sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-12-04 08:23:50 +03:00
Code Activity

r7217: Only allow schannel connections if a successful Auth2 has been done

Browse Source 
before. Things tested: Domain join and subsequent interactive and network
logon to NT4, W2kSP and XPSP2 workstations and a NT4 domain trusting us. Right
now I've got problems with my W2k3 domain trusts. So this needs testing,
although I'm really confident that this does not break.

Volker
This commit is contained in:
Volker Lendecke
2005-06-03 09:24:48 +00:00
committed by Gerald (Jerry) Carter
parent 53c3a954ee
commit c25b4afda2
2 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
source/rpc_server/srv_pipe.c
View File

@@ -52,6 +52,7 @@ extern struct current_user current_user;
next. This is the way the netlogon schannel works.
**************************************************************/
struct dcinfo last_dcinfo;
BOOL server_auth2_negotiated = False;
static void NTLMSSPcalc_p( pipes_struct *p, unsigned char *data, int len)
{
@@ -975,6 +976,12 @@ BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p)
RPC_AUTH_NETSEC_NEG neg;
struct netsec_auth_struct *a = &(p->netsec_auth);
if (!server_auth2_negotiated) {
DEBUG(0, ("Attempt to bind using schannel "
"without successful serverauth2\n"));
return False;
}
if (!smb_io_rpc_auth_netsec_neg("", &neg, rpc_in_p, 0)) {
DEBUG(0,("api_pipe_bind_req: "
"Could not unmarshal SCHANNEL auth neg\n"));