diff options
author | Stefan Metzmacher <metze@samba.org> | 2013-04-18 19:16:42 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2014-01-07 12:47:03 +0100 |
commit | 6e6d9f9f12284ed06a21cc02080e436b7326065f (patch) | |
tree | 988ae3c9e06e1ed861304fcdcea631a4d95f5c19 /libcli/auth/wscript_build | |
parent | 6b586c3cf6c5e342cabdd157c2c0776204e2aad0 (diff) | |
download | samba-6e6d9f9f12284ed06a21cc02080e436b7326065f.tar.gz samba-6e6d9f9f12284ed06a21cc02080e436b7326065f.tar.xz samba-6e6d9f9f12284ed06a21cc02080e436b7326065f.zip |
libcli/auth: add netlogon_creds_cli* infrastructure
This provides an abstraction to hide netlogon_creds_CredentialState,
which is stored in a node local tdb.
Where the global state (netlogon_creds_CredentialState) between client and
server was only kept in memory (on the client side), we now use
the abstracted netlogon_creds_cli_context.
We now use a node specific computer name in order to establish
individual netlogon sessions per node.
If the caller wants to use some netlogon calls with credential chain
(struct netr_Authenticator), netlogon_creds_cli_lock*() is used
to get the current netlogon_creds_CredentialState in a g_lock'ed
fashion, a talloc_free() will release the lock.
The locking is needed as there might be more than one process
(multiple winbindd child, cmdline tools) which want to talk
to a specific domain controller. The usage of netlogon_creds_CredentialState
needs to be serialized as it uses sequence numbers.
LogonSamLogonEx doesn't use the credential chain, but for some operations
it needs the global session in order to de/encrypt individual fields.
It uses the lockless netlogon_creds_cli_get() and netlogon_creds_cli_validate()
functions, which just make sure the session hasn't changed between
get and validate.
This is prepares the proper fix for a large number of bugs:
https://bugzilla.samba.org/show_bug.cgi?id=6563
https://bugzilla.samba.org/show_bug.cgi?id=7944
https://bugzilla.samba.org/show_bug.cgi?id=7945
https://bugzilla.samba.org/show_bug.cgi?id=7568
https://bugzilla.samba.org/show_bug.cgi?id=8599
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'libcli/auth/wscript_build')
-rwxr-xr-x | libcli/auth/wscript_build | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/libcli/auth/wscript_build b/libcli/auth/wscript_build index ca2be2d5632..51eb293e24a 100755 --- a/libcli/auth/wscript_build +++ b/libcli/auth/wscript_build @@ -28,6 +28,10 @@ bld.SAMBA_SUBSYSTEM('COMMON_SCHANNEL', deps='dbwrap util_tdb samba-hostconfig NDR_NETLOGON' ) +bld.SAMBA_SUBSYSTEM('NETLOGON_CREDS_CLI', + source='netlogon_creds_cli.c', + deps='dbwrap util_tdb tevent-util samba-hostconfig RPC_NDR_NETLOGON NDR_NETLOGON' + ) bld.SAMBA_SUBSYSTEM('PAM_ERRORS', source='pam_errors.c', |