summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2010-09-22 06:23:17 +0200
committerStefan Metzmacher <metze@samba.org>2010-09-26 09:40:36 +0200
commit80f8419ef25baa7b2f6d78469084a2ee80296fa1 (patch)
tree93c51ded9b47a63bfada6f476e44cb4db78cced7
parent7dbfeb0dc040889244a1110940af2d070f823374 (diff)
downloadsamba-80f8419ef25baa7b2f6d78469084a2ee80296fa1.tar.gz
samba-80f8419ef25baa7b2f6d78469084a2ee80296fa1.tar.bz2
samba-80f8419ef25baa7b2f6d78469084a2ee80296fa1.zip
s4:schannel: handle move flag combinations in the server
This fixes some testsuites in the CIFS plugfest. metze
-rw-r--r--source4/auth/gensec/schannel.c36
1 files changed, 23 insertions, 13 deletions
diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c
index 6f508b4a9d..56e88556e3 100644
--- a/source4/auth/gensec/schannel.c
+++ b/source4/auth/gensec/schannel.c
@@ -52,7 +52,6 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
struct netlogon_creds_CredentialState *creds;
const char *workstation;
const char *domain;
- uint32_t required_flags;
*out = data_blob(NULL, 0);
@@ -101,9 +100,6 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
return NT_STATUS_MORE_PROCESSING_REQUIRED;
case GENSEC_SERVER:
- required_flags = NL_FLAG_OEM_NETBIOS_COMPUTER_NAME |
- NL_FLAG_OEM_NETBIOS_DOMAIN_NAME;
-
if (state->state != SCHANNEL_STATE_START) {
/* no third leg on this protocol */
return NT_STATUS_INVALID_PARAMETER;
@@ -119,17 +115,31 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
return status;
}
- if (!(required_flags == (bind_schannel.Flags & required_flags))) {
- return NT_STATUS_INVALID_PARAMETER;
+ if (bind_schannel.Flags & NL_FLAG_OEM_NETBIOS_DOMAIN_NAME) {
+ domain = bind_schannel.oem_netbios_domain.a;
+ if (strcasecmp_m(domain, lpcfg_workgroup(gensec_security->settings->lp_ctx)) != 0) {
+ DEBUG(3, ("Request for schannel to incorrect domain: %s != our domain %s\n",
+ domain, lpcfg_workgroup(gensec_security->settings->lp_ctx)));
+ return NT_STATUS_LOGON_FAILURE;
+ }
+ } else if (bind_schannel.Flags & NL_FLAG_UTF8_DNS_DOMAIN_NAME) {
+ domain = bind_schannel.utf8_dns_domain.u;
+ if (strcasecmp_m(domain, lpcfg_dnsdomain(gensec_security->settings->lp_ctx)) != 0) {
+ DEBUG(3, ("Request for schannel to incorrect domain: %s != our domain %s\n",
+ domain, lpcfg_dnsdomain(gensec_security->settings->lp_ctx)));
+ return NT_STATUS_LOGON_FAILURE;
+ }
+ } else {
+ DEBUG(3, ("Request for schannel to without domain\n"));
+ return NT_STATUS_LOGON_FAILURE;
}
- workstation = bind_schannel.oem_netbios_computer.a;
- domain = bind_schannel.oem_netbios_domain.a;
-
- if (strcasecmp_m(domain, lpcfg_workgroup(gensec_security->settings->lp_ctx)) != 0) {
- DEBUG(3, ("Request for schannel to incorrect domain: %s != our domain %s\n",
- domain, lpcfg_workgroup(gensec_security->settings->lp_ctx)));
-
+ if (bind_schannel.Flags & NL_FLAG_OEM_NETBIOS_COMPUTER_NAME) {
+ workstation = bind_schannel.oem_netbios_computer.a;
+ } else if (bind_schannel.Flags & NL_FLAG_UTF8_NETBIOS_COMPUTER_NAME) {
+ workstation = bind_schannel.utf8_netbios_computer.u;
+ } else {
+ DEBUG(3, ("Request for schannel to without netbios workstation\n"));
return NT_STATUS_LOGON_FAILURE;
}