[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-1464-g78fb479

Jeremy Allison Wed, 06 May 2009 16:13:47 -0700

The branch, master has been updated
       via  78fb479325ce7073ab8383ada3903080d12aef91 (commit)
      from  512879a69b6e94c323c37a6c0e56824c097b7f70 (commit)


http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 78fb479325ce7073ab8383ada3903080d12aef91
Author: Jeremy Allison <[email protected]>
Date:   Wed May 6 16:10:20 2009 -0700

    After getting confirmation from Guenther, add 3 changes we'll
    ultimately need to fix bug #6099 Samba returns incurrate capabilities list.
    1). Add a comment to point out that r->in.negotiate_flags is an aliased 
pointer to
    r->out.negotiate_flags.
    2). Ensure we return NETLOGON_NEG_STRONG_KEYS in our flags
    return if the client requested it.
    3). Clean up the error exits so we always return the same
    way.
    Signed off by Guenther.
    Jeremy.

-----------------------------------------------------------------------

Summary of changes:
 source3/rpc_server/srv_netlog_nt.c |   36 +++++++++++++++++++++++-------------
 1 files changed, 23 insertions(+), 13 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/rpc_server/srv_netlog_nt.c 
b/source3/rpc_server/srv_netlog_nt.c
index edd1321..333eabe 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -508,13 +508,16 @@ NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p,
 {
        NTSTATUS status;
        uint32_t srv_flgs;
+       /* r->in.negotiate_flags is an aliased pointer to 
r->out.negotiate_flags,
+        * so use a copy to avoid destroying the client values. */
+       uint32_t in_neg_flags = *r->in.negotiate_flags;
        struct netr_Credential srv_chal_out;
        const char *fn;
 
        /* According to Microsoft (see bugid #6099)
         * Windows 7 looks at the negotiate_flags
         * returned in this structure *even if the
-        * call fails with access denied ! So in order
+        * call fails with access denied* ! So in order
         * to allow Win7 to connect to a Samba NT style
         * PDC we set the flags before we know if it's
         * an error or not.
@@ -531,6 +534,11 @@ NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p,
                   NETLOGON_NEG_REDO |
                   NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL;
 
+       /* Ensure we support strong (128-bit) keys. */
+       if (in_neg_flags & NETLOGON_NEG_STRONG_KEYS) {
+               srv_flgs |= NETLOGON_NEG_STRONG_KEYS;
+       }
+
        if (lp_server_schannel() != false) {
                srv_flgs |= NETLOGON_NEG_SCHANNEL;
        }
@@ -552,19 +560,19 @@ NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p,
        if (!p->dc || !p->dc->challenge_sent) {
                DEBUG(0,("%s: no challenge sent to client %s\n", fn,
                        r->in.computer_name));
-               *r->out.negotiate_flags = srv_flgs;
-               return NT_STATUS_ACCESS_DENIED;
+               status = NT_STATUS_ACCESS_DENIED;
+               goto out;
        }
 
        if ( (lp_server_schannel() == true) &&
-            ((*r->in.negotiate_flags & NETLOGON_NEG_SCHANNEL) == 0) ) {
+            ((in_neg_flags & NETLOGON_NEG_SCHANNEL) == 0) ) {
 
                /* schannel must be used, but client did not offer it. */
                DEBUG(0,("%s: schannel required but client failed "
                        "to offer it. Client was %s\n",
                        fn, r->in.account_name));
-               *r->out.negotiate_flags = srv_flgs;
-               return NT_STATUS_ACCESS_DENIED;
+               status = NT_STATUS_ACCESS_DENIED;
+               goto out;
        }
 
        status = get_md4pw((char *)p->dc->mach_pw,
@@ -576,12 +584,12 @@ NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p,
                        "account %s: %s\n",
                        fn, r->in.account_name, nt_errstr(status) ));
                /* always return NT_STATUS_ACCESS_DENIED */
-               *r->out.negotiate_flags = srv_flgs;
-               return NT_STATUS_ACCESS_DENIED;
+               status = NT_STATUS_ACCESS_DENIED;
+               goto out;
        }
 
        /* From the client / server challenges and md4 password, generate sess 
key */
-       creds_server_init(*r->in.negotiate_flags,
+       creds_server_init(in_neg_flags,
                        p->dc,
                        &p->dc->clnt_chal,      /* Stored client chal. */
                        &p->dc->srv_chal,       /* Stored server chal. */
@@ -594,8 +602,8 @@ NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p,
                        "request from client %s machine account %s\n",
                        fn, r->in.computer_name,
                        r->in.account_name));
-               *r->out.negotiate_flags = srv_flgs;
-               return NT_STATUS_ACCESS_DENIED;
+               status = NT_STATUS_ACCESS_DENIED;
+               goto out;
        }
        /* set up the LSA AUTH 2 response */
        memcpy(r->out.return_credentials->data, &srv_chal_out.data,
@@ -613,10 +621,12 @@ NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p,
                                            r->in.computer_name,
                                            p->dc);
        unbecome_root();
+       status = NT_STATUS_OK;
 
-       *r->out.negotiate_flags = srv_flgs;
+  out:
 
-       return NT_STATUS_OK;
+       *r->out.negotiate_flags = srv_flgs;
+       return status;
 }
 
 /*************************************************************************


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-1464-g78fb479

Reply via email to