winbindd: fix LSA connections via DCERPC_AUTH_SCHANNEL

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13231

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

diff --git a/source3/winbindd/winbindd.h b/source3/winbindd/winbindd.h
index b60094bafcdd92b91ed3c3bd71760ec4383d343d..43c90445e87887ed86d0314511e66a05e8c5a910 100644 (file)
--- a/source3/winbindd/winbindd.h
+++ b/source3/winbindd/winbindd.h
@@ -100,7 +100,6 @@ struct winbindd_cm_conn {
 
        struct rpc_pipe_client *netlogon_pipe;
        struct netlogon_creds_cli_context *netlogon_creds_ctx;
-       uint32_t netlogon_flags;
        bool netlogon_force_reauth;
 };
 

diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 4d3a372dd2521b8dcb0976b0cc83af48dcb765bf..2aca5f374f6e53a7e01754a561a707571ff35050 100644 (file)
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -2039,7 +2039,6 @@ void invalidate_cm_connection(struct winbindd_domain *domain)
 
        conn->auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
        conn->netlogon_force_reauth = false;
-       conn->netlogon_flags = 0;
        TALLOC_FREE(conn->netlogon_creds_ctx);
 
        if (conn->cli) {
@@ -2620,9 +2619,6 @@ static NTSTATUS cm_get_schannel_creds(struct winbindd_domain *domain,
        }
 
        if (domain->conn.netlogon_creds_ctx != NULL) {
-               if (!(domain->conn.netlogon_flags & NETLOGON_NEG_AUTHENTICATED_RPC)) {
-                       return NT_STATUS_TRUSTED_DOMAIN_FAILURE;
-               }
                *ppdc = domain->conn.netlogon_creds_ctx;
                return NT_STATUS_OK;
        }
@@ -2636,10 +2632,6 @@ static NTSTATUS cm_get_schannel_creds(struct winbindd_domain *domain,
                return NT_STATUS_TRUSTED_DOMAIN_FAILURE;
        }
 
-       if (!(domain->conn.netlogon_flags & NETLOGON_NEG_AUTHENTICATED_RPC)) {
-               return NT_STATUS_TRUSTED_DOMAIN_FAILURE;
-       }
-
        *ppdc = domain->conn.netlogon_creds_ctx;
        return NT_STATUS_OK;
 }
@@ -3234,7 +3226,6 @@ static NTSTATUS cm_connect_netlogon_transport(struct winbindd_domain *domain,
        }
 
        TALLOC_FREE(conn->netlogon_pipe);
-       conn->netlogon_flags = 0;
        TALLOC_FREE(conn->netlogon_creds_ctx);
 
        result = get_trust_credentials(domain, talloc_tos(), true, &creds);