From aca6a1e1ee46fea49a5290613347d2f1d4b235c8 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 23 Aug 2004 05:51:38 +0000 Subject: r1993: Allow WinXP domain logon to progress a bit further (it seems broken for me). Fix indent, and add a few more useful debug messages. Send a fault, if the bind is not accepted - don't just leave the client hanging. Andrew Bartlett (This used to be commit 486215edc1148ad754632be37760dc0d38b0340d) --- source4/librpc/rpc/dcerpc_schannel.c | 7 ++++--- source4/rpc_server/dcerpc_server.c | 8 ++++---- source4/rpc_server/netlogon/dcerpc_netlogon.c | 13 ++++++++----- 3 files changed, 16 insertions(+), 12 deletions(-) (limited to 'source4') diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c index bf5d835d44..b3d7048501 100644 --- a/source4/librpc/rpc/dcerpc_schannel.c +++ b/source4/librpc/rpc/dcerpc_schannel.c @@ -101,6 +101,7 @@ static NTSTATUS dcerpc_schannel_update(struct gensec_security *gensec_security, struct schannel_bind bind_schannel; struct schannel_bind_ack bind_schannel_ack; const char *account_name; + *out = data_blob(NULL, 0); switch (gensec_security->gensec_role) { case GENSEC_CLIENT: @@ -138,7 +139,7 @@ static NTSTATUS dcerpc_schannel_update(struct gensec_security *gensec_security, if (dce_schan_state->state != DCERPC_SCHANNEL_STATE_START) { /* no third leg on this protocol */ - return NT_STATUS_OK; + return NT_STATUS_INVALID_PARAMETER; } /* parse the schannel startup blob */ @@ -187,7 +188,7 @@ static NTSTATUS dcerpc_schannel_update(struct gensec_security *gensec_security, dce_schan_state->state = DCERPC_SCHANNEL_STATE_UPDATE_1; - return NT_STATUS_MORE_PROCESSING_REQUIRED; + return NT_STATUS_OK; } return NT_STATUS_INVALID_PARAMETER; } @@ -244,7 +245,7 @@ NTSTATUS dcerpc_schannel_creds(struct gensec_security *gensec_security, struct dcerpc_schannel_state *dce_schan_state = gensec_security->private_data; *creds = talloc_p(mem_ctx, struct creds_CredentialState); - if (*creds) { + if (!*creds) { return NT_STATUS_NO_MEMORY; } diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c index ab61ba3911..c243d7e4f9 100644 --- a/source4/rpc_server/dcerpc_server.c +++ b/source4/rpc_server/dcerpc_server.c @@ -100,7 +100,7 @@ static const struct dcesrv_interface *find_interface(const struct dcesrv_endpoin see if a uuid and if_version match to an interface */ static BOOL interface_match_by_uuid(const struct dcesrv_interface *iface, - const char *uuid, uint32_t if_version) + const char *uuid, uint32_t if_version) { if (iface->ndr->if_version != if_version) { return False; @@ -117,7 +117,7 @@ static BOOL interface_match_by_uuid(const struct dcesrv_interface *iface, find the interface operations on an endpoint by uuid */ static const struct dcesrv_interface *find_interface_by_uuid(const struct dcesrv_endpoint *endpoint, - const char *uuid, uint32_t if_version) + const char *uuid, uint32_t if_version) { struct dcesrv_if_list *ifl; for (ifl=endpoint->interface_list; ifl; ifl=ifl->next) { @@ -509,8 +509,8 @@ static NTSTATUS dcesrv_bind(struct dcesrv_call_state *call) if (call->conn->iface) { status = call->conn->iface->bind(call, call->conn->iface); if (!NT_STATUS_IS_OK(status)) { - DEBUG(2,("Request for dcerpc interface %s/%d rejected\n", uuid, if_version)); - return status; + DEBUG(2,("Request for dcerpc interface %s/%d rejected: %s\n", uuid, if_version, nt_errstr(status))); + return dcesrv_bind_nak(call, 0); } } diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index d01c0c577b..b58a33ded1 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -53,6 +53,7 @@ static NTSTATUS netlogon_schannel_setup(struct dcesrv_call_state *dce_call) state = talloc_p(mem_ctx, struct server_pipe_state); if (state == NULL) { talloc_destroy(mem_ctx); + return NT_STATUS_NO_MEMORY; } ZERO_STRUCTP(state); state->mem_ctx = mem_ctx; @@ -60,6 +61,7 @@ static NTSTATUS netlogon_schannel_setup(struct dcesrv_call_state *dce_call) if (dce_call->conn->auth_state.session_info == NULL) { talloc_destroy(mem_ctx); + smb_panic("No session info provided by schannel level setup!"); return NT_STATUS_NO_USER_SESSION_KEY; } @@ -68,6 +70,7 @@ static NTSTATUS netlogon_schannel_setup(struct dcesrv_call_state *dce_call) &state->creds); if (!NT_STATUS_IS_OK(status)) { + DEBUG(3, ("getting schannel credentials failed with %s\n", nt_errstr(status))); talloc_destroy(mem_ctx); return status; } @@ -89,8 +92,11 @@ static NTSTATUS netlogon_bind(struct dcesrv_call_state *dce_call, const struct d dce_call->conn->auth_state.auth_info->auth_type == DCERPC_AUTH_TYPE_SCHANNEL) { NTSTATUS status; + DEBUG(5, ("schannel bind on netlogon\n")); + status = netlogon_schannel_setup(dce_call); if (!NT_STATUS_IS_OK(status)) { + DEBUG(3, ("schannel bind on netlogon failed with %s\n", nt_errstr(status))); return status; } } @@ -190,16 +196,16 @@ static NTSTATUS netr_ServerAuthenticate3(struct dcesrv_call_state *dce_call, TAL "(&(sAMAccountName=%s)(objectclass=user))", r->in.account_name); + samdb_close(sam_ctx); + if (num_records == 0) { DEBUG(3,("Couldn't find user [%s] in samdb.\n", r->in.account_name)); - samdb_close(sam_ctx); return NT_STATUS_NO_SUCH_USER; } if (num_records > 1) { DEBUG(0,("Found %d records matching user [%s]\n", num_records, r->in.account_name)); - samdb_close(sam_ctx); return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -239,12 +245,9 @@ static NTSTATUS netr_ServerAuthenticate3(struct dcesrv_call_state *dce_call, TAL nt_status = samdb_result_passwords(mem_ctx, msgs[0], NULL, &mach_pwd); if (!NT_STATUS_IS_OK(nt_status) || mach_pwd == NULL) { - samdb_close(sam_ctx); return NT_STATUS_ACCESS_DENIED; } - samdb_close(sam_ctx); - if (!pipe_state->creds) { pipe_state->creds = talloc_p(pipe_state->mem_ctx, struct creds_CredentialState); if (!pipe_state->creds) { -- cgit