summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
Diffstat (limited to 'source4')
-rw-r--r--source4/auth/gensec/schannel.c36
1 files changed, 23 insertions, 13 deletions
diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c
index 6f508b4a9d..56e88556e3 100644
--- a/source4/auth/gensec/schannel.c
+++ b/source4/auth/gensec/schannel.c
@@ -52,7 +52,6 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
struct netlogon_creds_CredentialState *creds;
const char *workstation;
const char *domain;
- uint32_t required_flags;
*out = data_blob(NULL, 0);
@@ -101,9 +100,6 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
return NT_STATUS_MORE_PROCESSING_REQUIRED;
case GENSEC_SERVER:
- required_flags = NL_FLAG_OEM_NETBIOS_COMPUTER_NAME |
- NL_FLAG_OEM_NETBIOS_DOMAIN_NAME;
-
if (state->state != SCHANNEL_STATE_START) {
/* no third leg on this protocol */
return NT_STATUS_INVALID_PARAMETER;
@@ -119,17 +115,31 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
return status;
}
- if (!(required_flags == (bind_schannel.Flags & required_flags))) {
- return NT_STATUS_INVALID_PARAMETER;
+ if (bind_schannel.Flags & NL_FLAG_OEM_NETBIOS_DOMAIN_NAME) {
+ domain = bind_schannel.oem_netbios_domain.a;
+ if (strcasecmp_m(domain, lpcfg_workgroup(gensec_security->settings->lp_ctx)) != 0) {
+ DEBUG(3, ("Request for schannel to incorrect domain: %s != our domain %s\n",
+ domain, lpcfg_workgroup(gensec_security->settings->lp_ctx)));
+ return NT_STATUS_LOGON_FAILURE;
+ }
+ } else if (bind_schannel.Flags & NL_FLAG_UTF8_DNS_DOMAIN_NAME) {
+ domain = bind_schannel.utf8_dns_domain.u;
+ if (strcasecmp_m(domain, lpcfg_dnsdomain(gensec_security->settings->lp_ctx)) != 0) {
+ DEBUG(3, ("Request for schannel to incorrect domain: %s != our domain %s\n",
+ domain, lpcfg_dnsdomain(gensec_security->settings->lp_ctx)));
+ return NT_STATUS_LOGON_FAILURE;
+ }
+ } else {
+ DEBUG(3, ("Request for schannel to without domain\n"));
+ return NT_STATUS_LOGON_FAILURE;
}
- workstation = bind_schannel.oem_netbios_computer.a;
- domain = bind_schannel.oem_netbios_domain.a;
-
- if (strcasecmp_m(domain, lpcfg_workgroup(gensec_security->settings->lp_ctx)) != 0) {
- DEBUG(3, ("Request for schannel to incorrect domain: %s != our domain %s\n",
- domain, lpcfg_workgroup(gensec_security->settings->lp_ctx)));
-
+ if (bind_schannel.Flags & NL_FLAG_OEM_NETBIOS_COMPUTER_NAME) {
+ workstation = bind_schannel.oem_netbios_computer.a;
+ } else if (bind_schannel.Flags & NL_FLAG_UTF8_NETBIOS_COMPUTER_NAME) {
+ workstation = bind_schannel.utf8_netbios_computer.u;
+ } else {
+ DEBUG(3, ("Request for schannel to without netbios workstation\n"));
return NT_STATUS_LOGON_FAILURE;
}