The branch, v3-5-test has been updated
via d7f0de0 s3-winbind: Fix bug 7888 -- deal with buggy 3.0 based PDCs.
from 7024435 s3-nmbd: fix memleak in create_listen_fdset().
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test
- Log -----------------------------------------------------------------
commit d7f0de06c119abad609f87121a8a4fb533e82747
Author: Günther Deschner <g...@samba.org>
Date: Wed Sep 28 18:12:49 2011 +0200
s3-winbind: Fix bug 7888 -- deal with buggy 3.0 based PDCs.
Guenther
-----------------------------------------------------------------------
Summary of changes:
source3/winbindd/winbindd_pam.c | 50 ++++++++++++++++++++++++++++-----------
1 files changed, 36 insertions(+), 14 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index df83dc6..5c56b87 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1382,18 +1382,29 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(struct
winbindd_domain *domain,
nt_resp,
&my_info3);
- if ((NT_STATUS_V(result) == DCERPC_FAULT_OP_RNG_ERROR)
- && contact_domain->can_do_samlogon_ex) {
- DEBUG(3, ("Got a DC that can not do NetSamLogonEx, "
- "retrying with NetSamLogon\n"));
- contact_domain->can_do_samlogon_ex = false;
+ if (NT_STATUS_V(result) == DCERPC_FAULT_OP_RNG_ERROR) {
+
/*
* It's likely that the server also does not support
* validation level 6
*/
domain->can_do_validation6 = false;
- retry = true;
- continue;
+
+ if (contact_domain->can_do_samlogon_ex) {
+ DEBUG(3, ("Got a DC that can not do
NetSamLogonEx, "
+ "retrying with NetSamLogon\n"));
+ contact_domain->can_do_samlogon_ex = false;
+ retry = true;
+ continue;
+ }
+
+ /* Got DCERPC_FAULT_OP_RNG_ERROR for SamLogon
+ * (no Ex). This happens against old Samba
+ * DCs. Drop the connection.
+ */
+ invalidate_cm_connection(&contact_domain->conn);
+ result = NT_STATUS_LOGON_FAILURE;
+ break;
}
if (domain->can_do_validation6 &&
@@ -1996,18 +2007,29 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct
winbindd_domain *domain,
nt_resp,
&info3);
- if ((NT_STATUS_V(result) == DCERPC_FAULT_OP_RNG_ERROR)
- && contact_domain->can_do_samlogon_ex) {
- DEBUG(3, ("Got a DC that can not do NetSamLogonEx, "
- "retrying with NetSamLogon\n"));
- contact_domain->can_do_samlogon_ex = false;
+ if (NT_STATUS_V(result) == DCERPC_FAULT_OP_RNG_ERROR) {
+
/*
* It's likely that the server also does not support
* validation level 6
*/
domain->can_do_validation6 = false;
- retry = true;
- continue;
+
+ if (contact_domain->can_do_samlogon_ex) {
+ DEBUG(3, ("Got a DC that can not do
NetSamLogonEx, "
+ "retrying with NetSamLogon\n"));
+ contact_domain->can_do_samlogon_ex = false;
+ retry = true;
+ continue;
+ }
+
+ /* Got DCERPC_FAULT_OP_RNG_ERROR for SamLogon
+ * (no Ex). This happens against old Samba
+ * DCs. Drop the connection.
+ */
+ invalidate_cm_connection(&contact_domain->conn);
+ result = NT_STATUS_LOGON_FAILURE;
+ break;
}
if (domain->can_do_validation6 &&
--
Samba Shared Repository
