summaryrefslogtreecommitdiff
path: root/source3/rpc_server
diff options
context:
space:
mode:
authorVolker Lendecke <vlendec@samba.org>2003-04-22 11:25:21 +0000
committerVolker Lendecke <vlendec@samba.org>2003-04-22 11:25:21 +0000
commita85e84118860f85eba0c7859d8bdaf96a6595dee (patch)
treeeee48abc24db2e5b6ae1eb19a68a2ea4e07e4654 /source3/rpc_server
parentc2e997d6a754945284687c99c0ef67acb94c4a37 (diff)
downloadsamba-a85e84118860f85eba0c7859d8bdaf96a6595dee.tar.gz
samba-a85e84118860f85eba0c7859d8bdaf96a6595dee.tar.bz2
samba-a85e84118860f85eba0c7859d8bdaf96a6595dee.zip
Setting the credentials for the netsec netlogon pipe connect upon each
samlogon call certainly breaks the credential chain. Do it once during the bind response. Volker (This used to be commit 616b6dd60fe621a968fef34e66550f86b7b735bc)
Diffstat (limited to 'source3/rpc_server')
-rw-r--r--source3/rpc_server/srv_netlog_nt.c8
-rw-r--r--source3/rpc_server/srv_pipe.c5
2 files changed, 5 insertions, 8 deletions
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index 76c1d98dab..aa573b8154 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -548,14 +548,6 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
return NT_STATUS_ACCESS_DENIED;
}
- if (p->netsec_auth_validated) {
- /* The client opens a second RPC NETLOGON pipe without
- doing a auth2. The session key for the schannel is
- re-used from the auth2 the client did before. */
- extern struct dcinfo last_dcinfo;
- p->dc = last_dcinfo;
- }
-
/* checks and updates credentials. creates reply credentials */
if (!(p->dc.authenticated && deal_with_creds(p->dc.sess_key, &p->dc.clnt_cred, &q_u->sam_id.client.cred, &srv_cred)))
return NT_STATUS_INVALID_HANDLE;
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index df99c15777..b09058629a 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -1088,6 +1088,11 @@ BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p)
RPC_AUTH_VERIFIER auth_verifier;
uint32 flags;
+ /* The client opens a second RPC NETLOGON pipe without
+ doing a auth2. The credentials for the schannel are
+ re-used from the auth2 the client did before. */
+ p->dc = last_dcinfo;
+
init_rpc_hdr_auth(&auth_info, NETSEC_AUTH_TYPE, NETSEC_AUTH_LEVEL, RPC_HDR_AUTH_LEN, 1);
if(!smb_io_rpc_hdr_auth("", &auth_info, &out_auth, 0)) {
DEBUG(0,("api_pipe_bind_req: marshalling of RPC_HDR_AUTH failed.\n"));