summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2004-08-23 05:51:38 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:58:15 -0500
commitaca6a1e1ee46fea49a5290613347d2f1d4b235c8 (patch)
tree80ec3511d9d0758e556c78af67718e48c4c7a1a2
parent0e5260c4f5defecce814243df18c0ab36dd7387b (diff)
downloadsamba-aca6a1e1ee46fea49a5290613347d2f1d4b235c8.tar.gz
samba-aca6a1e1ee46fea49a5290613347d2f1d4b235c8.tar.bz2
samba-aca6a1e1ee46fea49a5290613347d2f1d4b235c8.zip
r1993: Allow WinXP domain logon to progress a bit further (it seems broken for me).
Fix indent, and add a few more useful debug messages. Send a fault, if the bind is not accepted - don't just leave the client hanging. Andrew Bartlett (This used to be commit 486215edc1148ad754632be37760dc0d38b0340d)
-rw-r--r--source4/librpc/rpc/dcerpc_schannel.c7
-rw-r--r--source4/rpc_server/dcerpc_server.c8
-rw-r--r--source4/rpc_server/netlogon/dcerpc_netlogon.c13
3 files changed, 16 insertions, 12 deletions
diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c
index bf5d835d44..b3d7048501 100644
--- a/source4/librpc/rpc/dcerpc_schannel.c
+++ b/source4/librpc/rpc/dcerpc_schannel.c
@@ -101,6 +101,7 @@ static NTSTATUS dcerpc_schannel_update(struct gensec_security *gensec_security,
struct schannel_bind bind_schannel;
struct schannel_bind_ack bind_schannel_ack;
const char *account_name;
+ *out = data_blob(NULL, 0);
switch (gensec_security->gensec_role) {
case GENSEC_CLIENT:
@@ -138,7 +139,7 @@ static NTSTATUS dcerpc_schannel_update(struct gensec_security *gensec_security,
if (dce_schan_state->state != DCERPC_SCHANNEL_STATE_START) {
/* no third leg on this protocol */
- return NT_STATUS_OK;
+ return NT_STATUS_INVALID_PARAMETER;
}
/* parse the schannel startup blob */
@@ -187,7 +188,7 @@ static NTSTATUS dcerpc_schannel_update(struct gensec_security *gensec_security,
dce_schan_state->state = DCERPC_SCHANNEL_STATE_UPDATE_1;
- return NT_STATUS_MORE_PROCESSING_REQUIRED;
+ return NT_STATUS_OK;
}
return NT_STATUS_INVALID_PARAMETER;
}
@@ -244,7 +245,7 @@ NTSTATUS dcerpc_schannel_creds(struct gensec_security *gensec_security,
struct dcerpc_schannel_state *dce_schan_state = gensec_security->private_data;
*creds = talloc_p(mem_ctx, struct creds_CredentialState);
- if (*creds) {
+ if (!*creds) {
return NT_STATUS_NO_MEMORY;
}
diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c
index ab61ba3911..c243d7e4f9 100644
--- a/source4/rpc_server/dcerpc_server.c
+++ b/source4/rpc_server/dcerpc_server.c
@@ -100,7 +100,7 @@ static const struct dcesrv_interface *find_interface(const struct dcesrv_endpoin
see if a uuid and if_version match to an interface
*/
static BOOL interface_match_by_uuid(const struct dcesrv_interface *iface,
- const char *uuid, uint32_t if_version)
+ const char *uuid, uint32_t if_version)
{
if (iface->ndr->if_version != if_version) {
return False;
@@ -117,7 +117,7 @@ static BOOL interface_match_by_uuid(const struct dcesrv_interface *iface,
find the interface operations on an endpoint by uuid
*/
static const struct dcesrv_interface *find_interface_by_uuid(const struct dcesrv_endpoint *endpoint,
- const char *uuid, uint32_t if_version)
+ const char *uuid, uint32_t if_version)
{
struct dcesrv_if_list *ifl;
for (ifl=endpoint->interface_list; ifl; ifl=ifl->next) {
@@ -509,8 +509,8 @@ static NTSTATUS dcesrv_bind(struct dcesrv_call_state *call)
if (call->conn->iface) {
status = call->conn->iface->bind(call, call->conn->iface);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(2,("Request for dcerpc interface %s/%d rejected\n", uuid, if_version));
- return status;
+ DEBUG(2,("Request for dcerpc interface %s/%d rejected: %s\n", uuid, if_version, nt_errstr(status)));
+ return dcesrv_bind_nak(call, 0);
}
}
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index d01c0c577b..b58a33ded1 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -53,6 +53,7 @@ static NTSTATUS netlogon_schannel_setup(struct dcesrv_call_state *dce_call)
state = talloc_p(mem_ctx, struct server_pipe_state);
if (state == NULL) {
talloc_destroy(mem_ctx);
+ return NT_STATUS_NO_MEMORY;
}
ZERO_STRUCTP(state);
state->mem_ctx = mem_ctx;
@@ -60,6 +61,7 @@ static NTSTATUS netlogon_schannel_setup(struct dcesrv_call_state *dce_call)
if (dce_call->conn->auth_state.session_info == NULL) {
talloc_destroy(mem_ctx);
+ smb_panic("No session info provided by schannel level setup!");
return NT_STATUS_NO_USER_SESSION_KEY;
}
@@ -68,6 +70,7 @@ static NTSTATUS netlogon_schannel_setup(struct dcesrv_call_state *dce_call)
&state->creds);
if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(3, ("getting schannel credentials failed with %s\n", nt_errstr(status)));
talloc_destroy(mem_ctx);
return status;
}
@@ -89,8 +92,11 @@ static NTSTATUS netlogon_bind(struct dcesrv_call_state *dce_call, const struct d
dce_call->conn->auth_state.auth_info->auth_type == DCERPC_AUTH_TYPE_SCHANNEL) {
NTSTATUS status;
+ DEBUG(5, ("schannel bind on netlogon\n"));
+
status = netlogon_schannel_setup(dce_call);
if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(3, ("schannel bind on netlogon failed with %s\n", nt_errstr(status)));
return status;
}
}
@@ -190,16 +196,16 @@ static NTSTATUS netr_ServerAuthenticate3(struct dcesrv_call_state *dce_call, TAL
"(&(sAMAccountName=%s)(objectclass=user))",
r->in.account_name);
+ samdb_close(sam_ctx);
+
if (num_records == 0) {
DEBUG(3,("Couldn't find user [%s] in samdb.\n",
r->in.account_name));
- samdb_close(sam_ctx);
return NT_STATUS_NO_SUCH_USER;
}
if (num_records > 1) {
DEBUG(0,("Found %d records matching user [%s]\n", num_records, r->in.account_name));
- samdb_close(sam_ctx);
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
@@ -239,12 +245,9 @@ static NTSTATUS netr_ServerAuthenticate3(struct dcesrv_call_state *dce_call, TAL
nt_status = samdb_result_passwords(mem_ctx, msgs[0], NULL, &mach_pwd);
if (!NT_STATUS_IS_OK(nt_status) || mach_pwd == NULL) {
- samdb_close(sam_ctx);
return NT_STATUS_ACCESS_DENIED;
}
- samdb_close(sam_ctx);
-
if (!pipe_state->creds) {
pipe_state->creds = talloc_p(pipe_state->mem_ctx, struct creds_CredentialState);
if (!pipe_state->creds) {