[PATCH] s3-winbindd: Store schannel credentials in secrets.tdb

Christian Ambach ambi at samba.org
Wed Sep 19 16:07:45 MDT 2012

On 09/19/2012 01:40 PM, Christof Schmitt wrote:
> Passing a dbwrap handle to the code is an easy change. What
> complicated things was that my approach was to fetch a locked record
> and keep it locked during the DC authentication. The code in
> schannel_state_tdb.c does not keep the lock, so this needs to be
> changed, or an additional lock would be required to guarantee
> exclusive access to the DC during the authentication.

You could add a _locked variant that returns the record in locked state.

> A related question: cm_prepare_connection in
> source3/winbindd/winbindd_cm.c already uses a mutex. Can someone
> describe what this mutex protects?

There are some comments in auth/auth_domain.c explaining the need for 
the mutex:

/* we use a mutex to prevent two connections at once - when a·
    Win2k PDC get two connections where one hasn't completed a·
    session setup yet it will send a TCP reset to the first·
    connection (tridge) */

  * With NT4.x DC's *all* authentication must be serialized to avoid
  * ACCESS_DENIED errors if 2 auths are done from the same machine. JRA.


More information about the samba-technical mailing list