diff options
| author | Stefan Metzmacher <metze@samba.org> | 2010-09-22 06:23:17 +0200 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2010-09-26 09:40:36 +0200 |
| commit | 80f8419ef25baa7b2f6d78469084a2ee80296fa1 (patch) | |
| tree | 93c51ded9b47a63bfada6f476e44cb4db78cced7 /source4/auth | |
| parent | 7dbfeb0dc040889244a1110940af2d070f823374 (diff) | |
| download | samba-80f8419ef25baa7b2f6d78469084a2ee80296fa1.tar.gz samba-80f8419ef25baa7b2f6d78469084a2ee80296fa1.tar.bz2 samba-80f8419ef25baa7b2f6d78469084a2ee80296fa1.zip | |
s4:schannel: handle move flag combinations in the server
This fixes some testsuites in the CIFS plugfest.
metze
Diffstat (limited to 'source4/auth')
| -rw-r--r-- | source4/auth/gensec/schannel.c | 36 |
1 files changed, 23 insertions, 13 deletions
diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c index 6f508b4a9d..56e88556e3 100644 --- a/source4/auth/gensec/schannel.c +++ b/source4/auth/gensec/schannel.c @@ -52,7 +52,6 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_ struct netlogon_creds_CredentialState *creds; const char *workstation; const char *domain; - uint32_t required_flags; *out = data_blob(NULL, 0); @@ -101,9 +100,6 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_ return NT_STATUS_MORE_PROCESSING_REQUIRED; case GENSEC_SERVER: - required_flags = NL_FLAG_OEM_NETBIOS_COMPUTER_NAME | - NL_FLAG_OEM_NETBIOS_DOMAIN_NAME; - if (state->state != SCHANNEL_STATE_START) { /* no third leg on this protocol */ return NT_STATUS_INVALID_PARAMETER; @@ -119,17 +115,31 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_ return status; } - if (!(required_flags == (bind_schannel.Flags & required_flags))) { - return NT_STATUS_INVALID_PARAMETER; + if (bind_schannel.Flags & NL_FLAG_OEM_NETBIOS_DOMAIN_NAME) { + domain = bind_schannel.oem_netbios_domain.a; + if (strcasecmp_m(domain, lpcfg_workgroup(gensec_security->settings->lp_ctx)) != 0) { + DEBUG(3, ("Request for schannel to incorrect domain: %s != our domain %s\n", + domain, lpcfg_workgroup(gensec_security->settings->lp_ctx))); + return NT_STATUS_LOGON_FAILURE; + } + } else if (bind_schannel.Flags & NL_FLAG_UTF8_DNS_DOMAIN_NAME) { + domain = bind_schannel.utf8_dns_domain.u; + if (strcasecmp_m(domain, lpcfg_dnsdomain(gensec_security->settings->lp_ctx)) != 0) { + DEBUG(3, ("Request for schannel to incorrect domain: %s != our domain %s\n", + domain, lpcfg_dnsdomain(gensec_security->settings->lp_ctx))); + return NT_STATUS_LOGON_FAILURE; + } + } else { + DEBUG(3, ("Request for schannel to without domain\n")); + return NT_STATUS_LOGON_FAILURE; } - workstation = bind_schannel.oem_netbios_computer.a; - domain = bind_schannel.oem_netbios_domain.a; - - if (strcasecmp_m(domain, lpcfg_workgroup(gensec_security->settings->lp_ctx)) != 0) { - DEBUG(3, ("Request for schannel to incorrect domain: %s != our domain %s\n", - domain, lpcfg_workgroup(gensec_security->settings->lp_ctx))); - + if (bind_schannel.Flags & NL_FLAG_OEM_NETBIOS_COMPUTER_NAME) { + workstation = bind_schannel.oem_netbios_computer.a; + } else if (bind_schannel.Flags & NL_FLAG_UTF8_NETBIOS_COMPUTER_NAME) { + workstation = bind_schannel.utf8_netbios_computer.u; + } else { + DEBUG(3, ("Request for schannel to without netbios workstation\n")); return NT_STATUS_LOGON_FAILURE; } |