mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
r13614: First part of the bugfix for #3510 - net join fails
against server with schannel disabled. Second part will come tomorrow (fixing net_rpc_join_ok()). Jeremy.
This commit is contained in:
parent
1d23067e68
commit
7de1ee1861
@ -358,7 +358,13 @@ struct cli_state *cli_initialise(struct cli_state *cli)
|
|||||||
|
|
||||||
BOOL cli_rpc_pipe_close(struct rpc_pipe_client *cli)
|
BOOL cli_rpc_pipe_close(struct rpc_pipe_client *cli)
|
||||||
{
|
{
|
||||||
BOOL ret = cli_close(cli->cli, cli->fnum);
|
BOOL ret;
|
||||||
|
|
||||||
|
if (!cli) {
|
||||||
|
return False;
|
||||||
|
}
|
||||||
|
|
||||||
|
ret = cli_close(cli->cli, cli->fnum);
|
||||||
|
|
||||||
if (!ret) {
|
if (!ret) {
|
||||||
DEBUG(0,("cli_rpc_pipe_close: cli_close failed on pipe %s, "
|
DEBUG(0,("cli_rpc_pipe_close: cli_close failed on pipe %s, "
|
||||||
|
@ -88,10 +88,9 @@ int net_rpc_join_newstyle(int argc, const char **argv)
|
|||||||
struct cli_state *cli;
|
struct cli_state *cli;
|
||||||
TALLOC_CTX *mem_ctx;
|
TALLOC_CTX *mem_ctx;
|
||||||
uint32 acb_info = ACB_WSTRUST;
|
uint32 acb_info = ACB_WSTRUST;
|
||||||
uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
|
uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|(lp_client_schannel() ? NETLOGON_NEG_SCHANNEL : 0);
|
||||||
uint32 sec_channel_type;
|
uint32 sec_channel_type;
|
||||||
struct rpc_pipe_client *pipe_hnd = NULL;
|
struct rpc_pipe_client *pipe_hnd = NULL;
|
||||||
struct rpc_pipe_client *netlogon_schannel_pipe = NULL;
|
|
||||||
|
|
||||||
/* rpc variables */
|
/* rpc variables */
|
||||||
|
|
||||||
@ -325,29 +324,37 @@ int net_rpc_join_newstyle(int argc, const char **argv)
|
|||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
|
|
||||||
netlogon_schannel_pipe = cli_rpc_pipe_open_schannel_with_key(cli,
|
/* We can only check the schannel connection if the client is allowed
|
||||||
|
to do this and the server supports it. If not, just assume success
|
||||||
|
(after all the rpccli_netlogon_setup_creds() succeeded, and we'll
|
||||||
|
do the same again (setup creds) in net_rpc_join_ok(). JRA. */
|
||||||
|
|
||||||
|
if (lp_client_schannel() && (neg_flags & NETLOGON_NEG_SCHANNEL)) {
|
||||||
|
struct rpc_pipe_client *netlogon_schannel_pipe =
|
||||||
|
cli_rpc_pipe_open_schannel_with_key(cli,
|
||||||
PI_NETLOGON,
|
PI_NETLOGON,
|
||||||
PIPE_AUTH_LEVEL_PRIVACY,
|
PIPE_AUTH_LEVEL_PRIVACY,
|
||||||
domain,
|
domain,
|
||||||
pipe_hnd->dc,
|
pipe_hnd->dc,
|
||||||
&result);
|
&result);
|
||||||
|
|
||||||
if (!NT_STATUS_IS_OK(result)) {
|
if (!NT_STATUS_IS_OK(result)) {
|
||||||
DEBUG(0, ("Error in domain join verification (schannel setup failed): %s\n\n",
|
DEBUG(0, ("Error in domain join verification (schannel setup failed): %s\n\n",
|
||||||
nt_errstr(result)));
|
nt_errstr(result)));
|
||||||
|
|
||||||
if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) &&
|
if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) &&
|
||||||
(sec_channel_type == SEC_CHAN_BDC) ) {
|
(sec_channel_type == SEC_CHAN_BDC) ) {
|
||||||
d_fprintf(stderr, "Please make sure that no computer account\n"
|
d_fprintf(stderr, "Please make sure that no computer account\n"
|
||||||
"named like this machine (%s) exists in the domain\n",
|
"named like this machine (%s) exists in the domain\n",
|
||||||
global_myname());
|
global_myname());
|
||||||
|
}
|
||||||
|
|
||||||
|
goto done;
|
||||||
}
|
}
|
||||||
|
cli_rpc_pipe_close(netlogon_schannel_pipe);
|
||||||
goto done;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
cli_rpc_pipe_close(pipe_hnd);
|
cli_rpc_pipe_close(pipe_hnd);
|
||||||
cli_rpc_pipe_close(netlogon_schannel_pipe);
|
|
||||||
|
|
||||||
/* Now store the secret in the secrets database */
|
/* Now store the secret in the secrets database */
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user