1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
samba-mirror/libcli
Stefan Metzmacher 6e6d9f9f12 libcli/auth: add netlogon_creds_cli* infrastructure
This provides an abstraction to hide netlogon_creds_CredentialState,
which is stored in a node local tdb.

Where the global state (netlogon_creds_CredentialState) between client and
server was only kept in memory (on the client side), we now use
the abstracted netlogon_creds_cli_context.

We now use a node specific computer name in order to establish
individual netlogon sessions per node.

If the caller wants to use some netlogon calls with credential chain
(struct netr_Authenticator), netlogon_creds_cli_lock*() is used
to get the current netlogon_creds_CredentialState in a g_lock'ed
fashion, a talloc_free() will release the lock.

The locking is needed as there might be more than one process
(multiple winbindd child, cmdline tools) which want to talk
to a specific domain controller. The usage of netlogon_creds_CredentialState
needs to be serialized as it uses sequence numbers.

LogonSamLogonEx doesn't use the credential chain, but for some operations
it needs the global session in order to de/encrypt individual fields.
It uses the lockless netlogon_creds_cli_get() and netlogon_creds_cli_validate()
functions, which just make sure the session hasn't changed between
get and validate.

This is prepares the proper fix for a large number of bugs:
https://bugzilla.samba.org/show_bug.cgi?id=6563
https://bugzilla.samba.org/show_bug.cgi?id=7944
https://bugzilla.samba.org/show_bug.cgi?id=7945
https://bugzilla.samba.org/show_bug.cgi?id=7568
https://bugzilla.samba.org/show_bug.cgi?id=8599

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-01-07 12:47:03 +01:00
..
auth libcli/auth: add netlogon_creds_cli* infrastructure 2014-01-07 12:47:03 +01:00
cldap lib/clap fix compiler warnings 2013-12-12 14:21:27 -08:00
dns libcli/dns: Time out requests after a while 2012-10-16 12:58:31 +02:00
drsuapi build: Build with system md5.h on OpenIndiana 2013-06-19 21:32:36 +02:00
echo libcli/echo: validate the message length 2012-09-22 04:31:06 +02:00
ldap libcli/ldap: Cope with substring match with no chunks in ldap_push_filter 2013-06-24 12:54:26 -07:00
lsarpc auth: Move the rest of the source4 gensec_ntlmssp code to the top level 2012-02-17 10:48:09 +01:00
named_pipe_auth libcli: Add tstream_npa_socketpair() function. 2013-10-29 15:31:45 +01:00
nbt libcli: fix compiler warnings 2013-12-12 14:21:27 -08:00
netlogon waf: convert NDR_NBT into shared library. 2011-11-03 18:35:09 +01:00
registry build: Make util_reg subsystem in libcli/registry a library 2011-05-18 16:12:08 +02:00
samsync s3: add some forward declarations. 2011-04-12 12:20:43 +02:00
security secacl: Slightly simplify make_sec_acl 2013-12-14 00:10:21 +01:00
smb libcli/smb: s/tstream_cli_np/tstream_smbXcli_np 2014-01-07 08:37:42 +01:00
smbreadline libcli/smbreadline/smbreadline.h: fix licence/copyright 2011-06-10 15:11:43 +02:00
util CVE-2013-4408:libcli/util: add some size verification to tstream_read_pdu_blob_done() 2013-12-09 07:05:46 +01:00