[SCM] Samba Shared Repository - branch v3-0-test updated -
release-3-0-29-27-g52f916c
Günther Deschner
gd at samba.org
Thu Jun 5 20:28:51 GMT 2008
The branch, v3-0-test has been updated
via 52f916c611dfb53b38b15ee01ffce120e9fd3e43 (commit)
from 7fdb5eb6d7dd42fa036edf216d66fea582b6a3f4 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-0-test
- Log -----------------------------------------------------------------
commit 52f916c611dfb53b38b15ee01ffce120e9fd3e43
Author: Günther Deschner <gd at samba.org>
Date: Thu Jun 5 16:26:10 2008 +0200
net: fix joining w2k domains in "security = ads".
This repairs the join verification code which needs to try an anonymous
connection (as an authenticated connection will always fail with
NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT).
Guenther
-----------------------------------------------------------------------
Summary of changes:
source/utils/net.c | 61 ++++++++++++++++++++++++------------------
source/utils/net_rpc_join.c | 6 +---
2 files changed, 36 insertions(+), 31 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/utils/net.c b/source/utils/net.c
index 5a81edb..d8ea462 100644
--- a/source/utils/net.c
+++ b/source/utils/net.c
@@ -181,27 +181,30 @@ NTSTATUS connect_to_service(struct cli_state **c, struct in_addr *server_ip,
opt_user_name, opt_workgroup,
opt_password, 0, Undefined, NULL);
- if (NT_STATUS_IS_OK(nt_status)) {
+ if (NT_STATUS_IS_OK(nt_status) ||
+ NT_STATUS_EQUAL(nt_status, NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT) ||
+ NT_STATUS_EQUAL(nt_status, NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT) ||
+ NT_STATUS_EQUAL(nt_status, NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT)) {
return nt_status;
- } else {
- d_fprintf(stderr, "Could not connect to server %s\n", server_name);
+ }
- /* Display a nicer message depending on the result */
+ d_fprintf(stderr, "Could not connect to server %s\n", server_name);
- if (NT_STATUS_V(nt_status) ==
- NT_STATUS_V(NT_STATUS_LOGON_FAILURE))
- d_fprintf(stderr, "The username or password was not correct.\n");
+ /* Display a nicer message depending on the result */
- if (NT_STATUS_V(nt_status) ==
- NT_STATUS_V(NT_STATUS_ACCOUNT_LOCKED_OUT))
- d_fprintf(stderr, "The account was locked out.\n");
+ if (NT_STATUS_V(nt_status) ==
+ NT_STATUS_V(NT_STATUS_LOGON_FAILURE))
+ d_fprintf(stderr, "The username or password was not correct.\n");
- if (NT_STATUS_V(nt_status) ==
- NT_STATUS_V(NT_STATUS_ACCOUNT_DISABLED))
- d_fprintf(stderr, "The account was disabled.\n");
+ if (NT_STATUS_V(nt_status) ==
+ NT_STATUS_V(NT_STATUS_ACCOUNT_LOCKED_OUT))
+ d_fprintf(stderr, "The account was locked out.\n");
- return nt_status;
- }
+ if (NT_STATUS_V(nt_status) ==
+ NT_STATUS_V(NT_STATUS_ACCOUNT_DISABLED))
+ d_fprintf(stderr, "The account was disabled.\n");
+
+ return nt_status;
}
@@ -481,7 +484,7 @@ struct cli_state *net_make_ipc_connection_ex( const char *domain, const char *se
char *server_name = NULL;
struct in_addr server_ip;
struct cli_state *cli = NULL;
- NTSTATUS nt_status;
+ NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
if ( !server || !ip ) {
if (!net_find_server(domain, flags, &server_ip, &server_name)) {
@@ -493,25 +496,31 @@ struct cli_state *net_make_ipc_connection_ex( const char *domain, const char *se
server_ip = *ip;
}
+ if (opt_user_name && opt_password) {
+ nt_status = connect_to_ipc(&cli, &server_ip, server_name);
+ if (NT_STATUS_IS_OK(nt_status)) {
+ goto connected;
+ }
+ }
if (flags & NET_FLAGS_ANONYMOUS) {
nt_status = connect_to_ipc_anonymous(&cli, &server_ip, server_name);
- } else {
- nt_status = connect_to_ipc(&cli, &server_ip, server_name);
+ if (NT_STATUS_IS_OK(nt_status)) {
+ goto connected;
+ }
}
+ SAFE_FREE(server_name);
+ d_fprintf(stderr, "Connection failed: %s\n",
+ nt_errstr(nt_status));
+ return NULL;
+
+ connected:
/* store the server in the affinity cache if it was a PDC */
if ( (flags & NET_FLAGS_PDC) && NT_STATUS_IS_OK(nt_status) )
saf_store( cli->server_domain, cli->desthost );
- SAFE_FREE(server_name);
- if (NT_STATUS_IS_OK(nt_status)) {
- return cli;
- } else {
- d_fprintf(stderr, "Connection failed: %s\n",
- nt_errstr(nt_status));
- return NULL;
- }
+ return cli;
}
static int net_user(int argc, const char **argv)
diff --git a/source/utils/net_rpc_join.c b/source/utils/net_rpc_join.c
index 63e77b3..361a319 100644
--- a/source/utils/net_rpc_join.c
+++ b/source/utils/net_rpc_join.c
@@ -45,7 +45,7 @@ int net_rpc_join_ok(const char *domain, const char *server, struct in_addr *ip )
{
uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
enum security_types sec;
- unsigned int conn_flags = NET_FLAGS_PDC;
+ unsigned int conn_flags = NET_FLAGS_PDC | NET_FLAGS_ANONYMOUS;
struct cli_state *cli = NULL;
struct rpc_pipe_client *pipe_hnd = NULL;
struct rpc_pipe_client *netlogon_pipe = NULL;
@@ -58,10 +58,6 @@ int net_rpc_join_ok(const char *domain, const char *server, struct in_addr *ip )
connection here, as it may be denied by server's local policy. */
net_use_machine_account();
- } else {
- /* some servers (e.g. WinNT) don't accept machine-authenticated
- smb connections */
- conn_flags |= NET_FLAGS_ANONYMOUS;
}
/* Connect to remote machine */
--
Samba Shared Repository
More information about the samba-cvs
mailing list