[PATCH] s3-winbindd: Store schannel credentials in secrets.tdb
ambi at samba.org
Wed Sep 19 16:07:45 MDT 2012
On 09/19/2012 01:40 PM, Christof Schmitt wrote:
> Passing a dbwrap handle to the code is an easy change. What
> complicated things was that my approach was to fetch a locked record
> and keep it locked during the DC authentication. The code in
> schannel_state_tdb.c does not keep the lock, so this needs to be
> changed, or an additional lock would be required to guarantee
> exclusive access to the DC during the authentication.
You could add a _locked variant that returns the record in locked state.
> A related question: cm_prepare_connection in
> source3/winbindd/winbindd_cm.c already uses a mutex. Can someone
> describe what this mutex protects?
There are some comments in auth/auth_domain.c explaining the need for
/* we use a mutex to prevent two connections at once - when a·
Win2k PDC get two connections where one hasn't completed a·
session setup yet it will send a TCP reset to the first·
connection (tridge) */
* With NT4.x DC's *all* authentication must be serialized to avoid
* ACCESS_DENIED errors if 2 auths are done from the same machine. JRA.
More information about the samba-technical