git.samba.org / metze / samba / wip.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 83edf3e)
s3:secrets_schannel: revert to using version 1
authorStefan Metzmacher <metze@samba.org>
Mon, 21 Sep 2009 04:26:30 +0000 (06:26 +0200)
committerStefan Metzmacher <metze@samba.org>
Mon, 21 Sep 2009 04:33:25 +0000 (06:33 +0200)
It doesn't really matter if the entries
have invalid context in it. Older versions of samba
refuse to open the file if the version doesn't match.

If we can't parse individual records, we'll fail schannel binds,
but the clients are supposed to reestablish the netlogon secure channel
by doing ServerReqChallenge/ServerAuthenticate* again. This
will just overwrite the old record.

metze

source3/passdb/secrets.c patch | blob | history

diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c
index 0e66e3cf01e2f36fc73f29a7575a1dcce975b8a8..36f401bc92803f7b8fd061d08207ea539221e6ac 100644 (file)
--- a/source3/passdb/secrets.c
+++ b/source3/passdb/secrets.c
@@ -1135,8 +1135,8 @@ void secrets_fetch_ipc_userpass(char **username, char **domain, char **password)
 *******************************************************************************/
 
 #define SCHANNEL_STORE_VERSION_1 1
-#define SCHANNEL_STORE_VERSION_2 2
-#define SCHANNEL_STORE_VERSION_CURRENT SCHANNEL_STORE_VERSION_2
+#define SCHANNEL_STORE_VERSION_2 2 /* should not be used */
+#define SCHANNEL_STORE_VERSION_CURRENT SCHANNEL_STORE_VERSION_1
 
 TDB_CONTEXT *open_schannel_session_store(TALLOC_CTX *mem_ctx)
 {
@@ -1168,12 +1168,18 @@ TDB_CONTEXT *open_schannel_session_store(TALLOC_CTX *mem_ctx)
                vers.dptr = NULL;
        } else if (vers.dsize == 4) {
                ver = IVAL(vers.dptr,0);
-               if (ver != SCHANNEL_STORE_VERSION_CURRENT) {
+               if (ver == SCHANNEL_STORE_VERSION_2) {
                        DEBUG(0,("open_schannel_session_store: wrong version number %d in %s\n",
                                (int)ver, fname ));
                        tdb_wipe_all(tdb_sc);
                        goto again;
                }
+               if (ver != SCHANNEL_STORE_VERSION_CURRENT) {
+                       DEBUG(0,("open_schannel_session_store: wrong version number %d in %s\n",
+                               (int)ver, fname ));
+                       tdb_close(tdb_sc);
+                       tdb_sc = NULL;
+               }
        } else {
                tdb_close(tdb_sc);
                tdb_sc = NULL;
Work in progress branches