bug in cm_prepare_connection

Wed Aug 8 23:41:25 GMT 2007

On Wed, Aug 08, 2007 at 04:28:52PM -0700, Herb Lewis wrote:
> I am seeing the following error in the function cm_prepare_connection.
> This is samba-3.0.25b running in security=domain mode.
> 
> in the case where the code states
> 
> /* Fall back to non-kerberos session setup using NTLMSSP SPNEGO with the 
> machine account. */
> 
> I am getting an error (depending on which DC winbindd tries to contact)
> "authenticated session setup failed with Must change password"
> 
> This leaves the vuid entry in the cli_state structure nonzero as
> returned by the failed cli_session_setup_spnego. When we then try
> to authenticate as the user in cli_session_setup this returns an
> error "Bad userid" (as seen in wireshark). If I zero the vuid before
> calling cli_session_setup then it works.

We should only leave cli->vuid != 0 on success. Looks like it's
getting set in the cli_session_setup_blob_receive() call and not
cleared again on error. I think this is the correct patch. Can you
let me know before I commit ?

Cheers,

	Jeremy.
-------------- next part --------------
Index: libsmb/cliconnect.c
===================================================================

--- libsmb/cliconnect.c	(revision 24277)
+++ libsmb/cliconnect.c	(working copy)
@@ -584,6 +584,7 @@
 					NT_STATUS_MORE_PROCESSING_REQUIRED)) {
 			DEBUG(0, ("cli_session_setup_blob: recieve failed (%s)\n",
 				nt_errstr(cli_get_nt_error(cli)) ));
+			cli->vuid = 0;
 			return False;
 		}
 	}
@@ -770,6 +771,9 @@
 
 	ntlmssp_end(&ntlmssp_state);
 
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		cli->vuid = 0;
+	}
 	return nt_status;
 }
 
