svn commit: samba r24792 - in branches/SAMBA_3_2_0/source/utils: .
mimir at samba.org
mimir at samba.org
Wed Aug 29 20:53:11 GMT 2007
Author: mimir
Date: 2007-08-29 20:53:09 +0000 (Wed, 29 Aug 2007)
New Revision: 24792
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=24792
Log:
Merge from 3_2:
Add machine-authenticated connections to netlogon pipe of win2k and newer
(which may have anonymous connections restricted) and leave anonymous
for winnt domain.
rafal
Modified:
branches/SAMBA_3_2_0/source/utils/net.c
branches/SAMBA_3_2_0/source/utils/net_ads.c
branches/SAMBA_3_2_0/source/utils/net_rpc_join.c
Changeset:
Modified: branches/SAMBA_3_2_0/source/utils/net.c
===================================================================
--- branches/SAMBA_3_2_0/source/utils/net.c 2007-08-29 20:49:09 UTC (rev 24791)
+++ branches/SAMBA_3_2_0/source/utils/net.c 2007-08-29 20:53:09 UTC (rev 24792)
@@ -341,10 +341,10 @@
}
/****************************************************************************
- Use the local machine's password for this session.
+ Use the local machine account (upn) and password for this session.
****************************************************************************/
-int net_use_machine_password(void)
+int net_use_upn_machine_account(void)
{
char *user_name = NULL;
@@ -353,7 +353,6 @@
exit(1);
}
- user_name = NULL;
opt_password = secrets_fetch_machine_password(opt_target_workgroup, NULL, NULL);
if (asprintf(&user_name, "%s$@%s", global_myname(), lp_realm()) == -1) {
return -1;
@@ -362,6 +361,27 @@
return 0;
}
+/****************************************************************************
+ Use the machine account name and password for this session.
+****************************************************************************/
+
+int net_use_machine_account(void)
+{
+ char *user_name = NULL;
+
+ if (!secrets_init()) {
+ d_fprintf(stderr, "ERROR: Unable to open secrets database\n");
+ exit(1);
+ }
+
+ opt_password = secrets_fetch_machine_password(opt_target_workgroup, NULL, NULL);
+ if (asprintf(&user_name, "%s$", global_myname()) == -1) {
+ return -1;
+ }
+ opt_user_name = user_name;
+ return 0;
+}
+
BOOL net_find_server(const char *domain, unsigned flags, struct in_addr *server_ip, char **server_name)
{
const char *d = domain ? domain : opt_target_workgroup;
@@ -1044,7 +1064,7 @@
/* it is very useful to be able to make ads queries as the
machine account for testing purposes and for domain leave */
- net_use_machine_password();
+ net_use_upn_machine_account();
}
if (!opt_password) {
Modified: branches/SAMBA_3_2_0/source/utils/net_ads.c
===================================================================
--- branches/SAMBA_3_2_0/source/utils/net_ads.c 2007-08-29 20:49:09 UTC (rev 24791)
+++ branches/SAMBA_3_2_0/source/utils/net_ads.c 2007-08-29 20:53:09 UTC (rev 24792)
@@ -882,7 +882,7 @@
return NT_STATUS_ACCESS_DENIED;
}
- net_use_machine_password();
+ net_use_upn_machine_account();
status = ads_startup(True, &ads);
if (!ADS_ERR_OK(status)) {
@@ -2187,7 +2187,7 @@
return -1;
}
- net_use_machine_password();
+ net_use_upn_machine_account();
use_in_memory_ccache();
Modified: branches/SAMBA_3_2_0/source/utils/net_rpc_join.c
===================================================================
--- branches/SAMBA_3_2_0/source/utils/net_rpc_join.c 2007-08-29 20:49:09 UTC (rev 24791)
+++ branches/SAMBA_3_2_0/source/utils/net_rpc_join.c 2007-08-29 20:53:09 UTC (rev 24792)
@@ -42,14 +42,29 @@
**/
int net_rpc_join_ok(const char *domain, const char *server, struct in_addr *ip )
{
+ enum security_types sec;
+ unsigned int conn_flags = NET_FLAGS_PDC;
uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
struct cli_state *cli = NULL;
struct rpc_pipe_client *pipe_hnd = NULL;
struct rpc_pipe_client *netlogon_pipe = NULL;
NTSTATUS ntret = NT_STATUS_UNSUCCESSFUL;
+ sec = (enum security_types)lp_security();
+
+ if (sec == SEC_ADS) {
+ /* Connect to IPC$ using machine account's credentials. We don't use anonymous
+ connection here, as it may be denied by server's local policy. */
+ net_use_machine_account();
+
+ } else {
+ /* some servers (e.g. WinNT) don't accept machine-authenticated
+ smb connections */
+ conn_flags |= NET_FLAGS_ANONYMOUS;
+ }
+
/* Connect to remote machine */
- if (!(cli = net_make_ipc_connection_ex(domain, server, ip, (NET_FLAGS_ANONYMOUS|NET_FLAGS_PDC)))) {
+ if (!(cli = net_make_ipc_connection_ex(domain, server, ip, conn_flags))) {
return -1;
}
More information about the samba-cvs
mailing list