s4:rpc_server/dcesrv_auth.c - Fix a RPC issue in conjunction with Windows 2000

Windows 2000 does strictly request header signing on some requests also if the
server doesn't provide it. But there is a small trick (don't reset the actual
session info) to make these special RPC operations work without a full header
signing implementation.

This fixes for example the list of domain groups in local groups when displayed
sing the local user/group management tool.

And this should finally fix bug #7113.

The patch was inspired by another one by tridge and abartlet: http://gitweb.samba.org/samba.git/?p=tridge/samba.git;a=commitdiff;h=2dc19e2878371264606575d3fc09176776be7729

1 files changed, 12 insertions, 2 deletions

diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c
index 4915c3ccbc..c04a2072a7 100644
--- a/source4/rpc_server/dcesrv_auth.c
+++ b/source4/rpc_server/dcesrv_auth.c
@@ -116,8 +116,18 @@ NTSTATUS dcesrv_auth_bind_ack(struct dcesrv_call_state *call, struct ncacn_packe
 			       &dce_conn->auth_state.auth_info->credentials);
 	
 	if (NT_STATUS_IS_OK(status)) {
-		status = gensec_session_info(dce_conn->auth_state.gensec_security,
-					     &dce_conn->auth_state.session_info);
+		if ((call->pkt.pfc_flags & DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)
+		    && (talloc_get_type(dce_conn->auth_state.session_info,
+					struct auth_session_info) != NULL)) {
+			/* This is a small hack to make some Windows 2000 RPC
+			 * operations work. It should be removed (always call
+			 * "gensec_session_info") when we fully support header
+			 * signing. */
+			status = NT_STATUS_OK;
+		} else {
+			status = gensec_session_info(dce_conn->auth_state.gensec_security,
+						     &dce_conn->auth_state.session_info);
+		}
 		if (!NT_STATUS_IS_OK(status)) {
 			DEBUG(1, ("Failed to establish session_info: %s\n", nt_errstr(status)));
 			return status;