summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
Diffstat (limited to 'source4')
-rw-r--r--source4/auth/gensec/config.mk12
-rw-r--r--source4/auth/gensec/schannel.c15
-rw-r--r--source4/rpc_server/netlogon/dcerpc_netlogon.c39
-rw-r--r--source4/smbd/server.c2
-rw-r--r--source4/torture/rpc/samr.c1
5 files changed, 20 insertions, 49 deletions
diff --git a/source4/auth/gensec/config.mk b/source4/auth/gensec/config.mk
index 947a91e852..6e86aab34f 100644
--- a/source4/auth/gensec/config.mk
+++ b/source4/auth/gensec/config.mk
@@ -67,7 +67,7 @@ $(eval $(call proto_header_template,$(gensecsrcdir)/spnego_proto.h,$(gensec_spne
[MODULE::gensec_schannel]
SUBSYSTEM = gensec
INIT_FUNCTION = gensec_schannel_init
-PRIVATE_DEPENDENCIES = SCHANNELDB NDR_SCHANNEL CREDENTIALS LIBNDR auth_session
+PRIVATE_DEPENDENCIES = COMMON_SCHANNELDB NDR_SCHANNEL CREDENTIALS LIBNDR auth_session
OUTPUT_TYPE = MERGED_OBJ
# End MODULE gensec_schannel
################################################
@@ -75,16 +75,6 @@ OUTPUT_TYPE = MERGED_OBJ
gensec_schannel_OBJ_FILES = $(addprefix $(gensecsrcdir)/, schannel.o) ../libcli/auth/schannel_sign.o
$(eval $(call proto_header_template,$(gensecsrcdir)/schannel_proto.h,$(gensec_schannel_OBJ_FILES:.o=.c)))
-################################################
-# Start SUBSYSTEM SCHANNELDB
-[SUBSYSTEM::SCHANNELDB]
-PRIVATE_DEPENDENCIES = LDB_WRAP COMMON_SCHANNELDB
-# End SUBSYSTEM SCHANNELDB
-################################################
-
-SCHANNELDB_OBJ_FILES = $(addprefix $(gensecsrcdir)/, schannel_state.o)
-$(eval $(call proto_header_template,$(gensecsrcdir)/schannel_state.h,$(SCHANNELDB_OBJ_FILES:.o=.c)))
-
[PYTHON::pygensec]
PRIVATE_DEPENDENCIES = gensec PYTALLOC pyparam_util
LIBRARY_REALNAME = samba/gensec.$(SHLIBEXT)
diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c
index 7b8bdec27a..939a383a04 100644
--- a/source4/auth/gensec/schannel.c
+++ b/source4/auth/gensec/schannel.c
@@ -27,7 +27,6 @@
#include "auth/gensec/gensec.h"
#include "auth/gensec/gensec_proto.h"
#include "../libcli/auth/schannel.h"
-#include "auth/gensec/schannel_state.h"
#include "librpc/rpc/dcerpc.h"
#include "param/param.h"
@@ -51,7 +50,6 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
struct NL_AUTH_MESSAGE bind_schannel;
struct NL_AUTH_MESSAGE bind_schannel_ack;
struct netlogon_creds_CredentialState *creds;
- struct ldb_context *schannel_ldb;
const char *workstation;
const char *domain;
uint32_t required_flags;
@@ -138,15 +136,10 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
return NT_STATUS_LOGON_FAILURE;
}
- schannel_ldb = schannel_db_connect(out_mem_ctx, gensec_security->event_ctx,
- gensec_security->settings->lp_ctx);
- if (!schannel_ldb) {
- return NT_STATUS_ACCESS_DENIED;
- }
- /* pull the session key for this client */
- status = schannel_fetch_session_key_ldb(schannel_ldb,
- out_mem_ctx, workstation, &creds);
- talloc_unlink(out_mem_ctx, schannel_ldb);
+ status = schannel_get_creds_state(out_mem_ctx,
+ gensec_security->settings->iconv_convenience,
+ lp_private_dir(gensec_security->settings->lp_ctx),
+ workstation, &creds);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(3, ("Could not find session key for attempted schannel connection from %s: %s\n",
workstation, nt_errstr(status)));
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 27186d8f0f..6f58e9c88c 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -28,7 +28,6 @@
#include "dsdb/samdb/samdb.h"
#include "../lib/util/util_ldb.h"
#include "../libcli/auth/schannel.h"
-#include "auth/gensec/schannel_state.h"
#include "libcli/security/security.h"
#include "param/param.h"
#include "lib/messaging/irpc.h"
@@ -75,7 +74,6 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca
struct netlogon_server_pipe_state *pipe_state =
talloc_get_type(dce_call->context->private_data, struct netlogon_server_pipe_state);
struct netlogon_creds_CredentialState *creds;
- struct ldb_context *schannel_ldb;
struct ldb_context *sam_ctx;
struct samr_Password *mach_pwd;
uint32_t user_account_control;
@@ -248,13 +246,10 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca
creds->sid = samdb_result_dom_sid(creds, msgs[0], "objectSid");
- schannel_ldb = schannel_db_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx);
- if (!schannel_ldb) {
- return NT_STATUS_ACCESS_DENIED;
- }
-
- nt_status = schannel_store_session_key_ldb(schannel_ldb, mem_ctx, creds);
- talloc_unlink(mem_ctx, schannel_ldb);
+ nt_status = schannel_save_creds_state(mem_ctx,
+ lp_iconv_convenience(dce_call->conn->dce_ctx->lp_ctx),
+ lp_private_dir(dce_call->conn->dce_ctx->lp_ctx),
+ creds);
return nt_status;
}
@@ -352,7 +347,6 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc
struct netlogon_creds_CredentialState **creds_out)
{
NTSTATUS nt_status;
- struct ldb_context *ldb;
struct dcerpc_auth *auth_info = dce_call->conn->auth_state.auth_info;
bool schannel_global_required = false; /* Should be lp_schannel_server() == true */
@@ -365,15 +359,13 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc
}
}
- ldb = schannel_db_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx);
- if (!ldb) {
- return NT_STATUS_ACCESS_DENIED;
- }
- nt_status = schannel_creds_server_step_check_ldb(ldb, mem_ctx,
- computer_name,
- received_authenticator,
- return_authenticator, creds_out);
- talloc_unlink(mem_ctx, ldb);
+ nt_status = schannel_check_creds_state(mem_ctx,
+ lp_iconv_convenience(dce_call->conn->dce_ctx->lp_ctx),
+ lp_private_dir(dce_call->conn->dce_ctx->lp_ctx),
+ computer_name,
+ received_authenticator,
+ return_authenticator,
+ creds_out);
return nt_status;
}
@@ -697,12 +689,11 @@ static NTSTATUS dcesrv_netr_LogonSamLogonEx(struct dcesrv_call_state *dce_call,
{
NTSTATUS nt_status;
struct netlogon_creds_CredentialState *creds;
- struct ldb_context *ldb = schannel_db_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx);
- if (!ldb) {
- return NT_STATUS_ACCESS_DENIED;
- }
- nt_status = schannel_fetch_session_key_ldb(ldb, mem_ctx, r->in.computer_name, &creds);
+ nt_status = schannel_get_creds_state(mem_ctx,
+ lp_iconv_convenience(dce_call->conn->dce_ctx->lp_ctx),
+ lp_private_dir(dce_call->conn->dce_ctx->lp_ctx),
+ r->in.computer_name, &creds);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
diff --git a/source4/smbd/server.c b/source4/smbd/server.c
index ce278fdaf6..83f6e7d806 100644
--- a/source4/smbd/server.c
+++ b/source4/smbd/server.c
@@ -31,7 +31,6 @@
#include "ntvfs/ntvfs.h"
#include "ntptr/ntptr.h"
#include "auth/gensec/gensec.h"
-#include "auth/gensec/schannel_state.h"
#include "smbd/process_model.h"
#include "param/secrets.h"
#include "smbd/pidfile.h"
@@ -192,7 +191,6 @@ static void prime_ldb_databases(struct tevent_context *event_ctx)
samdb_connect(db_context, event_ctx, cmdline_lp_ctx, system_session(cmdline_lp_ctx));
privilege_connect(db_context, event_ctx, cmdline_lp_ctx);
- schannel_db_connect(db_context, event_ctx, cmdline_lp_ctx);
/* we deliberately leave these open, which allows them to be
* re-used in ldb_wrap_connect() */
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
index 62716da0cd..41e12acc40 100644
--- a/source4/torture/rpc/samr.c
+++ b/source4/torture/rpc/samr.c
@@ -36,7 +36,6 @@
#include "auth/gensec/gensec.h"
#include "auth/gensec/gensec_proto.h"
#include "../libcli/auth/schannel.h"
-#include "auth/gensec/schannel_state.h"
#include <unistd.h>