samba-cvs.cvs
[Top] [All Lists]

svn commit: samba r13635 - in branches/SAMBA_3_0_RELEASE/source: client

Subject: svn commit: samba r13635 - in branches/SAMBA_3_0_RELEASE/source: client libsmb smbd utils
From:
Date: Wed, 22 Feb 2006 15:08:06 +0000 GMT
Author: jerry
Date: 2006-02-22 15:08:05 +0000 (Wed, 22 Feb 2006)
New Revision: 13635

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13635

Log:
Some more fixes for 3.0.21c

svn merge -r13601:13604 $SVNURL/branches/SAMBA_3_0
svn merge -r13604:13607 $SVNURL/branches/SAMBA_3_0
svn merge -r13610:13612 $SVNURL/branches/SAMBA_3_0
svn merge -r13612:13614 $SVNURL/branches/SAMBA_3_0


Modified:
   branches/SAMBA_3_0_RELEASE/source/client/smbctool.c
   branches/SAMBA_3_0_RELEASE/source/libsmb/clientgen.c
   branches/SAMBA_3_0_RELEASE/source/smbd/sesssetup.c
   branches/SAMBA_3_0_RELEASE/source/utils/net_rpc_join.c
   branches/SAMBA_3_0_RELEASE/source/utils/pdbedit.c


Changeset:
Modified: branches/SAMBA_3_0_RELEASE/source/client/smbctool.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/client/smbctool.c 2006-02-22 14:07:04 UTC 
(rev 13634)
+++ branches/SAMBA_3_0_RELEASE/source/client/smbctool.c 2006-02-22 15:08:05 UTC 
(rev 13635)
@@ -22,8 +22,6 @@
    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 */
 
-#define NO_SYSLOG
-
 #include "includes.h"
 #include "libsmbclient.h"
 #include "client/client_proto.h"

Modified: branches/SAMBA_3_0_RELEASE/source/libsmb/clientgen.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/libsmb/clientgen.c        2006-02-22 
14:07:04 UTC (rev 13634)
+++ branches/SAMBA_3_0_RELEASE/source/libsmb/clientgen.c        2006-02-22 
15:08:05 UTC (rev 13635)
@@ -357,7 +357,15 @@
 
 void cli_rpc_pipe_close(struct rpc_pipe_client *cli)
 {
-       if (!cli_close(cli->cli, cli->fnum)) {
+       BOOL ret;
+
+       if (!cli) {
+               return False;
+       }
+
+       ret = cli_close(cli->cli, cli->fnum);
+
+       if (!ret) {
                DEBUG(0,("cli_rpc_pipe_close: cli_close failed on pipe %s, "
                          "fnum 0x%x "
                          "to machine %s.  Error was %s\n",

Modified: branches/SAMBA_3_0_RELEASE/source/smbd/sesssetup.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/smbd/sesssetup.c  2006-02-22 14:07:04 UTC 
(rev 13634)
+++ branches/SAMBA_3_0_RELEASE/source/smbd/sesssetup.c  2006-02-22 15:08:05 UTC 
(rev 13635)
@@ -70,6 +70,23 @@
 }
 
 /****************************************************************************
+ Start the signing engine if needed. Don't fail signing here.
+****************************************************************************/
+
+static void sessionsetup_start_signing_engine(const auth_serversupplied_info 
*server_info, char *inbuf)
+{
+       if (!server_info->guest && !srv_signing_started()) {
+               /* We need to start the signing engine
+                * here but a W2K client sends the old
+                * "BSRSPYL " signature instead of the
+                * correct one. Subsequent packets will
+                * be correct.
+                */
+               srv_check_sign_mac(inbuf, False);
+       }
+}
+
+/****************************************************************************
  Send a security blob via a session setup reply.
 ****************************************************************************/
 
@@ -357,15 +374,7 @@
                
                SSVAL(outbuf, smb_uid, sess_vuid);
 
-               if (!server_info->guest && !srv_signing_started()) {
-                       /* We need to start the signing engine
-                        * here but a W2K client sends the old
-                        * "BSRSPYL " signature instead of the
-                        * correct one. Subsequent packets will
-                        * be correct.
-                        */
-                       srv_check_sign_mac(inbuf, False);
-               }
+               sessionsetup_start_signing_engine(server_info, inbuf);
        }
 
         /* wrap that up in a nice GSS-API wrapping */
@@ -438,16 +447,7 @@
                        
                        SSVAL(outbuf,smb_uid,sess_vuid);
 
-                       if (!server_info->guest && !srv_signing_started()) {
-                               /* We need to start the signing engine
-                                * here but a W2K client sends the old
-                                * "BSRSPYL " signature instead of the
-                                * correct one. Subsequent packets will
-                                * be correct.
-                                */
-
-                               srv_check_sign_mac(inbuf, False);
-                       }
+                       sessionsetup_start_signing_engine(server_info, inbuf);
                }
        }
 
@@ -1099,9 +1099,7 @@
        /* current_user_info is changed on new vuid */
        reload_services( True );
 
-       if (!server_info->guest && !srv_signing_started() && 
!srv_check_sign_mac(inbuf, True)) {
-               exit_server("reply_sesssetup_and_X: bad smb signature");
-       }
+       sessionsetup_start_signing_engine(server_info, inbuf);
 
        SSVAL(outbuf,smb_uid,sess_vuid);
        SSVAL(inbuf,smb_uid,sess_vuid);

Modified: branches/SAMBA_3_0_RELEASE/source/utils/net_rpc_join.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/utils/net_rpc_join.c      2006-02-22 
14:07:04 UTC (rev 13634)
+++ branches/SAMBA_3_0_RELEASE/source/utils/net_rpc_join.c      2006-02-22 
15:08:05 UTC (rev 13635)
@@ -88,10 +88,9 @@
        struct cli_state *cli;
        TALLOC_CTX *mem_ctx;
         uint32 acb_info = ACB_WSTRUST;
-       uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
+       uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|(lp_client_schannel() ? 
NETLOGON_NEG_SCHANNEL : 0);
        uint32 sec_channel_type;
        struct rpc_pipe_client *pipe_hnd = NULL;
-       struct rpc_pipe_client *netlogon_schannel_pipe = NULL;
 
        /* rpc variables */
 
@@ -325,29 +324,37 @@
                goto done;
        }
 
-       netlogon_schannel_pipe = cli_rpc_pipe_open_schannel_with_key(cli,
+       /* We can only check the schannel connection if the client is allowed
+          to do this and the server supports it. If not, just assume success
+          (after all the rpccli_netlogon_setup_creds() succeeded, and we'll
+          do the same again (setup creds) in net_rpc_join_ok(). JRA. */
+
+       if (lp_client_schannel() && (neg_flags & NETLOGON_NEG_SCHANNEL)) {
+               struct rpc_pipe_client *netlogon_schannel_pipe = 
+                                               
cli_rpc_pipe_open_schannel_with_key(cli,
                                                        PI_NETLOGON,
                                                        PIPE_AUTH_LEVEL_PRIVACY,
                                                        domain,
                                                        pipe_hnd->dc,
                                                        &result);
 
-       if (!NT_STATUS_IS_OK(result)) {
-               DEBUG(0, ("Error in domain join verification (schannel setup 
failed): %s\n\n",
-                         nt_errstr(result)));
+               if (!NT_STATUS_IS_OK(result)) {
+                       DEBUG(0, ("Error in domain join verification (schannel 
setup failed): %s\n\n",
+                                 nt_errstr(result)));
 
-               if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) &&
-                    (sec_channel_type == SEC_CHAN_BDC) ) {
-                       d_fprintf(stderr, "Please make sure that no computer 
account\n"
-                                "named like this machine (%s) exists in the 
domain\n",
-                                global_myname());
+                       if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) &&
+                            (sec_channel_type == SEC_CHAN_BDC) ) {
+                               d_fprintf(stderr, "Please make sure that no 
computer account\n"
+                                        "named like this machine (%s) exists 
in the domain\n",
+                                        global_myname());
+                       }
+
+                       goto done;
                }
-
-               goto done;
+               cli_rpc_pipe_close(netlogon_schannel_pipe);
        }
 
        cli_rpc_pipe_close(pipe_hnd);
-       cli_rpc_pipe_close(netlogon_schannel_pipe);
 
        /* Now store the secret in the secrets database */
 

Modified: branches/SAMBA_3_0_RELEASE/source/utils/pdbedit.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/utils/pdbedit.c   2006-02-22 14:07:04 UTC 
(rev 13634)
+++ branches/SAMBA_3_0_RELEASE/source/utils/pdbedit.c   2006-02-22 15:08:05 UTC 
(rev 13635)
@@ -730,7 +730,7 @@
        static char *pwd_can_change_time = NULL;
        static char *pwd_must_change_time = NULL;
        static char *pwd_time_format = NULL;
-       BOOL pw_from_stdin = False;
+       static BOOL pw_from_stdin = False;
 
        struct pdb_context *bin;
        struct pdb_context *bout;

<Prev in Thread] Current Thread [Next in Thread>
  • svn commit: samba r13635 - in branches/SAMBA_3_0_RELEASE/source: client libsmb smbd utils, jerry <=