winbindd_schanel.patch
Gerald (Jerry) Carter
jerry at samba.org
Fri Feb 20 15:17:44 GMT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Tridge,
I'm going to check this into 3.0/head unless you are still
working on it. My tests ran ok and we should get some
more extensive testing before thej next release.
If I don't hear back in a day, i'll assume its ok.
cheers, jerry
- ----------------------------------------------------------------------
Hewlett-Packard ------------------------- http://www.hp.com
SAMBA Team ---------------------- http://www.samba.org
GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song" --Switchfoot (2003)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFANiUYIR7qMdg1EfYRAqndAJsHcYOOz6zfNZwL1Er1VKOcy+yzMQCggYTg
LN79YjarnzZWxupj0gcD9mc=
=bHDo
-----END PGP SIGNATURE-----
-------------- next part --------------
Index: nsswitch/winbindd_cm.c
===================================================================
RCS file: /home/cvs/samba/source/nsswitch/winbindd_cm.c,v
retrieving revision 1.31.2.50
diff -u -u -r1.31.2.50 winbindd_cm.c
--- nsswitch/winbindd_cm.c 15 Jan 2004 06:55:10 -0000 1.31.2.50
+++ nsswitch/winbindd_cm.c 2 Feb 2004 06:16:44 -0000
@@ -111,6 +111,28 @@
}
}
+/*
+ setup for schannel on any pipes opened on this connection
+*/
+static NTSTATUS setup_schannel(struct cli_state *cli)
+{
+ NTSTATUS ret;
+ uchar trust_password[16];
+ uint32 sec_channel_type;
+
+ if (!secrets_fetch_trust_account_password(lp_workgroup(),
+ trust_password,
+ NULL, &sec_channel_type)) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ ret = cli_nt_setup_netsec(cli, sec_channel_type,
+ AUTH_PIPE_NETSEC | AUTH_PIPE_SIGN,
+ trust_password);
+
+ return ret;
+}
+
/* Open a connction to the remote server, cache failures for 30 seconds */
static NTSTATUS cm_open_connection(const struct winbindd_domain *domain, const int pipe_index,
@@ -254,6 +276,18 @@
if (NT_STATUS_IS_OK(result))
break;
+ }
+
+ /* try and use schannel if possible, but continue anyway if it
+ failed. This allows existing setups to continue working,
+ while solving the win2003 '100 user' limit for systems that
+ are joined properly */
+ if (NT_STATUS_IS_OK(result)) {
+ NTSTATUS status = setup_schannel(new_conn->cli);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(3,("schannel refused - continuing without schannel (%s)\n",
+ nt_errstr(status)));
+ }
}
SAFE_FREE(ipc_username);
More information about the samba-technical
mailing list