Author: jra Date: 2005-09-16 16:20:23 +0000 (Fri, 16 Sep 2005) New Revision: 10268
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=10268 Log: Fix for bug #3095 - winbindd checking credentials. Jeremy. Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c =================================================================== --- branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2005-09-16 16:13:06 UTC (rev 10267) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2005-09-16 16:20:23 UTC (rev 10268) @@ -404,12 +404,15 @@ } while ( (attempts < 2) && retry ); - if (NT_STATUS_IS_OK(result) && - (!clnt_deal_with_creds(session_key, credentials, - &ret_creds))) { - DEBUG(3, ("DC %s sent wrong credentials\n", - pipe_cli->cli->srv_name_slash)); - result = NT_STATUS_ACCESS_DENIED; + /* Only check creds if we got a connection. */ + if (contact_domain->conn.cli && + !(NT_STATUS_EQUAL(result, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) || + NT_STATUS_EQUAL(result, NT_STATUS_UNSUCCESSFUL))) { + if (!clnt_deal_with_creds(session_key, credentials, &ret_creds)) { + DEBUG(3, ("DC %s sent wrong credentials\n", + pipe_cli->cli->srv_name_slash)); + result = NT_STATUS_ACCESS_DENIED; + } } if (NT_STATUS_IS_OK(result)) { @@ -709,12 +712,15 @@ } while ( (attempts < 2) && retry ); - if (NT_STATUS_IS_OK(result) && - (!clnt_deal_with_creds(session_key, credentials, - &ret_creds))) { - DEBUG(3, ("DC %s sent wrong credentials\n", - pipe_cli->cli->srv_name_slash)); - result = NT_STATUS_ACCESS_DENIED; + /* Only check creds if we got a connection. */ + if (contact_domain->conn.cli && + !(NT_STATUS_EQUAL(result, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) || + (NT_STATUS_EQUAL(result, NT_STATUS_UNSUCCESSFUL)))) { + if (!clnt_deal_with_creds(session_key, credentials, &ret_creds)) { + DEBUG(3, ("DC %s sent wrong credentials\n", + pipe_cli->cli->srv_name_slash)); + result = NT_STATUS_ACCESS_DENIED; + } } if (NT_STATUS_IS_OK(result)) {
