diff options
| author | Jeremy Allison <jra@samba.org> | 2006-02-22 04:56:53 +0000 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2006-02-22 04:56:53 +0000 |
| commit | be1f2f41b6d00e6fb64191c29430ad74811e863c (patch) | |
| tree | ee72ef2bf990afc6b2dd9a1770edf3a42ee8768c /source/utils | |
| parent | ecf35bc586dd2d2f573c30ab3275353dba3316f0 (diff) | |
| download | samba-be1f2f41b6d00e6fb64191c29430ad74811e863c.tar.gz samba-be1f2f41b6d00e6fb64191c29430ad74811e863c.tar.xz samba-be1f2f41b6d00e6fb64191c29430ad74811e863c.zip | |
r13614: First part of the bugfix for #3510 - net join fails
against server with schannel disabled. Second part
will come tomorrow (fixing net_rpc_join_ok()).
Jeremy.
Diffstat (limited to 'source/utils')
| -rw-r--r-- | source/utils/net_rpc_join.c | 35 |
1 files changed, 21 insertions, 14 deletions
diff --git a/source/utils/net_rpc_join.c b/source/utils/net_rpc_join.c index 6a5a7559c3a..29a27d8f647 100644 --- a/source/utils/net_rpc_join.c +++ b/source/utils/net_rpc_join.c @@ -88,10 +88,9 @@ int net_rpc_join_newstyle(int argc, const char **argv) struct cli_state *cli; TALLOC_CTX *mem_ctx; uint32 acb_info = ACB_WSTRUST; - uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL; + uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|(lp_client_schannel() ? NETLOGON_NEG_SCHANNEL : 0); uint32 sec_channel_type; struct rpc_pipe_client *pipe_hnd = NULL; - struct rpc_pipe_client *netlogon_schannel_pipe = NULL; /* rpc variables */ @@ -325,29 +324,37 @@ int net_rpc_join_newstyle(int argc, const char **argv) goto done; } - netlogon_schannel_pipe = cli_rpc_pipe_open_schannel_with_key(cli, + /* We can only check the schannel connection if the client is allowed + to do this and the server supports it. If not, just assume success + (after all the rpccli_netlogon_setup_creds() succeeded, and we'll + do the same again (setup creds) in net_rpc_join_ok(). JRA. */ + + if (lp_client_schannel() && (neg_flags & NETLOGON_NEG_SCHANNEL)) { + struct rpc_pipe_client *netlogon_schannel_pipe = + cli_rpc_pipe_open_schannel_with_key(cli, PI_NETLOGON, PIPE_AUTH_LEVEL_PRIVACY, domain, pipe_hnd->dc, &result); - if (!NT_STATUS_IS_OK(result)) { - DEBUG(0, ("Error in domain join verification (schannel setup failed): %s\n\n", - nt_errstr(result))); + if (!NT_STATUS_IS_OK(result)) { + DEBUG(0, ("Error in domain join verification (schannel setup failed): %s\n\n", + nt_errstr(result))); - if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) && - (sec_channel_type == SEC_CHAN_BDC) ) { - d_fprintf(stderr, "Please make sure that no computer account\n" - "named like this machine (%s) exists in the domain\n", - global_myname()); - } + if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) && + (sec_channel_type == SEC_CHAN_BDC) ) { + d_fprintf(stderr, "Please make sure that no computer account\n" + "named like this machine (%s) exists in the domain\n", + global_myname()); + } - goto done; + goto done; + } + cli_rpc_pipe_close(netlogon_schannel_pipe); } cli_rpc_pipe_close(pipe_hnd); - cli_rpc_pipe_close(netlogon_schannel_pipe); /* Now store the secret in the secrets database */ |