[PATCH] s3-winbindd: Store schannel credentials in secrets.tdb
abartlet at samba.org
Tue Sep 25 19:01:50 MDT 2012
On Tue, 2012-09-25 at 18:01 -0600, Christof Schmitt wrote:
> Andrew Bartlett <abartlet at samba.org> wrote on 09/19/2012 06:12:57 PM:
> > On Wed, 2012-09-19 at 15:07 -0700, Christian Ambach wrote:
> > > On 09/19/2012 01:40 PM, Christof Schmitt wrote:
> > > >
> > > > Passing a dbwrap handle to the code is an easy change. What
> > > > complicated things was that my approach was to fetch a locked record
> > > > and keep it locked during the DC authentication. The code in
> > > > schannel_state_tdb.c does not keep the lock, so this needs to be
> > > > changed, or an additional lock would be required to guarantee
> > > > exclusive access to the DC during the authentication.
> > >
> > > You could add a _locked variant that returns the record in locked
> Here is a new patch series that switches schannel_state_tdb to dbwrap,
> adds _locked variants and uses those in winbindd_cm. With these
> patches, smbtorture base.bench now runs on a cluster without errors,
> this is the test where we first found this issue.
My only remaining concern is that I think we need a 'direction
indicator' here. That is, to keep our state as a client distinct from
our state as a server. Otherwise, I fear that we will get ourselves in
a bit of a mess when we talk to ourselves.
Other than that, has this passed a full (waf) make test?
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical