Author: jra Date: 2005-09-12 02:01:56 +0000 (Mon, 12 Sep 2005) New Revision: 10160
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=10160 Log: Fix netlogons for Jerry :-). When refactoring auth2 server code I forgot to set the "authenticated" flag in the dcinfo struct (this was done at a strange place in the older 3.0 code in my defense :-). Jeremy. Modified: trunk/source/rpc_server/srv_netlog_nt.c Changeset: Modified: trunk/source/rpc_server/srv_netlog_nt.c =================================================================== --- trunk/source/rpc_server/srv_netlog_nt.c 2005-09-12 01:34:51 UTC (rev 10159) +++ trunk/source/rpc_server/srv_netlog_nt.c 2005-09-12 02:01:56 UTC (rev 10160) @@ -437,6 +437,7 @@ init_net_r_auth_2(r_u, &srv_chal_out, &srv_flgs, NT_STATUS_OK); server_auth2_negotiated = True; + p->dc->authenticated = True; last_dcinfo = *p->dc; return r_u->status; @@ -623,18 +624,19 @@ if (!get_valid_user_struct(p->vuid)) return NT_STATUS_NO_SUCH_USER; + if (!p->dc || !p->dc->authenticated) { + return NT_STATUS_INVALID_HANDLE; + } if ( (lp_server_schannel() == True) && (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) ) { /* 'server schannel = yes' should enforce use of schannel, the client did offer it in auth2, but obviously did not use it. */ + DEBUG(0,("_net_sam_logoff: client %s not using schannel for netlogon\n", + p->dc->remote_machine )); return NT_STATUS_ACCESS_DENIED; } - if (!p->dc || !p->dc->authenticated) { - return NT_STATUS_INVALID_HANDLE; - } - /* checks and updates credentials. creates reply credentials */ if (!creds_server_step(p->dc, &q_u->sam_id.client.cred)) { DEBUG(0,("_net_sam_logoff: creds_server_step failed. Rejecting auth "