diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2008-06-30 12:22:50 +1000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2008-06-30 12:22:50 +1000 |
| commit | d10c9b71ea7f2670c4ea5ec569bcb7f49ec41362 (patch) | |
| tree | a50214fc554bcefa53791f853372fa58622450a6 | |
| parent | 963bcfc777679ba122189ea6cf7f94b8d46cdce7 (diff) | |
| download | samba-d10c9b71ea7f2670c4ea5ec569bcb7f49ec41362.tar.gz | |
Rework samdb handling for 'netlogon' packets.
Don't reopen the samdb for every netlogon packet, and use the
system_session(), as we must access data not available to anonymous.
Perhaps we should consider a 'authenticated but not system' token, if
we want more control on this.
Andrew Bartlett
| -rw-r--r-- | source/cldap_server/cldap_server.c | 2 | ||||
| -rw-r--r-- | source/nbt_server/dgram/netlogon.c | 12 | ||||
| -rw-r--r-- | source/nbt_server/nbt_server.c | 2 |
3 files changed, 4 insertions, 12 deletions
diff --git a/source/cldap_server/cldap_server.c b/source/cldap_server/cldap_server.c index 58e9e2d89b5..310fb564e0f 100644 --- a/source/cldap_server/cldap_server.c +++ b/source/cldap_server/cldap_server.c @@ -187,7 +187,7 @@ static void cldapd_task_init(struct task_server *task) } cldapd->task = task; - cldapd->samctx = samdb_connect(cldapd, task->event_ctx, task->lp_ctx, anonymous_session(cldapd, task->event_ctx, task->lp_ctx)); + cldapd->samctx = samdb_connect(cldapd, task->event_ctx, task->lp_ctx, system_session(cldapd, task->lp_ctx)); if (cldapd->samctx == NULL) { task_server_terminate(task, "cldapd failed to open samdb"); return; diff --git a/source/nbt_server/dgram/netlogon.c b/source/nbt_server/dgram/netlogon.c index 5e263a58547..5e95270b7d2 100644 --- a/source/nbt_server/dgram/netlogon.c +++ b/source/nbt_server/dgram/netlogon.c @@ -56,11 +56,7 @@ static void nbtd_netlogon_getdc(struct dgram_mailslot_handler *dgmslot, return; } - samctx = samdb_connect(packet, iface->nbtsrv->task->event_ctx, iface->nbtsrv->task->lp_ctx, anonymous_session(packet, iface->nbtsrv->task->event_ctx, iface->nbtsrv->task->lp_ctx)); - if (samctx == NULL) { - DEBUG(2,("Unable to open sam in getdc reply\n")); - return; - } + samctx = iface->nbtsrv->sam_ctx; if (!samdb_is_pdc(samctx)) { DEBUG(2, ("Not a PDC, so not processing LOGON_PRIMARY_QUERY\n")); @@ -126,11 +122,7 @@ static void nbtd_netlogon_samlogon(struct dgram_mailslot_handler *dgmslot, return; } - samctx = samdb_connect(packet, iface->nbtsrv->task->event_ctx, iface->nbtsrv->task->lp_ctx, anonymous_session(packet, iface->nbtsrv->task->event_ctx, iface->nbtsrv->task->lp_ctx)); - if (samctx == NULL) { - DEBUG(2,("Unable to open sam in getdc reply\n")); - return; - } + samctx = iface->nbtsrv->sam_ctx; if (netlogon->req.logon.sid_size) { sid = &netlogon->req.logon.sid; diff --git a/source/nbt_server/nbt_server.c b/source/nbt_server/nbt_server.c index 832bbe01039..e6ff5003bf8 100644 --- a/source/nbt_server/nbt_server.c +++ b/source/nbt_server/nbt_server.c @@ -66,7 +66,7 @@ static void nbtd_task_init(struct task_server *task) return; } - nbtsrv->sam_ctx = samdb_connect(nbtsrv, task->event_ctx, task->lp_ctx, anonymous_session(nbtsrv, task->event_ctx, task->lp_ctx)); + nbtsrv->sam_ctx = samdb_connect(nbtsrv, task->event_ctx, task->lp_ctx, system_session(nbtsrv, task->lp_ctx)); if (nbtsrv->sam_ctx == NULL) { task_server_terminate(task, "nbtd failed to open samdb"); return; |