The branch, master has been updated
via 80f8419 s4:schannel: handle move flag combinations in the server
from 7dbfeb0 s4-auth: fixed the SID list for DCs in the PAC
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 80f8419ef25baa7b2f6d78469084a2ee80296fa1
Author: Stefan Metzmacher <[email protected]>
Date: Wed Sep 22 06:23:17 2010 +0200
s4:schannel: handle move flag combinations in the server
This fixes some testsuites in the CIFS plugfest.
metze
-----------------------------------------------------------------------
Summary of changes:
source4/auth/gensec/schannel.c | 36 +++++++++++++++++++++++-------------
1 files changed, 23 insertions(+), 13 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c
index 6f508b4..56e8855 100644
--- a/source4/auth/gensec/schannel.c
+++ b/source4/auth/gensec/schannel.c
@@ -52,7 +52,6 @@ static NTSTATUS schannel_update(struct gensec_security
*gensec_security, TALLOC_
struct netlogon_creds_CredentialState *creds;
const char *workstation;
const char *domain;
- uint32_t required_flags;
*out = data_blob(NULL, 0);
@@ -101,9 +100,6 @@ static NTSTATUS schannel_update(struct gensec_security
*gensec_security, TALLOC_
return NT_STATUS_MORE_PROCESSING_REQUIRED;
case GENSEC_SERVER:
- required_flags = NL_FLAG_OEM_NETBIOS_COMPUTER_NAME |
- NL_FLAG_OEM_NETBIOS_DOMAIN_NAME;
-
if (state->state != SCHANNEL_STATE_START) {
/* no third leg on this protocol */
return NT_STATUS_INVALID_PARAMETER;
@@ -119,17 +115,31 @@ static NTSTATUS schannel_update(struct gensec_security
*gensec_security, TALLOC_
return status;
}
- if (!(required_flags == (bind_schannel.Flags &
required_flags))) {
- return NT_STATUS_INVALID_PARAMETER;
+ if (bind_schannel.Flags & NL_FLAG_OEM_NETBIOS_DOMAIN_NAME) {
+ domain = bind_schannel.oem_netbios_domain.a;
+ if (strcasecmp_m(domain,
lpcfg_workgroup(gensec_security->settings->lp_ctx)) != 0) {
+ DEBUG(3, ("Request for schannel to incorrect
domain: %s != our domain %s\n",
+ domain,
lpcfg_workgroup(gensec_security->settings->lp_ctx)));
+ return NT_STATUS_LOGON_FAILURE;
+ }
+ } else if (bind_schannel.Flags & NL_FLAG_UTF8_DNS_DOMAIN_NAME) {
+ domain = bind_schannel.utf8_dns_domain.u;
+ if (strcasecmp_m(domain,
lpcfg_dnsdomain(gensec_security->settings->lp_ctx)) != 0) {
+ DEBUG(3, ("Request for schannel to incorrect
domain: %s != our domain %s\n",
+ domain,
lpcfg_dnsdomain(gensec_security->settings->lp_ctx)));
+ return NT_STATUS_LOGON_FAILURE;
+ }
+ } else {
+ DEBUG(3, ("Request for schannel to without domain\n"));
+ return NT_STATUS_LOGON_FAILURE;
}
- workstation = bind_schannel.oem_netbios_computer.a;
- domain = bind_schannel.oem_netbios_domain.a;
-
- if (strcasecmp_m(domain,
lpcfg_workgroup(gensec_security->settings->lp_ctx)) != 0) {
- DEBUG(3, ("Request for schannel to incorrect domain: %s
!= our domain %s\n",
- domain,
lpcfg_workgroup(gensec_security->settings->lp_ctx)));
-
+ if (bind_schannel.Flags & NL_FLAG_OEM_NETBIOS_COMPUTER_NAME) {
+ workstation = bind_schannel.oem_netbios_computer.a;
+ } else if (bind_schannel.Flags &
NL_FLAG_UTF8_NETBIOS_COMPUTER_NAME) {
+ workstation = bind_schannel.utf8_netbios_computer.u;
+ } else {
+ DEBUG(3, ("Request for schannel to without netbios
workstation\n"));
return NT_STATUS_LOGON_FAILURE;
}
--
Samba Shared Repository
