svn commit: samba r1993 - in branches/SAMBA_4_0/source: librpc/rpc rpc_server rpc_server/netlogon

abartlet at samba.org abartlet at samba.org
Mon Aug 23 05:51:39 GMT 2004 

Author: abartlet
Date: 2004-08-23 05:51:38 +0000 (Mon, 23 Aug 2004)
New Revision: 1993

WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba&path=/branches/SAMBA_4_0/source&rev=1993&nolog=1

Log:
Allow WinXP domain logon to progress a bit further (it seems broken for me).

Fix indent, and add a few more useful debug messages.

Send a fault, if the bind is not accepted - don't just leave the client hanging.

Andrew Bartlett

Modified:
   branches/SAMBA_4_0/source/librpc/rpc/dcerpc_schannel.c
   branches/SAMBA_4_0/source/rpc_server/dcerpc_server.c
   branches/SAMBA_4_0/source/rpc_server/netlogon/dcerpc_netlogon.c


Changeset:
Modified: branches/SAMBA_4_0/source/librpc/rpc/dcerpc_schannel.c
===================================================================
--- branches/SAMBA_4_0/source/librpc/rpc/dcerpc_schannel.c	2004-08-22 05:37:39 UTC (rev 1992)
+++ branches/SAMBA_4_0/source/librpc/rpc/dcerpc_schannel.c	2004-08-23 05:51:38 UTC (rev 1993)
@@ -101,6 +101,7 @@
 	struct schannel_bind bind_schannel;
 	struct schannel_bind_ack bind_schannel_ack;
 	const char *account_name;
+	*out = data_blob(NULL, 0);
 
 	switch (gensec_security->gensec_role) {
 	case GENSEC_CLIENT:
@@ -138,7 +139,7 @@
 		
 		if (dce_schan_state->state != DCERPC_SCHANNEL_STATE_START) {
 			/* no third leg on this protocol */
-			return NT_STATUS_OK;
+			return NT_STATUS_INVALID_PARAMETER;
 		}
 		
 		/* parse the schannel startup blob */
@@ -187,7 +188,7 @@
 
 		dce_schan_state->state = DCERPC_SCHANNEL_STATE_UPDATE_1;
 
-		return NT_STATUS_MORE_PROCESSING_REQUIRED;
+		return NT_STATUS_OK;
 	}
 	return NT_STATUS_INVALID_PARAMETER;
 }
@@ -244,7 +245,7 @@
 	struct dcerpc_schannel_state *dce_schan_state = gensec_security->private_data;
 
 	*creds = talloc_p(mem_ctx, struct creds_CredentialState);
-	if (*creds) {
+	if (!*creds) {
 		return NT_STATUS_NO_MEMORY;
 	}
 

Modified: branches/SAMBA_4_0/source/rpc_server/dcerpc_server.c
===================================================================
--- branches/SAMBA_4_0/source/rpc_server/dcerpc_server.c	2004-08-22 05:37:39 UTC (rev 1992)
+++ branches/SAMBA_4_0/source/rpc_server/dcerpc_server.c	2004-08-23 05:51:38 UTC (rev 1993)
@@ -100,7 +100,7 @@
   see if a uuid and if_version match to an interface
 */
 static BOOL interface_match_by_uuid(const struct dcesrv_interface *iface,
-							const char *uuid, uint32_t if_version)
+				    const char *uuid, uint32_t if_version)
 {
 	if (iface->ndr->if_version != if_version) {
 		return False;
@@ -117,7 +117,7 @@
   find the interface operations on an endpoint by uuid
 */
 static const struct dcesrv_interface *find_interface_by_uuid(const struct dcesrv_endpoint *endpoint,
-						       const char *uuid, uint32_t if_version)
+							     const char *uuid, uint32_t if_version)
 {
 	struct dcesrv_if_list *ifl;
 	for (ifl=endpoint->interface_list; ifl; ifl=ifl->next) {
@@ -509,8 +509,8 @@
 	if (call->conn->iface) {
 		status = call->conn->iface->bind(call, call->conn->iface);
 		if (!NT_STATUS_IS_OK(status)) {
-			DEBUG(2,("Request for dcerpc interface %s/%d rejected\n", uuid, if_version));
-			return status;
+			DEBUG(2,("Request for dcerpc interface %s/%d rejected: %s\n", uuid, if_version, nt_errstr(status)));
+			return dcesrv_bind_nak(call, 0);
 		}
 	}
 

Modified: branches/SAMBA_4_0/source/rpc_server/netlogon/dcerpc_netlogon.c
===================================================================
--- branches/SAMBA_4_0/source/rpc_server/netlogon/dcerpc_netlogon.c	2004-08-22 05:37:39 UTC (rev 1992)
+++ branches/SAMBA_4_0/source/rpc_server/netlogon/dcerpc_netlogon.c	2004-08-23 05:51:38 UTC (rev 1993)
@@ -53,6 +53,7 @@
 	state = talloc_p(mem_ctx, struct server_pipe_state);
 	if (state == NULL) {
 		talloc_destroy(mem_ctx);
+		return NT_STATUS_NO_MEMORY;
 	}
 	ZERO_STRUCTP(state);
 	state->mem_ctx = mem_ctx;
@@ -60,6 +61,7 @@
 	
 	if (dce_call->conn->auth_state.session_info == NULL) {
 		talloc_destroy(mem_ctx);
+		smb_panic("No session info provided by schannel level setup!");
 		return NT_STATUS_NO_USER_SESSION_KEY;
 	}
 	
@@ -68,6 +70,7 @@
 				       &state->creds);
 
 	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(3, ("getting schannel credentials failed with %s\n", nt_errstr(status)));
 		talloc_destroy(mem_ctx);
 		return status;
 	}
@@ -89,8 +92,11 @@
 	    dce_call->conn->auth_state.auth_info->auth_type == DCERPC_AUTH_TYPE_SCHANNEL) {
 		NTSTATUS status;
 
+		DEBUG(5, ("schannel bind on netlogon\n"));
+
 		status = netlogon_schannel_setup(dce_call);
 		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(3, ("schannel bind on netlogon failed with %s\n", nt_errstr(status)));
 			return status;
 		}
 	}
@@ -190,16 +196,16 @@
 				   "(&(sAMAccountName=%s)(objectclass=user))", 
 				   r->in.account_name);
 
+	samdb_close(sam_ctx);
+
 	if (num_records == 0) {
 		DEBUG(3,("Couldn't find user [%s] in samdb.\n", 
 			 r->in.account_name));
-		samdb_close(sam_ctx);
 		return NT_STATUS_NO_SUCH_USER;
 	}
 
 	if (num_records > 1) {
 		DEBUG(0,("Found %d records matching user [%s]\n", num_records, r->in.account_name));
-		samdb_close(sam_ctx);
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
 	}
 
@@ -239,12 +245,9 @@
 
 	nt_status = samdb_result_passwords(mem_ctx, msgs[0], NULL, &mach_pwd);
 	if (!NT_STATUS_IS_OK(nt_status) || mach_pwd == NULL) {
-		samdb_close(sam_ctx);
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
-	samdb_close(sam_ctx);
-
 	if (!pipe_state->creds) {
 		pipe_state->creds = talloc_p(pipe_state->mem_ctx, struct creds_CredentialState);
 		if (!pipe_state->creds) {

More information about the samba-cvs mailing list