From adbe6cba005a2060b0f641e91b500574f4637a36 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 27 Mar 2013 08:43:18 +0100
Subject: [PATCH] libcli/auth: avoid using transactions a chainlock is enough

We're just writting a single record into a CLEAR_IF_FIRST|TDB_NOSYNC
tdb.

We just need to make sure we lock the record between reading and writting.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Mar 28 14:52:14 CET 2013 on sn-devel-104
---
 libcli/auth/schannel_state_tdb.c | 36 ++++++++++++++++++++++++++----------
 1 file changed, 26 insertions(+), 10 deletions(-)

diff --git a/libcli/auth/schannel_state_tdb.c b/libcli/auth/schannel_state_tdb.c
index bc91104f71a..eecd00edb27 100644
--- a/libcli/auth/schannel_state_tdb.c
+++ b/libcli/auth/schannel_state_tdb.c
@@ -285,19 +285,41 @@ NTSTATUS schannel_check_creds_state(TALLOC_CTX *mem_ctx,
 	struct netlogon_creds_CredentialState *creds;
 	NTSTATUS status;
 	int ret;
+	char *name_upper = NULL;
+	char *keystr = NULL;
+	TDB_DATA key;
+
+	if (creds_out != NULL) {
+		*creds_out = NULL;
+	}
 
 	tmpctx = talloc_named(mem_ctx, 0, "schannel_check_creds_state");
 	if (!tmpctx) {
 		return NT_STATUS_NO_MEMORY;
 	}
 
+	name_upper = strupper_talloc(tmpctx, computer_name);
+	if (!name_upper) {
+		status = NT_STATUS_NO_MEMORY;
+		goto done;
+	}
+
+	keystr = talloc_asprintf(tmpctx, "%s/%s",
+				 SECRETS_SCHANNEL_STATE, name_upper);
+	if (!keystr) {
+		status = NT_STATUS_NO_MEMORY;
+		goto done;
+	}
+
+	key = string_term_tdb_data(keystr);
+
 	tdb_sc = open_schannel_session_store(tmpctx, lp_ctx);
 	if (!tdb_sc) {
 		status = NT_STATUS_ACCESS_DENIED;
 		goto done;
 	}
 
-	ret = tdb_transaction_start(tdb_sc->tdb);
+	ret = tdb_chainlock(tdb_sc->tdb, key);
 	if (ret != 0) {
 		status = NT_STATUS_INTERNAL_DB_CORRUPTION;
 		goto done;
@@ -310,7 +332,7 @@ NTSTATUS schannel_check_creds_state(TALLOC_CTX *mem_ctx,
 	status = schannel_fetch_session_key_tdb(tdb_sc, tmpctx, 
 						computer_name, &creds);
 	if (!NT_STATUS_IS_OK(status)) {
-		tdb_transaction_cancel(tdb_sc->tdb);
+		tdb_chainunlock(tdb_sc->tdb, key);
 		goto done;
 	}
 
@@ -318,19 +340,13 @@ NTSTATUS schannel_check_creds_state(TALLOC_CTX *mem_ctx,
 						  received_authenticator,
 						  return_authenticator);
 	if (!NT_STATUS_IS_OK(status)) {
-		tdb_transaction_cancel(tdb_sc->tdb);
+		tdb_chainunlock(tdb_sc->tdb, key);
 		goto done;
 	}
 
 	status = schannel_store_session_key_tdb(tdb_sc, tmpctx, creds);
+	tdb_chainunlock(tdb_sc->tdb, key);
 	if (!NT_STATUS_IS_OK(status)) {
-		tdb_transaction_cancel(tdb_sc->tdb);
-		goto done;
-	}
-
-	ret = tdb_transaction_commit(tdb_sc->tdb);
-	if (ret != 0) {
-		status = NT_STATUS_INTERNAL_DB_CORRUPTION;
 		goto done;
 	}
 
-- 
2.11.4.GIT