svn commit: samba r13635 - in branches/SAMBA_3_0_RELEASE/source:
client libsmb smbd utils
jerry at samba.org
jerry at samba.org
Wed Feb 22 15:08:06 GMT 2006
Author: jerry
Date: 2006-02-22 15:08:05 +0000 (Wed, 22 Feb 2006)
New Revision: 13635
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13635
Log:
Some more fixes for 3.0.21c
svn merge -r13601:13604 $SVNURL/branches/SAMBA_3_0
svn merge -r13604:13607 $SVNURL/branches/SAMBA_3_0
svn merge -r13610:13612 $SVNURL/branches/SAMBA_3_0
svn merge -r13612:13614 $SVNURL/branches/SAMBA_3_0
Modified:
branches/SAMBA_3_0_RELEASE/source/client/smbctool.c
branches/SAMBA_3_0_RELEASE/source/libsmb/clientgen.c
branches/SAMBA_3_0_RELEASE/source/smbd/sesssetup.c
branches/SAMBA_3_0_RELEASE/source/utils/net_rpc_join.c
branches/SAMBA_3_0_RELEASE/source/utils/pdbedit.c
Changeset:
Modified: branches/SAMBA_3_0_RELEASE/source/client/smbctool.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/client/smbctool.c 2006-02-22 14:07:04 UTC (rev 13634)
+++ branches/SAMBA_3_0_RELEASE/source/client/smbctool.c 2006-02-22 15:08:05 UTC (rev 13635)
@@ -22,8 +22,6 @@
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
-#define NO_SYSLOG
-
#include "includes.h"
#include "libsmbclient.h"
#include "client/client_proto.h"
Modified: branches/SAMBA_3_0_RELEASE/source/libsmb/clientgen.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/libsmb/clientgen.c 2006-02-22 14:07:04 UTC (rev 13634)
+++ branches/SAMBA_3_0_RELEASE/source/libsmb/clientgen.c 2006-02-22 15:08:05 UTC (rev 13635)
@@ -357,7 +357,15 @@
void cli_rpc_pipe_close(struct rpc_pipe_client *cli)
{
- if (!cli_close(cli->cli, cli->fnum)) {
+ BOOL ret;
+
+ if (!cli) {
+ return False;
+ }
+
+ ret = cli_close(cli->cli, cli->fnum);
+
+ if (!ret) {
DEBUG(0,("cli_rpc_pipe_close: cli_close failed on pipe %s, "
"fnum 0x%x "
"to machine %s. Error was %s\n",
Modified: branches/SAMBA_3_0_RELEASE/source/smbd/sesssetup.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/smbd/sesssetup.c 2006-02-22 14:07:04 UTC (rev 13634)
+++ branches/SAMBA_3_0_RELEASE/source/smbd/sesssetup.c 2006-02-22 15:08:05 UTC (rev 13635)
@@ -70,6 +70,23 @@
}
/****************************************************************************
+ Start the signing engine if needed. Don't fail signing here.
+****************************************************************************/
+
+static void sessionsetup_start_signing_engine(const auth_serversupplied_info *server_info, char *inbuf)
+{
+ if (!server_info->guest && !srv_signing_started()) {
+ /* We need to start the signing engine
+ * here but a W2K client sends the old
+ * "BSRSPYL " signature instead of the
+ * correct one. Subsequent packets will
+ * be correct.
+ */
+ srv_check_sign_mac(inbuf, False);
+ }
+}
+
+/****************************************************************************
Send a security blob via a session setup reply.
****************************************************************************/
@@ -357,15 +374,7 @@
SSVAL(outbuf, smb_uid, sess_vuid);
- if (!server_info->guest && !srv_signing_started()) {
- /* We need to start the signing engine
- * here but a W2K client sends the old
- * "BSRSPYL " signature instead of the
- * correct one. Subsequent packets will
- * be correct.
- */
- srv_check_sign_mac(inbuf, False);
- }
+ sessionsetup_start_signing_engine(server_info, inbuf);
}
/* wrap that up in a nice GSS-API wrapping */
@@ -438,16 +447,7 @@
SSVAL(outbuf,smb_uid,sess_vuid);
- if (!server_info->guest && !srv_signing_started()) {
- /* We need to start the signing engine
- * here but a W2K client sends the old
- * "BSRSPYL " signature instead of the
- * correct one. Subsequent packets will
- * be correct.
- */
-
- srv_check_sign_mac(inbuf, False);
- }
+ sessionsetup_start_signing_engine(server_info, inbuf);
}
}
@@ -1099,9 +1099,7 @@
/* current_user_info is changed on new vuid */
reload_services( True );
- if (!server_info->guest && !srv_signing_started() && !srv_check_sign_mac(inbuf, True)) {
- exit_server("reply_sesssetup_and_X: bad smb signature");
- }
+ sessionsetup_start_signing_engine(server_info, inbuf);
SSVAL(outbuf,smb_uid,sess_vuid);
SSVAL(inbuf,smb_uid,sess_vuid);
Modified: branches/SAMBA_3_0_RELEASE/source/utils/net_rpc_join.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/utils/net_rpc_join.c 2006-02-22 14:07:04 UTC (rev 13634)
+++ branches/SAMBA_3_0_RELEASE/source/utils/net_rpc_join.c 2006-02-22 15:08:05 UTC (rev 13635)
@@ -88,10 +88,9 @@
struct cli_state *cli;
TALLOC_CTX *mem_ctx;
uint32 acb_info = ACB_WSTRUST;
- uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
+ uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|(lp_client_schannel() ? NETLOGON_NEG_SCHANNEL : 0);
uint32 sec_channel_type;
struct rpc_pipe_client *pipe_hnd = NULL;
- struct rpc_pipe_client *netlogon_schannel_pipe = NULL;
/* rpc variables */
@@ -325,29 +324,37 @@
goto done;
}
- netlogon_schannel_pipe = cli_rpc_pipe_open_schannel_with_key(cli,
+ /* We can only check the schannel connection if the client is allowed
+ to do this and the server supports it. If not, just assume success
+ (after all the rpccli_netlogon_setup_creds() succeeded, and we'll
+ do the same again (setup creds) in net_rpc_join_ok(). JRA. */
+
+ if (lp_client_schannel() && (neg_flags & NETLOGON_NEG_SCHANNEL)) {
+ struct rpc_pipe_client *netlogon_schannel_pipe =
+ cli_rpc_pipe_open_schannel_with_key(cli,
PI_NETLOGON,
PIPE_AUTH_LEVEL_PRIVACY,
domain,
pipe_hnd->dc,
&result);
- if (!NT_STATUS_IS_OK(result)) {
- DEBUG(0, ("Error in domain join verification (schannel setup failed): %s\n\n",
- nt_errstr(result)));
+ if (!NT_STATUS_IS_OK(result)) {
+ DEBUG(0, ("Error in domain join verification (schannel setup failed): %s\n\n",
+ nt_errstr(result)));
- if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) &&
- (sec_channel_type == SEC_CHAN_BDC) ) {
- d_fprintf(stderr, "Please make sure that no computer account\n"
- "named like this machine (%s) exists in the domain\n",
- global_myname());
+ if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) &&
+ (sec_channel_type == SEC_CHAN_BDC) ) {
+ d_fprintf(stderr, "Please make sure that no computer account\n"
+ "named like this machine (%s) exists in the domain\n",
+ global_myname());
+ }
+
+ goto done;
}
-
- goto done;
+ cli_rpc_pipe_close(netlogon_schannel_pipe);
}
cli_rpc_pipe_close(pipe_hnd);
- cli_rpc_pipe_close(netlogon_schannel_pipe);
/* Now store the secret in the secrets database */
Modified: branches/SAMBA_3_0_RELEASE/source/utils/pdbedit.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/utils/pdbedit.c 2006-02-22 14:07:04 UTC (rev 13634)
+++ branches/SAMBA_3_0_RELEASE/source/utils/pdbedit.c 2006-02-22 15:08:05 UTC (rev 13635)
@@ -730,7 +730,7 @@
static char *pwd_can_change_time = NULL;
static char *pwd_must_change_time = NULL;
static char *pwd_time_format = NULL;
- BOOL pw_from_stdin = False;
+ static BOOL pw_from_stdin = False;
struct pdb_context *bin;
struct pdb_context *bout;
More information about the samba-cvs
mailing list