diff options
| author | Jeremy Allison <jra@samba.org> | 2006-02-22 04:56:53 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:10:19 -0500 |
| commit | 0d7f6d650dd3d2c77711d00ffb41e829bb49905f (patch) | |
| tree | 3366e5b5f76b9e329ebbbf0aef8336968bc69727 /source3/utils | |
| parent | 79c8591e2d1f255c8d363f331cca654beec1bd37 (diff) | |
| download | samba-0d7f6d650dd3d2c77711d00ffb41e829bb49905f.tar.gz samba-0d7f6d650dd3d2c77711d00ffb41e829bb49905f.tar.bz2 samba-0d7f6d650dd3d2c77711d00ffb41e829bb49905f.zip | |
r13614: First part of the bugfix for #3510 - net join fails
against server with schannel disabled. Second part
will come tomorrow (fixing net_rpc_join_ok()).
Jeremy.
(This used to be commit 7de1ee18619bf99c5db45692e085d0646e52378f)
Diffstat (limited to 'source3/utils')
| -rw-r--r-- | source3/utils/net_rpc_join.c | 35 |
1 files changed, 21 insertions, 14 deletions
diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c index 6a5a7559c3..29a27d8f64 100644 --- a/source3/utils/net_rpc_join.c +++ b/source3/utils/net_rpc_join.c @@ -88,10 +88,9 @@ int net_rpc_join_newstyle(int argc, const char **argv) struct cli_state *cli; TALLOC_CTX *mem_ctx; uint32 acb_info = ACB_WSTRUST; - uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL; + uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|(lp_client_schannel() ? NETLOGON_NEG_SCHANNEL : 0); uint32 sec_channel_type; struct rpc_pipe_client *pipe_hnd = NULL; - struct rpc_pipe_client *netlogon_schannel_pipe = NULL; /* rpc variables */ @@ -325,29 +324,37 @@ int net_rpc_join_newstyle(int argc, const char **argv) goto done; } - netlogon_schannel_pipe = cli_rpc_pipe_open_schannel_with_key(cli, + /* We can only check the schannel connection if the client is allowed + to do this and the server supports it. If not, just assume success + (after all the rpccli_netlogon_setup_creds() succeeded, and we'll + do the same again (setup creds) in net_rpc_join_ok(). JRA. */ + + if (lp_client_schannel() && (neg_flags & NETLOGON_NEG_SCHANNEL)) { + struct rpc_pipe_client *netlogon_schannel_pipe = + cli_rpc_pipe_open_schannel_with_key(cli, PI_NETLOGON, PIPE_AUTH_LEVEL_PRIVACY, domain, pipe_hnd->dc, &result); - if (!NT_STATUS_IS_OK(result)) { - DEBUG(0, ("Error in domain join verification (schannel setup failed): %s\n\n", - nt_errstr(result))); + if (!NT_STATUS_IS_OK(result)) { + DEBUG(0, ("Error in domain join verification (schannel setup failed): %s\n\n", + nt_errstr(result))); - if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) && - (sec_channel_type == SEC_CHAN_BDC) ) { - d_fprintf(stderr, "Please make sure that no computer account\n" - "named like this machine (%s) exists in the domain\n", - global_myname()); - } + if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) && + (sec_channel_type == SEC_CHAN_BDC) ) { + d_fprintf(stderr, "Please make sure that no computer account\n" + "named like this machine (%s) exists in the domain\n", + global_myname()); + } - goto done; + goto done; + } + cli_rpc_pipe_close(netlogon_schannel_pipe); } cli_rpc_pipe_close(pipe_hnd); - cli_rpc_pipe_close(netlogon_schannel_pipe); /* Now store the secret in the secrets database */ |