[samba/f13/master] Fix accidental whitespace removal from previous patch.
Guenther Deschner
gd at fedoraproject.org
Fri Aug 27 11:34:58 UTC 2010
commit ba44c556d34f15772182135c86b6d11a84e1bc71
Author: Günther Deschner <gd at samba.org>
Date: Tue Aug 24 15:45:27 2010 +0200
Fix accidental whitespace removal from previous patch.
Guenther
samba-3.5.4-winbind-schannel.patch | 139 ++++++++++++++++++------------------
1 files changed, 70 insertions(+), 69 deletions(-)
---
diff --git a/samba-3.5.4-winbind-schannel.patch b/samba-3.5.4-winbind-schannel.patch
index 210523d..5bb68dc 100644
--- a/samba-3.5.4-winbind-schannel.patch
+++ b/samba-3.5.4-winbind-schannel.patch
@@ -85,83 +85,83 @@ index f8e49cc..f466a94 100644
@@ -2016,30 +2016,30 @@ static void set_dc_type_and_flags( struct winbindd_domain *domain )
/**********************************************************************
***********************************************************************/
-
+
-static bool cm_get_schannel_creds(struct winbindd_domain *domain,
+static NTSTATUS cm_get_schannel_creds(struct winbindd_domain *domain,
- struct netlogon_creds_CredentialState **ppdc)
+ struct netlogon_creds_CredentialState **ppdc)
{
- NTSTATUS result;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- struct rpc_pipe_client *netlogon_pipe;
-
- if (lp_client_schannel() == False) {
+ struct rpc_pipe_client *netlogon_pipe;
+
+ if (lp_client_schannel() == False) {
- return False;
+ return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;;
- }
-
- result = cm_connect_netlogon(domain, &netlogon_pipe);
- if (!NT_STATUS_IS_OK(result)) {
+ }
+
+ result = cm_connect_netlogon(domain, &netlogon_pipe);
+ if (!NT_STATUS_IS_OK(result)) {
- return False;
+ return result;
- }
-
- /* Return a pointer to the struct netlogon_creds_CredentialState from the
- netlogon pipe. */
-
- if (!domain->conn.netlogon_pipe->dc) {
+ }
+
+ /* Return a pointer to the struct netlogon_creds_CredentialState from the
+ netlogon pipe. */
+
+ if (!domain->conn.netlogon_pipe->dc) {
- return false;
+ return NT_STATUS_INTERNAL_ERROR; /* This shouldn't happen. */
- }
-
- *ppdc = domain->conn.netlogon_pipe->dc;
+ }
+
+ *ppdc = domain->conn.netlogon_pipe->dc;
- return True;
+ return NT_STATUS_OK;
}
-
+
NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
@@ -2136,10 +2136,13 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
-
- /* Fall back to schannel if it's a W2K pre-SP1 box. */
-
+
+ /* Fall back to schannel if it's a W2K pre-SP1 box. */
+
- if (!cm_get_schannel_creds(domain, &p_creds)) {
+ result = cm_get_schannel_creds(domain, &p_creds);
+ if (!NT_STATUS_IS_OK(result)) {
- /* If this call fails - conn->cli can now be NULL ! */
- DEBUG(10, ("cm_connect_sam: Could not get schannel auth info "
+ /* If this call fails - conn->cli can now be NULL ! */
+ DEBUG(10, ("cm_connect_sam: Could not get schannel auth info "
- "for domain %s, trying anon\n", domain->name));
+ "for domain %s (error %s), trying anon\n",
+ domain->name,
+ nt_errstr(result) ));
- goto anonymous;
- }
- result = cli_rpc_pipe_open_schannel_with_key
+ goto anonymous;
+ }
+ result = cli_rpc_pipe_open_schannel_with_key
@@ -2252,7 +2255,8 @@ NTSTATUS cm_connect_lsa_tcp(struct winbindd_domain *domain,
-
- TALLOC_FREE(conn->lsa_pipe_tcp);
-
+
+ TALLOC_FREE(conn->lsa_pipe_tcp);
+
- if (!cm_get_schannel_creds(domain, &creds)) {
+ status = cm_get_schannel_creds(domain, &creds);
+ if (!NT_STATUS_IS_OK(status)) {
- goto done;
- }
-
+ goto done;
+ }
+
@@ -2344,10 +2348,13 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
-
- /* Fall back to schannel if it's a W2K pre-SP1 box. */
-
+
+ /* Fall back to schannel if it's a W2K pre-SP1 box. */
+
- if (!cm_get_schannel_creds(domain, &p_creds)) {
+ result = cm_get_schannel_creds(domain, &p_creds);
+ if (!NT_STATUS_IS_OK(result)) {
- /* If this call fails - conn->cli can now be NULL ! */
- DEBUG(10, ("cm_connect_lsa: Could not get schannel auth info "
+ /* If this call fails - conn->cli can now be NULL ! */
+ DEBUG(10, ("cm_connect_lsa: Could not get schannel auth info "
- "for domain %s, trying anon\n", domain->name));
+ "for domain %s (error %s), trying anon\n",
+ domain->name,
+ nt_errstr(result) ));
- goto anonymous;
- }
- result = cli_rpc_pipe_open_schannel_with_key
---
+ goto anonymous;
+ }
+ result = cli_rpc_pipe_open_schannel_with_key
+--
1.7.2.1
@@ -197,22 +197,22 @@ index 87d1866..504f594 100644
#include "../lib/crypto/crypto.h"
#include "libcli/auth/libcli_auth.h"
+#include "../libcli/security/dom_sid.h"
-
+
static void netlogon_creds_step_crypt(struct netlogon_creds_CredentialState *creds,
- const struct netr_Credential *in,
+ const struct netr_Credential *in,
@@ -202,7 +203,7 @@ struct netlogon_creds_CredentialState *netlogon_creds_client_init(TALLOC_CTX *me
- struct netr_Credential *initial_credential,
- uint32_t negotiate_flags)
+ struct netr_Credential *initial_credential,
+ uint32_t negotiate_flags)
{
- struct netlogon_creds_CredentialState *creds = talloc(mem_ctx, struct netlogon_creds_CredentialState);
+ struct netlogon_creds_CredentialState *creds = talloc_zero(mem_ctx, struct netlogon_creds_CredentialState);
-
- if (!creds) {
- return NULL;
+
+ if (!creds) {
+ return NULL;
@@ -453,3 +454,46 @@ void netlogon_creds_decrypt_samlogon(struct netlogon_creds_CredentialState *cred
- }
- }
-
+ }
+ }
+
+/*
+ copy a netlogon_creds_CredentialState struct
+*/
@@ -261,12 +261,12 @@ index e09cdee..c3878f5 100644
--- a/libcli/auth/proto.h
+++ b/libcli/auth/proto.h
@@ -35,6 +35,8 @@ void netlogon_creds_client_authenticator(struct netlogon_creds_CredentialState *
- struct netr_Authenticator *next);
+ struct netr_Authenticator *next);
bool netlogon_creds_client_check(struct netlogon_creds_CredentialState *creds,
- const struct netr_Credential *received_credentials);
+ const struct netr_Credential *received_credentials);
+struct netlogon_creds_CredentialState *netlogon_creds_copy(TALLOC_CTX *mem_ctx,
+ struct netlogon_creds_CredentialState *creds_in);
-
+
/*****************************************************************
The above functions are common to the client and server interface
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
@@ -274,29 +274,30 @@ index ee60c1d..06b9c5d 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -3213,7 +3213,7 @@ NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx, const char *domain,
- result->a_u.schannel_auth->state = SCHANNEL_STATE_START;
- result->a_u.schannel_auth->seq_num = 0;
- result->a_u.schannel_auth->initiator = true;
+ result->a_u.schannel_auth->state = SCHANNEL_STATE_START;
+ result->a_u.schannel_auth->seq_num = 0;
+ result->a_u.schannel_auth->initiator = true;
- result->a_u.schannel_auth->creds = creds;
+ result->a_u.schannel_auth->creds = netlogon_creds_copy(result, creds);
-
- *presult = result;
- return NT_STATUS_OK;
+
+ *presult = result;
+ return NT_STATUS_OK;
@@ -4044,9 +4044,13 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
-
- /*
- * The credentials on a new netlogon pipe are the ones we are passed
+
+ /*
+ * The credentials on a new netlogon pipe are the ones we are passed
- * in - reference them in
+ * in - copy them over
- */
+ */
- result->dc = talloc_move(result, pdc);
+ result->dc = netlogon_creds_copy(result, *pdc);
+ if (result->dc == NULL) {
+ TALLOC_FREE(result);
+ return NT_STATUS_NO_MEMORY;
+ }
-
- DEBUG(10,("cli_rpc_pipe_open_schannel_with_key: opened pipe %s to machine %s "
- "for domain %s and bound using schannel.\n",
---
+
+ DEBUG(10,("cli_rpc_pipe_open_schannel_with_key: opened pipe %s to machine %s "
+ "for domain %s and bound using schannel.\n",
+--
1.7.2.1
+
More information about the scm-commits
mailing list