diff options
Diffstat (limited to 'source4')
-rw-r--r-- | source4/auth/gensec/config.mk | 12 | ||||
-rw-r--r-- | source4/auth/gensec/schannel.c | 15 | ||||
-rw-r--r-- | source4/rpc_server/netlogon/dcerpc_netlogon.c | 39 | ||||
-rw-r--r-- | source4/smbd/server.c | 2 | ||||
-rw-r--r-- | source4/torture/rpc/samr.c | 1 |
5 files changed, 20 insertions, 49 deletions
diff --git a/source4/auth/gensec/config.mk b/source4/auth/gensec/config.mk index 947a91e852..6e86aab34f 100644 --- a/source4/auth/gensec/config.mk +++ b/source4/auth/gensec/config.mk @@ -67,7 +67,7 @@ $(eval $(call proto_header_template,$(gensecsrcdir)/spnego_proto.h,$(gensec_spne [MODULE::gensec_schannel] SUBSYSTEM = gensec INIT_FUNCTION = gensec_schannel_init -PRIVATE_DEPENDENCIES = SCHANNELDB NDR_SCHANNEL CREDENTIALS LIBNDR auth_session +PRIVATE_DEPENDENCIES = COMMON_SCHANNELDB NDR_SCHANNEL CREDENTIALS LIBNDR auth_session OUTPUT_TYPE = MERGED_OBJ # End MODULE gensec_schannel ################################################ @@ -75,16 +75,6 @@ OUTPUT_TYPE = MERGED_OBJ gensec_schannel_OBJ_FILES = $(addprefix $(gensecsrcdir)/, schannel.o) ../libcli/auth/schannel_sign.o $(eval $(call proto_header_template,$(gensecsrcdir)/schannel_proto.h,$(gensec_schannel_OBJ_FILES:.o=.c))) -################################################ -# Start SUBSYSTEM SCHANNELDB -[SUBSYSTEM::SCHANNELDB] -PRIVATE_DEPENDENCIES = LDB_WRAP COMMON_SCHANNELDB -# End SUBSYSTEM SCHANNELDB -################################################ - -SCHANNELDB_OBJ_FILES = $(addprefix $(gensecsrcdir)/, schannel_state.o) -$(eval $(call proto_header_template,$(gensecsrcdir)/schannel_state.h,$(SCHANNELDB_OBJ_FILES:.o=.c))) - [PYTHON::pygensec] PRIVATE_DEPENDENCIES = gensec PYTALLOC pyparam_util LIBRARY_REALNAME = samba/gensec.$(SHLIBEXT) diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c index 7b8bdec27a..939a383a04 100644 --- a/source4/auth/gensec/schannel.c +++ b/source4/auth/gensec/schannel.c @@ -27,7 +27,6 @@ #include "auth/gensec/gensec.h" #include "auth/gensec/gensec_proto.h" #include "../libcli/auth/schannel.h" -#include "auth/gensec/schannel_state.h" #include "librpc/rpc/dcerpc.h" #include "param/param.h" @@ -51,7 +50,6 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_ struct NL_AUTH_MESSAGE bind_schannel; struct NL_AUTH_MESSAGE bind_schannel_ack; struct netlogon_creds_CredentialState *creds; - struct ldb_context *schannel_ldb; const char *workstation; const char *domain; uint32_t required_flags; @@ -138,15 +136,10 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_ return NT_STATUS_LOGON_FAILURE; } - schannel_ldb = schannel_db_connect(out_mem_ctx, gensec_security->event_ctx, - gensec_security->settings->lp_ctx); - if (!schannel_ldb) { - return NT_STATUS_ACCESS_DENIED; - } - /* pull the session key for this client */ - status = schannel_fetch_session_key_ldb(schannel_ldb, - out_mem_ctx, workstation, &creds); - talloc_unlink(out_mem_ctx, schannel_ldb); + status = schannel_get_creds_state(out_mem_ctx, + gensec_security->settings->iconv_convenience, + lp_private_dir(gensec_security->settings->lp_ctx), + workstation, &creds); if (!NT_STATUS_IS_OK(status)) { DEBUG(3, ("Could not find session key for attempted schannel connection from %s: %s\n", workstation, nt_errstr(status))); diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index 27186d8f0f..6f58e9c88c 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -28,7 +28,6 @@ #include "dsdb/samdb/samdb.h" #include "../lib/util/util_ldb.h" #include "../libcli/auth/schannel.h" -#include "auth/gensec/schannel_state.h" #include "libcli/security/security.h" #include "param/param.h" #include "lib/messaging/irpc.h" @@ -75,7 +74,6 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca struct netlogon_server_pipe_state *pipe_state = talloc_get_type(dce_call->context->private_data, struct netlogon_server_pipe_state); struct netlogon_creds_CredentialState *creds; - struct ldb_context *schannel_ldb; struct ldb_context *sam_ctx; struct samr_Password *mach_pwd; uint32_t user_account_control; @@ -248,13 +246,10 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca creds->sid = samdb_result_dom_sid(creds, msgs[0], "objectSid"); - schannel_ldb = schannel_db_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx); - if (!schannel_ldb) { - return NT_STATUS_ACCESS_DENIED; - } - - nt_status = schannel_store_session_key_ldb(schannel_ldb, mem_ctx, creds); - talloc_unlink(mem_ctx, schannel_ldb); + nt_status = schannel_save_creds_state(mem_ctx, + lp_iconv_convenience(dce_call->conn->dce_ctx->lp_ctx), + lp_private_dir(dce_call->conn->dce_ctx->lp_ctx), + creds); return nt_status; } @@ -352,7 +347,6 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc struct netlogon_creds_CredentialState **creds_out) { NTSTATUS nt_status; - struct ldb_context *ldb; struct dcerpc_auth *auth_info = dce_call->conn->auth_state.auth_info; bool schannel_global_required = false; /* Should be lp_schannel_server() == true */ @@ -365,15 +359,13 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc } } - ldb = schannel_db_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx); - if (!ldb) { - return NT_STATUS_ACCESS_DENIED; - } - nt_status = schannel_creds_server_step_check_ldb(ldb, mem_ctx, - computer_name, - received_authenticator, - return_authenticator, creds_out); - talloc_unlink(mem_ctx, ldb); + nt_status = schannel_check_creds_state(mem_ctx, + lp_iconv_convenience(dce_call->conn->dce_ctx->lp_ctx), + lp_private_dir(dce_call->conn->dce_ctx->lp_ctx), + computer_name, + received_authenticator, + return_authenticator, + creds_out); return nt_status; } @@ -697,12 +689,11 @@ static NTSTATUS dcesrv_netr_LogonSamLogonEx(struct dcesrv_call_state *dce_call, { NTSTATUS nt_status; struct netlogon_creds_CredentialState *creds; - struct ldb_context *ldb = schannel_db_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx); - if (!ldb) { - return NT_STATUS_ACCESS_DENIED; - } - nt_status = schannel_fetch_session_key_ldb(ldb, mem_ctx, r->in.computer_name, &creds); + nt_status = schannel_get_creds_state(mem_ctx, + lp_iconv_convenience(dce_call->conn->dce_ctx->lp_ctx), + lp_private_dir(dce_call->conn->dce_ctx->lp_ctx), + r->in.computer_name, &creds); if (!NT_STATUS_IS_OK(nt_status)) { return nt_status; } diff --git a/source4/smbd/server.c b/source4/smbd/server.c index ce278fdaf6..83f6e7d806 100644 --- a/source4/smbd/server.c +++ b/source4/smbd/server.c @@ -31,7 +31,6 @@ #include "ntvfs/ntvfs.h" #include "ntptr/ntptr.h" #include "auth/gensec/gensec.h" -#include "auth/gensec/schannel_state.h" #include "smbd/process_model.h" #include "param/secrets.h" #include "smbd/pidfile.h" @@ -192,7 +191,6 @@ static void prime_ldb_databases(struct tevent_context *event_ctx) samdb_connect(db_context, event_ctx, cmdline_lp_ctx, system_session(cmdline_lp_ctx)); privilege_connect(db_context, event_ctx, cmdline_lp_ctx); - schannel_db_connect(db_context, event_ctx, cmdline_lp_ctx); /* we deliberately leave these open, which allows them to be * re-used in ldb_wrap_connect() */ diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index 62716da0cd..41e12acc40 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -36,7 +36,6 @@ #include "auth/gensec/gensec.h" #include "auth/gensec/gensec_proto.h" #include "../libcli/auth/schannel.h" -#include "auth/gensec/schannel_state.h" #include <unistd.h> |