Author: jerry Date: 2005-07-27 17:30:23 +0000 (Wed, 27 Jul 2005) New Revision: 8799
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=8799 Log: disabling schannel on samr and lsa until I figure out the latest MS changes in 2003 sp1 and 2004 sp4 sr1 Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c trunk/source/nsswitch/winbindd_cm.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c =================================================================== --- branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c 2005-07-27 16:10:50 UTC (rev 8798) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c 2005-07-27 17:30:23 UTC (rev 8799) @@ -64,9 +64,18 @@ #undef DBGC_CLASS #define DBGC_CLASS DBGC_WINBIND -/* Global list of connections. Initially a DLIST but can become a hash - table or whatever later. */ +/****************************************************************** + Disabling schannl on the LSA pipe for now since + both Win2K-SP4 SR1 & Win2K3-SP1 fail the open_policy() + call (return codes 0xc0020042 and 0xc0020041 respectively). + We really need to fix this soon. Had to disable on the + SAMR pipe as well for now. --jerry +******************************************************************/ + +#define DISABLE_SCHANNEL_WIN2K3_SP1 1 + + /* Choose between anonymous or authenticated connections. We need to use an authenticated connection if DCs have the RestrictAnonymous registry entry set > 0, or the "Additional restrictions for anonymous @@ -984,6 +993,7 @@ conn = &domain->conn; if (conn->samr_pipe == NULL) { +#ifdef DISABLE_SCHANNEL_WIN2K3_SP1 unsigned char *session_key; if (cm_get_schannel_key(domain, mem_ctx, &session_key)) @@ -992,6 +1002,7 @@ session_key, domain->name); else +#endif /* DISABLE_SCHANNEL_WIN2K3_SP1 */ conn->samr_pipe = cli_rpc_open_noauth(conn->cli, PI_SAMR); @@ -1038,12 +1049,7 @@ conn = &domain->conn; if (conn->lsa_pipe == NULL) { -#if 0 - /* disabling schannl on the LSA pipe for now since - both Win2K-SP4 SR1 & Win2K3-SP1 fail the open_policy() - call (return codes 0xc0020042 and 0xc0020041 respectively). - We really need to fix this soon. --jerry */ - +#ifdef DISABLE_SCHANNEL_WIN2K3_SP1 unsigned char *session_key; if (cm_get_schannel_key(domain, mem_ctx, &session_key)) @@ -1052,7 +1058,7 @@ session_key, domain->name); else -#endif +#endif /* DISABLE_SCHANNEL_WIN2K3_SP1 */ conn->lsa_pipe = cli_rpc_open_noauth(conn->cli, PI_LSARPC); Modified: trunk/source/nsswitch/winbindd_cm.c =================================================================== --- trunk/source/nsswitch/winbindd_cm.c 2005-07-27 16:10:50 UTC (rev 8798) +++ trunk/source/nsswitch/winbindd_cm.c 2005-07-27 17:30:23 UTC (rev 8799) @@ -64,9 +64,18 @@ #undef DBGC_CLASS #define DBGC_CLASS DBGC_WINBIND -/* Global list of connections. Initially a DLIST but can become a hash - table or whatever later. */ +/****************************************************************** + Disabling schannl on the LSA pipe for now since + both Win2K-SP4 SR1 & Win2K3-SP1 fail the open_policy() + call (return codes 0xc0020042 and 0xc0020041 respectively). + We really need to fix this soon. Had to disable on the + SAMR pipe as well for now. --jerry +******************************************************************/ + +#define DISABLE_SCHANNEL_WIN2K3_SP1 1 + + /* Choose between anonymous or authenticated connections. We need to use an authenticated connection if DCs have the RestrictAnonymous registry entry set > 0, or the "Additional restrictions for anonymous @@ -984,6 +993,7 @@ conn = &domain->conn; if (conn->samr_pipe == NULL) { +#ifdef DISABLE_SCHANNEL_WIN2K3_SP1 unsigned char *session_key; if (cm_get_schannel_key(domain, mem_ctx, &session_key)) @@ -992,6 +1002,7 @@ session_key, domain->name); else +#endif /* DISABLE_SCHANNEL_WIN2K3_SP1 */ conn->samr_pipe = cli_rpc_open_noauth(conn->cli, PI_SAMR); @@ -1038,6 +1049,7 @@ conn = &domain->conn; if (conn->lsa_pipe == NULL) { +#ifdef DISABLE_SCHANNEL_WIN2K3_SP1 unsigned char *session_key; if (cm_get_schannel_key(domain, mem_ctx, &session_key)) @@ -1046,6 +1058,7 @@ session_key, domain->name); else +#endif /* DISABLE_SCHANNEL_WIN2K3_SP1 */ conn->lsa_pipe = cli_rpc_open_noauth(conn->cli, PI_LSARPC);