diff options
author | Stefan Metzmacher <metze@samba.org> | 2012-04-26 12:06:21 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2012-04-27 13:10:15 +0200 |
commit | 34ffa6175bca1cee755e454c14683b7c826dd6c7 (patch) | |
tree | d9e27366d6d25b8e0525b9ed94ee6fad1b5c0d43 | |
parent | b3a3c50eb8ebfe2cc1fa602cb9680e4aa3f083cd (diff) | |
download | samba-34ffa6175bca1cee755e454c14683b7c826dd6c7.tar.gz samba-34ffa6175bca1cee755e454c14683b7c826dd6c7.tar.bz2 samba-34ffa6175bca1cee755e454c14683b7c826dd6c7.zip |
s3:winbindd: also try SMB2 when connecting to "IPC$"
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Apr 27 13:10:15 CEST 2012 on sn-devel-104
-rw-r--r-- | source3/winbindd/winbindd_cm.c | 27 |
1 files changed, 20 insertions, 7 deletions
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index edd50d12bc..4188b5e6ed 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -782,6 +782,8 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain, struct cli_state **cli, bool *retry) { + bool try_spnego = false; + bool try_ipc_auth = false; char *machine_password = NULL; char *machine_krb5_principal = NULL; char *machine_account = NULL; @@ -824,17 +826,21 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain, cli_set_timeout(*cli, 10000); /* 10 seconds */ - result = cli_negprot(*cli, PROTOCOL_NT1); + result = cli_negprot(*cli, PROTOCOL_SMB2_02); if (!NT_STATUS_IS_OK(result)) { DEBUG(1, ("cli_negprot failed: %s\n", nt_errstr(result))); goto done; } - if (!is_dc_trusted_domain_situation(domain->name) && - cli_state_protocol(*cli) >= PROTOCOL_NT1 && - cli_state_capabilities(*cli) & CAP_EXTENDED_SECURITY) - { + if (cli_state_protocol(*cli) >= PROTOCOL_NT1 && + cli_state_capabilities(*cli) & CAP_EXTENDED_SECURITY) { + try_spnego = true; + } else if (cli_state_protocol(*cli) >= PROTOCOL_SMB2_02) { + try_spnego = true; + } + + if (!is_dc_trusted_domain_situation(domain->name) && try_spnego) { result = get_trust_creds(domain, &machine_password, &machine_account, &machine_krb5_principal); @@ -912,8 +918,15 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain, cm_get_ipc_userpass(&ipc_username, &ipc_domain, &ipc_password); sec_mode = cli_state_security_mode(*cli); - if (((sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) != 0) && - (strlen(ipc_username) > 0)) { + + try_ipc_auth = false; + if (try_spnego) { + try_ipc_auth = true; + } else if (sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) { + try_ipc_auth = true; + } + + if (try_ipc_auth && (strlen(ipc_username) > 0)) { /* Only try authenticated if we have a username */ |