Rework samdb handling for 'netlogon' packets.

Don't reopen the samdb for every netlogon packet, and use the
system_session(), as we must access data not available to anonymous.
Perhaps we should consider a 'authenticated but not system' token, if
we want more control on this.

Andrew Bartlett
(This used to be commit d10c9b71ea7f2670c4ea5ec569bcb7f49ec41362)

diff --git a/source4/cldap_server/cldap_server.c b/source4/cldap_server/cldap_server.c
index 58e9e2d89b53af56db9002fac2d322e749af27e5..310fb564e0fc5068d8845bf158d09e20d44fcac9 100644 (file)
--- a/source4/cldap_server/cldap_server.c
+++ b/source4/cldap_server/cldap_server.c
@@ -187,7 +187,7 @@ static void cldapd_task_init(struct task_server *task)
        }
 
        cldapd->task = task;
-       cldapd->samctx = samdb_connect(cldapd, task->event_ctx, task->lp_ctx, anonymous_session(cldapd, task->event_ctx, task->lp_ctx));
+       cldapd->samctx = samdb_connect(cldapd, task->event_ctx, task->lp_ctx, system_session(cldapd, task->lp_ctx));
        if (cldapd->samctx == NULL) {
                task_server_terminate(task, "cldapd failed to open samdb");
                return;

diff --git a/source4/nbt_server/dgram/netlogon.c b/source4/nbt_server/dgram/netlogon.c
index 5e263a585471314759336effe26a2caedc519d47..5e95270b7d2f8f01960b552055748fd308dd454f 100644 (file)
--- a/source4/nbt_server/dgram/netlogon.c
+++ b/source4/nbt_server/dgram/netlogon.c
@@ -56,11 +56,7 @@ static void nbtd_netlogon_getdc(struct dgram_mailslot_handler *dgmslot,
                return;
        }
 
-       samctx = samdb_connect(packet, iface->nbtsrv->task->event_ctx, iface->nbtsrv->task->lp_ctx, anonymous_session(packet, iface->nbtsrv->task->event_ctx, iface->nbtsrv->task->lp_ctx));
-       if (samctx == NULL) {
-               DEBUG(2,("Unable to open sam in getdc reply\n"));
-               return;
-       }
+       samctx = iface->nbtsrv->sam_ctx;
 
        if (!samdb_is_pdc(samctx)) {
                DEBUG(2, ("Not a PDC, so not processing LOGON_PRIMARY_QUERY\n"));
@@ -126,11 +122,7 @@ static void nbtd_netlogon_samlogon(struct dgram_mailslot_handler *dgmslot,
                return;
        }
 
-       samctx = samdb_connect(packet, iface->nbtsrv->task->event_ctx, iface->nbtsrv->task->lp_ctx, anonymous_session(packet, iface->nbtsrv->task->event_ctx, iface->nbtsrv->task->lp_ctx));
-       if (samctx == NULL) {
-               DEBUG(2,("Unable to open sam in getdc reply\n"));
-               return;
-       }
+       samctx = iface->nbtsrv->sam_ctx;
 
        if (netlogon->req.logon.sid_size) {
                sid = &netlogon->req.logon.sid;

diff --git a/source4/nbt_server/nbt_server.c b/source4/nbt_server/nbt_server.c
index 832bbe0103924f30797face6553fee1f6125146c..e6ff5003bf84faeeb822066d97c820f2a6c9da16 100644 (file)
--- a/source4/nbt_server/nbt_server.c
+++ b/source4/nbt_server/nbt_server.c
@@ -66,7 +66,7 @@ static void nbtd_task_init(struct task_server *task)
                return;
        }
 
-       nbtsrv->sam_ctx = samdb_connect(nbtsrv, task->event_ctx, task->lp_ctx, anonymous_session(nbtsrv, task->event_ctx, task->lp_ctx));
+       nbtsrv->sam_ctx = samdb_connect(nbtsrv, task->event_ctx, task->lp_ctx, system_session(nbtsrv, task->lp_ctx));
        if (nbtsrv->sam_ctx == NULL) {
                task_server_terminate(task, "nbtd failed to open samdb");
                return;