diff options
| author | Stefan Metzmacher <metze@samba.org> | 2015-02-09 10:05:37 +0100 |
|---|---|---|
| committer | Günther Deschner <gd@samba.org> | 2015-03-12 17:13:43 +0100 |
| commit | 6d31763de14adaf00b4b28c31a19d462adc1aea3 (patch) | |
| tree | 239e7ea8c3cd3005c23bf0318912ba15986105bf /source3 | |
| parent | c3b7e6e2185b3e09d70326914e70eac314de9b63 (diff) | |
| download | samba-6d31763de14adaf00b4b28c31a19d462adc1aea3.tar.gz | |
s3:rpc_client: handle !NETLOGON_NEG_AUTHENTICATED_RPC in cli_rpc_pipe_open_schannel()
This is only allowed with special config options ("client schannel = no",
"require strong key = no" and "reject md5 servers = no").
By default we require NETLOGON_NEG_AUTHENTICATED_RPC.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Diffstat (limited to 'source3')
| -rw-r--r-- | source3/rpc_client/cli_pipe_schannel.c | 40 |
1 files changed, 32 insertions, 8 deletions
diff --git a/source3/rpc_client/cli_pipe_schannel.c b/source3/rpc_client/cli_pipe_schannel.c index 5e309fd8363..1790247e04e 100644 --- a/source3/rpc_client/cli_pipe_schannel.c +++ b/source3/rpc_client/cli_pipe_schannel.c @@ -52,6 +52,8 @@ NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli, NTSTATUS status; struct cli_credentials *cli_creds = NULL; struct netlogon_creds_cli_context *netlogon_creds = NULL; + struct netlogon_creds_CredentialState *creds = NULL; + uint32_t netlogon_flags; status = pdb_get_trust_credentials(domain, NULL, frame, &cli_creds); @@ -79,16 +81,38 @@ NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli, return status; } - status = cli_rpc_pipe_open_schannel_with_creds(cli, table, transport, - cli_creds, netlogon_creds, - &result); - if (NT_STATUS_IS_OK(status)) { - *presult = result; - if (pcreds != NULL) { - *pcreds = talloc_move(mem_ctx, &netlogon_creds); + status = netlogon_creds_cli_get(netlogon_creds, frame, &creds); + if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(frame); + return status; + } + + netlogon_flags = creds->negotiate_flags; + TALLOC_FREE(creds); + + if (netlogon_flags & NETLOGON_NEG_AUTHENTICATED_RPC) { + status = cli_rpc_pipe_open_schannel_with_creds(cli, table, + transport, + cli_creds, + netlogon_creds, + &result); + if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(frame); + return status; + } + } else { + status = cli_rpc_pipe_open_noauth(cli, table, &result); + if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(frame); + return status; } } + *presult = result; + if (pcreds != NULL) { + *pcreds = talloc_move(mem_ctx, &netlogon_creds); + } + TALLOC_FREE(frame); - return status; + return NT_STATUS_OK; } |