diff options
author | Stefan Metzmacher <metze@samba.org> | 2009-02-16 09:42:24 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2009-02-16 09:53:51 +0100 |
commit | 201a033c8f19f37117b6f779cbabcf9def3bf655 (patch) | |
tree | ecd5feb1a7761b85d98fe33a56e4cef55b3075bc /source4 | |
parent | df75afdefbac1b9aaa766bd365850d9298a39fd1 (diff) | |
download | samba-201a033c8f19f37117b6f779cbabcf9def3bf655.tar.gz samba-201a033c8f19f37117b6f779cbabcf9def3bf655.tar.bz2 samba-201a033c8f19f37117b6f779cbabcf9def3bf655.zip |
s4:netlogon: always return correct negotiate_flags in Authenticate[2|3]()
metze
Diffstat (limited to 'source4')
-rw-r--r-- | source4/rpc_server/netlogon/dcerpc_netlogon.c | 32 |
1 files changed, 31 insertions, 1 deletions
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index d5484d0da0..a7665b0e14 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -92,7 +92,37 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca ZERO_STRUCTP(r->out.return_credentials); *r->out.rid = 0; - *r->out.negotiate_flags = *r->in.negotiate_flags; + + /* + * According to Microsoft (see bugid #6099) + * Windows 7 looks at the negotiate_flags + * returned in this structure *even if the + * call fails with access denied! + */ + *r->out.negotiate_flags = NETLOGON_NEG_ACCOUNT_LOCKOUT | + NETLOGON_NEG_PERSISTENT_SAMREPL | + NETLOGON_NEG_ARCFOUR | + NETLOGON_NEG_PROMOTION_COUNT | + NETLOGON_NEG_CHANGELOG_BDC | + NETLOGON_NEG_FULL_SYNC_REPL | + NETLOGON_NEG_MULTIPLE_SIDS | + NETLOGON_NEG_REDO | + NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL | + NETLOGON_NEG_SEND_PASSWORD_INFO_PDC | + NETLOGON_NEG_GENERIC_PASSTHROUGH | + NETLOGON_NEG_CONCURRENT_RPC | + NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL | + NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL | + NETLOGON_NEG_STRONG_KEYS | + NETLOGON_NEG_TRANSITIVE_TRUSTS | + NETLOGON_NEG_DNS_DOMAIN_TRUSTS | + NETLOGON_NEG_PASSWORD_SET2 | + NETLOGON_NEG_GETDOMAININFO | + NETLOGON_NEG_CROSS_FOREST_TRUSTS | + NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION | + NETLOGON_NEG_RODC_PASSTHROUGH | + NETLOGON_NEG_AUTHENTICATED_RPC_LSASS | + NETLOGON_NEG_AUTHENTICATED_RPC; if (!pipe_state) { DEBUG(1, ("No challenge requested by client, cannot authenticate\n")); |