svn commit: samba r5575 - in trunk/source: rpc_client rpcclient

vlendec at samba.org vlendec at samba.org
Fri Feb 25 23:57:02 GMT 2005


Author: vlendec
Date: 2005-02-25 23:57:02 +0000 (Fri, 25 Feb 2005)
New Revision: 5575

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=5575

Log:
Fix the 'schannel' command of rpcclient. This will simplify our handling of
schannel pipes a bit: We always assumed that the netlogon pipe over which the
auth2 was done had to be kept open. This is not true, at least not against
w2k3 and nt4 as a server. The schannel rpcclient command computes the schannel
key and further on always does the schannel bind for all commands. Try using
commands samr and lsa commands interchanged, and fresh binds succeed.

However, connecting to spoolss won't bind with schannel. Hmm. Does this work
with samba4?

Volker

Modified:
   trunk/source/rpc_client/cli_pipe.c
   trunk/source/rpcclient/rpcclient.c


Changeset:
Modified: trunk/source/rpc_client/cli_pipe.c
===================================================================
--- trunk/source/rpc_client/cli_pipe.c	2005-02-25 23:46:13 UTC (rev 5574)
+++ trunk/source/rpc_client/cli_pipe.c	2005-02-25 23:57:02 UTC (rev 5575)
@@ -1492,6 +1492,8 @@
 	cli_pipe->pipe_idx = pipe_idx;
 	cli_pipe->cli = cli;
 	cli_pipe->pipe_auth_flags = cli->pipe_auth_flags;
+	memcpy(&cli_pipe->auth_info.sess_key,
+	       cli->sess_key, sizeof(cli->sess_key));
 
 	/******************* bind request on pipe *****************/
 
@@ -1622,12 +1624,13 @@
 		return result;
 	}
 
-	cli->netlogon_pipe = cli->pipes[PI_NETLOGON];
-	ZERO_STRUCT(cli->pipes[PI_NETLOGON]);
-
 	memcpy(cli->pipes[PI_NETLOGON].auth_info.sess_key, cli->sess_key,
 	       sizeof(cli->pipes[PI_NETLOGON].auth_info.sess_key));
 
+	cli_close(cli, cli->pipes[PI_NETLOGON].fnum);
+	cli->pipes[PI_NETLOGON].fnum = 0;
+	cli->pipe_idx = -1;
+	
 	/* doing schannel, not per-user auth */
 	cli->pipe_auth_flags = auth_flags;
 

Modified: trunk/source/rpcclient/rpcclient.c
===================================================================
--- trunk/source/rpcclient/rpcclient.c	2005-02-25 23:46:13 UTC (rev 5574)
+++ trunk/source/rpcclient/rpcclient.c	2005-02-25 23:57:02 UTC (rev 5575)
@@ -363,34 +363,19 @@
 	uchar trust_password[16];
 	uint32 sec_channel_type;
 	if (argc == 2) {
-		strhex_to_str((char *)cli->pipes[cli->pipe_idx].auth_info.sess_key,
-			      strlen(argv[1]), 
-			      argv[1]);
-		memcpy(cli->sess_key, cli->pipes[cli->pipe_idx].auth_info.sess_key, sizeof(cli->sess_key));
-
+		strhex_to_str(cli->sess_key, strlen(argv[1]), argv[1]);
 		cli->pipe_auth_flags = pipe_auth_flags;
 		return NT_STATUS_OK;
 	}
 
 	/* Cleanup */
 
-	if ((memcmp(cli->pipes[cli->pipe_idx].auth_info.sess_key, zeros, sizeof(cli->pipes[cli->pipe_idx].auth_info.sess_key)) != 0)) {
-		if (cli->pipes[cli->pipe_idx].pipe_auth_flags == pipe_auth_flags) {
-			/* already in this mode nothing to do */
-			return NT_STATUS_OK;
-		} else {
-			/* schannel is setup, just need to use it again with new flags */
-			cli->pipes[cli->pipe_idx].pipe_auth_flags = pipe_auth_flags;
-
-			if (cli->pipes[cli->pipe_idx].fnum != 0)
-				cli_nt_session_close(cli);
-			return NT_STATUS_OK;
-		}
+	if ((memcmp(cli->sess_key, zeros, sizeof(cli->sess_key)) != 0) &&
+	    (cli->pipe_auth_flags == pipe_auth_flags)) {
+		/* already in this mode nothing to do */
+		return NT_STATUS_OK;
 	}
 	
-	if (cli->pipes[cli->pipe_idx].fnum != 0)
-		cli_nt_session_close(cli);
-
 	if (!secrets_fetch_trust_account_password(lp_workgroup(),
 						  trust_password,
 						  NULL, &sec_channel_type)) {



More information about the samba-cvs mailing list