diff options
| author | Volker Lendecke <vlendec@samba.org> | 2005-06-03 09:24:48 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:57:05 -0500 |
| commit | c25b4afda2b657b73a6215d3ff36461a36496ba3 (patch) | |
| tree | d1c9b2e49613476e6c5d054c322b71860f928c2a /source/rpc_server/srv_pipe.c | |
| parent | 53c3a954ee0e1c9dc61950f1a9d0a654de9382c6 (diff) | |
| download | samba-c25b4afda2b657b73a6215d3ff36461a36496ba3.tar.gz samba-c25b4afda2b657b73a6215d3ff36461a36496ba3.tar.xz samba-c25b4afda2b657b73a6215d3ff36461a36496ba3.zip | |
r7217: Only allow schannel connections if a successful Auth2 has been done
before. Things tested: Domain join and subsequent interactive and network
logon to NT4, W2kSP and XPSP2 workstations and a NT4 domain trusting us. Right
now I've got problems with my W2k3 domain trusts. So this needs testing,
although I'm really confident that this does not break.
Volker
Diffstat (limited to 'source/rpc_server/srv_pipe.c')
| -rw-r--r-- | source/rpc_server/srv_pipe.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/source/rpc_server/srv_pipe.c b/source/rpc_server/srv_pipe.c index ee6c42bd88f..ee4e803d9fc 100644 --- a/source/rpc_server/srv_pipe.c +++ b/source/rpc_server/srv_pipe.c @@ -52,6 +52,7 @@ extern struct current_user current_user; next. This is the way the netlogon schannel works. **************************************************************/ struct dcinfo last_dcinfo; +BOOL server_auth2_negotiated = False; static void NTLMSSPcalc_p( pipes_struct *p, unsigned char *data, int len) { @@ -975,6 +976,12 @@ BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p) RPC_AUTH_NETSEC_NEG neg; struct netsec_auth_struct *a = &(p->netsec_auth); + if (!server_auth2_negotiated) { + DEBUG(0, ("Attempt to bind using schannel " + "without successful serverauth2\n")); + return False; + } + if (!smb_io_rpc_auth_netsec_neg("", &neg, rpc_in_p, 0)) { DEBUG(0,("api_pipe_bind_req: " "Could not unmarshal SCHANNEL auth neg\n")); |