svn commit: samba r15503 - in branches/SAMBA_4_0/source/librpc/rpc:
.
abartlet at samba.org
abartlet at samba.org
Sun May 7 19:36:06 GMT 2006
Author: abartlet
Date: 2006-05-07 19:36:06 +0000 (Sun, 07 May 2006)
New Revision: 15503
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=15503
Log:
I may shortly have to revert all of this, but be clearer about how we
handle the NTLMSSP and wrong password fallbacks.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/librpc/rpc/dcerpc_util.c
Changeset:
Modified: branches/SAMBA_4_0/source/librpc/rpc/dcerpc_util.c
===================================================================
--- branches/SAMBA_4_0/source/librpc/rpc/dcerpc_util.c 2006-05-07 19:26:48 UTC (rev 15502)
+++ branches/SAMBA_4_0/source/librpc/rpc/dcerpc_util.c 2006-05-07 19:36:06 UTC (rev 15503)
@@ -976,7 +976,7 @@
struct dcerpc_binding *binding;
const struct dcerpc_interface_table *table;
struct cli_credentials *credentials;
- uint8_t next_auth_type;
+ uint8_t auth_type;
BOOL try_ntlm_fallback;
};
@@ -1011,10 +1011,12 @@
struct pipe_auth_state *s = talloc_get_type(c->private_data, struct pipe_auth_state);
status = dcerpc_bind_auth_recv(ctx);
- if (s->try_ntlm_fallback && NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
+ if (s->auth_type == DCERPC_AUTH_TYPE_SPNEGO
+ && s->try_ntlm_fallback
+ && NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
struct composite_context *sec_conn_req;
s->try_ntlm_fallback = False;
- s->next_auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
+ s->auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
/* send a request for secondary rpc connection */
sec_conn_req = dcerpc_secondary_connection_send(s->pipe,
s->binding);
@@ -1023,10 +1025,9 @@
composite_continue(c, sec_conn_req, continue_new_auth_bind, c);
return;
- } else if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
+ } else if (s->auth_type == DCERPC_AUTH_TYPE_SPNEGO && NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
struct composite_context *sec_conn_req;
if (cli_credentials_wrong_password(s->credentials)) {
- s->next_auth_type = DCERPC_AUTH_TYPE_SPNEGO;
/* send a request for secondary rpc connection */
sec_conn_req = dcerpc_secondary_connection_send(s->pipe,
s->binding);
@@ -1070,7 +1071,7 @@
/* initiate a authenticated bind */
auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table,
- s->credentials, s->next_auth_type,
+ s->credentials, s->auth_type,
dcerpc_auth_level(s->pipe->conn),
s->table->authservices->names[0]);
if (composite_nomem(auth_req, c)) return;
@@ -1157,8 +1158,6 @@
* connection is not signed or sealed. For that case
* we rely on the already authenticated CIFS connection
*/
-
- uint8_t auth_type;
if ((conn->flags & (DCERPC_SIGN|DCERPC_SEAL)) == 0) {
/*
@@ -1172,23 +1171,23 @@
}
if (s->binding->flags & DCERPC_AUTH_SPNEGO) {
- auth_type = DCERPC_AUTH_TYPE_SPNEGO;
+ s->auth_type = DCERPC_AUTH_TYPE_SPNEGO;
} else if (s->binding->flags & DCERPC_AUTH_KRB5) {
- auth_type = DCERPC_AUTH_TYPE_KRB5;
+ s->auth_type = DCERPC_AUTH_TYPE_KRB5;
} else if (s->binding->flags & DCERPC_SCHANNEL) {
- auth_type = DCERPC_AUTH_TYPE_SCHANNEL;
+ s->auth_type = DCERPC_AUTH_TYPE_SCHANNEL;
} else if (s->binding->flags & DCERPC_AUTH_NTLM) {
- auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
+ s->auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
} else {
- auth_type = DCERPC_AUTH_TYPE_SPNEGO;
+ s->auth_type = DCERPC_AUTH_TYPE_SPNEGO;
s->try_ntlm_fallback = True;
}
auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table,
- s->credentials, DCERPC_AUTH_TYPE_SPNEGO,
+ s->credentials, s->auth_type,
dcerpc_auth_level(conn),
s->table->authservices->names[0]);
if (composite_nomem(auth_req, c)) return c;
More information about the samba-cvs
mailing list