From 9801ec5f1af8f3f67461fa09e29213bea06b1c6a Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 21 Sep 2009 06:26:30 +0200 Subject: s3:secrets_schannel: revert to using version 1 It doesn't really matter if the entries have invalid context in it. Older versions of samba refuse to open the file if the version doesn't match. If we can't parse individual records, we'll fail schannel binds, but the clients are supposed to reestablish the netlogon secure channel by doing ServerReqChallenge/ServerAuthenticate* again. This will just overwrite the old record. metze --- source3/passdb/secrets.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'source3/passdb/secrets.c') diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c index 0e66e3cf01e..36f401bc928 100644 --- a/source3/passdb/secrets.c +++ b/source3/passdb/secrets.c @@ -1135,8 +1135,8 @@ void secrets_fetch_ipc_userpass(char **username, char **domain, char **password) *******************************************************************************/ #define SCHANNEL_STORE_VERSION_1 1 -#define SCHANNEL_STORE_VERSION_2 2 -#define SCHANNEL_STORE_VERSION_CURRENT SCHANNEL_STORE_VERSION_2 +#define SCHANNEL_STORE_VERSION_2 2 /* should not be used */ +#define SCHANNEL_STORE_VERSION_CURRENT SCHANNEL_STORE_VERSION_1 TDB_CONTEXT *open_schannel_session_store(TALLOC_CTX *mem_ctx) { @@ -1168,12 +1168,18 @@ TDB_CONTEXT *open_schannel_session_store(TALLOC_CTX *mem_ctx) vers.dptr = NULL; } else if (vers.dsize == 4) { ver = IVAL(vers.dptr,0); - if (ver != SCHANNEL_STORE_VERSION_CURRENT) { + if (ver == SCHANNEL_STORE_VERSION_2) { DEBUG(0,("open_schannel_session_store: wrong version number %d in %s\n", (int)ver, fname )); tdb_wipe_all(tdb_sc); goto again; } + if (ver != SCHANNEL_STORE_VERSION_CURRENT) { + DEBUG(0,("open_schannel_session_store: wrong version number %d in %s\n", + (int)ver, fname )); + tdb_close(tdb_sc); + tdb_sc = NULL; + } } else { tdb_close(tdb_sc); tdb_sc = NULL; -- cgit v1.2.1