diff options
author | Stefan Metzmacher <metze@samba.org> | 2011-12-23 15:22:06 +0100 |
---|---|---|
committer | Andreas Schneider <asn@samba.org> | 2012-07-17 10:58:38 +0200 |
commit | e7c7a911302fa6c3df70303a529e0ba362f9e838 (patch) | |
tree | 69a13328587b2f69515c3074b2b42c97ca9ce854 /source4/librpc/rpc | |
parent | db33ef7be9ab588e8bb213f6fa1ab9fac8553af0 (diff) | |
download | samba-e7c7a911302fa6c3df70303a529e0ba362f9e838.tar.gz samba-e7c7a911302fa6c3df70303a529e0ba362f9e838.tar.bz2 samba-e7c7a911302fa6c3df70303a529e0ba362f9e838.zip |
s4:librpc/rpc/dcerpc_schannel: rework downgrade logic
metze
Signed-off-by: Günther Deschner <gd@samba.org>
Diffstat (limited to 'source4/librpc/rpc')
-rw-r--r-- | source4/librpc/rpc/dcerpc_schannel.c | 43 |
1 files changed, 38 insertions, 5 deletions
diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c index 335c34ca35..1655e6bad0 100644 --- a/source4/librpc/rpc/dcerpc_schannel.c +++ b/source4/librpc/rpc/dcerpc_schannel.c @@ -221,15 +221,48 @@ static void continue_srv_auth2(struct tevent_req *subreq) TALLOC_FREE(subreq); if (!composite_is_ok(c)) return; + if (!NT_STATUS_EQUAL(s->a.out.result, NT_STATUS_ACCESS_DENIED) && + !NT_STATUS_IS_OK(s->a.out.result)) { + composite_error(c, s->a.out.result); + return; + } + /* * Strong keys could be unsupported (NT4) or disables. So retry with the * flags returned by the server. - asn */ - if (NT_STATUS_EQUAL(s->a.out.result, NT_STATUS_ACCESS_DENIED) && - s->dcerpc_schannel_auto && - (s->local_negotiate_flags & NETLOGON_NEG_STRONG_KEYS)) { - DEBUG(3, ("Server doesn't support strong keys, " - "downgrade and retry!\n")); + if (NT_STATUS_EQUAL(s->a.out.result, NT_STATUS_ACCESS_DENIED)) { + uint32_t lf = s->local_negotiate_flags; + const char *ln = NULL; + uint32_t rf = s->remote_negotiate_flags; + const char *rn = NULL; + + if (!s->dcerpc_schannel_auto) { + composite_error(c, s->a.out.result); + return; + } + s->dcerpc_schannel_auto = false; + + if (lf & NETLOGON_NEG_STRONG_KEYS) { + ln = "strong"; + if (rf & NETLOGON_NEG_STRONG_KEYS) { + composite_error(c, s->a.out.result); + return; + } + } else { + ln = "des"; + } + + if (rf & NETLOGON_NEG_STRONG_KEYS) { + rn = "strong"; + } else { + rn = "des"; + } + + DEBUG(3, ("Server doesn't support %s keys, downgrade to %s" + "and retry! local[0x%08X] remote[0x%08X]\n", + ln, rn, lf, rf)); + s->local_negotiate_flags = s->remote_negotiate_flags; generate_random_buffer(s->credentials1.data, |