1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00

r13614: First part of the bugfix for #3510 - net join fails

against server with schannel disabled. Second part
will come tomorrow (fixing net_rpc_join_ok()).
Jeremy.
This commit is contained in:
Jeremy Allison 2006-02-22 04:56:53 +00:00 committed by Gerald (Jerry) Carter
parent 1d23067e68
commit 7de1ee1861
2 changed files with 28 additions and 15 deletions

View File

@ -358,7 +358,13 @@ struct cli_state *cli_initialise(struct cli_state *cli)
BOOL cli_rpc_pipe_close(struct rpc_pipe_client *cli)
{
BOOL ret = cli_close(cli->cli, cli->fnum);
BOOL ret;
if (!cli) {
return False;
}
ret = cli_close(cli->cli, cli->fnum);
if (!ret) {
DEBUG(0,("cli_rpc_pipe_close: cli_close failed on pipe %s, "

View File

@ -88,10 +88,9 @@ int net_rpc_join_newstyle(int argc, const char **argv)
struct cli_state *cli;
TALLOC_CTX *mem_ctx;
uint32 acb_info = ACB_WSTRUST;
uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|(lp_client_schannel() ? NETLOGON_NEG_SCHANNEL : 0);
uint32 sec_channel_type;
struct rpc_pipe_client *pipe_hnd = NULL;
struct rpc_pipe_client *netlogon_schannel_pipe = NULL;
/* rpc variables */
@ -325,29 +324,37 @@ int net_rpc_join_newstyle(int argc, const char **argv)
goto done;
}
netlogon_schannel_pipe = cli_rpc_pipe_open_schannel_with_key(cli,
/* We can only check the schannel connection if the client is allowed
to do this and the server supports it. If not, just assume success
(after all the rpccli_netlogon_setup_creds() succeeded, and we'll
do the same again (setup creds) in net_rpc_join_ok(). JRA. */
if (lp_client_schannel() && (neg_flags & NETLOGON_NEG_SCHANNEL)) {
struct rpc_pipe_client *netlogon_schannel_pipe =
cli_rpc_pipe_open_schannel_with_key(cli,
PI_NETLOGON,
PIPE_AUTH_LEVEL_PRIVACY,
domain,
pipe_hnd->dc,
&result);
if (!NT_STATUS_IS_OK(result)) {
DEBUG(0, ("Error in domain join verification (schannel setup failed): %s\n\n",
nt_errstr(result)));
if (!NT_STATUS_IS_OK(result)) {
DEBUG(0, ("Error in domain join verification (schannel setup failed): %s\n\n",
nt_errstr(result)));
if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) &&
(sec_channel_type == SEC_CHAN_BDC) ) {
d_fprintf(stderr, "Please make sure that no computer account\n"
"named like this machine (%s) exists in the domain\n",
global_myname());
if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) &&
(sec_channel_type == SEC_CHAN_BDC) ) {
d_fprintf(stderr, "Please make sure that no computer account\n"
"named like this machine (%s) exists in the domain\n",
global_myname());
}
goto done;
}
goto done;
cli_rpc_pipe_close(netlogon_schannel_pipe);
}
cli_rpc_pipe_close(pipe_hnd);
cli_rpc_pipe_close(netlogon_schannel_pipe);
/* Now store the secret in the secrets database */