struct netlogon_creds_CredentialState *creds = NULL;
enum netlogon_creds_cli_lck_type lck_type;
enum netr_SchannelType sec_chan_type;
- struct netlogon_creds_cli_lck *lck;
+ struct netlogon_creds_cli_lck *lck = NULL;
uint32_t negotiate_flags;
uint8_t found_session_key[16] = {0};
bool found_existing_creds = false;
bool do_serverauth;
struct rpc_pipe_client *rpccli;
NTSTATUS status;
+ bool retry = false;
+
+ sec_chan_type = cli_credentials_get_secure_channel_type(trust_creds);
+ if (sec_chan_type == SEC_CHAN_NULL) {
+ DBG_ERR("secure_channel_type gave SEC_CHAN_NULL\n");
+ status = NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+ goto fail;
+ }
again:
status = cli_rpc_pipe_open_bind_schannel(
cli, &ndr_table_netlogon, transport, creds_ctx,
&rpccli);
- if (!NT_STATUS_IS_OK(status)) {
- DBG_DEBUG("cli_rpc_pipe_open_bind_schannel "
- "failed: %s\n", nt_errstr(status));
- }
- if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) {
+ if (!retry && NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) {
DBG_DEBUG("Retrying with serverauthenticate\n");
TALLOC_FREE(lck);
+ retry = true;
goto again;
}
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_DEBUG("cli_rpc_pipe_open_bind_schannel "
+ "failed: %s\n", nt_errstr(status));
+ goto fail;
+ }
goto done;
}
goto fail;
}
- sec_chan_type = cli_credentials_get_secure_channel_type(trust_creds);
- if (sec_chan_type == SEC_CHAN_NULL) {
- if (transport == NCACN_IP_TCP) {
- DBG_NOTICE("secure_channel_type gave SEC_CHAN_NULL "
- "for %s, deny NCACN_IP_TCP and let the "
- "caller fallback to NCACN_NP.\n",
- netlogon_creds_cli_debug_string(
- creds_ctx, frame));
- status = NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
- goto fail;
- }
-
- DBG_NOTICE("get_secure_channel_type gave SEC_CHAN_NULL "
- "for %s, fallback to noauth on NCACN_NP.\n",
- netlogon_creds_cli_debug_string(
- creds_ctx, frame));
-
- TALLOC_FREE(lck);
-
- status = cli_rpc_pipe_open_noauth_transport(
- cli, transport, &ndr_table_netlogon, &rpccli);
- if (!NT_STATUS_IS_OK(status)) {
- DBG_DEBUG("cli_rpc_pipe_open_noauth_transport "
- "failed: %s\n", nt_errstr(status));
- }
- goto done;
- }
-
status = rpccli_setup_netlogon_creds_locked(
cli, transport, creds_ctx, true, trust_creds,
&negotiate_flags);
if (!NT_STATUS_IS_OK(status)) {
DBG_DEBUG("cli_rpc_pipe_open_noauth_transport "
"failed: %s\n", nt_errstr(status));
+ goto fail;
}
goto done;
}
return status;
}
-static NTSTATUS map_validation_to_info3(TALLOC_CTX *mem_ctx,
- uint16_t validation_level,
- union netr_Validation *validation,
- struct netr_SamInfo3 **info3_p)
-{
- struct netr_SamInfo3 *info3;
- NTSTATUS status;
-
- if (validation == NULL) {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- switch (validation_level) {
- case 3:
- if (validation->sam3 == NULL) {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- info3 = talloc_move(mem_ctx, &validation->sam3);
- break;
- case 6:
- if (validation->sam6 == NULL) {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- info3 = talloc_zero(mem_ctx, struct netr_SamInfo3);
- if (info3 == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
- status = copy_netr_SamBaseInfo(info3, &validation->sam6->base, &info3->base);
- if (!NT_STATUS_IS_OK(status)) {
- TALLOC_FREE(info3);
- return status;
- }
-
- info3->sidcount = validation->sam6->sidcount;
- info3->sids = talloc_move(info3, &validation->sam6->sids);
- break;
- default:
- return NT_STATUS_BAD_VALIDATION_CLASS;
- }
-
- *info3_p = info3;
-
- return NT_STATUS_OK;
-}
-
/* Logon domain user */
NTSTATUS rpccli_netlogon_password_logon(