samba-cvs.cvs
[Top] [All Lists]

svn commit: samba r13613 - in trunk/source: libsmb utils

Subject: svn commit: samba r13613 - in trunk/source: libsmb utils
From:
Date: Wed, 22 Feb 2006 04:56:51 +0000 GMT
Author: jra
Date: 2006-02-22 04:56:50 +0000 (Wed, 22 Feb 2006)
New Revision: 13613

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13613

Log:
First part of the bugfix for #3510 - net join fails
against server with schannel disabled. Second part
will come tomorrow (fixing net_rpc_join_ok()).
Jeremy.

Modified:
   trunk/source/libsmb/clientgen.c
   trunk/source/utils/net_rpc_join.c


Changeset:
Modified: trunk/source/libsmb/clientgen.c
===================================================================
--- trunk/source/libsmb/clientgen.c     2006-02-22 03:12:00 UTC (rev 13612)
+++ trunk/source/libsmb/clientgen.c     2006-02-22 04:56:50 UTC (rev 13613)
@@ -358,8 +358,14 @@
 
 BOOL cli_rpc_pipe_close(struct rpc_pipe_client *cli)
 {
-       BOOL ret = cli_close(cli->cli, cli->fnum);
+       BOOL ret;
 
+       if (!cli) {
+               return False;
+       }
+
+       ret = cli_close(cli->cli, cli->fnum);
+
        if (!ret) {
                DEBUG(0,("cli_rpc_pipe_close: cli_close failed on pipe %s, "
                          "fnum 0x%x "

Modified: trunk/source/utils/net_rpc_join.c
===================================================================
--- trunk/source/utils/net_rpc_join.c   2006-02-22 03:12:00 UTC (rev 13612)
+++ trunk/source/utils/net_rpc_join.c   2006-02-22 04:56:50 UTC (rev 13613)
@@ -88,10 +88,9 @@
        struct cli_state *cli;
        TALLOC_CTX *mem_ctx;
         uint32 acb_info = ACB_WSTRUST;
-       uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
+       uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|(lp_client_schannel() ? 
NETLOGON_NEG_SCHANNEL : 0);
        uint32 sec_channel_type;
        struct rpc_pipe_client *pipe_hnd = NULL;
-       struct rpc_pipe_client *netlogon_schannel_pipe = NULL;
 
        /* rpc variables */
 
@@ -325,29 +324,37 @@
                goto done;
        }
 
-       netlogon_schannel_pipe = cli_rpc_pipe_open_schannel_with_key(cli,
+       /* We can only check the schannel connection if the client is allowed
+          to do this and the server supports it. If not, just assume success
+          (after all the rpccli_netlogon_setup_creds() succeeded, and we'll
+          do the same again (setup creds) in net_rpc_join_ok(). JRA. */
+
+       if (lp_client_schannel() && (neg_flags & NETLOGON_NEG_SCHANNEL)) {
+               struct rpc_pipe_client *netlogon_schannel_pipe = 
+                                               
cli_rpc_pipe_open_schannel_with_key(cli,
                                                        PI_NETLOGON,
                                                        PIPE_AUTH_LEVEL_PRIVACY,
                                                        domain,
                                                        pipe_hnd->dc,
                                                        &result);
 
-       if (!NT_STATUS_IS_OK(result)) {
-               DEBUG(0, ("Error in domain join verification (schannel setup 
failed): %s\n\n",
-                         nt_errstr(result)));
+               if (!NT_STATUS_IS_OK(result)) {
+                       DEBUG(0, ("Error in domain join verification (schannel 
setup failed): %s\n\n",
+                                 nt_errstr(result)));
 
-               if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) &&
-                    (sec_channel_type == SEC_CHAN_BDC) ) {
-                       d_fprintf(stderr, "Please make sure that no computer 
account\n"
-                                "named like this machine (%s) exists in the 
domain\n",
-                                global_myname());
+                       if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) &&
+                            (sec_channel_type == SEC_CHAN_BDC) ) {
+                               d_fprintf(stderr, "Please make sure that no 
computer account\n"
+                                        "named like this machine (%s) exists 
in the domain\n",
+                                        global_myname());
+                       }
+
+                       goto done;
                }
-
-               goto done;
+               cli_rpc_pipe_close(netlogon_schannel_pipe);
        }
 
        cli_rpc_pipe_close(pipe_hnd);
-       cli_rpc_pipe_close(netlogon_schannel_pipe);
 
        /* Now store the secret in the secrets database */
 

<Prev in Thread] Current Thread [Next in Thread>
  • svn commit: samba r13613 - in trunk/source: libsmb utils, jra <=