summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2013-07-16 10:07:30 +0200
committerAndreas Schneider <asn@samba.org>2013-08-05 10:30:01 +0200
commit34fa7946993506fde2c6b30e4a41bea27390a814 (patch)
treeccba3aee6bec52d98986f2fb8abdc943319558c8
parent05d9b4165af9e7f03d3fbeb64db4fc305fcec4df (diff)
downloadsamba-34fa7946993506fde2c6b30e4a41bea27390a814.tar.gz
samba-34fa7946993506fde2c6b30e4a41bea27390a814.tar.bz2
samba-34fa7946993506fde2c6b30e4a41bea27390a814.zip
s4:librpc: fix netlogon connections against servers without AES support
LogonGetCapabilities() only works on the credential chain if the server supports AES, so we need to work on a temporary copy until we know the server replied a valid return authenticator. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
-rw-r--r--source4/librpc/rpc/dcerpc_schannel.c8
1 files changed, 6 insertions, 2 deletions
diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c
index 1480486c32..130ebebd90 100644
--- a/source4/librpc/rpc/dcerpc_schannel.c
+++ b/source4/librpc/rpc/dcerpc_schannel.c
@@ -385,6 +385,7 @@ struct auth_schannel_state {
struct loadparm_context *lp_ctx;
uint8_t auth_level;
struct netlogon_creds_CredentialState *creds_state;
+ struct netlogon_creds_CredentialState save_creds_state;
struct netr_Authenticator auth;
struct netr_Authenticator return_auth;
union netr_Capabilities capabilities;
@@ -449,7 +450,8 @@ static void continue_bind_auth(struct composite_context *ctx)
s->creds_state = cli_credentials_get_netlogon_creds(s->credentials);
if (composite_nomem(s->creds_state, c)) return;
- netlogon_creds_client_authenticator(s->creds_state, &s->auth);
+ s->save_creds_state = *s->creds_state;
+ netlogon_creds_client_authenticator(&s->save_creds_state, &s->auth);
s->c.in.server_name = talloc_asprintf(c,
"\\\\%s",
@@ -519,12 +521,14 @@ static void continue_get_capabilities(struct tevent_req *subreq)
}
/* verify credentials */
- if (!netlogon_creds_client_check(s->creds_state,
+ if (!netlogon_creds_client_check(&s->save_creds_state,
&s->c.out.return_authenticator->cred)) {
composite_error(c, NT_STATUS_UNSUCCESSFUL);
return;
}
+ *s->creds_state = s->save_creds_state;
+
if (!NT_STATUS_IS_OK(s->c.out.result)) {
composite_error(c, s->c.out.result);
return;