diff options
| author | Jeremy Allison <jra@samba.org> | 2009-02-15 18:12:20 -0800 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2009-02-15 18:12:20 -0800 |
| commit | 9a5d5cc1db0ee60486f932e34cd7961b90c70a56 (patch) | |
| tree | b5d66a390a9d9515f53605509f5f7c2ad90b5b35 /source3/rpc_server/srv_netlog_nt.c | |
| parent | f608588ea3facd3f2e567d2c356a3a7466a0d1b0 (diff) | |
| download | samba-9a5d5cc1db0ee60486f932e34cd7961b90c70a56.tar.gz samba-9a5d5cc1db0ee60486f932e34cd7961b90c70a56.tar.bz2 samba-9a5d5cc1db0ee60486f932e34cd7961b90c70a56.zip | |
Attempt to fix bug #6099. According to Microsoft
Windows 7 looks at the negotiate_flags
returned in this structure *even if the
call fails with access denied ! So in order
to allow Win7 to connect to a Samba NT style
PDC we set the flags before we know if it's
an error or not.
Jeremy.
Diffstat (limited to 'source3/rpc_server/srv_netlog_nt.c')
| -rw-r--r-- | source3/rpc_server/srv_netlog_nt.c | 43 |
1 files changed, 26 insertions, 17 deletions
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index add4a43509..8f7c8d6713 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -510,6 +510,32 @@ NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p, struct netr_Credential srv_chal_out; const char *fn; + /* According to Microsoft (see bugid #6099) + * Windows 7 looks at the negotiate_flags + * returned in this structure *even if the + * call fails with access denied ! So in order + * to allow Win7 to connect to a Samba NT style + * PDC we set the flags before we know if it's + * an error or not. + */ + + /* 0x000001ff */ + srv_flgs = NETLOGON_NEG_ACCOUNT_LOCKOUT | + NETLOGON_NEG_PERSISTENT_SAMREPL | + NETLOGON_NEG_ARCFOUR | + NETLOGON_NEG_PROMOTION_COUNT | + NETLOGON_NEG_CHANGELOG_BDC | + NETLOGON_NEG_FULL_SYNC_REPL | + NETLOGON_NEG_MULTIPLE_SIDS | + NETLOGON_NEG_REDO | + NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL; + + if (lp_server_schannel() != false) { + srv_flgs |= NETLOGON_NEG_SCHANNEL; + } + + *r->out.negotiate_flags = srv_flgs; + switch (p->hdr_req.opnum) { case NDR_NETR_SERVERAUTHENTICATE2: fn = "_netr_ServerAuthenticate2"; @@ -568,26 +594,9 @@ NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p, r->in.account_name)); return NT_STATUS_ACCESS_DENIED; } - - /* 0x000001ff */ - srv_flgs = NETLOGON_NEG_ACCOUNT_LOCKOUT | - NETLOGON_NEG_PERSISTENT_SAMREPL | - NETLOGON_NEG_ARCFOUR | - NETLOGON_NEG_PROMOTION_COUNT | - NETLOGON_NEG_CHANGELOG_BDC | - NETLOGON_NEG_FULL_SYNC_REPL | - NETLOGON_NEG_MULTIPLE_SIDS | - NETLOGON_NEG_REDO | - NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL; - - if (lp_server_schannel() != false) { - srv_flgs |= NETLOGON_NEG_SCHANNEL; - } - /* set up the LSA AUTH 2 response */ memcpy(r->out.return_credentials->data, &srv_chal_out.data, sizeof(r->out.return_credentials->data)); - *r->out.negotiate_flags = srv_flgs; fstrcpy(p->dc->mach_acct, r->in.account_name); fstrcpy(p->dc->remote_machine, r->in.computer_name); |