summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2011-12-23 15:22:06 +0100
committerAndreas Schneider <asn@samba.org>2012-07-17 10:58:38 +0200
commite7c7a911302fa6c3df70303a529e0ba362f9e838 (patch)
tree69a13328587b2f69515c3074b2b42c97ca9ce854
parentdb33ef7be9ab588e8bb213f6fa1ab9fac8553af0 (diff)
downloadsamba-e7c7a911302fa6c3df70303a529e0ba362f9e838.tar.gz
samba-e7c7a911302fa6c3df70303a529e0ba362f9e838.tar.bz2
samba-e7c7a911302fa6c3df70303a529e0ba362f9e838.zip
s4:librpc/rpc/dcerpc_schannel: rework downgrade logic
metze Signed-off-by: Günther Deschner <gd@samba.org>
-rw-r--r--source4/librpc/rpc/dcerpc_schannel.c43
1 files changed, 38 insertions, 5 deletions
diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c
index 335c34ca35..1655e6bad0 100644
--- a/source4/librpc/rpc/dcerpc_schannel.c
+++ b/source4/librpc/rpc/dcerpc_schannel.c
@@ -221,15 +221,48 @@ static void continue_srv_auth2(struct tevent_req *subreq)
TALLOC_FREE(subreq);
if (!composite_is_ok(c)) return;
+ if (!NT_STATUS_EQUAL(s->a.out.result, NT_STATUS_ACCESS_DENIED) &&
+ !NT_STATUS_IS_OK(s->a.out.result)) {
+ composite_error(c, s->a.out.result);
+ return;
+ }
+
/*
* Strong keys could be unsupported (NT4) or disables. So retry with the
* flags returned by the server. - asn
*/
- if (NT_STATUS_EQUAL(s->a.out.result, NT_STATUS_ACCESS_DENIED) &&
- s->dcerpc_schannel_auto &&
- (s->local_negotiate_flags & NETLOGON_NEG_STRONG_KEYS)) {
- DEBUG(3, ("Server doesn't support strong keys, "
- "downgrade and retry!\n"));
+ if (NT_STATUS_EQUAL(s->a.out.result, NT_STATUS_ACCESS_DENIED)) {
+ uint32_t lf = s->local_negotiate_flags;
+ const char *ln = NULL;
+ uint32_t rf = s->remote_negotiate_flags;
+ const char *rn = NULL;
+
+ if (!s->dcerpc_schannel_auto) {
+ composite_error(c, s->a.out.result);
+ return;
+ }
+ s->dcerpc_schannel_auto = false;
+
+ if (lf & NETLOGON_NEG_STRONG_KEYS) {
+ ln = "strong";
+ if (rf & NETLOGON_NEG_STRONG_KEYS) {
+ composite_error(c, s->a.out.result);
+ return;
+ }
+ } else {
+ ln = "des";
+ }
+
+ if (rf & NETLOGON_NEG_STRONG_KEYS) {
+ rn = "strong";
+ } else {
+ rn = "des";
+ }
+
+ DEBUG(3, ("Server doesn't support %s keys, downgrade to %s"
+ "and retry! local[0x%08X] remote[0x%08X]\n",
+ ln, rn, lf, rf));
+
s->local_negotiate_flags = s->remote_negotiate_flags;
generate_random_buffer(s->credentials1.data,