summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2005-07-27 17:30:23 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 11:00:17 -0500
commitba43b128e2692024f02425ed08ae3681168a245d (patch)
tree8b1668626f081320f2ad468278955f62a18aad70
parent880d62843afd52c2e4bdf66e9e8218823445e109 (diff)
downloadsamba-ba43b128e2692024f02425ed08ae3681168a245d.tar.gz
samba-ba43b128e2692024f02425ed08ae3681168a245d.tar.bz2
samba-ba43b128e2692024f02425ed08ae3681168a245d.zip
r8799: disabling schannel on samr and lsa until I figure out
the latest MS changes in 2003 sp1 and 2004 sp4 sr1 (This used to be commit 7588c32baa50994bdc6e351d79da3edff1fdc876)
-rw-r--r--source3/nsswitch/winbindd_cm.c24
1 files changed, 15 insertions, 9 deletions
diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c
index d4022a8455..e6eeba63d5 100644
--- a/source3/nsswitch/winbindd_cm.c
+++ b/source3/nsswitch/winbindd_cm.c
@@ -64,8 +64,17 @@
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
-/* Global list of connections. Initially a DLIST but can become a hash
- table or whatever later. */
+
+/******************************************************************
+ Disabling schannl on the LSA pipe for now since
+ both Win2K-SP4 SR1 & Win2K3-SP1 fail the open_policy()
+ call (return codes 0xc0020042 and 0xc0020041 respectively).
+ We really need to fix this soon. Had to disable on the
+ SAMR pipe as well for now. --jerry
+******************************************************************/
+
+#define DISABLE_SCHANNEL_WIN2K3_SP1 1
+
/* Choose between anonymous or authenticated connections. We need to use
an authenticated connection if DCs have the RestrictAnonymous registry
@@ -984,6 +993,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
conn = &domain->conn;
if (conn->samr_pipe == NULL) {
+#ifdef DISABLE_SCHANNEL_WIN2K3_SP1
unsigned char *session_key;
if (cm_get_schannel_key(domain, mem_ctx, &session_key))
@@ -992,6 +1002,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
session_key,
domain->name);
else
+#endif /* DISABLE_SCHANNEL_WIN2K3_SP1 */
conn->samr_pipe = cli_rpc_open_noauth(conn->cli,
PI_SAMR);
@@ -1038,12 +1049,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
conn = &domain->conn;
if (conn->lsa_pipe == NULL) {
-#if 0
- /* disabling schannl on the LSA pipe for now since
- both Win2K-SP4 SR1 & Win2K3-SP1 fail the open_policy()
- call (return codes 0xc0020042 and 0xc0020041 respectively).
- We really need to fix this soon. --jerry */
-
+#ifdef DISABLE_SCHANNEL_WIN2K3_SP1
unsigned char *session_key;
if (cm_get_schannel_key(domain, mem_ctx, &session_key))
@@ -1052,7 +1058,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
session_key,
domain->name);
else
-#endif
+#endif /* DISABLE_SCHANNEL_WIN2K3_SP1 */
conn->lsa_pipe = cli_rpc_open_noauth(conn->cli,
PI_LSARPC);