svn commit: samba r13613 - in trunk/source: libsmb utils

[jra at samba.org]

Author: jra
Date: 2006-02-22 04:56:50 +0000 (Wed, 22 Feb 2006)
New Revision: 13613

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13613

Log:
First part of the bugfix for #3510 - net join fails
against server with schannel disabled. Second part
will come tomorrow (fixing net_rpc_join_ok()).
Jeremy.

Modified:
   trunk/source/libsmb/clientgen.c
   trunk/source/utils/net_rpc_join.c


Changeset:
Modified: trunk/source/libsmb/clientgen.c
===================================================================
--- trunk/source/libsmb/clientgen.c	2006-02-22 03:12:00 UTC (rev 13612)
+++ trunk/source/libsmb/clientgen.c	2006-02-22 04:56:50 UTC (rev 13613)
@@ -358,8 +358,14 @@
 
 BOOL cli_rpc_pipe_close(struct rpc_pipe_client *cli)
 {
-	BOOL ret = cli_close(cli->cli, cli->fnum);
+	BOOL ret;
 
+	if (!cli) {
+		return False;
+	}
+
+	ret = cli_close(cli->cli, cli->fnum);
+
 	if (!ret) {
 		DEBUG(0,("cli_rpc_pipe_close: cli_close failed on pipe %s, "
                          "fnum 0x%x "

Modified: trunk/source/utils/net_rpc_join.c
===================================================================
--- trunk/source/utils/net_rpc_join.c	2006-02-22 03:12:00 UTC (rev 13612)
+++ trunk/source/utils/net_rpc_join.c	2006-02-22 04:56:50 UTC (rev 13613)
@@ -88,10 +88,9 @@
 	struct cli_state *cli;
 	TALLOC_CTX *mem_ctx;
         uint32 acb_info = ACB_WSTRUST;
-	uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
+	uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|(lp_client_schannel() ? NETLOGON_NEG_SCHANNEL : 0);
 	uint32 sec_channel_type;
 	struct rpc_pipe_client *pipe_hnd = NULL;
-	struct rpc_pipe_client *netlogon_schannel_pipe = NULL;
 
 	/* rpc variables */
 
@@ -325,29 +324,37 @@
 		goto done;
 	}
 
-	netlogon_schannel_pipe = cli_rpc_pipe_open_schannel_with_key(cli,
+	/* We can only check the schannel connection if the client is allowed
+	   to do this and the server supports it. If not, just assume success
+	   (after all the rpccli_netlogon_setup_creds() succeeded, and we'll
+	   do the same again (setup creds) in net_rpc_join_ok(). JRA. */
+
+	if (lp_client_schannel() && (neg_flags & NETLOGON_NEG_SCHANNEL)) {
+		struct rpc_pipe_client *netlogon_schannel_pipe = 
+						cli_rpc_pipe_open_schannel_with_key(cli,
 							PI_NETLOGON,
 							PIPE_AUTH_LEVEL_PRIVACY,
 							domain,
 							pipe_hnd->dc,
 							&result);
 
-	if (!NT_STATUS_IS_OK(result)) {
-		DEBUG(0, ("Error in domain join verification (schannel setup failed): %s\n\n",
-			  nt_errstr(result)));
+		if (!NT_STATUS_IS_OK(result)) {
+			DEBUG(0, ("Error in domain join verification (schannel setup failed): %s\n\n",
+				  nt_errstr(result)));
 
-		if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) &&
-		     (sec_channel_type == SEC_CHAN_BDC) ) {
-			d_fprintf(stderr, "Please make sure that no computer account\n"
-				 "named like this machine (%s) exists in the domain\n",
-				 global_myname());
+			if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) &&
+			     (sec_channel_type == SEC_CHAN_BDC) ) {
+				d_fprintf(stderr, "Please make sure that no computer account\n"
+					 "named like this machine (%s) exists in the domain\n",
+					 global_myname());
+			}
+
+			goto done;
 		}
-
-		goto done;
+		cli_rpc_pipe_close(netlogon_schannel_pipe);
 	}
 
 	cli_rpc_pipe_close(pipe_hnd);
-	cli_rpc_pipe_close(netlogon_schannel_pipe);
 
 	/* Now store the secret in the secrets database */