bug in cm_prepare_connection
Jeremy Allison
jra at samba.org
Wed Aug 8 23:41:25 GMT 2007
On Wed, Aug 08, 2007 at 04:28:52PM -0700, Herb Lewis wrote:
> I am seeing the following error in the function cm_prepare_connection.
> This is samba-3.0.25b running in security=domain mode.
>
> in the case where the code states
>
> /* Fall back to non-kerberos session setup using NTLMSSP SPNEGO with the
> machine account. */
>
> I am getting an error (depending on which DC winbindd tries to contact)
> "authenticated session setup failed with Must change password"
>
> This leaves the vuid entry in the cli_state structure nonzero as
> returned by the failed cli_session_setup_spnego. When we then try
> to authenticate as the user in cli_session_setup this returns an
> error "Bad userid" (as seen in wireshark). If I zero the vuid before
> calling cli_session_setup then it works.
We should only leave cli->vuid != 0 on success. Looks like it's
getting set in the cli_session_setup_blob_receive() call and not
cleared again on error. I think this is the correct patch. Can you
let me know before I commit ?
Cheers,
Jeremy.
-------------- next part --------------
Index: libsmb/cliconnect.c
===================================================================
--- libsmb/cliconnect.c (revision 24277)
+++ libsmb/cliconnect.c (working copy)
@@ -584,6 +584,7 @@
NT_STATUS_MORE_PROCESSING_REQUIRED)) {
DEBUG(0, ("cli_session_setup_blob: recieve failed (%s)\n",
nt_errstr(cli_get_nt_error(cli)) ));
+ cli->vuid = 0;
return False;
}
}
@@ -770,6 +771,9 @@
ntlmssp_end(&ntlmssp_state);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ cli->vuid = 0;
+ }
return nt_status;
}
More information about the samba-technical
mailing list