[SCM] Samba Shared Repository - branch master updated

Simo Sorce idra at samba.org
Tue Feb 23 13:10:16 MST 2010


The branch, master has been updated
       via  805f750... s4:cleanup remove unused schannel ldb code
       via  1203de9... s4:schannel merge code with s3
       via  1d0938c... schannel_tdb: make code compilable in both trees
       via  3b12c38... s3:schannel streamline interface
       via  e5ab64a... s3:schannel fix memory hierarchy
       via  bb9014d... schannel: merge header files
       via  8e2f5fe... s4:schannel more readable check logic
       via  b4c9dc3... s3:schannel more readable check logic
      from  61b7a24... s3 move the sitename cache in its own file

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 805f7507e23f95c479114c44cd175b6b668ffaf9
Author: Simo Sorce <idra at samba.org>
Date:   Fri Feb 19 09:43:46 2010 -0500

    s4:cleanup remove unused schannel ldb code

commit 1203de99b178a2d7f6c7c6534c42d05242322fe3
Author: Simo Sorce <idra at samba.org>
Date:   Thu Feb 18 15:11:25 2010 -0500

    s4:schannel merge code with s3
    
    After looking at the s4 side of the (s)channel :) I found out that it makes
    more sense to simply make it use the tdb based code than redo the same changes
    done to s3 to simplify the interface.
    
    Ldb is slow, to the point it needs haks to pre-open the db to speed it up, yet
    that does not solve the lookup speed, with ldb it is always going to be slower.
    
    Looking through the history it is evident that the schannel database doesn't
    really need greate expanadability. And lookups are always done with a single
    Key. This seem a perfet fit for tdb while ldb looks unnecessarily complicated.
    
    The schannel database is not really a persistent one. It can be discared during
    an upgrade without causing any real issue. all it contains is temproary session
    data.

commit 1d0938c629904e14c3769036d1a8d1a6d7b3f34b
Author: Simo Sorce <idra at samba.org>
Date:   Thu Feb 18 16:17:06 2010 -0500

    schannel_tdb: make code compilable in both trees

commit 3b12c38ac09ad253cf56099c243659a3a362ea67
Author: Simo Sorce <idra at samba.org>
Date:   Thu Feb 18 14:44:09 2010 -0500

    s3:schannel streamline interface
    
    Make calling schannel much easier by removing the need to explicitly open the
    database. Let the abstraction do it instead.

commit e5ab64a79902e710636352b01ccd0012d5df1c31
Author: Simo Sorce <idra at samba.org>
Date:   Fri Feb 19 09:34:48 2010 -0500

    s3:schannel fix memory hierarchy
    
    passing mem_ctx was causing creds->sid to be allocated on mem_ctx and not be
    child of creds as expected. When later in schannel_check_creds_state() we
    stole the creds on a different memory context the sid was left behind and the
    memory it points to freed when the temporary context was freed.

commit bb9014d5cbbc2ebb8fbd9fab05a3f3fc57e725b8
Author: Simo Sorce <idra at samba.org>
Date:   Thu Feb 18 14:10:26 2010 -0500

    schannel: merge header files
    
    One almost empty header file was simply including another not included by
    anything else. Just merge them together.

commit 8e2f5fe7c5bc0fce0564c751a68e0feb370e0857
Author: Simo Sorce <idra at samba.org>
Date:   Thu Feb 18 10:26:24 2010 -0500

    s4:schannel more readable check logic
    
    Make the initial schannel check logic more understandable.
    Make it easy to define different policies depending on the caller's
    security requirements (Integrity/Privacy/Both/None)
    
    This is the same change applied to s3

commit b4c9dc3724b5c34661b6986e81af2dc6c191dde9
Author: Simo Sorce <idra at samba.org>
Date:   Thu Feb 18 10:19:09 2010 -0500

    s3:schannel more readable check logic
    
    Make the initial schannel check logic more understandable.
    Make it easy to define different policies depending on ther caller's security
    requirements (Integrity/Privacy/Both/None)

-----------------------------------------------------------------------

Summary of changes:
 libcli/auth/config.mk                         |    4 +-
 libcli/auth/schannel_state.h                  |   32 ++-
 libcli/auth/schannel_state_ldb.c              |  334 -------------------------
 libcli/auth/schannel_state_proto.h            |   48 ----
 libcli/auth/schannel_state_tdb.c              |  278 ++++++++++++++++----
 source3/Makefile.in                           |    3 +-
 source3/include/proto.h                       |    9 -
 source3/include/secrets.h                     |    2 -
 source3/passdb/secrets_schannel.c             |  131 ----------
 source3/rpc_server/srv_netlog_nt.c            |   65 ++++--
 source3/rpc_server/srv_pipe.c                 |    2 +-
 source4/auth/gensec/config.mk                 |   12 +-
 source4/auth/gensec/schannel.c                |   15 +-
 source4/auth/gensec/schannel_state.c          |   67 -----
 source4/rpc_server/netlogon/dcerpc_netlogon.c |   93 +++++---
 source4/smbd/server.c                         |    2 -
 source4/torture/rpc/samr.c                    |    1 -
 17 files changed, 363 insertions(+), 735 deletions(-)
 delete mode 100644 libcli/auth/schannel_state_ldb.c
 delete mode 100644 libcli/auth/schannel_state_proto.h
 delete mode 100644 source3/passdb/secrets_schannel.c
 delete mode 100644 source4/auth/gensec/schannel_state.c


Changeset truncated at 500 lines:

diff --git a/libcli/auth/config.mk b/libcli/auth/config.mk
index bda9850..bc198f3 100644
--- a/libcli/auth/config.mk
+++ b/libcli/auth/config.mk
@@ -21,6 +21,6 @@ LIBCLI_AUTH_OBJ_FILES = $(addprefix $(libclicommonsrcdir)/auth/, \
 PUBLIC_HEADERS += ../libcli/auth/credentials.h
 
 [SUBSYSTEM::COMMON_SCHANNELDB]
-PRIVATE_DEPENDENCIES = LDB_WRAP
+PRIVATE_DEPENDENCIES = TDB_WRAP
 
-COMMON_SCHANNELDB_OBJ_FILES = $(addprefix $(libclicommonsrcdir)/auth/, schannel_state_ldb.o)
+COMMON_SCHANNELDB_OBJ_FILES = $(addprefix $(libclicommonsrcdir)/auth/, schannel_state_tdb.o)
diff --git a/libcli/auth/schannel_state.h b/libcli/auth/schannel_state.h
index e60f4d9..d378a39 100644
--- a/libcli/auth/schannel_state.h
+++ b/libcli/auth/schannel_state.h
@@ -1,4 +1,4 @@
-/* 
+/*
    Unix SMB/CIFS implementation.
 
    module to store/fetch session keys for the schannel server
@@ -10,16 +10,36 @@
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.
-   
+
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
-   
+
    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
-struct ldb_context;
-struct tdb_context;
-#include "libcli/auth/schannel_state_proto.h"
+#ifndef _LIBCLI_AUTH_SCHANNEL_STATE_H__
+#define _LIBCLI_AUTH_SCHANNEL_STATE_H__
+
+NTSTATUS schannel_get_creds_state(TALLOC_CTX *mem_ctx,
+				  struct smb_iconv_convenience *ic,
+				  const char *db_priv_dir,
+				  const char *computer_name,
+				  struct netlogon_creds_CredentialState **creds);
+
+NTSTATUS schannel_save_creds_state(TALLOC_CTX *mem_ctx,
+				   struct smb_iconv_convenience *ic,
+				   const char *db_priv_dir,
+				   struct netlogon_creds_CredentialState *creds);
+
+NTSTATUS schannel_check_creds_state(TALLOC_CTX *mem_ctx,
+				    struct smb_iconv_convenience *ic,
+				    const char *db_priv_dir,
+				    const char *computer_name,
+				    struct netr_Authenticator *received_authenticator,
+				    struct netr_Authenticator *return_authenticator,
+				    struct netlogon_creds_CredentialState **creds_out);
+
+#endif
diff --git a/libcli/auth/schannel_state_ldb.c b/libcli/auth/schannel_state_ldb.c
deleted file mode 100644
index ba3d96f..0000000
--- a/libcli/auth/schannel_state_ldb.c
+++ /dev/null
@@ -1,334 +0,0 @@
-/*
-   Unix SMB/CIFS implementation.
-
-   module to store/fetch session keys for the schannel server
-
-   Copyright (C) Andrew Tridgell 2004
-   Copyright (C) Andrew Bartlett <abartlet at samba.org> 2006-2009
-
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 3 of the License, or
-   (at your option) any later version.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "includes.h"
-#include "lib/ldb/include/ldb.h"
-#include "librpc/gen_ndr/ndr_security.h"
-#include "ldb_wrap.h"
-#include "../lib/util/util_ldb.h"
-#include "libcli/auth/libcli_auth.h"
-#include "auth/auth.h"
-#include "param/param.h"
-#include "../libcli/auth/schannel_state.h"
-
-static struct ldb_val *schannel_dom_sid_ldb_val(TALLOC_CTX *mem_ctx,
-						struct dom_sid *sid)
-{
-	enum ndr_err_code ndr_err;
-	struct ldb_val *v;
-
-	v = talloc(mem_ctx, struct ldb_val);
-	if (!v) return NULL;
-
-	ndr_err = ndr_push_struct_blob(v, mem_ctx, NULL, sid,
-				       (ndr_push_flags_fn_t)ndr_push_dom_sid);
-	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-		talloc_free(v);
-		return NULL;
-	}
-
-	return v;
-}
-
-static struct dom_sid *schannel_ldb_val_dom_sid(TALLOC_CTX *mem_ctx,
-						 const struct ldb_val *v)
-{
-	enum ndr_err_code ndr_err;
-	struct dom_sid *sid;
-
-	sid = talloc(mem_ctx, struct dom_sid);
-	if (!sid) return NULL;
-
-	ndr_err = ndr_pull_struct_blob(v, sid, NULL, sid,
-					(ndr_pull_flags_fn_t)ndr_pull_dom_sid);
-	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-		talloc_free(sid);
-		return NULL;
-	}
-	return sid;
-}
-
-
-/*
-  remember an established session key for a netr server authentication
-  use a simple ldb structure
-*/
-NTSTATUS schannel_store_session_key_ldb(struct ldb_context *ldb,
-					TALLOC_CTX *mem_ctx,
-					struct netlogon_creds_CredentialState *creds)
-{
-	struct ldb_message *msg;
-	struct ldb_val val, seed, client_state, server_state;
-	struct ldb_val *sid_val;
-	char *f;
-	char *sct;
-	int ret;
-
-	f = talloc_asprintf(mem_ctx, "%u", (unsigned int)creds->negotiate_flags);
-
-	if (f == NULL) {
-		return NT_STATUS_NO_MEMORY;
-	}
-
-	sct = talloc_asprintf(mem_ctx, "%u", (unsigned int)creds->secure_channel_type);
-
-	if (sct == NULL) {
-		return NT_STATUS_NO_MEMORY;
-	}
-
-	msg = ldb_msg_new(mem_ctx);
-	if (msg == NULL) {
-		return NT_STATUS_NO_MEMORY;
-	}
-
-	msg->dn = ldb_dn_new_fmt(msg, ldb, "computerName=%s", creds->computer_name);
-	if ( ! msg->dn) {
-		return NT_STATUS_NO_MEMORY;
-	}
-
-	sid_val = schannel_dom_sid_ldb_val(msg, creds->sid);
-	if (sid_val == NULL) {
-		return NT_STATUS_NO_MEMORY;
-	}
-
-	val.data = creds->session_key;
-	val.length = sizeof(creds->session_key);
-
-	seed.data = creds->seed.data;
-	seed.length = sizeof(creds->seed.data);
-
-	client_state.data = creds->client.data;
-	client_state.length = sizeof(creds->client.data);
-	server_state.data = creds->server.data;
-	server_state.length = sizeof(creds->server.data);
-
-	ldb_msg_add_string(msg, "objectClass", "schannelState");
-	ldb_msg_add_value(msg, "sessionKey", &val, NULL);
-	ldb_msg_add_value(msg, "seed", &seed, NULL);
-	ldb_msg_add_value(msg, "clientState", &client_state, NULL);
-	ldb_msg_add_value(msg, "serverState", &server_state, NULL);
-	ldb_msg_add_string(msg, "negotiateFlags", f);
-	ldb_msg_add_string(msg, "secureChannelType", sct);
-	ldb_msg_add_string(msg, "accountName", creds->account_name);
-	ldb_msg_add_string(msg, "computerName", creds->computer_name);
-	ldb_msg_add_value(msg, "objectSid", sid_val, NULL);
-
-	ret = ldb_add(ldb, msg);
-	if (ret == LDB_ERR_ENTRY_ALREADY_EXISTS) {
-		int i;
-		/* from samdb_replace() */
-		/* mark all the message elements as LDB_FLAG_MOD_REPLACE */
-		for (i=0;i<msg->num_elements;i++) {
-			msg->elements[i].flags = LDB_FLAG_MOD_REPLACE;
-		}
-
-		ret = ldb_modify(ldb, msg);
-	}
-
-	/* We don't need a transaction here, as we either add or
-	 * modify records, never delete them, so it must exist */
-
-	if (ret != LDB_SUCCESS) {
-		DEBUG(0,("Unable to add %s to session key db - %s\n",
-			 ldb_dn_get_linearized(msg->dn), ldb_errstring(ldb)));
-		return NT_STATUS_INTERNAL_DB_CORRUPTION;
-	}
-
-	return NT_STATUS_OK;
-}
-
-/*
-  read back a credentials back for a computer
-*/
-NTSTATUS schannel_fetch_session_key_ldb(struct ldb_context *ldb,
-					TALLOC_CTX *mem_ctx,
-					const char *computer_name,
-					struct netlogon_creds_CredentialState **creds)
-{
-	struct ldb_result *res;
-	int ret;
-	const struct ldb_val *val;
-
-	*creds = talloc_zero(mem_ctx, struct netlogon_creds_CredentialState);
-	if (!*creds) {
-		return NT_STATUS_NO_MEMORY;
-	}
-
-	ret = ldb_search(ldb, mem_ctx, &res,
-				 NULL, LDB_SCOPE_SUBTREE, NULL,
-				"(computerName=%s)", computer_name);
-	if (ret != LDB_SUCCESS) {
-		DEBUG(3,("schannel: Failed to find a record for client %s: %s\n", computer_name, ldb_errstring(ldb)));
-		return NT_STATUS_INVALID_HANDLE;
-	}
-	if (res->count != 1) {
-		DEBUG(3,("schannel: Failed to find a record for client: %s (found %d records)\n", computer_name, res->count));
-		talloc_free(res);
-		return NT_STATUS_INVALID_HANDLE;
-	}
-
-	val = ldb_msg_find_ldb_val(res->msgs[0], "sessionKey");
-	if (val == NULL || val->length != 16) {
-		DEBUG(1,("schannel: record in schannel DB must contain a sessionKey of length 16, when searching for client: %s\n", computer_name));
-		talloc_free(res);
-		return NT_STATUS_INTERNAL_ERROR;
-	}
-
-	memcpy((*creds)->session_key, val->data, 16);
-
-	val = ldb_msg_find_ldb_val(res->msgs[0], "seed");
-	if (val == NULL || val->length != 8) {
-		DEBUG(1,("schannel: record in schannel DB must contain a vaid seed of length 8, when searching for client: %s\n", computer_name));
-		talloc_free(res);
-		return NT_STATUS_INTERNAL_ERROR;
-	}
-
-	memcpy((*creds)->seed.data, val->data, 8);
-
-	val = ldb_msg_find_ldb_val(res->msgs[0], "clientState");
-	if (val == NULL || val->length != 8) {
-		DEBUG(1,("schannel: record in schannel DB must contain a vaid clientState of length 8, when searching for client: %s\n", computer_name));
-		talloc_free(res);
-		return NT_STATUS_INTERNAL_ERROR;
-	}
-	memcpy((*creds)->client.data, val->data, 8);
-
-	val = ldb_msg_find_ldb_val(res->msgs[0], "serverState");
-	if (val == NULL || val->length != 8) {
-		DEBUG(1,("schannel: record in schannel DB must contain a vaid serverState of length 8, when searching for client: %s\n", computer_name));
-		talloc_free(res);
-		return NT_STATUS_INTERNAL_ERROR;
-	}
-	memcpy((*creds)->server.data, val->data, 8);
-
-	(*creds)->negotiate_flags = ldb_msg_find_attr_as_int(res->msgs[0], "negotiateFlags", 0);
-
-	(*creds)->secure_channel_type = ldb_msg_find_attr_as_int(res->msgs[0], "secureChannelType", 0);
-
-	(*creds)->account_name = talloc_strdup(*creds, ldb_msg_find_attr_as_string(res->msgs[0], "accountName", NULL));
-	if ((*creds)->account_name == NULL) {
-		talloc_free(res);
-		return NT_STATUS_NO_MEMORY;
-	}
-
-	(*creds)->computer_name = talloc_strdup(*creds, ldb_msg_find_attr_as_string(res->msgs[0], "computerName", NULL));
-	if ((*creds)->computer_name == NULL) {
-		talloc_free(res);
-		return NT_STATUS_NO_MEMORY;
-	}
-
-	val = ldb_msg_find_ldb_val(res->msgs[0], "objectSid");
-	if (val) {
-		(*creds)->sid = schannel_ldb_val_dom_sid(*creds, val);
-		if ((*creds)->sid == NULL) {
-			talloc_free(res);
-			return NT_STATUS_INTERNAL_ERROR;
-		}
-	} else {
-		(*creds)->sid = NULL;
-	}
-
-	talloc_free(res);
-	return NT_STATUS_OK;
-}
-
-/*
-  Validate an incoming authenticator against the credentials for the remote machine.
-
-  The credentials are (re)read and from the schannel database, and
-  written back after the caclulations are performed.
-
-  The creds_out parameter (if not NULL) returns the credentials, if
-  the caller needs some of that information.
-
-*/
-NTSTATUS schannel_creds_server_step_check_ldb(struct ldb_context *ldb,
-					      TALLOC_CTX *mem_ctx,
-					      const char *computer_name,
-					      bool schannel_required_for_call,
-					      bool schannel_in_use,
-					      struct netr_Authenticator *received_authenticator,
-					      struct netr_Authenticator *return_authenticator,
-					      struct netlogon_creds_CredentialState **creds_out)
-{
-	struct netlogon_creds_CredentialState *creds = NULL;
-	NTSTATUS nt_status;
-	int ret;
-
-	/* If we are flaged that schannel is required for a call, and
-	 * it is not in use, then make this an error */
-
-	/* It would be good to make this mandetory once schannel is
-	 * negoiated, but this is not what windows does */
-	if (schannel_required_for_call && !schannel_in_use) {
-		DEBUG(0,("schannel_creds_server_step_check: client %s not using schannel for netlogon, despite negotiating it\n",
-			creds->computer_name ));
-		return NT_STATUS_ACCESS_DENIED;
-	}
-
-	ret = ldb_transaction_start(ldb);
-	if (ret != 0) {
-		return NT_STATUS_INTERNAL_DB_CORRUPTION;
-	}
-
-	/* Because this is a shared structure (even across
-	 * disconnects) we must update the database every time we
-	 * update the structure */
-
-	nt_status = schannel_fetch_session_key_ldb(ldb, ldb, computer_name,
-						   &creds);
-	if (!NT_STATUS_IS_OK(nt_status)) {
-		ldb_transaction_cancel(ldb);
-		return nt_status;
-	}
-
-	nt_status = netlogon_creds_server_step_check(creds,
-						     received_authenticator,
-						     return_authenticator);
-	if (!NT_STATUS_IS_OK(nt_status)) {
-		ldb_transaction_cancel(ldb);
-		talloc_free(creds);
-		return nt_status;
-	}
-
-	nt_status = schannel_store_session_key_ldb(ldb, mem_ctx, creds);
-	if (!NT_STATUS_IS_OK(nt_status)) {
-		ldb_transaction_cancel(ldb);
-		talloc_free(creds);
-		return nt_status;
-	}
-
-	ldb_transaction_commit(ldb);
-	if (ret != 0) {
-		talloc_free(creds);
-		return NT_STATUS_INTERNAL_DB_CORRUPTION;
-	}
-
-	if (creds_out) {
-		*creds_out = creds;
-		talloc_steal(mem_ctx, creds);
-	} else {
-		talloc_free(creds);
-	}
-
-	return NT_STATUS_OK;
-}
diff --git a/libcli/auth/schannel_state_proto.h b/libcli/auth/schannel_state_proto.h
deleted file mode 100644
index c582c3e..0000000
--- a/libcli/auth/schannel_state_proto.h
+++ /dev/null
@@ -1,48 +0,0 @@
-#ifndef _LIBCLI_AUTH_SCHANNEL_STATE_PROTO_H__
-#define _LIBCLI_AUTH_SCHANNEL_STATE_PROTO_H__
-
-#undef _PRINTF_ATTRIBUTE
-#define _PRINTF_ATTRIBUTE(a1, a2) PRINTF_ATTRIBUTE(a1, a2)
-
-/* this file contains prototypes for functions that are private 
- * to this subsystem or library. These functions should not be 
- * used outside this particular subsystem! */
-
-
-/* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/schannel_state.c  */
-
-NTSTATUS schannel_store_session_key_ldb(struct ldb_context *ldb,
-					TALLOC_CTX *mem_ctx,
-					struct netlogon_creds_CredentialState *creds);
-NTSTATUS schannel_fetch_session_key_ldb(struct ldb_context *ldb,
-					TALLOC_CTX *mem_ctx,
-					const char *computer_name,
-					struct netlogon_creds_CredentialState **creds);
-NTSTATUS schannel_creds_server_step_check_ldb(struct ldb_context *ldb,
-					      TALLOC_CTX *mem_ctx,
-					      const char *computer_name,
-					      bool schannel_required_for_call,
-					      bool schannel_in_use,
-					      struct netr_Authenticator *received_authenticator,
-					      struct netr_Authenticator *return_authenticator,
-					      struct netlogon_creds_CredentialState **creds_out);
-NTSTATUS schannel_store_session_key_tdb(struct tdb_context *tdb,
-					TALLOC_CTX *mem_ctx,
-					struct netlogon_creds_CredentialState *creds);
-NTSTATUS schannel_fetch_session_key_tdb(struct tdb_context *tdb,
-					TALLOC_CTX *mem_ctx,
-					const char *computer_name,
-					struct netlogon_creds_CredentialState **creds);
-NTSTATUS schannel_creds_server_step_check_tdb(struct tdb_context *tdb,
-					      TALLOC_CTX *mem_ctx,
-					      const char *computer_name,
-					      bool schannel_required_for_call,
-					      bool schannel_in_use,
-					      struct netr_Authenticator *received_authenticator,
-					      struct netr_Authenticator *return_authenticator,
-					      struct netlogon_creds_CredentialState **creds_out);
-
-#undef _PRINTF_ATTRIBUTE
-#define _PRINTF_ATTRIBUTE(a1, a2)
-
-#endif
diff --git a/libcli/auth/schannel_state_tdb.c b/libcli/auth/schannel_state_tdb.c
index 7ec8b3f..fd61b0a 100644
--- a/libcli/auth/schannel_state_tdb.c
+++ b/libcli/auth/schannel_state_tdb.c
@@ -22,15 +22,87 @@
 */
 
 #include "includes.h"
+#include "system/filesys.h"
+#include <tdb.h>
+#include "../lib/util/util_tdb.h"
 #include "../libcli/auth/libcli_auth.h"
 #include "../libcli/auth/schannel_state.h"
 #include "../librpc/gen_ndr/ndr_schannel.h"
+#if _SAMBA_BUILD_ == 4
+#include "tdb_wrap.h"
+#endif
+
+#define SECRETS_SCHANNEL_STATE "SECRETS/SCHANNEL"
+
+/******************************************************************************
+ Open or create the schannel session store tdb.
+*******************************************************************************/
+
+#define SCHANNEL_STORE_VERSION_1 1
+#define SCHANNEL_STORE_VERSION_2 2 /* should not be used */
+#define SCHANNEL_STORE_VERSION_CURRENT SCHANNEL_STORE_VERSION_1
+
+static struct tdb_wrap *open_schannel_session_store(TALLOC_CTX *mem_ctx,
+						    const char *private_dir)
+{
+	TDB_DATA vers;
+	uint32_t ver;
+	struct tdb_wrap *tdb_sc = NULL;
+	char *fname = talloc_asprintf(mem_ctx, "%s/schannel_store.tdb", private_dir);
+
+	if (!fname) {
+		return NULL;
+	}
+
+	tdb_sc = tdb_wrap_open(mem_ctx, fname, 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600);


-- 
Samba Shared Repository


More information about the samba-cvs mailing list