r15426: Implement SPNEGO as the default RPC authentication mechanism. Where

this isn't supported, fallback to NTLM.

Also, where we get a failure as 'logon failure', try and do a '3
tries' for the password, like we already do for CIFS.  (Incomplete:
needs a mapping between RPC errors and the logon failure NTSTATUS).

Because we don't yet support Kerberos sign/seal to win2k3 SP1 for
DCE/RPC, disable this (causing SPNEGO to negotiate NTLM) when kerberos
isn't demanded.

Andrew Bartlett
(This used to be commit b3212d1fb91b26c1d326a289560106dffe1d2e80)

1 files changed, 6 insertions, 3 deletions

diff --git a/source4/librpc/rpc/dcerpc.h b/source4/librpc/rpc/dcerpc.h
index 4c8a615ce5..39de9fcaa8 100644
--- a/source4/librpc/rpc/dcerpc.h
+++ b/source4/librpc/rpc/dcerpc.h
@@ -144,16 +144,19 @@ struct dcerpc_pipe {
 /* set LIBNDR_FLAG_REF_ALLOC flag when decoding NDR */
 #define DCERPC_NDR_REF_ALLOC           (1<<14)
 
-#define DCERPC_AUTH_OPTIONS    (DCERPC_SEAL|DCERPC_SIGN|DCERPC_SCHANNEL|DCERPC_AUTH_SPNEGO|DCERPC_AUTH_KRB5)
+#define DCERPC_AUTH_OPTIONS    (DCERPC_SEAL|DCERPC_SIGN|DCERPC_SCHANNEL|DCERPC_AUTH_SPNEGO|DCERPC_AUTH_KRB5|DCERPC_AUTH_NTLM)
 
-/* enable spnego auth */
+/* select spnego auth */
 #define DCERPC_AUTH_SPNEGO             (1<<15)
 
-/* enable krb5 auth */
+/* select krb5 auth */
 #define DCERPC_AUTH_KRB5               (1<<16)
 
 #define DCERPC_SMB2                    (1<<17)
 
+/* select NTLM auth */
+#define DCERPC_AUTH_NTLM               (1<<18)
+
 /*
   this is used to find pointers to calls
 */