state_tdb.o)
diff --git a/source4/auth/gensec/config.mk b/source4/auth/gensec/config.mk
index 947a91e852..6e86aab34f 100644
--- a/source4/auth/gensec/config.mk
+++ b/source4/auth/gensec/config.mk
@@ -67,7 +67,7 @@ $(eval $(call proto_header_template,$(gensecsrcdir)/spnego_proto.h,$(gensec_spne
 [MODULE::gensec_schannel]
 SUBSYSTEM = gensec
 INIT_FUNCTION = gensec_schannel_init
-PRIVATE_DEPENDENCIES = SCHANNELDB NDR_SCHANNEL CREDENTIALS LIBNDR auth_session
+PRIVATE_DEPENDENCIES = COMMON_SCHANNELDB NDR_SCHANNEL CREDENTIALS LIBNDR auth_session
 OUTPUT_TYPE = MERGED_OBJ
 # End MODULE gensec_schannel
 ################################################
@@ -75,16 +75,6 @@ OUTPUT_TYPE = MERGED_OBJ
 gensec_schannel_OBJ_FILES = $(addprefix $(gensecsrcdir)/, schannel.o) ../libcli/auth/schannel_sign.o
 $(eval $(call proto_header_template,$(gensecsrcdir)/schannel_proto.h,$(gensec_schannel_OBJ_FILES:.o=.c)))
 
-################################################
-# Start SUBSYSTEM SCHANNELDB
-[SUBSYSTEM::SCHANNELDB]
-PRIVATE_DEPENDENCIES = LDB_WRAP COMMON_SCHANNELDB
-# End SUBSYSTEM SCHANNELDB
-################################################
-
-SCHANNELDB_OBJ_FILES = $(addprefix $(gensecsrcdir)/, schannel_state.o)
-$(eval $(call proto_header_template,$(gensecsrcdir)/schannel_state.h,$(SCHANNELDB_OBJ_FILES:.o=.c)))
-
 [PYTHON::pygensec]
 PRIVATE_DEPENDENCIES = gensec PYTALLOC pyparam_util
 LIBRARY_REALNAME = samba/gensec.$(SHLIBEXT)
diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c
index 7b8bdec27a..939a383a04 100644
--- a/source4/auth/gensec/schannel.c
+++ b/source4/auth/gensec/schannel.c
@@ -27,7 +27,6 @@
 #include "auth/gensec/gensec.h"
 #include "auth/gensec/gensec_proto.h"
 #include "../libcli/auth/schannel.h"
-#include "auth/gensec/schannel_state.h"
 #include "librpc/rpc/dcerpc.h"
 #include "param/param.h"
 
@@ -51,7 +50,6 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
 	struct NL_AUTH_MESSAGE bind_schannel;
 	struct NL_AUTH_MESSAGE bind_schannel_ack;
 	struct netlogon_creds_CredentialState *creds;
-	struct ldb_context *schannel_ldb;
 	const char *workstation;
 	const char *domain;
 	uint32_t required_flags;
@@ -138,15 +136,10 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
 			return NT_STATUS_LOGON_FAILURE;
 		}
 
-		schannel_ldb = schannel_db_connect(out_mem_ctx, gensec_security->event_ctx,
-						   gensec_security->settings->lp_ctx);
-		if (!schannel_ldb) {
-			return NT_STATUS_ACCESS_DENIED;
-		}
-		/* pull the session key for this client */
-		status = schannel_fetch_session_key_ldb(schannel_ldb,
-							out_mem_ctx, workstation, &creds);
-		talloc_unlink(out_mem_ctx, schannel_ldb);
+		status = schannel_get_creds_state(out_mem_ctx,
+						  gensec_security->settings->iconv_convenience,
+						  lp_private_dir(gensec_security->settings->lp_ctx),
+						  workstation, &creds);
 		if (!NT_STATUS_IS_OK(status)) {
 			DEBUG(3, ("Could not find session key for attempted schannel connection from %s: %s\n",
 				  workstation, nt_errstr(status)));
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 27186d8f0f..6f58e9c88c 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -28,7 +28,6 @@
 #include "dsdb/samdb/samdb.h"
 #include "../lib/util/util_ldb.h"
 #include "../libcli/auth/schannel.h"
-#include "auth/gensec/schannel_state.h"
 #include "libcli/security/security.h"
 #include "param/param.h"
 #include "lib/messaging/irpc.h"
@@ -75,7 +74,6 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca
 	struct netlogon_server_pipe_state *pipe_state =
 		talloc_get_type(dce_call->context->private_data, struct netlogon_server_pipe_state);
 	struct netlogon_creds_CredentialState *creds;
-	struct ldb_context *schannel_ldb;
 	struct ldb_context *sam_ctx;
 	struct samr_Password *mach_pwd;
 	uint32_t user_account_control;
@@ -248,13 +246,10 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca
 
 	creds->sid = samdb_result_dom_sid(creds, msgs[0], "objectSid");
 
-	schannel_ldb = schannel_db_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx);
-	if (!schannel_ldb) {
-		return NT_STATUS_ACCESS_DENIED;
-	}
-
-	nt_status = schannel_store_session_key_ldb(schannel_ldb, mem_ctx, creds);
-	talloc_unlink(mem_ctx, schannel_ldb);
+	nt_status = schannel_save_creds_state(mem_ctx,
+					      lp_iconv_convenience(dce_call->conn->dce_ctx->lp_ctx),
+					      lp_private_dir(dce_call->conn->dce_ctx->lp_ctx),
+					      creds);
 
 	return nt_status;
 }
@@ -352,7 +347,6 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc
 						    struct netlogon_creds_CredentialState **creds_out)
 {
 	NTSTATUS nt_status;
-	struct ldb_context *ldb;
 	struct dcerpc_auth *auth_info = dce_call->conn->auth_state.auth_info;
 	bool schannel_global_required = false; /* Should be lp_schannel_server() == true */
 
@@ -365,15 +359,13 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc
 		}
 	}
 
-	ldb = schannel_db_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx);
-	if (!ldb) {
-		return NT_STATUS_ACCESS_DENIED;
-	}
-	nt_status = schannel_creds_server_step_check_ldb(ldb, mem_ctx,
-							 computer_name,
-							 received_authenticator,
-							 return_authenticator, creds_out);
-	talloc_unlink(mem_ctx, ldb);
+	nt_status = schannel_check_creds_state(mem_ctx,
+					       lp_iconv_convenience(dce_call->conn->dce_ctx->lp_ctx),
+					       lp_private_dir(dce_call->conn->dce_ctx->lp_ctx),
+					       computer_name,
+					       received_authenticator,
+					       return_authenticator,
+					       creds_out);
 	return nt_status;
 }
 
@@ -697,12 +689,11 @@ static NTSTATUS dcesrv_netr_LogonSamLogonEx(struct dcesrv_call_state *dce_call,
 {
 	NTSTATUS nt_status;
 	struct netlogon_creds_CredentialState *creds;
-	struct ldb_context *ldb = schannel_db_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx);
-	if (!ldb) {
-		return NT_STATUS_ACCESS_DENIED;
-	}
 
-	nt_status = schannel_fetch_session_key_ldb(ldb, mem_ctx, r->in.computer_name, &creds);
+	nt_status = schannel_get_creds_state(mem_ctx,
+					     lp_iconv_convenience(dce_call->conn->dce_ctx->lp_ctx),
+					     lp_private_dir(dce_call->conn->dce_ctx->lp_ctx),
+					     r->in.computer_name, &creds);
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		return nt_status;
 	}
diff --git a/source4/smbd/server.c b/source4/smbd/server.c
index ce278fdaf6..83f6e7d806 100644
--- a/source4/smbd/server.c
+++ b/source4/smbd/server.c
@@ -31,7 +31,6 @@
 #include "ntvfs/ntvfs.h"
 #include "ntptr/ntptr.h"
 #include "auth/gensec/gensec.h"
-#include "auth/gensec/schannel_state.h"
 #include "smbd/process_model.h"
 #include "param/secrets.h"
 #include "smbd/pidfile.h"
@@ -192,7 +191,6 @@ static void prime_ldb_databases(struct tevent_context *event_ctx)
 
 	samdb_connect(db_context, event_ctx, cmdline_lp_ctx, system_session(cmdline_lp_ctx));
 	privilege_connect(db_context, event_ctx, cmdline_lp_ctx);
-	schannel_db_connect(db_context, event_ctx, cmdline_lp_ctx);
 
 	/* we deliberately leave these open, which allows them to be
 	 * re-used in ldb_wrap_connect() */
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
index 62716da0cd..41e12acc40 100644
--- a/source4/torture/rpc/samr.c
+++ b/source4/torture/rpc/samr.c
@@ -36,7 +36,6 @@
 #include "auth/gensec/gensec.h"
 #include "auth/gensec/gensec_proto.h"
 #include "../libcli/auth/schannel.h"
-#include "auth/gensec/schannel_state.h"
 
 #include <unistd.h>