svn commit: samba r5575 - in trunk/source: rpc_client rpcclient
vlendec at samba.org
vlendec at samba.org
Fri Feb 25 23:57:02 GMT 2005
Author: vlendec
Date: 2005-02-25 23:57:02 +0000 (Fri, 25 Feb 2005)
New Revision: 5575
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=5575
Log:
Fix the 'schannel' command of rpcclient. This will simplify our handling of
schannel pipes a bit: We always assumed that the netlogon pipe over which the
auth2 was done had to be kept open. This is not true, at least not against
w2k3 and nt4 as a server. The schannel rpcclient command computes the schannel
key and further on always does the schannel bind for all commands. Try using
commands samr and lsa commands interchanged, and fresh binds succeed.
However, connecting to spoolss won't bind with schannel. Hmm. Does this work
with samba4?
Volker
Modified:
trunk/source/rpc_client/cli_pipe.c
trunk/source/rpcclient/rpcclient.c
Changeset:
Modified: trunk/source/rpc_client/cli_pipe.c
===================================================================
--- trunk/source/rpc_client/cli_pipe.c 2005-02-25 23:46:13 UTC (rev 5574)
+++ trunk/source/rpc_client/cli_pipe.c 2005-02-25 23:57:02 UTC (rev 5575)
@@ -1492,6 +1492,8 @@
cli_pipe->pipe_idx = pipe_idx;
cli_pipe->cli = cli;
cli_pipe->pipe_auth_flags = cli->pipe_auth_flags;
+ memcpy(&cli_pipe->auth_info.sess_key,
+ cli->sess_key, sizeof(cli->sess_key));
/******************* bind request on pipe *****************/
@@ -1622,12 +1624,13 @@
return result;
}
- cli->netlogon_pipe = cli->pipes[PI_NETLOGON];
- ZERO_STRUCT(cli->pipes[PI_NETLOGON]);
-
memcpy(cli->pipes[PI_NETLOGON].auth_info.sess_key, cli->sess_key,
sizeof(cli->pipes[PI_NETLOGON].auth_info.sess_key));
+ cli_close(cli, cli->pipes[PI_NETLOGON].fnum);
+ cli->pipes[PI_NETLOGON].fnum = 0;
+ cli->pipe_idx = -1;
+
/* doing schannel, not per-user auth */
cli->pipe_auth_flags = auth_flags;
Modified: trunk/source/rpcclient/rpcclient.c
===================================================================
--- trunk/source/rpcclient/rpcclient.c 2005-02-25 23:46:13 UTC (rev 5574)
+++ trunk/source/rpcclient/rpcclient.c 2005-02-25 23:57:02 UTC (rev 5575)
@@ -363,34 +363,19 @@
uchar trust_password[16];
uint32 sec_channel_type;
if (argc == 2) {
- strhex_to_str((char *)cli->pipes[cli->pipe_idx].auth_info.sess_key,
- strlen(argv[1]),
- argv[1]);
- memcpy(cli->sess_key, cli->pipes[cli->pipe_idx].auth_info.sess_key, sizeof(cli->sess_key));
-
+ strhex_to_str(cli->sess_key, strlen(argv[1]), argv[1]);
cli->pipe_auth_flags = pipe_auth_flags;
return NT_STATUS_OK;
}
/* Cleanup */
- if ((memcmp(cli->pipes[cli->pipe_idx].auth_info.sess_key, zeros, sizeof(cli->pipes[cli->pipe_idx].auth_info.sess_key)) != 0)) {
- if (cli->pipes[cli->pipe_idx].pipe_auth_flags == pipe_auth_flags) {
- /* already in this mode nothing to do */
- return NT_STATUS_OK;
- } else {
- /* schannel is setup, just need to use it again with new flags */
- cli->pipes[cli->pipe_idx].pipe_auth_flags = pipe_auth_flags;
-
- if (cli->pipes[cli->pipe_idx].fnum != 0)
- cli_nt_session_close(cli);
- return NT_STATUS_OK;
- }
+ if ((memcmp(cli->sess_key, zeros, sizeof(cli->sess_key)) != 0) &&
+ (cli->pipe_auth_flags == pipe_auth_flags)) {
+ /* already in this mode nothing to do */
+ return NT_STATUS_OK;
}
- if (cli->pipes[cli->pipe_idx].fnum != 0)
- cli_nt_session_close(cli);
-
if (!secrets_fetch_trust_account_password(lp_workgroup(),
trust_password,
NULL, &sec_channel_type)) {
More information about the samba-cvs
mailing list