svn commit: samba r13613 - in trunk/source: libsmb utils
jra at samba.org
jra at samba.org
Wed Feb 22 04:56:51 GMT 2006
Author: jra
Date: 2006-02-22 04:56:50 +0000 (Wed, 22 Feb 2006)
New Revision: 13613
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13613
Log:
First part of the bugfix for #3510 - net join fails
against server with schannel disabled. Second part
will come tomorrow (fixing net_rpc_join_ok()).
Jeremy.
Modified:
trunk/source/libsmb/clientgen.c
trunk/source/utils/net_rpc_join.c
Changeset:
Modified: trunk/source/libsmb/clientgen.c
===================================================================
--- trunk/source/libsmb/clientgen.c 2006-02-22 03:12:00 UTC (rev 13612)
+++ trunk/source/libsmb/clientgen.c 2006-02-22 04:56:50 UTC (rev 13613)
@@ -358,8 +358,14 @@
BOOL cli_rpc_pipe_close(struct rpc_pipe_client *cli)
{
- BOOL ret = cli_close(cli->cli, cli->fnum);
+ BOOL ret;
+ if (!cli) {
+ return False;
+ }
+
+ ret = cli_close(cli->cli, cli->fnum);
+
if (!ret) {
DEBUG(0,("cli_rpc_pipe_close: cli_close failed on pipe %s, "
"fnum 0x%x "
Modified: trunk/source/utils/net_rpc_join.c
===================================================================
--- trunk/source/utils/net_rpc_join.c 2006-02-22 03:12:00 UTC (rev 13612)
+++ trunk/source/utils/net_rpc_join.c 2006-02-22 04:56:50 UTC (rev 13613)
@@ -88,10 +88,9 @@
struct cli_state *cli;
TALLOC_CTX *mem_ctx;
uint32 acb_info = ACB_WSTRUST;
- uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
+ uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|(lp_client_schannel() ? NETLOGON_NEG_SCHANNEL : 0);
uint32 sec_channel_type;
struct rpc_pipe_client *pipe_hnd = NULL;
- struct rpc_pipe_client *netlogon_schannel_pipe = NULL;
/* rpc variables */
@@ -325,29 +324,37 @@
goto done;
}
- netlogon_schannel_pipe = cli_rpc_pipe_open_schannel_with_key(cli,
+ /* We can only check the schannel connection if the client is allowed
+ to do this and the server supports it. If not, just assume success
+ (after all the rpccli_netlogon_setup_creds() succeeded, and we'll
+ do the same again (setup creds) in net_rpc_join_ok(). JRA. */
+
+ if (lp_client_schannel() && (neg_flags & NETLOGON_NEG_SCHANNEL)) {
+ struct rpc_pipe_client *netlogon_schannel_pipe =
+ cli_rpc_pipe_open_schannel_with_key(cli,
PI_NETLOGON,
PIPE_AUTH_LEVEL_PRIVACY,
domain,
pipe_hnd->dc,
&result);
- if (!NT_STATUS_IS_OK(result)) {
- DEBUG(0, ("Error in domain join verification (schannel setup failed): %s\n\n",
- nt_errstr(result)));
+ if (!NT_STATUS_IS_OK(result)) {
+ DEBUG(0, ("Error in domain join verification (schannel setup failed): %s\n\n",
+ nt_errstr(result)));
- if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) &&
- (sec_channel_type == SEC_CHAN_BDC) ) {
- d_fprintf(stderr, "Please make sure that no computer account\n"
- "named like this machine (%s) exists in the domain\n",
- global_myname());
+ if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) &&
+ (sec_channel_type == SEC_CHAN_BDC) ) {
+ d_fprintf(stderr, "Please make sure that no computer account\n"
+ "named like this machine (%s) exists in the domain\n",
+ global_myname());
+ }
+
+ goto done;
}
-
- goto done;
+ cli_rpc_pipe_close(netlogon_schannel_pipe);
}
cli_rpc_pipe_close(pipe_hnd);
- cli_rpc_pipe_close(netlogon_schannel_pipe);
/* Now store the secret in the secrets database */
More information about the samba-cvs
mailing list