s4-lsa: Fix dcesrv_lsa_EnumTrustDom() and avoid infite windows client loop.

Found by RPC-LSA-TRUSTED-DOMAIN torture test. Guenther
author: Günther Deschner <gd@samba.org> 2009-10-21 02:18:54 +0200
committer: Günther Deschner <gd@samba.org> 2009-10-21 03:14:00 +0200
commit: 4b6cfbb6d27eea07400d0eacb08b2f69724b19ca (patch)
tree: 994bb3e34330bde02623a4e9399a50c3453b3a7e /source4/rpc_server
parent: 209a65bc6f783055f3f6a8cea3fb36587d346511 (diff)
download: samba-4b6cfbb6d27eea07400d0eacb08b2f69724b19ca.tar.gz
samba-4b6cfbb6d27eea07400d0eacb08b2f69724b19ca.tar.bz2
samba-4b6cfbb6d27eea07400d0eacb08b2f69724b19ca.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index 0e6a55ec2f..e35f2d8bf6 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -1660,6 +1660,15 @@ static NTSTATUS dcesrv_lsa_EnumTrustDom(struct dcesrv_call_state *dce_call, TALL
 		return STATUS_MORE_ENTRIES;
 	}
 
+	/* according to MS-LSAD 3.1.4.7.8 output resume handle MUST
+	 * always be larger than the previous input resume handle, in
+	 * particular when hitting the last query it is vital to set the
+	 * resume handle correctly to avoid infinite client loops, as
+	 * seen e.g. with Windows XP SP3 when resume handle is 0 and
+	 * status is NT_STATUS_OK - gd */
+
+	*r->out.resume_handle = (uint32_t)-1;
+
 	return NT_STATUS_OK;
 }
author	Günther Deschner <gd@samba.org>	2009-10-21 02:18:54 +0200
committer	Günther Deschner <gd@samba.org>	2009-10-21 03:14:00 +0200
commit	4b6cfbb6d27eea07400d0eacb08b2f69724b19ca (patch)
tree	994bb3e34330bde02623a4e9399a50c3453b3a7e /source4/rpc_server
parent	209a65bc6f783055f3f6a8cea3fb36587d346511 (diff)
download	samba-4b6cfbb6d27eea07400d0eacb08b2f69724b19ca.tar.gz samba-4b6cfbb6d27eea07400d0eacb08b2f69724b19ca.tar.bz2 samba-4b6cfbb6d27eea07400d0eacb08b2f69724b19ca.zip