diff options
author | Gerald Carter <jerry@samba.org> | 2005-07-27 17:30:23 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:00:17 -0500 |
commit | ba43b128e2692024f02425ed08ae3681168a245d (patch) | |
tree | 8b1668626f081320f2ad468278955f62a18aad70 | |
parent | 880d62843afd52c2e4bdf66e9e8218823445e109 (diff) | |
download | samba-ba43b128e2692024f02425ed08ae3681168a245d.tar.gz samba-ba43b128e2692024f02425ed08ae3681168a245d.tar.bz2 samba-ba43b128e2692024f02425ed08ae3681168a245d.zip |
r8799: disabling schannel on samr and lsa until I figure out
the latest MS changes in 2003 sp1 and 2004 sp4 sr1
(This used to be commit 7588c32baa50994bdc6e351d79da3edff1fdc876)
-rw-r--r-- | source3/nsswitch/winbindd_cm.c | 24 |
1 files changed, 15 insertions, 9 deletions
diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c index d4022a8455..e6eeba63d5 100644 --- a/source3/nsswitch/winbindd_cm.c +++ b/source3/nsswitch/winbindd_cm.c @@ -64,8 +64,17 @@ #undef DBGC_CLASS #define DBGC_CLASS DBGC_WINBIND -/* Global list of connections. Initially a DLIST but can become a hash - table or whatever later. */ + +/****************************************************************** + Disabling schannl on the LSA pipe for now since + both Win2K-SP4 SR1 & Win2K3-SP1 fail the open_policy() + call (return codes 0xc0020042 and 0xc0020041 respectively). + We really need to fix this soon. Had to disable on the + SAMR pipe as well for now. --jerry +******************************************************************/ + +#define DISABLE_SCHANNEL_WIN2K3_SP1 1 + /* Choose between anonymous or authenticated connections. We need to use an authenticated connection if DCs have the RestrictAnonymous registry @@ -984,6 +993,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, conn = &domain->conn; if (conn->samr_pipe == NULL) { +#ifdef DISABLE_SCHANNEL_WIN2K3_SP1 unsigned char *session_key; if (cm_get_schannel_key(domain, mem_ctx, &session_key)) @@ -992,6 +1002,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, session_key, domain->name); else +#endif /* DISABLE_SCHANNEL_WIN2K3_SP1 */ conn->samr_pipe = cli_rpc_open_noauth(conn->cli, PI_SAMR); @@ -1038,12 +1049,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, conn = &domain->conn; if (conn->lsa_pipe == NULL) { -#if 0 - /* disabling schannl on the LSA pipe for now since - both Win2K-SP4 SR1 & Win2K3-SP1 fail the open_policy() - call (return codes 0xc0020042 and 0xc0020041 respectively). - We really need to fix this soon. --jerry */ - +#ifdef DISABLE_SCHANNEL_WIN2K3_SP1 unsigned char *session_key; if (cm_get_schannel_key(domain, mem_ctx, &session_key)) @@ -1052,7 +1058,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, session_key, domain->name); else -#endif +#endif /* DISABLE_SCHANNEL_WIN2K3_SP1 */ conn->lsa_pipe = cli_rpc_open_noauth(conn->cli, PI_LSARPC); |