This is a merge of the NETLOGON schannel server code from Samba

TNG. Actually, it exists in the main Samba cvs tree in APPLIANCE_TNG
as I found out later :-)

It adds a new parameter: server schannel = yes/auto/no defaulting to
auto.

What does this mean to the user: No requireSignOrSeal registry patch
for XP anymore.

Many thanks for this code to Luke Leighton, Elrond and anybody else I
forgot to mention.

My next thing will be to see if this applies cleanly to 3_0.

Please test and comment!

Volker
(This used to be commit e1f953241eb020f19fe657f29afdae28dcf5a03b)

1 files changed, 11 insertions, 4 deletions

diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c
index 8cb81b9c6d..125f603771 100644
--- a/source3/rpc_server/srv_pipe_hnd.c
+++ b/source3/rpc_server/srv_pipe_hnd.c
@@ -594,11 +594,18 @@ static BOOL process_request_pdu(pipes_struct *p, prs_struct *rpc_in_p)
 		 * Authentication _was_ requested and it already failed.
 		 */
 
-		DEBUG(0,("process_request_pdu: RPC request received on pipe %s where \
-authentication failed. Denying the request.\n", p->name));
+		DEBUG(0,("process_request_pdu: RPC request received on pipe %s "
+			 "where authentication failed. Denying the request.\n",
+			 p->name));
 		set_incoming_fault(p);
-        return False;
-    }
+		return False;
+	}
+
+	if (p->netsec_auth_validated && !api_pipe_netsec_process(p, rpc_in_p)) {
+		DEBUG(0,("process_request_pdu: failed to do schannel processing.\n"));
+		set_incoming_fault(p);
+		return False;
+	}
 
 	/*
 	 * Check the data length doesn't go over the 15Mb limit.