diff options
| author | Ralph Boehme <slow@samba.org> | 2017-11-26 19:04:19 +0100 |
|---|---|---|
| committer | Ralph Boehme <slow@samba.org> | 2017-11-29 16:59:15 +0100 |
| commit | 96b44e9da572cfee5429affe0dc86ee5e2275847 (patch) | |
| tree | 14f8992b1f6ecd94db6a4bf922513570b6548d48 /source3/rpc_client | |
| parent | a8e0bdc97100578d85f58633bcdf64b7cfb4c216 (diff) | |
| download | samba-96b44e9da572cfee5429affe0dc86ee5e2275847.tar.gz | |
s3/cli_netlogon: remove SEC_CHAN_NULL fallback from rpccli_connect_netlogon()
The caller should handle secure-channel-type SEC_CHAN_NULL. The previous
commit already added handling of SEC_CHAN_NULL to
cm_connect_netlogon_transport.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13167
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'source3/rpc_client')
| -rw-r--r-- | source3/rpc_client/cli_netlogon.c | 38 |
1 files changed, 8 insertions, 30 deletions
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c index a7676efb055..a67b6928ebf 100644 --- a/source3/rpc_client/cli_netlogon.c +++ b/source3/rpc_client/cli_netlogon.c @@ -285,7 +285,7 @@ NTSTATUS rpccli_connect_netlogon( struct netlogon_creds_CredentialState *creds = NULL; enum netlogon_creds_cli_lck_type lck_type; enum netr_SchannelType sec_chan_type; - struct netlogon_creds_cli_lck *lck; + struct netlogon_creds_cli_lck *lck = NULL; uint32_t negotiate_flags; uint8_t found_session_key[16] = {0}; bool found_existing_creds = false; @@ -294,6 +294,13 @@ NTSTATUS rpccli_connect_netlogon( NTSTATUS status; bool retry = false; + sec_chan_type = cli_credentials_get_secure_channel_type(trust_creds); + if (sec_chan_type == SEC_CHAN_NULL) { + DBG_ERR("secure_channel_type gave SEC_CHAN_NULL\n"); + status = NT_STATUS_CANT_ACCESS_DOMAIN_INFO; + goto fail; + } + again: /* @@ -378,35 +385,6 @@ again: goto fail; } - sec_chan_type = cli_credentials_get_secure_channel_type(trust_creds); - if (sec_chan_type == SEC_CHAN_NULL) { - if (transport == NCACN_IP_TCP) { - DBG_NOTICE("secure_channel_type gave SEC_CHAN_NULL " - "for %s, deny NCACN_IP_TCP and let the " - "caller fallback to NCACN_NP.\n", - netlogon_creds_cli_debug_string( - creds_ctx, frame)); - status = NT_STATUS_CANT_ACCESS_DOMAIN_INFO; - goto fail; - } - - DBG_NOTICE("get_secure_channel_type gave SEC_CHAN_NULL " - "for %s, fallback to noauth on NCACN_NP.\n", - netlogon_creds_cli_debug_string( - creds_ctx, frame)); - - TALLOC_FREE(lck); - - status = cli_rpc_pipe_open_noauth_transport( - cli, transport, &ndr_table_netlogon, &rpccli); - if (!NT_STATUS_IS_OK(status)) { - DBG_DEBUG("cli_rpc_pipe_open_noauth_transport " - "failed: %s\n", nt_errstr(status)); - goto fail; - } - goto done; - } - status = rpccli_setup_netlogon_creds_locked( cli, transport, creds_ctx, true, trust_creds, &negotiate_flags); |