[PATCH] s3-winbindd: Store schannel credentials in secrets.tdb

Christof Schmitt christof.schmitt at us.ibm.com
Thu Oct 4 16:56:38 MDT 2012

Andrew Bartlett <abartlet at samba.org> wrote on 10/03/2012 06:46:54 PM:

> However you do it, you do need to serialise the sequence number updates
> for send, but a restructure may avoid you needing to serialise the whole
> request/reply chain.  Essentially, we both probably need to read up the
> docs, and see if instead we can store an expected reply for a given
> sequence number.  That would avoid needing to lock over the network ops
> waiting for the reply. 

I started looking into this part and reading MS-NRPC. Using the lock
only for sending the request would mean using the async calls
dcerpc_netr_LogonSamLogon_send() and dcerpc_netr_LogonSamLogon_recv()
instead of the sync one dcerpc_netr_LogonSamLogon().

netlogon_creds_client_check() is simply a memcmp(), so the client
already has the expected reply for verifying the server response.

Besides LogonSamLogon, the same changes have to be made for all calls
using the struct netr_Authenticator.

Looking at the code, source3/rpc_client/cli_netlogon.c might be a good
place to make those changes. Maybe this file would be also a better
place to access the schannel tdb.

I will continue from here, just let me know in case i am heading in
the wrong direction.


Christof Schmitt || IBM || SONAS System Development || Tucson, AZ
christof.schmitt at us.ibm.com  ||  +1-520-799-2469  (T/L: 321-2469)

More information about the samba-technical mailing list