From: Stefan Metzmacher Date: Tue, 16 Jul 2013 08:07:30 +0000 (+0200) Subject: s4:librpc: fix netlogon connections against servers without AES support X-Git-Url: http://git.samba.org/?p=metze%2Fsamba%2Fwip.git;a=commitdiff_plain;h=c78ec1f7fce098a2da4ee839ca321ccab4c2d584 s4:librpc: fix netlogon connections against servers without AES support LogonGetCapabilities() only works on the credential chain if the server supports AES, so we need to work on a temporary copy until we know the server replied a valid return authenticator. Signed-off-by: Stefan Metzmacher --- diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c index 1480486c3206..130ebebd9092 100644 --- a/source4/librpc/rpc/dcerpc_schannel.c +++ b/source4/librpc/rpc/dcerpc_schannel.c @@ -385,6 +385,7 @@ struct auth_schannel_state { struct loadparm_context *lp_ctx; uint8_t auth_level; struct netlogon_creds_CredentialState *creds_state; + struct netlogon_creds_CredentialState save_creds_state; struct netr_Authenticator auth; struct netr_Authenticator return_auth; union netr_Capabilities capabilities; @@ -449,7 +450,8 @@ static void continue_bind_auth(struct composite_context *ctx) s->creds_state = cli_credentials_get_netlogon_creds(s->credentials); if (composite_nomem(s->creds_state, c)) return; - netlogon_creds_client_authenticator(s->creds_state, &s->auth); + s->save_creds_state = *s->creds_state; + netlogon_creds_client_authenticator(&s->save_creds_state, &s->auth); s->c.in.server_name = talloc_asprintf(c, "\\\\%s", @@ -519,12 +521,14 @@ static void continue_get_capabilities(struct tevent_req *subreq) } /* verify credentials */ - if (!netlogon_creds_client_check(s->creds_state, + if (!netlogon_creds_client_check(&s->save_creds_state, &s->c.out.return_authenticator->cred)) { composite_error(c, NT_STATUS_UNSUCCESSFUL); return; } + *s->creds_state = s->save_creds_state; + if (!NT_STATUS_IS_OK(s->c.out.result)) { composite_error(c, s->c.out.result); return;