svn commit: samba r22709 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_26/source/nsswitch

jerry at samba.org jerry at samba.org
Sun May 6 19:48:13 GMT 2007 

Author: jerry
Date: 2007-05-06 19:48:13 +0000 (Sun, 06 May 2007)
New Revision: 22709

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=22709

Log:
we can only use tschannel when commectcing to our primary (might need some fixing here for a Samba DC)
Modified:
   branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c
   branches/SAMBA_3_0_26/source/nsswitch/winbindd_cm.c


Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c	2007-05-06 19:46:03 UTC (rev 22708)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c	2007-05-06 19:48:13 UTC (rev 22709)
@@ -2092,7 +2092,7 @@
 		return NT_STATUS_OK;
 	}
 
-	if (!get_trust_pw(domain->name, mach_pwd, &sec_chan_type)) {
+	if (domain->primary && !get_trust_pw(domain->name, mach_pwd, &sec_chan_type)) {
 		return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
 	}
 
@@ -2102,6 +2102,12 @@
 		return result;
 	}
 
+	if ( !domain->primary ) {
+		/* Clear the schannel request bit and drop down */
+		neg_flags &= ~NETLOGON_NEG_SCHANNEL;		
+		goto no_schannel;
+	}
+	
 	if (lp_client_schannel() != False) {
 		neg_flags |= NETLOGON_NEG_SCHANNEL;
 	}
@@ -2146,6 +2152,7 @@
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
+ no_schannel:
 	if ((lp_client_schannel() == False) ||
 			((neg_flags & NETLOGON_NEG_SCHANNEL) == 0)) {
 		/* We're done - just keep the existing connection to NETLOGON

Modified: branches/SAMBA_3_0_26/source/nsswitch/winbindd_cm.c
===================================================================
--- branches/SAMBA_3_0_26/source/nsswitch/winbindd_cm.c	2007-05-06 19:46:03 UTC (rev 22708)
+++ branches/SAMBA_3_0_26/source/nsswitch/winbindd_cm.c	2007-05-06 19:48:13 UTC (rev 22709)
@@ -2092,7 +2092,7 @@
 		return NT_STATUS_OK;
 	}
 
-	if (!get_trust_pw(domain->name, mach_pwd, &sec_chan_type)) {
+	if (domain->primary && !get_trust_pw(domain->name, mach_pwd, &sec_chan_type)) {
 		return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
 	}
 
@@ -2102,6 +2102,12 @@
 		return result;
 	}
 
+	if ( !domain->primary ) {
+		/* Clear the schannel request bit and drop down */
+		neg_flags &= ~NETLOGON_NEG_SCHANNEL;		
+		goto no_schannel;
+	}
+	
 	if (lp_client_schannel() != False) {
 		neg_flags |= NETLOGON_NEG_SCHANNEL;
 	}
@@ -2146,6 +2152,7 @@
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
+ no_schannel:
 	if ((lp_client_schannel() == False) ||
 			((neg_flags & NETLOGON_NEG_SCHANNEL) == 0)) {
 		/* We're done - just keep the existing connection to NETLOGON

More information about the samba-cvs mailing list