svn commit: samba r8799 - branches/SAMBA_3_0/source/nsswitch trunk/source/nsswitch

jerry at samba.org jerry at samba.org
Wed Jul 27 17:30:24 GMT 2005 

Author: jerry
Date: 2005-07-27 17:30:23 +0000 (Wed, 27 Jul 2005)
New Revision: 8799

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=8799

Log:
disabling schannel on samr and lsa until I figure out
the latest MS changes in 2003 sp1 and 2004 sp4 sr1


Modified:
   branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c
   trunk/source/nsswitch/winbindd_cm.c


Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c	2005-07-27 16:10:50 UTC (rev 8798)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c	2005-07-27 17:30:23 UTC (rev 8799)
@@ -64,9 +64,18 @@
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_WINBIND
 
-/* Global list of connections.	Initially a DLIST but can become a hash
-   table or whatever later. */
 
+/****************************************************************** 
+   Disabling schannl on the LSA pipe for now since 
+   both Win2K-SP4 SR1 & Win2K3-SP1 fail the open_policy() 
+   call (return codes 0xc0020042 and 0xc0020041 respectively).
+   We really need to fix this soon.  Had to disable on the 
+   SAMR pipe as well for now.   --jerry
+******************************************************************/
+
+#define DISABLE_SCHANNEL_WIN2K3_SP1	1
+
+
 /* Choose between anonymous or authenticated connections.  We need to use
    an authenticated connection if DCs have the RestrictAnonymous registry
    entry set > 0, or the "Additional restrictions for anonymous
@@ -984,6 +993,7 @@
 	conn = &domain->conn;
 
 	if (conn->samr_pipe == NULL) {
+#ifdef DISABLE_SCHANNEL_WIN2K3_SP1
 		unsigned char *session_key;
 
 		if (cm_get_schannel_key(domain, mem_ctx, &session_key))
@@ -992,6 +1002,7 @@
 								session_key,
 								domain->name);
 		else
+#endif	/* DISABLE_SCHANNEL_WIN2K3_SP1 */
 			conn->samr_pipe = cli_rpc_open_noauth(conn->cli,
 							      PI_SAMR);
 
@@ -1038,12 +1049,7 @@
 	conn = &domain->conn;
 
 	if (conn->lsa_pipe == NULL) {
-#if 0
-		/* disabling schannl on the LSA pipe for now since 
-		   both Win2K-SP4 SR1 & Win2K3-SP1 fail the open_policy() 
-		   call (return codes 0xc0020042 and 0xc0020041 respectively).
-		   We really need to fix this soon.  --jerry  */
-
+#ifdef DISABLE_SCHANNEL_WIN2K3_SP1
 		unsigned char *session_key;
 
 		if (cm_get_schannel_key(domain, mem_ctx, &session_key))
@@ -1052,7 +1058,7 @@
 							       session_key,
 							       domain->name);
 		else
-#endif
+#endif	/* DISABLE_SCHANNEL_WIN2K3_SP1 */
 			conn->lsa_pipe = cli_rpc_open_noauth(conn->cli,
 							     PI_LSARPC);
 

Modified: trunk/source/nsswitch/winbindd_cm.c
===================================================================
--- trunk/source/nsswitch/winbindd_cm.c	2005-07-27 16:10:50 UTC (rev 8798)
+++ trunk/source/nsswitch/winbindd_cm.c	2005-07-27 17:30:23 UTC (rev 8799)
@@ -64,9 +64,18 @@
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_WINBIND
 
-/* Global list of connections.	Initially a DLIST but can become a hash
-   table or whatever later. */
 
+/****************************************************************** 
+   Disabling schannl on the LSA pipe for now since 
+   both Win2K-SP4 SR1 & Win2K3-SP1 fail the open_policy() 
+   call (return codes 0xc0020042 and 0xc0020041 respectively).
+   We really need to fix this soon.  Had to disable on the 
+   SAMR pipe as well for now.   --jerry
+******************************************************************/
+
+#define DISABLE_SCHANNEL_WIN2K3_SP1	1
+
+
 /* Choose between anonymous or authenticated connections.  We need to use
    an authenticated connection if DCs have the RestrictAnonymous registry
    entry set > 0, or the "Additional restrictions for anonymous
@@ -984,6 +993,7 @@
 	conn = &domain->conn;
 
 	if (conn->samr_pipe == NULL) {
+#ifdef DISABLE_SCHANNEL_WIN2K3_SP1
 		unsigned char *session_key;
 
 		if (cm_get_schannel_key(domain, mem_ctx, &session_key))
@@ -992,6 +1002,7 @@
 								session_key,
 								domain->name);
 		else
+#endif	/* DISABLE_SCHANNEL_WIN2K3_SP1 */
 			conn->samr_pipe = cli_rpc_open_noauth(conn->cli,
 							      PI_SAMR);
 
@@ -1038,6 +1049,7 @@
 	conn = &domain->conn;
 
 	if (conn->lsa_pipe == NULL) {
+#ifdef DISABLE_SCHANNEL_WIN2K3_SP1
 		unsigned char *session_key;
 
 		if (cm_get_schannel_key(domain, mem_ctx, &session_key))
@@ -1046,6 +1058,7 @@
 							       session_key,
 							       domain->name);
 		else
+#endif	/* DISABLE_SCHANNEL_WIN2K3_SP1 */
 			conn->lsa_pipe = cli_rpc_open_noauth(conn->cli,
 							     PI_LSARPC);

More information about the samba-cvs mailing list