diff options
| author | Simo Sorce <idra@samba.org> | 2010-02-18 10:19:09 -0500 |
|---|---|---|
| committer | Simo Sorce <idra@samba.org> | 2010-02-23 12:46:50 -0500 |
| commit | b4c9dc3724b5c34661b6986e81af2dc6c191dde9 (patch) | |
| tree | 5b151492b580daaafa96eefb2f5bfa9faaa5ba69 /libcli/auth | |
| parent | 61b7a24f16c9d3a3c41df19ac7073571164eb47a (diff) | |
| download | samba-b4c9dc3724b5c34661b6986e81af2dc6c191dde9.tar.gz samba-b4c9dc3724b5c34661b6986e81af2dc6c191dde9.tar.xz samba-b4c9dc3724b5c34661b6986e81af2dc6c191dde9.zip | |
s3:schannel more readable check logic
Make the initial schannel check logic more understandable.
Make it easy to define different policies depending on ther caller's security
requirements (Integrity/Privacy/Both/None)
Diffstat (limited to 'libcli/auth')
| -rw-r--r-- | libcli/auth/schannel_state_proto.h | 2 | ||||
| -rw-r--r-- | libcli/auth/schannel_state_tdb.c | 15 |
2 files changed, 0 insertions, 17 deletions
diff --git a/libcli/auth/schannel_state_proto.h b/libcli/auth/schannel_state_proto.h index c582c3e8b89..d0a071c876d 100644 --- a/libcli/auth/schannel_state_proto.h +++ b/libcli/auth/schannel_state_proto.h @@ -36,8 +36,6 @@ NTSTATUS schannel_fetch_session_key_tdb(struct tdb_context *tdb, NTSTATUS schannel_creds_server_step_check_tdb(struct tdb_context *tdb, TALLOC_CTX *mem_ctx, const char *computer_name, - bool schannel_required_for_call, - bool schannel_in_use, struct netr_Authenticator *received_authenticator, struct netr_Authenticator *return_authenticator, struct netlogon_creds_CredentialState **creds_out); diff --git a/libcli/auth/schannel_state_tdb.c b/libcli/auth/schannel_state_tdb.c index 7ec8b3fdea0..3da7618e2c1 100644 --- a/libcli/auth/schannel_state_tdb.c +++ b/libcli/auth/schannel_state_tdb.c @@ -163,8 +163,6 @@ NTSTATUS schannel_fetch_session_key_tdb(struct tdb_context *tdb, NTSTATUS schannel_creds_server_step_check_tdb(struct tdb_context *tdb, TALLOC_CTX *mem_ctx, const char *computer_name, - bool schannel_required_for_call, - bool schannel_in_use, struct netr_Authenticator *received_authenticator, struct netr_Authenticator *return_authenticator, struct netlogon_creds_CredentialState **creds_out) @@ -185,19 +183,6 @@ NTSTATUS schannel_creds_server_step_check_tdb(struct tdb_context *tdb, status = schannel_fetch_session_key_tdb(tdb, mem_ctx, computer_name, &creds); - /* If we are flaged that schannel is required for a call, and - * it is not in use, then make this an error */ - - /* It would be good to make this mandatory once schannel is - * negotiated, but this is not what windows does */ - if (schannel_required_for_call && !schannel_in_use) { - DEBUG(0,("schannel_creds_server_step_check_tdb: " - "client %s not using schannel for netlogon, despite negotiating it\n", - creds->computer_name )); - tdb_transaction_cancel(tdb); - return NT_STATUS_ACCESS_DENIED; - } - if (NT_STATUS_IS_OK(status)) { status = netlogon_creds_server_step_check(creds, received_authenticator, |