summaryrefslogtreecommitdiff
path: root/source4/rpc_server
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2009-02-16 09:42:24 +0100
committerStefan Metzmacher <metze@samba.org>2009-02-16 09:53:51 +0100
commit201a033c8f19f37117b6f779cbabcf9def3bf655 (patch)
treeecd5feb1a7761b85d98fe33a56e4cef55b3075bc /source4/rpc_server
parentdf75afdefbac1b9aaa766bd365850d9298a39fd1 (diff)
downloadsamba-201a033c8f19f37117b6f779cbabcf9def3bf655.tar.gz
samba-201a033c8f19f37117b6f779cbabcf9def3bf655.tar.bz2
samba-201a033c8f19f37117b6f779cbabcf9def3bf655.zip
s4:netlogon: always return correct negotiate_flags in Authenticate[2|3]()
metze
Diffstat (limited to 'source4/rpc_server')
-rw-r--r--source4/rpc_server/netlogon/dcerpc_netlogon.c32
1 files changed, 31 insertions, 1 deletions
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index d5484d0da0..a7665b0e14 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -92,7 +92,37 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca
ZERO_STRUCTP(r->out.return_credentials);
*r->out.rid = 0;
- *r->out.negotiate_flags = *r->in.negotiate_flags;
+
+ /*
+ * According to Microsoft (see bugid #6099)
+ * Windows 7 looks at the negotiate_flags
+ * returned in this structure *even if the
+ * call fails with access denied!
+ */
+ *r->out.negotiate_flags = NETLOGON_NEG_ACCOUNT_LOCKOUT |
+ NETLOGON_NEG_PERSISTENT_SAMREPL |
+ NETLOGON_NEG_ARCFOUR |
+ NETLOGON_NEG_PROMOTION_COUNT |
+ NETLOGON_NEG_CHANGELOG_BDC |
+ NETLOGON_NEG_FULL_SYNC_REPL |
+ NETLOGON_NEG_MULTIPLE_SIDS |
+ NETLOGON_NEG_REDO |
+ NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL |
+ NETLOGON_NEG_SEND_PASSWORD_INFO_PDC |
+ NETLOGON_NEG_GENERIC_PASSTHROUGH |
+ NETLOGON_NEG_CONCURRENT_RPC |
+ NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL |
+ NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL |
+ NETLOGON_NEG_STRONG_KEYS |
+ NETLOGON_NEG_TRANSITIVE_TRUSTS |
+ NETLOGON_NEG_DNS_DOMAIN_TRUSTS |
+ NETLOGON_NEG_PASSWORD_SET2 |
+ NETLOGON_NEG_GETDOMAININFO |
+ NETLOGON_NEG_CROSS_FOREST_TRUSTS |
+ NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION |
+ NETLOGON_NEG_RODC_PASSTHROUGH |
+ NETLOGON_NEG_AUTHENTICATED_RPC_LSASS |
+ NETLOGON_NEG_AUTHENTICATED_RPC;
if (!pipe_state) {
DEBUG(1, ("No challenge requested by client, cannot authenticate\n"));