[PATCH] s3-winbindd: Store schannel credentials in secrets.tdb
christof.schmitt at us.ibm.com
Thu Oct 4 16:56:38 MDT 2012
Andrew Bartlett <abartlet at samba.org> wrote on 10/03/2012 06:46:54 PM:
> However you do it, you do need to serialise the sequence number updates
> for send, but a restructure may avoid you needing to serialise the whole
> request/reply chain. Essentially, we both probably need to read up the
> docs, and see if instead we can store an expected reply for a given
> sequence number. That would avoid needing to lock over the network ops
> waiting for the reply.
I started looking into this part and reading MS-NRPC. Using the lock
only for sending the request would mean using the async calls
dcerpc_netr_LogonSamLogon_send() and dcerpc_netr_LogonSamLogon_recv()
instead of the sync one dcerpc_netr_LogonSamLogon().
netlogon_creds_client_check() is simply a memcmp(), so the client
already has the expected reply for verifying the server response.
Besides LogonSamLogon, the same changes have to be made for all calls
using the struct netr_Authenticator.
Looking at the code, source3/rpc_client/cli_netlogon.c might be a good
place to make those changes. Maybe this file would be also a better
place to access the schannel tdb.
I will continue from here, just let me know in case i am heading in
the wrong direction.
Christof Schmitt || IBM || SONAS System Development || Tucson, AZ
christof.schmitt at us.ibm.com || +1-520-799-2469 (T/L: 321-2469)
More information about the samba-technical