[SCM] Samba Shared Repository - branch master updated

[Stefan Metzmacher]

The branch, master has been updated
       via  80f8419 s4:schannel: handle move flag combinations in the server
      from  7dbfeb0 s4-auth: fixed the SID list for DCs in the PAC

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 80f8419ef25baa7b2f6d78469084a2ee80296fa1
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Sep 22 06:23:17 2010 +0200

    s4:schannel: handle move flag combinations in the server
    
    This fixes some testsuites in the CIFS plugfest.
    
    metze

-----------------------------------------------------------------------

Summary of changes:
 source4/auth/gensec/schannel.c |   36 +++++++++++++++++++++++-------------
 1 files changed, 23 insertions(+), 13 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c
index 6f508b4..56e8855 100644
--- a/source4/auth/gensec/schannel.c
+++ b/source4/auth/gensec/schannel.c
@@ -52,7 +52,6 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
 	struct netlogon_creds_CredentialState *creds;
 	const char *workstation;
 	const char *domain;
-	uint32_t required_flags;
 
 	*out = data_blob(NULL, 0);
 
@@ -101,9 +100,6 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
 		return NT_STATUS_MORE_PROCESSING_REQUIRED;
 	case GENSEC_SERVER:
 
-		required_flags = NL_FLAG_OEM_NETBIOS_COMPUTER_NAME |
-				 NL_FLAG_OEM_NETBIOS_DOMAIN_NAME;
-
 		if (state->state != SCHANNEL_STATE_START) {
 			/* no third leg on this protocol */
 			return NT_STATUS_INVALID_PARAMETER;
@@ -119,17 +115,31 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
 			return status;
 		}
 
-		if (!(required_flags == (bind_schannel.Flags & required_flags))) {
-			return NT_STATUS_INVALID_PARAMETER;
+		if (bind_schannel.Flags & NL_FLAG_OEM_NETBIOS_DOMAIN_NAME) {
+			domain = bind_schannel.oem_netbios_domain.a;
+			if (strcasecmp_m(domain, lpcfg_workgroup(gensec_security->settings->lp_ctx)) != 0) {
+				DEBUG(3, ("Request for schannel to incorrect domain: %s != our domain %s\n",
+					  domain, lpcfg_workgroup(gensec_security->settings->lp_ctx)));
+				return NT_STATUS_LOGON_FAILURE;
+			}
+		} else if (bind_schannel.Flags & NL_FLAG_UTF8_DNS_DOMAIN_NAME) {
+			domain = bind_schannel.utf8_dns_domain.u;
+			if (strcasecmp_m(domain, lpcfg_dnsdomain(gensec_security->settings->lp_ctx)) != 0) {
+				DEBUG(3, ("Request for schannel to incorrect domain: %s != our domain %s\n",
+					  domain, lpcfg_dnsdomain(gensec_security->settings->lp_ctx)));
+				return NT_STATUS_LOGON_FAILURE;
+			}
+		} else {
+			DEBUG(3, ("Request for schannel to without domain\n"));
+			return NT_STATUS_LOGON_FAILURE;
 		}
 
-		workstation = bind_schannel.oem_netbios_computer.a;
-		domain = bind_schannel.oem_netbios_domain.a;
-
-		if (strcasecmp_m(domain, lpcfg_workgroup(gensec_security->settings->lp_ctx)) != 0) {
-			DEBUG(3, ("Request for schannel to incorrect domain: %s != our domain %s\n",
-				  domain, lpcfg_workgroup(gensec_security->settings->lp_ctx)));
-
+		if (bind_schannel.Flags & NL_FLAG_OEM_NETBIOS_COMPUTER_NAME) {
+			workstation = bind_schannel.oem_netbios_computer.a;
+		} else if (bind_schannel.Flags & NL_FLAG_UTF8_NETBIOS_COMPUTER_NAME) {
+			workstation = bind_schannel.utf8_netbios_computer.u;
+		} else {
+			DEBUG(3, ("Request for schannel to without netbios workstation\n"));
 			return NT_STATUS_LOGON_FAILURE;
 		}
 


-- 
Samba Shared Repository