svn commit: samba r13480 - in branches/SAMBA_4_0/source/rpc_server/netlogon: .

abartlet at samba.org abartlet at samba.org
Mon Feb 13 00:04:29 GMT 2006


Author: abartlet
Date: 2006-02-13 00:04:28 +0000 (Mon, 13 Feb 2006)
New Revision: 13480

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13480

Log:
Explain a little about how these credentials structures should be used.

Andrew Bartlett

Modified:
   branches/SAMBA_4_0/source/rpc_server/netlogon/dcerpc_netlogon.c


Changeset:
Modified: branches/SAMBA_4_0/source/rpc_server/netlogon/dcerpc_netlogon.c
===================================================================
--- branches/SAMBA_4_0/source/rpc_server/netlogon/dcerpc_netlogon.c	2006-02-13 00:02:31 UTC (rev 13479)
+++ branches/SAMBA_4_0/source/rpc_server/netlogon/dcerpc_netlogon.c	2006-02-13 00:04:28 UTC (rev 13480)
@@ -31,7 +31,13 @@
 struct server_pipe_state {
 	struct netr_Credential client_challenge;
 	struct netr_Credential server_challenge;
-	struct creds_CredentialState *creds;
+
+	/* This is a bit (dangeroursly?) tricky:
+	   - The session key, computer name and domain elements are
+	     valid. 
+	   - However the credentials chaining (seed, client, server etc)
+	     should be obtained from the database at runtime */
+	struct creds_CredentialState *creds; 
 };
 
 
@@ -286,7 +292,16 @@
 	return netr_ServerAuthenticate3(dce_call, mem_ctx, &r3);
 }
 
+/*
+  Validate an incoming authenticator against the credentials for the remote machine.
 
+  The credentials are (re)read and from the schannel database, and
+  written back after the caclulations are performed.
+
+  The creds_out parameter (if not NULL) returns the credentials, if
+  the caller needs some of that information.
+
+*/
 static NTSTATUS netr_creds_server_step_check(struct server_pipe_state *pipe_state,
 					     TALLOC_CTX *mem_ctx, 
 					     struct netr_Authenticator *received_authenticator,



More information about the samba-cvs mailing list