diff options
author | Stefan Metzmacher <metze@samba.org> | 2013-07-16 10:07:30 +0200 |
---|---|---|
committer | Andreas Schneider <asn@samba.org> | 2013-08-05 10:30:01 +0200 |
commit | 34fa7946993506fde2c6b30e4a41bea27390a814 (patch) | |
tree | ccba3aee6bec52d98986f2fb8abdc943319558c8 /source4 | |
parent | 05d9b4165af9e7f03d3fbeb64db4fc305fcec4df (diff) | |
download | samba-34fa7946993506fde2c6b30e4a41bea27390a814.tar.gz samba-34fa7946993506fde2c6b30e4a41bea27390a814.tar.bz2 samba-34fa7946993506fde2c6b30e4a41bea27390a814.zip |
s4:librpc: fix netlogon connections against servers without AES support
LogonGetCapabilities() only works on the credential chain if
the server supports AES, so we need to work on a temporary copy
until we know the server replied a valid return authenticator.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Diffstat (limited to 'source4')
-rw-r--r-- | source4/librpc/rpc/dcerpc_schannel.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c index 1480486c32..130ebebd90 100644 --- a/source4/librpc/rpc/dcerpc_schannel.c +++ b/source4/librpc/rpc/dcerpc_schannel.c @@ -385,6 +385,7 @@ struct auth_schannel_state { struct loadparm_context *lp_ctx; uint8_t auth_level; struct netlogon_creds_CredentialState *creds_state; + struct netlogon_creds_CredentialState save_creds_state; struct netr_Authenticator auth; struct netr_Authenticator return_auth; union netr_Capabilities capabilities; @@ -449,7 +450,8 @@ static void continue_bind_auth(struct composite_context *ctx) s->creds_state = cli_credentials_get_netlogon_creds(s->credentials); if (composite_nomem(s->creds_state, c)) return; - netlogon_creds_client_authenticator(s->creds_state, &s->auth); + s->save_creds_state = *s->creds_state; + netlogon_creds_client_authenticator(&s->save_creds_state, &s->auth); s->c.in.server_name = talloc_asprintf(c, "\\\\%s", @@ -519,12 +521,14 @@ static void continue_get_capabilities(struct tevent_req *subreq) } /* verify credentials */ - if (!netlogon_creds_client_check(s->creds_state, + if (!netlogon_creds_client_check(&s->save_creds_state, &s->c.out.return_authenticator->cred)) { composite_error(c, NT_STATUS_UNSUCCESSFUL); return; } + *s->creds_state = s->save_creds_state; + if (!NT_STATUS_IS_OK(s->c.out.result)) { composite_error(c, s->c.out.result); return; |