svn commit: samba r8799 - branches/SAMBA_3_0/source/nsswitch
trunk/source/nsswitch
jerry at samba.org
jerry at samba.org
Wed Jul 27 17:30:24 GMT 2005
Author: jerry
Date: 2005-07-27 17:30:23 +0000 (Wed, 27 Jul 2005)
New Revision: 8799
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=8799
Log:
disabling schannel on samr and lsa until I figure out
the latest MS changes in 2003 sp1 and 2004 sp4 sr1
Modified:
branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c
trunk/source/nsswitch/winbindd_cm.c
Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c 2005-07-27 16:10:50 UTC (rev 8798)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c 2005-07-27 17:30:23 UTC (rev 8799)
@@ -64,9 +64,18 @@
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
-/* Global list of connections. Initially a DLIST but can become a hash
- table or whatever later. */
+/******************************************************************
+ Disabling schannl on the LSA pipe for now since
+ both Win2K-SP4 SR1 & Win2K3-SP1 fail the open_policy()
+ call (return codes 0xc0020042 and 0xc0020041 respectively).
+ We really need to fix this soon. Had to disable on the
+ SAMR pipe as well for now. --jerry
+******************************************************************/
+
+#define DISABLE_SCHANNEL_WIN2K3_SP1 1
+
+
/* Choose between anonymous or authenticated connections. We need to use
an authenticated connection if DCs have the RestrictAnonymous registry
entry set > 0, or the "Additional restrictions for anonymous
@@ -984,6 +993,7 @@
conn = &domain->conn;
if (conn->samr_pipe == NULL) {
+#ifdef DISABLE_SCHANNEL_WIN2K3_SP1
unsigned char *session_key;
if (cm_get_schannel_key(domain, mem_ctx, &session_key))
@@ -992,6 +1002,7 @@
session_key,
domain->name);
else
+#endif /* DISABLE_SCHANNEL_WIN2K3_SP1 */
conn->samr_pipe = cli_rpc_open_noauth(conn->cli,
PI_SAMR);
@@ -1038,12 +1049,7 @@
conn = &domain->conn;
if (conn->lsa_pipe == NULL) {
-#if 0
- /* disabling schannl on the LSA pipe for now since
- both Win2K-SP4 SR1 & Win2K3-SP1 fail the open_policy()
- call (return codes 0xc0020042 and 0xc0020041 respectively).
- We really need to fix this soon. --jerry */
-
+#ifdef DISABLE_SCHANNEL_WIN2K3_SP1
unsigned char *session_key;
if (cm_get_schannel_key(domain, mem_ctx, &session_key))
@@ -1052,7 +1058,7 @@
session_key,
domain->name);
else
-#endif
+#endif /* DISABLE_SCHANNEL_WIN2K3_SP1 */
conn->lsa_pipe = cli_rpc_open_noauth(conn->cli,
PI_LSARPC);
Modified: trunk/source/nsswitch/winbindd_cm.c
===================================================================
--- trunk/source/nsswitch/winbindd_cm.c 2005-07-27 16:10:50 UTC (rev 8798)
+++ trunk/source/nsswitch/winbindd_cm.c 2005-07-27 17:30:23 UTC (rev 8799)
@@ -64,9 +64,18 @@
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
-/* Global list of connections. Initially a DLIST but can become a hash
- table or whatever later. */
+/******************************************************************
+ Disabling schannl on the LSA pipe for now since
+ both Win2K-SP4 SR1 & Win2K3-SP1 fail the open_policy()
+ call (return codes 0xc0020042 and 0xc0020041 respectively).
+ We really need to fix this soon. Had to disable on the
+ SAMR pipe as well for now. --jerry
+******************************************************************/
+
+#define DISABLE_SCHANNEL_WIN2K3_SP1 1
+
+
/* Choose between anonymous or authenticated connections. We need to use
an authenticated connection if DCs have the RestrictAnonymous registry
entry set > 0, or the "Additional restrictions for anonymous
@@ -984,6 +993,7 @@
conn = &domain->conn;
if (conn->samr_pipe == NULL) {
+#ifdef DISABLE_SCHANNEL_WIN2K3_SP1
unsigned char *session_key;
if (cm_get_schannel_key(domain, mem_ctx, &session_key))
@@ -992,6 +1002,7 @@
session_key,
domain->name);
else
+#endif /* DISABLE_SCHANNEL_WIN2K3_SP1 */
conn->samr_pipe = cli_rpc_open_noauth(conn->cli,
PI_SAMR);
@@ -1038,6 +1049,7 @@
conn = &domain->conn;
if (conn->lsa_pipe == NULL) {
+#ifdef DISABLE_SCHANNEL_WIN2K3_SP1
unsigned char *session_key;
if (cm_get_schannel_key(domain, mem_ctx, &session_key))
@@ -1046,6 +1058,7 @@
session_key,
domain->name);
else
+#endif /* DISABLE_SCHANNEL_WIN2K3_SP1 */
conn->lsa_pipe = cli_rpc_open_noauth(conn->cli,
PI_LSARPC);
More information about the samba-cvs
mailing list