diff options
| author | Simo Sorce <idra@samba.org> | 2010-02-18 10:26:24 -0500 |
|---|---|---|
| committer | Simo Sorce <idra@samba.org> | 2010-02-23 12:46:50 -0500 |
| commit | 8e2f5fe7c5bc0fce0564c751a68e0feb370e0857 (patch) | |
| tree | 7e9533f86db98c29e0ceab07b0084b2ef17176b2 /libcli/auth | |
| parent | b4c9dc3724b5c34661b6986e81af2dc6c191dde9 (diff) | |
| download | samba-8e2f5fe7c5bc0fce0564c751a68e0feb370e0857.tar.gz samba-8e2f5fe7c5bc0fce0564c751a68e0feb370e0857.tar.bz2 samba-8e2f5fe7c5bc0fce0564c751a68e0feb370e0857.zip | |
s4:schannel more readable check logic
Make the initial schannel check logic more understandable.
Make it easy to define different policies depending on the caller's
security requirements (Integrity/Privacy/Both/None)
This is the same change applied to s3
Diffstat (limited to 'libcli/auth')
| -rw-r--r-- | libcli/auth/schannel_state_ldb.c | 10 | ||||
| -rw-r--r-- | libcli/auth/schannel_state_proto.h | 2 |
2 files changed, 0 insertions, 12 deletions
diff --git a/libcli/auth/schannel_state_ldb.c b/libcli/auth/schannel_state_ldb.c index ba3d96fcf7..2919ed6369 100644 --- a/libcli/auth/schannel_state_ldb.c +++ b/libcli/auth/schannel_state_ldb.c @@ -264,8 +264,6 @@ NTSTATUS schannel_fetch_session_key_ldb(struct ldb_context *ldb, NTSTATUS schannel_creds_server_step_check_ldb(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, const char *computer_name, - bool schannel_required_for_call, - bool schannel_in_use, struct netr_Authenticator *received_authenticator, struct netr_Authenticator *return_authenticator, struct netlogon_creds_CredentialState **creds_out) @@ -277,14 +275,6 @@ NTSTATUS schannel_creds_server_step_check_ldb(struct ldb_context *ldb, /* If we are flaged that schannel is required for a call, and * it is not in use, then make this an error */ - /* It would be good to make this mandetory once schannel is - * negoiated, but this is not what windows does */ - if (schannel_required_for_call && !schannel_in_use) { - DEBUG(0,("schannel_creds_server_step_check: client %s not using schannel for netlogon, despite negotiating it\n", - creds->computer_name )); - return NT_STATUS_ACCESS_DENIED; - } - ret = ldb_transaction_start(ldb); if (ret != 0) { return NT_STATUS_INTERNAL_DB_CORRUPTION; diff --git a/libcli/auth/schannel_state_proto.h b/libcli/auth/schannel_state_proto.h index d0a071c876..da5ebb3b7b 100644 --- a/libcli/auth/schannel_state_proto.h +++ b/libcli/auth/schannel_state_proto.h @@ -21,8 +21,6 @@ NTSTATUS schannel_fetch_session_key_ldb(struct ldb_context *ldb, NTSTATUS schannel_creds_server_step_check_ldb(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, const char *computer_name, - bool schannel_required_for_call, - bool schannel_in_use, struct netr_Authenticator *received_authenticator, struct netr_Authenticator *return_authenticator, struct netlogon_creds_CredentialState **creds_out); |