diff options
-rw-r--r-- | source3/rpc_server/srv_netlog_nt.c | 2 | ||||
-rw-r--r-- | source3/rpc_server/srv_pipe.c | 7 |
2 files changed, 9 insertions, 0 deletions
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index eb6bd2ac0a..a6fe9ef31a 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -27,6 +27,7 @@ #include "includes.h" extern struct dcinfo last_dcinfo; +extern BOOL server_auth2_negotiated; extern userdom_struct current_user_info; #undef DBGC_CLASS @@ -421,6 +422,7 @@ NTSTATUS _net_auth_2(pipes_struct *p, NET_Q_AUTH_2 *q_u, NET_R_AUTH_2 *r_u) init_net_r_auth_2(r_u, &srv_cred, &srv_flgs, status); if (NT_STATUS_IS_OK(status)) { + server_auth2_negotiated = True; last_dcinfo = p->dc; } diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index ee6c42bd88..ee4e803d9f 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -52,6 +52,7 @@ extern struct current_user current_user; next. This is the way the netlogon schannel works. **************************************************************/ struct dcinfo last_dcinfo; +BOOL server_auth2_negotiated = False; static void NTLMSSPcalc_p( pipes_struct *p, unsigned char *data, int len) { @@ -975,6 +976,12 @@ BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p) RPC_AUTH_NETSEC_NEG neg; struct netsec_auth_struct *a = &(p->netsec_auth); + if (!server_auth2_negotiated) { + DEBUG(0, ("Attempt to bind using schannel " + "without successful serverauth2\n")); + return False; + } + if (!smb_io_rpc_auth_netsec_neg("", &neg, rpc_in_p, 0)) { DEBUG(0,("api_pipe_bind_req: " "Could not unmarshal SCHANNEL auth neg\n")); |