1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-03 01:18:10 +03:00
Commit Graph

105 Commits

Author SHA1 Message Date
Stefan Metzmacher
0e62f32795 libcli/auth: fix usage of an uninitialized variable in netlogon_creds_cli_check_caps()
If status is RPC_PROCNUM_OUT_OF_RANGE, result might be uninitialized.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2014-01-08 14:34:13 +01:00
Stefan Metzmacher
3d45d4dc3c libcli/auth: remove unused netlogon_creds_cli_context_copy()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-01-07 12:47:16 +01:00
Stefan Metzmacher
fa3af7c2e8 libcli/auth: make use of real options in netlogon_creds_cli_context_global()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-01-07 12:47:05 +01:00
Stefan Metzmacher
dc96b1ddcc libcli/auth: use unique key_name values in netlogon_creds_cli_context_common()
Until all callers are fixed to pass the same 'server_computer'
value, we try to calculate a server_netbios_name and use this
as unique identifier for a specific domain controller.

Otherwise winbind would use 'hostname.example.com'
while 'net rpc testjoin' would use 'HOSTNAME',
which leads to 2 records in netlogon_creds_cli.tdb
for the same domain controller.

Once all callers are fixed we can think about reverting this
commit.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-01-07 12:47:04 +01:00
Stefan Metzmacher
6e6d9f9f12 libcli/auth: add netlogon_creds_cli* infrastructure
This provides an abstraction to hide netlogon_creds_CredentialState,
which is stored in a node local tdb.

Where the global state (netlogon_creds_CredentialState) between client and
server was only kept in memory (on the client side), we now use
the abstracted netlogon_creds_cli_context.

We now use a node specific computer name in order to establish
individual netlogon sessions per node.

If the caller wants to use some netlogon calls with credential chain
(struct netr_Authenticator), netlogon_creds_cli_lock*() is used
to get the current netlogon_creds_CredentialState in a g_lock'ed
fashion, a talloc_free() will release the lock.

The locking is needed as there might be more than one process
(multiple winbindd child, cmdline tools) which want to talk
to a specific domain controller. The usage of netlogon_creds_CredentialState
needs to be serialized as it uses sequence numbers.

LogonSamLogonEx doesn't use the credential chain, but for some operations
it needs the global session in order to de/encrypt individual fields.
It uses the lockless netlogon_creds_cli_get() and netlogon_creds_cli_validate()
functions, which just make sure the session hasn't changed between
get and validate.

This is prepares the proper fix for a large number of bugs:
https://bugzilla.samba.org/show_bug.cgi?id=6563
https://bugzilla.samba.org/show_bug.cgi?id=7944
https://bugzilla.samba.org/show_bug.cgi?id=7945
https://bugzilla.samba.org/show_bug.cgi?id=7568
https://bugzilla.samba.org/show_bug.cgi?id=8599

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-01-07 12:47:03 +01:00