mirror of
https://github.com/samba-team/samba.git
synced 2025-03-29 02:50:28 +03:00
s4-dsdb: create a static system_session context
This patch adds a system_session cache, preventing us from having to recreate it on every ldb open, and allowing us to detect when the same session is being used in ldb_wrap
This commit is contained in:
Andrew Tridgell
parent
4a1a9f5792
commit
98e4393df9
@ -236,7 +236,7 @@ NTSTATUS authsam_account_ok(TALLOC_CTX *mem_ctx,
|
||||
const char *name_for_logs,
|
||||
bool allow_domain_trust,
|
||||
bool password_change);
|
||||
struct auth_session_info *system_session(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx);
|
||||
struct auth_session_info *system_session(struct loadparm_context *lp_ctx);
|
||||
NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx, struct ldb_context *sam_ctx,
|
||||
const char *netbios_name,
|
||||
const char *domain_name,
|
||||
|
||||
@ -48,8 +48,8 @@ struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx, struct tevent_conte
|
||||
existed = file_exist(path);
|
||||
|
||||
ldb = ldb_wrap_connect(mem_ctx, ev_ctx, lp_ctx, path,
|
||||
system_session(mem_ctx, lp_ctx),
|
||||
NULL, LDB_FLG_NOSYNC, NULL);
|
||||
system_session(lp_ctx),
|
||||
NULL, LDB_FLG_NOSYNC);
|
||||
talloc_free(path);
|
||||
if (!ldb) {
|
||||
return NULL;
|
||||
|
||||
@ -202,7 +202,7 @@ static NTSTATUS authsam_check_password_internals(struct auth_method_context *ctx
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
sam_ctx = samdb_connect(tmp_ctx, ctx->auth_ctx->event_ctx, ctx->auth_ctx->lp_ctx, system_session(mem_ctx, ctx->auth_ctx->lp_ctx));
|
||||
sam_ctx = samdb_connect(tmp_ctx, ctx->auth_ctx->event_ctx, ctx->auth_ctx->lp_ctx, system_session(ctx->auth_ctx->lp_ctx));
|
||||
if (sam_ctx == NULL) {
|
||||
talloc_free(tmp_ctx);
|
||||
return NT_STATUS_INVALID_SYSTEM_SERVICE;
|
||||
@ -320,7 +320,7 @@ NTSTATUS authsam_get_server_info_principal(TALLOC_CTX *mem_ctx,
|
||||
}
|
||||
|
||||
sam_ctx = samdb_connect(tmp_ctx, auth_context->event_ctx, auth_context->lp_ctx,
|
||||
system_session(tmp_ctx, auth_context->lp_ctx));
|
||||
system_session(auth_context->lp_ctx));
|
||||
if (sam_ctx == NULL) {
|
||||
talloc_free(tmp_ctx);
|
||||
return NT_STATUS_INVALID_SYSTEM_SERVICE;
|
||||
|
||||
@ -49,7 +49,7 @@ static PyObject *py_system_session(PyObject *module, PyObject *args)
|
||||
if (lp_ctx == NULL)
|
||||
return NULL;
|
||||
|
||||
session = system_session(NULL, lp_ctx);
|
||||
session = system_session(lp_ctx);
|
||||
|
||||
return PyAuthSession_FromSession(session);
|
||||
}
|
||||
|
||||
@ -35,7 +35,7 @@ struct tevent_context;
|
||||
/* Create a security token for a session SYSTEM (the most
|
||||
* trusted/prvilaged account), including the local machine account as
|
||||
* the off-host credentials */
|
||||
struct auth_session_info *system_session(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx) ;
|
||||
struct auth_session_info *system_session(struct loadparm_context *lp_ctx) ;
|
||||
|
||||
/*
|
||||
* Create a system session, but with anonymous credentials (so we do
|
||||
|
||||
@ -146,22 +146,37 @@ static NTSTATUS generate_session_info(TALLOC_CTX *mem_ctx,
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
prevent the static system session being freed
|
||||
*/
|
||||
static int system_session_destructor(struct auth_session_info *info)
|
||||
{
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Create a security token for a session SYSTEM (the most
|
||||
* trusted/prvilaged account), including the local machine account as
|
||||
* the off-host credentials
|
||||
*/
|
||||
_PUBLIC_ struct auth_session_info *system_session(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx)
|
||||
_PUBLIC_ struct auth_session_info *system_session(struct loadparm_context *lp_ctx)
|
||||
{
|
||||
static struct auth_session_info *static_session;
|
||||
NTSTATUS nt_status;
|
||||
struct auth_session_info *session_info = NULL;
|
||||
nt_status = auth_system_session_info(mem_ctx,
|
||||
|
||||
if (static_session) {
|
||||
return static_session;
|
||||
}
|
||||
|
||||
nt_status = auth_system_session_info(talloc_autofree_context(),
|
||||
lp_ctx,
|
||||
&session_info);
|
||||
&static_session);
|
||||
if (!NT_STATUS_IS_OK(nt_status)) {
|
||||
talloc_free(static_session);
|
||||
static_session = NULL;
|
||||
return NULL;
|
||||
}
|
||||
return session_info;
|
||||
talloc_set_destructor(static_session, system_session_destructor);
|
||||
return static_session;
|
||||
}
|
||||
|
||||
static NTSTATUS _auth_system_session_info(TALLOC_CTX *parent_ctx,
|
||||
|
||||
@ -214,7 +214,7 @@ static void cldapd_task_init(struct task_server *task)
|
||||
}
|
||||
|
||||
cldapd->task = task;
|
||||
cldapd->samctx = samdb_connect(cldapd, task->event_ctx, task->lp_ctx, system_session(cldapd, task->lp_ctx));
|
||||
cldapd->samctx = samdb_connect(cldapd, task->event_ctx, task->lp_ctx, system_session(task->lp_ctx));
|
||||
if (cldapd->samctx == NULL) {
|
||||
task_server_terminate(task, "cldapd failed to open samdb", true);
|
||||
return;
|
||||
|
||||
@ -1251,7 +1251,7 @@ NTSTATUS crack_name_to_nt4_name(TALLOC_CTX *mem_ctx,
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
ldb = samdb_connect(mem_ctx, ev_ctx, lp_ctx, system_session(mem_ctx, lp_ctx));
|
||||
ldb = samdb_connect(mem_ctx, ev_ctx, lp_ctx, system_session(lp_ctx));
|
||||
if (ldb == NULL) {
|
||||
return NT_STATUS_INTERNAL_DB_CORRUPTION;
|
||||
}
|
||||
|
||||
@ -181,7 +181,7 @@ static bool kpasswdd_change_password(struct kdc_server *kdc,
|
||||
struct samr_DomInfo1 *dominfo;
|
||||
struct ldb_context *samdb;
|
||||
|
||||
samdb = samdb_connect(mem_ctx, kdc->task->event_ctx, kdc->task->lp_ctx, system_session(mem_ctx, kdc->task->lp_ctx));
|
||||
samdb = samdb_connect(mem_ctx, kdc->task->event_ctx, kdc->task->lp_ctx, system_session(kdc->task->lp_ctx));
|
||||
if (!samdb) {
|
||||
return kpasswdd_make_error_reply(kdc, mem_ctx,
|
||||
KRB5_KPASSWD_HARDERROR,
|
||||
|
||||
@ -527,7 +527,7 @@ static NTSTATUS add_socket(struct tevent_context *event_context,
|
||||
|
||||
/* Load LDAP database, but only to read our settings */
|
||||
ldb = samdb_connect(ldap_service, ldap_service->task->event_ctx,
|
||||
lp_ctx, system_session(ldap_service, lp_ctx));
|
||||
lp_ctx, system_session(lp_ctx));
|
||||
if (!ldb) {
|
||||
return NT_STATUS_INTERNAL_DB_CORRUPTION;
|
||||
}
|
||||
|
||||
@ -229,7 +229,7 @@ struct ldb_cmdline *ldb_cmdline_process(struct ldb_context *ldb,
|
||||
/* Must be after we have processed command line options */
|
||||
gensec_init(cmdline_lp_ctx);
|
||||
|
||||
if (ldb_set_opaque(ldb, "sessionInfo", system_session(ldb, cmdline_lp_ctx))) {
|
||||
if (ldb_set_opaque(ldb, "sessionInfo", system_session(cmdline_lp_ctx))) {
|
||||
goto failed;
|
||||
}
|
||||
if (ldb_set_opaque(ldb, "credentials", cmdline_credentials)) {
|
||||
|
||||
@ -66,7 +66,7 @@ static void nbtd_task_init(struct task_server *task)
|
||||
return;
|
||||
}
|
||||
|
||||
nbtsrv->sam_ctx = samdb_connect(nbtsrv, task->event_ctx, task->lp_ctx, system_session(nbtsrv, task->lp_ctx));
|
||||
nbtsrv->sam_ctx = samdb_connect(nbtsrv, task->event_ctx, task->lp_ctx, system_session(task->lp_ctx));
|
||||
if (nbtsrv->sam_ctx == NULL) {
|
||||
task_server_terminate(task, "nbtd failed to open samdb", true);
|
||||
return;
|
||||
|
||||
@ -371,7 +371,7 @@ static void ntp_signd_task_init(struct task_server *task)
|
||||
ntp_signd->task = task;
|
||||
|
||||
/* Must be system to get at the password hashes */
|
||||
ntp_signd->samdb = samdb_connect(ntp_signd, task->event_ctx, task->lp_ctx, system_session(ntp_signd, task->lp_ctx));
|
||||
ntp_signd->samdb = samdb_connect(ntp_signd, task->event_ctx, task->lp_ctx, system_session(task->lp_ctx));
|
||||
if (ntp_signd->samdb == NULL) {
|
||||
task_server_terminate(task, "ntp_signd failed to open samdb", true);
|
||||
return;
|
||||
|
||||
@ -44,8 +44,8 @@
|
||||
*/
|
||||
static struct ldb_context *sptr_db_connect(TALLOC_CTX *mem_ctx, struct tevent_context *ev_ctx, struct loadparm_context *lp_ctx)
|
||||
{
|
||||
return ldb_wrap_connect(mem_ctx, ev_ctx, lp_ctx, lp_spoolss_url(lp_ctx), system_session(mem_ctx, lp_ctx),
|
||||
NULL, 0, NULL);
|
||||
return ldb_wrap_connect(mem_ctx, ev_ctx, lp_ctx, lp_spoolss_url(lp_ctx), system_session(lp_ctx),
|
||||
NULL, 0);
|
||||
}
|
||||
|
||||
static int sptr_db_search(struct ldb_context *ldb,
|
||||
|
||||
@ -42,8 +42,8 @@ static NTSTATUS sldb_init(TALLOC_CTX *mem_ctx, const struct share_ops *ops,
|
||||
|
||||
sdb = ldb_wrap_connect(*ctx, ev_ctx, lp_ctx,
|
||||
private_path(*ctx, lp_ctx, "share.ldb"),
|
||||
system_session(*ctx, lp_ctx),
|
||||
NULL, 0, NULL);
|
||||
system_session(lp_ctx),
|
||||
NULL, 0);
|
||||
|
||||
if (!sdb) {
|
||||
talloc_free(*ctx);
|
||||
|
||||
@ -61,7 +61,7 @@ static WERROR dcesrv_drsuapi_DsBind(struct dcesrv_call_state *dce_call, TALLOC_C
|
||||
werr = drs_security_level_check(dce_call, NULL);
|
||||
if (W_ERROR_IS_OK(werr)) {
|
||||
DEBUG(2,(__location__ ": doing DsBind with system_session\n"));
|
||||
auth_info = system_session(b_state, dce_call->conn->dce_ctx->lp_ctx);
|
||||
auth_info = system_session(dce_call->conn->dce_ctx->lp_ctx);
|
||||
} else {
|
||||
auth_info = dce_call->conn->auth_state.session_info;
|
||||
}
|
||||
|
||||
@ -2273,7 +2273,7 @@ static NTSTATUS dcesrv_lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALL
|
||||
name = &r->in.name.string[2];
|
||||
/* We need to connect to the database as system, as this is one of the rare RPC calls that must read the secrets (and this is denied otherwise) */
|
||||
secret_state->sam_ldb = talloc_reference(secret_state,
|
||||
samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, system_session(secret_state, dce_call->conn->dce_ctx->lp_ctx)));
|
||||
samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, system_session(dce_call->conn->dce_ctx->lp_ctx)));
|
||||
secret_state->global = true;
|
||||
|
||||
if (strlen(name) < 1) {
|
||||
@ -2410,7 +2410,7 @@ static NTSTATUS dcesrv_lsa_OpenSecret(struct dcesrv_call_state *dce_call, TALLOC
|
||||
name = &r->in.name.string[2];
|
||||
/* We need to connect to the database as system, as this is one of the rare RPC calls that must read the secrets (and this is denied otherwise) */
|
||||
secret_state->sam_ldb = talloc_reference(secret_state,
|
||||
samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, system_session(secret_state, dce_call->conn->dce_ctx->lp_ctx)));
|
||||
samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, system_session(dce_call->conn->dce_ctx->lp_ctx)));
|
||||
secret_state->global = true;
|
||||
|
||||
if (strlen(name) < 1) {
|
||||
|
||||
@ -129,7 +129,7 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca
|
||||
}
|
||||
|
||||
sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx,
|
||||
system_session(mem_ctx, dce_call->conn->dce_ctx->lp_ctx));
|
||||
system_session(dce_call->conn->dce_ctx->lp_ctx));
|
||||
if (sam_ctx == NULL) {
|
||||
return NT_STATUS_INVALID_SYSTEM_SERVICE;
|
||||
}
|
||||
@ -366,7 +366,7 @@ static NTSTATUS dcesrv_netr_ServerPasswordSet(struct dcesrv_call_state *dce_call
|
||||
&creds);
|
||||
NT_STATUS_NOT_OK_RETURN(nt_status);
|
||||
|
||||
sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, system_session(mem_ctx, dce_call->conn->dce_ctx->lp_ctx));
|
||||
sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, system_session(dce_call->conn->dce_ctx->lp_ctx));
|
||||
if (sam_ctx == NULL) {
|
||||
return NT_STATUS_INVALID_SYSTEM_SERVICE;
|
||||
}
|
||||
@ -404,7 +404,7 @@ static NTSTATUS dcesrv_netr_ServerPasswordSet2(struct dcesrv_call_state *dce_cal
|
||||
&creds);
|
||||
NT_STATUS_NOT_OK_RETURN(nt_status);
|
||||
|
||||
sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, system_session(mem_ctx, dce_call->conn->dce_ctx->lp_ctx));
|
||||
sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, system_session(dce_call->conn->dce_ctx->lp_ctx));
|
||||
if (sam_ctx == NULL) {
|
||||
return NT_STATUS_INVALID_SYSTEM_SERVICE;
|
||||
}
|
||||
@ -1152,7 +1152,7 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal
|
||||
|
||||
sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx,
|
||||
dce_call->conn->dce_ctx->lp_ctx,
|
||||
system_session(mem_ctx, dce_call->conn->dce_ctx->lp_ctx));
|
||||
system_session(dce_call->conn->dce_ctx->lp_ctx));
|
||||
if (sam_ctx == NULL) {
|
||||
return NT_STATUS_INVALID_SYSTEM_SERVICE;
|
||||
}
|
||||
|
||||
@ -61,7 +61,7 @@ NTSTATUS dcesrv_samr_ChangePasswordUser(struct dcesrv_call_state *dce_call,
|
||||
}
|
||||
|
||||
/* To change a password we need to open as system */
|
||||
sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, system_session(mem_ctx, dce_call->conn->dce_ctx->lp_ctx));
|
||||
sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, system_session(dce_call->conn->dce_ctx->lp_ctx));
|
||||
if (sam_ctx == NULL) {
|
||||
return NT_STATUS_INVALID_SYSTEM_SERVICE;
|
||||
}
|
||||
@ -210,7 +210,7 @@ NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call,
|
||||
}
|
||||
|
||||
/* To change a password we need to open as system */
|
||||
sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, system_session(mem_ctx, dce_call->conn->dce_ctx->lp_ctx));
|
||||
sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, system_session(dce_call->conn->dce_ctx->lp_ctx));
|
||||
if (sam_ctx == NULL) {
|
||||
return NT_STATUS_INVALID_SYSTEM_SERVICE;
|
||||
}
|
||||
@ -363,7 +363,7 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
|
||||
}
|
||||
|
||||
/* To change a password we need to open as system */
|
||||
sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, system_session(mem_ctx, dce_call->conn->dce_ctx->lp_ctx));
|
||||
sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, system_session(dce_call->conn->dce_ctx->lp_ctx));
|
||||
if (sam_ctx == NULL) {
|
||||
return NT_STATUS_INVALID_SYSTEM_SERVICE;
|
||||
}
|
||||
|
||||
@ -317,8 +317,8 @@ static NTSTATUS test_apply_schema(struct test_become_dc_state *s,
|
||||
sam_ldb_path = talloc_asprintf(s, "%s/%s", s->targetdir, "private/sam.ldb");
|
||||
DEBUG(0,("Reopen the SAM LDB with system credentials and a already stored schema: %s\n", sam_ldb_path));
|
||||
s->ldb = ldb_wrap_connect(s, s->tctx->ev, s->tctx->lp_ctx, sam_ldb_path,
|
||||
system_session(s, s->tctx->lp_ctx),
|
||||
NULL, 0, NULL);
|
||||
system_session(s->tctx->lp_ctx),
|
||||
NULL, 0);
|
||||
if (!s->ldb) {
|
||||
DEBUG(0,("Failed to open '%s'\n",
|
||||
sam_ldb_path));
|
||||
@ -661,8 +661,8 @@ bool torture_net_become_dc(struct torture_context *torture)
|
||||
sam_ldb_path = talloc_asprintf(s, "%s/%s", s->targetdir, "private/sam.ldb");
|
||||
DEBUG(0,("Reopen the SAM LDB with system credentials and all replicated data: %s\n", sam_ldb_path));
|
||||
s->ldb = ldb_wrap_connect(s, s->tctx->ev, s->lp_ctx, sam_ldb_path,
|
||||
system_session(s, s->lp_ctx),
|
||||
NULL, 0, NULL);
|
||||
system_session(s->lp_ctx),
|
||||
NULL, 0);
|
||||
if (!s->ldb) {
|
||||
DEBUG(0,("Failed to open '%s'\n",
|
||||
sam_ldb_path));
|
||||
|
||||
@ -154,7 +154,7 @@ int net_samsync_ldb(struct net_context *ctx, int argc, const char **argv)
|
||||
r.in.binding_string = NULL;
|
||||
|
||||
/* Needed to override the ACLs on ldb */
|
||||
r.in.session_info = system_session(libnetctx, ctx->lp_ctx);
|
||||
r.in.session_info = system_session(ctx->lp_ctx);
|
||||
|
||||
status = libnet_samsync_ldb(libnetctx, libnetctx, &r);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
|
||||
@ -40,7 +40,7 @@ static struct ldb_context *wins_config_db_connect(TALLOC_CTX *mem_ctx,
|
||||
{
|
||||
return ldb_wrap_connect(mem_ctx, ev_ctx, lp_ctx, private_path(mem_ctx,
|
||||
lp_ctx, lp_wins_config_url(lp_ctx)),
|
||||
system_session(mem_ctx, lp_ctx), NULL, 0, NULL);
|
||||
system_session(lp_ctx), NULL, 0);
|
||||
}
|
||||
|
||||
static uint64_t wins_config_db_get_seqnumber(struct ldb_context *ldb)
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user