svn commit: samba r13635 - in branches/SAMBA_3_0_RELEASE/source: client libsmb smbd utils

jerry at samba.org jerry at samba.org
Wed Feb 22 15:08:06 GMT 2006 

Author: jerry
Date: 2006-02-22 15:08:05 +0000 (Wed, 22 Feb 2006)
New Revision: 13635

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13635

Log:
Some more fixes for 3.0.21c

svn merge -r13601:13604 $SVNURL/branches/SAMBA_3_0
svn merge -r13604:13607 $SVNURL/branches/SAMBA_3_0
svn merge -r13610:13612 $SVNURL/branches/SAMBA_3_0
svn merge -r13612:13614 $SVNURL/branches/SAMBA_3_0


Modified:
   branches/SAMBA_3_0_RELEASE/source/client/smbctool.c
   branches/SAMBA_3_0_RELEASE/source/libsmb/clientgen.c
   branches/SAMBA_3_0_RELEASE/source/smbd/sesssetup.c
   branches/SAMBA_3_0_RELEASE/source/utils/net_rpc_join.c
   branches/SAMBA_3_0_RELEASE/source/utils/pdbedit.c


Changeset:
Modified: branches/SAMBA_3_0_RELEASE/source/client/smbctool.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/client/smbctool.c	2006-02-22 14:07:04 UTC (rev 13634)
+++ branches/SAMBA_3_0_RELEASE/source/client/smbctool.c	2006-02-22 15:08:05 UTC (rev 13635)
@@ -22,8 +22,6 @@
    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 */
 
-#define NO_SYSLOG
-
 #include "includes.h"
 #include "libsmbclient.h"
 #include "client/client_proto.h"

Modified: branches/SAMBA_3_0_RELEASE/source/libsmb/clientgen.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/libsmb/clientgen.c	2006-02-22 14:07:04 UTC (rev 13634)
+++ branches/SAMBA_3_0_RELEASE/source/libsmb/clientgen.c	2006-02-22 15:08:05 UTC (rev 13635)
@@ -357,7 +357,15 @@
 
 void cli_rpc_pipe_close(struct rpc_pipe_client *cli)
 {
-	if (!cli_close(cli->cli, cli->fnum)) {
+	BOOL ret;
+
+	if (!cli) {
+		return False;
+	}
+
+	ret = cli_close(cli->cli, cli->fnum);
+
+	if (!ret) {
 		DEBUG(0,("cli_rpc_pipe_close: cli_close failed on pipe %s, "
                          "fnum 0x%x "
                          "to machine %s.  Error was %s\n",

Modified: branches/SAMBA_3_0_RELEASE/source/smbd/sesssetup.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/smbd/sesssetup.c	2006-02-22 14:07:04 UTC (rev 13634)
+++ branches/SAMBA_3_0_RELEASE/source/smbd/sesssetup.c	2006-02-22 15:08:05 UTC (rev 13635)
@@ -70,6 +70,23 @@
 }
 
 /****************************************************************************
+ Start the signing engine if needed. Don't fail signing here.
+****************************************************************************/
+
+static void sessionsetup_start_signing_engine(const auth_serversupplied_info *server_info, char *inbuf)
+{
+	if (!server_info->guest && !srv_signing_started()) {
+		/* We need to start the signing engine
+		 * here but a W2K client sends the old
+		 * "BSRSPYL " signature instead of the
+		 * correct one. Subsequent packets will
+		 * be correct.
+		 */
+	       	srv_check_sign_mac(inbuf, False);
+	}
+}
+
+/****************************************************************************
  Send a security blob via a session setup reply.
 ****************************************************************************/
 
@@ -357,15 +374,7 @@
 		
 		SSVAL(outbuf, smb_uid, sess_vuid);
 
-		if (!server_info->guest && !srv_signing_started()) {
-			/* We need to start the signing engine
-			 * here but a W2K client sends the old
-			 * "BSRSPYL " signature instead of the
-			 * correct one. Subsequent packets will
-			 * be correct.
-			 */
-		       	srv_check_sign_mac(inbuf, False);
-		}
+		sessionsetup_start_signing_engine(server_info, inbuf);
 	}
 
         /* wrap that up in a nice GSS-API wrapping */
@@ -438,16 +447,7 @@
 			
 			SSVAL(outbuf,smb_uid,sess_vuid);
 
-			if (!server_info->guest && !srv_signing_started()) {
-				/* We need to start the signing engine
-				 * here but a W2K client sends the old
-				 * "BSRSPYL " signature instead of the
-				 * correct one. Subsequent packets will
-				 * be correct.
-				 */
-
-				srv_check_sign_mac(inbuf, False);
-			}
+			sessionsetup_start_signing_engine(server_info, inbuf);
 		}
 	}
 
@@ -1099,9 +1099,7 @@
 	/* current_user_info is changed on new vuid */
 	reload_services( True );
 
- 	if (!server_info->guest && !srv_signing_started() && !srv_check_sign_mac(inbuf, True)) {
-		exit_server("reply_sesssetup_and_X: bad smb signature");
-	}
+	sessionsetup_start_signing_engine(server_info, inbuf);
 
 	SSVAL(outbuf,smb_uid,sess_vuid);
 	SSVAL(inbuf,smb_uid,sess_vuid);

Modified: branches/SAMBA_3_0_RELEASE/source/utils/net_rpc_join.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/utils/net_rpc_join.c	2006-02-22 14:07:04 UTC (rev 13634)
+++ branches/SAMBA_3_0_RELEASE/source/utils/net_rpc_join.c	2006-02-22 15:08:05 UTC (rev 13635)
@@ -88,10 +88,9 @@
 	struct cli_state *cli;
 	TALLOC_CTX *mem_ctx;
         uint32 acb_info = ACB_WSTRUST;
-	uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
+	uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|(lp_client_schannel() ? NETLOGON_NEG_SCHANNEL : 0);
 	uint32 sec_channel_type;
 	struct rpc_pipe_client *pipe_hnd = NULL;
-	struct rpc_pipe_client *netlogon_schannel_pipe = NULL;
 
 	/* rpc variables */
 
@@ -325,29 +324,37 @@
 		goto done;
 	}
 
-	netlogon_schannel_pipe = cli_rpc_pipe_open_schannel_with_key(cli,
+	/* We can only check the schannel connection if the client is allowed
+	   to do this and the server supports it. If not, just assume success
+	   (after all the rpccli_netlogon_setup_creds() succeeded, and we'll
+	   do the same again (setup creds) in net_rpc_join_ok(). JRA. */
+
+	if (lp_client_schannel() && (neg_flags & NETLOGON_NEG_SCHANNEL)) {
+		struct rpc_pipe_client *netlogon_schannel_pipe = 
+						cli_rpc_pipe_open_schannel_with_key(cli,
 							PI_NETLOGON,
 							PIPE_AUTH_LEVEL_PRIVACY,
 							domain,
 							pipe_hnd->dc,
 							&result);
 
-	if (!NT_STATUS_IS_OK(result)) {
-		DEBUG(0, ("Error in domain join verification (schannel setup failed): %s\n\n",
-			  nt_errstr(result)));
+		if (!NT_STATUS_IS_OK(result)) {
+			DEBUG(0, ("Error in domain join verification (schannel setup failed): %s\n\n",
+				  nt_errstr(result)));
 
-		if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) &&
-		     (sec_channel_type == SEC_CHAN_BDC) ) {
-			d_fprintf(stderr, "Please make sure that no computer account\n"
-				 "named like this machine (%s) exists in the domain\n",
-				 global_myname());
+			if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) &&
+			     (sec_channel_type == SEC_CHAN_BDC) ) {
+				d_fprintf(stderr, "Please make sure that no computer account\n"
+					 "named like this machine (%s) exists in the domain\n",
+					 global_myname());
+			}
+
+			goto done;
 		}
-
-		goto done;
+		cli_rpc_pipe_close(netlogon_schannel_pipe);
 	}
 
 	cli_rpc_pipe_close(pipe_hnd);
-	cli_rpc_pipe_close(netlogon_schannel_pipe);
 
 	/* Now store the secret in the secrets database */
 

Modified: branches/SAMBA_3_0_RELEASE/source/utils/pdbedit.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/utils/pdbedit.c	2006-02-22 14:07:04 UTC (rev 13634)
+++ branches/SAMBA_3_0_RELEASE/source/utils/pdbedit.c	2006-02-22 15:08:05 UTC (rev 13635)
@@ -730,7 +730,7 @@
 	static char *pwd_can_change_time = NULL;
 	static char *pwd_must_change_time = NULL;
 	static char *pwd_time_format = NULL;
-	BOOL pw_from_stdin = False;
+	static BOOL pw_from_stdin = False;
 
 	struct pdb_context *bin;
 	struct pdb_context *bout;

More information about the samba-cvs mailing list