svn commit: samba r10090 - in branches/tmp/RPCREWRITE/source/auth: .
jra at samba.org
jra at samba.org
Thu Sep 8 20:29:20 GMT 2005
Author: jra
Date: 2005-09-08 20:29:19 +0000 (Thu, 08 Sep 2005)
New Revision: 10090
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=10090
Log:
Fix up domain password check with no schannel.
Jeremy.
Modified:
branches/tmp/RPCREWRITE/source/auth/auth_domain.c
Changeset:
Modified: branches/tmp/RPCREWRITE/source/auth/auth_domain.c
===================================================================
--- branches/tmp/RPCREWRITE/source/auth/auth_domain.c 2005-09-08 19:58:59 UTC (rev 10089)
+++ branches/tmp/RPCREWRITE/source/auth/auth_domain.c 2005-09-08 20:29:19 UTC (rev 10090)
@@ -104,17 +104,46 @@
netlogon_pipe = cli_rpc_pipe_open_schannel(*cli, PI_NETLOGON, PIPE_AUTH_LEVEL_PRIVACY, domain);
} else {
netlogon_pipe = cli_rpc_pipe_open_noauth(*cli, PI_NETLOGON);
+ }
- /* We need to set up a creds chain on an unauthenticated pipe. */
- ntresult = rpccli_netlogon_setup_creds(netlogon_pipe,
- dc_name,
- domain,
- global_myname(),
- trust_password,
- sec_channel_type,
- &neg_flags);
+ if(!netlogon_pipe) {
+ DEBUG(0,("connect_to_domain_password_server: unable to open the domain client session to \
+machine %s. Error was : %s.\n", dc_name, cli_errstr(*cli)));
+ cli_shutdown(*cli);
+ release_server_mutex();
+ return NT_STATUS_NO_LOGON_SERVERS;
}
+ if (!lp_client_schannel()) {
+ /* We need to set up a creds chain on an unauthenticated netlogon pipe. */
+ uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
+ uint32 sec_chan_type = 0;
+ char machine_pwd[16];
+
+ if (!get_trust_pw(domain, machine_pwd, &sec_chan_type)) {
+ DEBUG(0, ("connect_to_domain_password_server: could not fetch "
+ "trust account password for domain '%s'\n",
+ domain));
+ cli_shutdown(*cli);
+ release_server_mutex();
+ return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+ }
+
+ result = rpccli_netlogon_setup_creds(netlogon_pipe,
+ dc_name,
+ domain,
+ global_myname(),
+ machine_pwd,
+ sec_chan_type,
+ &neg_flags);
+
+ if (!NT_STATUS_IS_OK(result)) {
+ cli_shutdown(*cli);
+ release_server_mutex();
+ return result;
+ }
+ }
+
if(!netlogon_pipe) {
DEBUG(0,("connect_to_domain_password_server: unable to open the domain client session to \
machine %s. Error was : %s.\n", dc_name, cli_errstr(*cli)));
@@ -345,8 +374,8 @@
* No need to become_root() as secrets_init() is done at startup.
*/
- if (!secrets_fetch_trusted_domain_password(user_info->domain.str, &trust_password, &sid, &last_change_time))
- {
+ if (!secrets_fetch_trusted_domain_password(user_info->domain.str, &trust_password,
+ &sid, &last_change_time)) {
DEBUG(0, ("check_trustdomain_security: could not fetch trust account password for domain %s\n", user_info->domain.str));
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
}
More information about the samba-cvs
mailing list