mirror of
https://github.com/samba-team/samba.git
synced 2024-12-27 03:21:53 +03:00
6e6d9f9f12
This provides an abstraction to hide netlogon_creds_CredentialState, which is stored in a node local tdb. Where the global state (netlogon_creds_CredentialState) between client and server was only kept in memory (on the client side), we now use the abstracted netlogon_creds_cli_context. We now use a node specific computer name in order to establish individual netlogon sessions per node. If the caller wants to use some netlogon calls with credential chain (struct netr_Authenticator), netlogon_creds_cli_lock*() is used to get the current netlogon_creds_CredentialState in a g_lock'ed fashion, a talloc_free() will release the lock. The locking is needed as there might be more than one process (multiple winbindd child, cmdline tools) which want to talk to a specific domain controller. The usage of netlogon_creds_CredentialState needs to be serialized as it uses sequence numbers. LogonSamLogonEx doesn't use the credential chain, but for some operations it needs the global session in order to de/encrypt individual fields. It uses the lockless netlogon_creds_cli_get() and netlogon_creds_cli_validate() functions, which just make sure the session hasn't changed between get and validate. This is prepares the proper fix for a large number of bugs: https://bugzilla.samba.org/show_bug.cgi?id=6563 https://bugzilla.samba.org/show_bug.cgi?id=7944 https://bugzilla.samba.org/show_bug.cgi?id=7945 https://bugzilla.samba.org/show_bug.cgi?id=7568 https://bugzilla.samba.org/show_bug.cgi?id=8599 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
44 lines
1.2 KiB
Python
Executable File
44 lines
1.2 KiB
Python
Executable File
#!/usr/bin/env python
|
|
|
|
bld.SAMBA_LIBRARY('cliauth',
|
|
source='',
|
|
deps='MSRPC_PARSE LIBCLI_AUTH COMMON_SCHANNEL PAM_ERRORS SPNEGO_PARSE krb5samba errors NTLM_CHECK UTIL_LSARPC',
|
|
private_library=True,
|
|
grouping_library=True)
|
|
|
|
bld.SAMBA_SUBSYSTEM('MSRPC_PARSE',
|
|
source='msrpc_parse.c',
|
|
deps='talloc'
|
|
)
|
|
|
|
bld.SAMBA_SUBSYSTEM('NTLM_CHECK',
|
|
source='ntlm_check.c',
|
|
deps = 'talloc'
|
|
)
|
|
|
|
bld.SAMBA_SUBSYSTEM('LIBCLI_AUTH',
|
|
source='credentials.c session.c smbencrypt.c smbdes.c',
|
|
public_deps='MSRPC_PARSE',
|
|
public_headers='credentials.h:domain_credentials.h'
|
|
)
|
|
|
|
|
|
bld.SAMBA_SUBSYSTEM('COMMON_SCHANNEL',
|
|
source='schannel_state_tdb.c',
|
|
deps='dbwrap util_tdb samba-hostconfig NDR_NETLOGON'
|
|
)
|
|
|
|
bld.SAMBA_SUBSYSTEM('NETLOGON_CREDS_CLI',
|
|
source='netlogon_creds_cli.c',
|
|
deps='dbwrap util_tdb tevent-util samba-hostconfig RPC_NDR_NETLOGON NDR_NETLOGON'
|
|
)
|
|
|
|
bld.SAMBA_SUBSYSTEM('PAM_ERRORS',
|
|
source='pam_errors.c',
|
|
deps='talloc'
|
|
)
|
|
|
|
bld.SAMBA_SUBSYSTEM('SPNEGO_PARSE',
|
|
source='spnego_parse.c',
|
|
deps='asn1util')
|