diff options
| author | Stefan Metzmacher <metze@samba.org> | 2013-07-27 11:30:13 +0200 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2014-01-07 12:47:06 +0100 |
| commit | 38d4dba37406515181e4d6f1a1faffc18e652e27 (patch) | |
| tree | d7644727673b23e6167958e6c32422a2ab3a82d6 /source3/libnet/libnet_samsync.c | |
| parent | 11aed7cd3dbd967593b34a206f0802fd0002bf27 (diff) | |
| download | samba-38d4dba37406515181e4d6f1a1faffc18e652e27.tar.gz samba-38d4dba37406515181e4d6f1a1faffc18e652e27.tar.xz samba-38d4dba37406515181e4d6f1a1faffc18e652e27.zip | |
s3:rpc_client: make use of the new netlogon_creds_cli_context
This exchanges rpc_pipe_client->dc with rpc_pipe_client->netlogon_creds
and lets the secure channel session state be stored in node local database.
This is the proper fix for a large number of bugs:
https://bugzilla.samba.org/show_bug.cgi?id=6563
https://bugzilla.samba.org/show_bug.cgi?id=7944
https://bugzilla.samba.org/show_bug.cgi?id=7945
https://bugzilla.samba.org/show_bug.cgi?id=7568
https://bugzilla.samba.org/show_bug.cgi?id=8599
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source3/libnet/libnet_samsync.c')
| -rw-r--r-- | source3/libnet/libnet_samsync.c | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/source3/libnet/libnet_samsync.c b/source3/libnet/libnet_samsync.c index a10378558c..02d3fc6ce7 100644 --- a/source3/libnet/libnet_samsync.c +++ b/source3/libnet/libnet_samsync.c @@ -30,6 +30,7 @@ #include "../librpc/gen_ndr/ndr_netlogon_c.h" #include "../libcli/security/security.h" #include "messages.h" +#include "../libcli/auth/netlogon_creds_cli.h" /** * Fix up the delta, dealing with encryption issues so that the final @@ -213,8 +214,15 @@ static NTSTATUS libnet_samsync_delta(TALLOC_CTX *mem_ctx, do { struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL; + struct netlogon_creds_CredentialState *creds = NULL; - netlogon_creds_client_authenticator(ctx->cli->dc, &credential); + status = netlogon_creds_cli_lock(ctx->cli->netlogon_creds, + mem_ctx, &creds); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + netlogon_creds_client_authenticator(creds, &credential); if (ctx->single_object_replication && !ctx->force_full_replication) { @@ -254,28 +262,33 @@ static NTSTATUS libnet_samsync_delta(TALLOC_CTX *mem_ctx, } if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(creds); return status; } /* Check returned credentials. */ - if (!netlogon_creds_client_check(ctx->cli->dc, + if (!netlogon_creds_client_check(creds, &return_authenticator.cred)) { + TALLOC_FREE(creds); DEBUG(0,("credentials chain check failed\n")); return NT_STATUS_ACCESS_DENIED; } if (NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED)) { + TALLOC_FREE(creds); return result; } if (NT_STATUS_IS_ERR(result)) { + TALLOC_FREE(creds); break; } samsync_fix_delta_array(mem_ctx, - ctx->cli->dc, + creds, database_id, delta_enum_array); + TALLOC_FREE(creds); /* Process results */ callback_status = ctx->ops->process_objects(mem_ctx, database_id, |