[SCM] Samba Shared Repository - branch v3-0-test updated - release-3-0-29-27-g52f916c

Günther Deschner gd at samba.org
Thu Jun 5 20:28:51 GMT 2008 

The branch, v3-0-test has been updated
       via  52f916c611dfb53b38b15ee01ffce120e9fd3e43 (commit)
      from  7fdb5eb6d7dd42fa036edf216d66fea582b6a3f4 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-0-test


- Log -----------------------------------------------------------------
commit 52f916c611dfb53b38b15ee01ffce120e9fd3e43
Author: Günther Deschner <gd at samba.org>
Date:   Thu Jun 5 16:26:10 2008 +0200

    net: fix joining w2k domains in "security = ads".
    
    This repairs the join verification code which needs to try an anonymous
    connection (as an authenticated connection will always fail with
    NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT).
    
    Guenther

-----------------------------------------------------------------------

Summary of changes:
 source/utils/net.c          |   61 ++++++++++++++++++++++++------------------
 source/utils/net_rpc_join.c |    6 +---
 2 files changed, 36 insertions(+), 31 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/utils/net.c b/source/utils/net.c
index 5a81edb..d8ea462 100644
--- a/source/utils/net.c
+++ b/source/utils/net.c
@@ -181,27 +181,30 @@ NTSTATUS connect_to_service(struct cli_state **c, struct in_addr *server_ip,
 					opt_user_name, opt_workgroup,
 					opt_password, 0, Undefined, NULL);
 
-	if (NT_STATUS_IS_OK(nt_status)) {
+	if (NT_STATUS_IS_OK(nt_status) ||
+	    NT_STATUS_EQUAL(nt_status, NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT) ||
+	    NT_STATUS_EQUAL(nt_status, NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT) ||
+	    NT_STATUS_EQUAL(nt_status, NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT)) {
 		return nt_status;
-	} else {
-		d_fprintf(stderr, "Could not connect to server %s\n", server_name);
+	}
 
-		/* Display a nicer message depending on the result */
+	d_fprintf(stderr, "Could not connect to server %s\n", server_name);
 
-		if (NT_STATUS_V(nt_status) == 
-		    NT_STATUS_V(NT_STATUS_LOGON_FAILURE))
-			d_fprintf(stderr, "The username or password was not correct.\n");
+	/* Display a nicer message depending on the result */
 
-		if (NT_STATUS_V(nt_status) == 
-		    NT_STATUS_V(NT_STATUS_ACCOUNT_LOCKED_OUT))
-			d_fprintf(stderr, "The account was locked out.\n");
+	if (NT_STATUS_V(nt_status) ==
+	    NT_STATUS_V(NT_STATUS_LOGON_FAILURE))
+		d_fprintf(stderr, "The username or password was not correct.\n");
 
-		if (NT_STATUS_V(nt_status) == 
-		    NT_STATUS_V(NT_STATUS_ACCOUNT_DISABLED))
-			d_fprintf(stderr, "The account was disabled.\n");
+	if (NT_STATUS_V(nt_status) ==
+	    NT_STATUS_V(NT_STATUS_ACCOUNT_LOCKED_OUT))
+		d_fprintf(stderr, "The account was locked out.\n");
 
-		return nt_status;
-	}
+	if (NT_STATUS_V(nt_status) ==
+	    NT_STATUS_V(NT_STATUS_ACCOUNT_DISABLED))
+		d_fprintf(stderr, "The account was disabled.\n");
+
+	return nt_status;
 }
 
 
@@ -481,7 +484,7 @@ struct cli_state *net_make_ipc_connection_ex( const char *domain, const char *se
 	char *server_name = NULL;
 	struct in_addr server_ip;
 	struct cli_state *cli = NULL;
-	NTSTATUS nt_status;
+	NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
 
 	if ( !server || !ip ) {
 		if (!net_find_server(domain, flags, &server_ip, &server_name)) {
@@ -493,25 +496,31 @@ struct cli_state *net_make_ipc_connection_ex( const char *domain, const char *se
 		server_ip = *ip;
 	}
 
+	if (opt_user_name && opt_password) {
+		nt_status = connect_to_ipc(&cli, &server_ip, server_name);
+		if (NT_STATUS_IS_OK(nt_status)) {
+			goto connected;
+		}
+	}
 	if (flags & NET_FLAGS_ANONYMOUS) {
 		nt_status = connect_to_ipc_anonymous(&cli, &server_ip, server_name);
-	} else {
-		nt_status = connect_to_ipc(&cli, &server_ip, server_name);
+		if (NT_STATUS_IS_OK(nt_status)) {
+			goto connected;
+		}
 	}
 
+	SAFE_FREE(server_name);
+	d_fprintf(stderr, "Connection failed: %s\n",
+		  nt_errstr(nt_status));
+	return NULL;
+
+ connected:
 	/* store the server in the affinity cache if it was a PDC */
 
 	if ( (flags & NET_FLAGS_PDC) && NT_STATUS_IS_OK(nt_status) )
 		saf_store( cli->server_domain, cli->desthost );
 
-	SAFE_FREE(server_name);
-	if (NT_STATUS_IS_OK(nt_status)) {
-		return cli;
-	} else {
-		d_fprintf(stderr, "Connection failed: %s\n",
-			  nt_errstr(nt_status));
-		return NULL;
-	}
+	return cli;
 }
 
 static int net_user(int argc, const char **argv)
diff --git a/source/utils/net_rpc_join.c b/source/utils/net_rpc_join.c
index 63e77b3..361a319 100644
--- a/source/utils/net_rpc_join.c
+++ b/source/utils/net_rpc_join.c
@@ -45,7 +45,7 @@ int net_rpc_join_ok(const char *domain, const char *server, struct in_addr *ip )
 {
 	uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
 	enum security_types sec;
-	unsigned int conn_flags = NET_FLAGS_PDC;
+	unsigned int conn_flags = NET_FLAGS_PDC | NET_FLAGS_ANONYMOUS;
 	struct cli_state *cli = NULL;
 	struct rpc_pipe_client *pipe_hnd = NULL;
 	struct rpc_pipe_client *netlogon_pipe = NULL;
@@ -58,10 +58,6 @@ int net_rpc_join_ok(const char *domain, const char *server, struct in_addr *ip )
 		   connection here, as it may be denied by server's local policy. */
 		net_use_machine_account();
 
-	} else {
-		/* some servers (e.g. WinNT) don't accept machine-authenticated
-		   smb connections */
-		conn_flags |= NET_FLAGS_ANONYMOUS;
 	}
 
 	/* Connect to remote machine */


-- 
Samba Shared Repository

More information about the samba-cvs mailing list