From 521c708fe45ab0d8b9e31391cc8b8aae59e0c27f Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Wed, 23 Nov 2011 20:32:57 +0100 Subject: s4:netlogon RPC server - DsRGetDcNameEx - set the DNS name flags correctly The rules are explained in MS-NRPC 2.2.1.2.1. Patch inspired by Matthieu Patou. Signed-off-by: Stefan Metzmacher --- source4/cldap_server/netlogon.c | 12 ------------ source4/rpc_server/netlogon/dcerpc_netlogon.c | 14 ++++++++++++++ 2 files changed, 14 insertions(+), 12 deletions(-) diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index 0c4abebf83..9d9f45e8bb 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -226,11 +226,6 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, DS_SERVER_DS | DS_SERVER_TIMESERV | DS_SERVER_GOOD_TIMESERV; -#if 0 - /* w2k8-r2 as a DC does not claim these */ - server_type |= DS_DNS_CONTROLLER | DS_DNS_DOMAIN; -#endif - if (samdb_is_pdc(sam_ctx)) { server_type |= DS_SERVER_PDC; } @@ -255,13 +250,6 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, server_type |= DS_SERVER_WRITABLE; } -#if 0 - /* w2k8-r2 as a sole DC does not claim this */ - if (ldb_dn_compare(ldb_get_root_basedn(sam_ctx), ldb_get_default_basedn(sam_ctx)) == 0) { - server_type |= DS_DNS_FOREST_ROOT; - } -#endif - pdc_name = talloc_asprintf(mem_ctx, "\\\\%s", lpcfg_netbios_name(lp_ctx)); NT_STATUS_HAVE_NO_MEMORY(pdc_name); diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index 814b9699ed..125fb3859e 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -1791,9 +1791,23 @@ static WERROR dcesrv_netr_DsRGetDCNameEx2(struct dcesrv_call_state *dce_call, return ntstatus_to_werror(status); } + /* + * According to MS-NRPC 2.2.1.2.1 we should set the "DS_DNS_FOREST_ROOT" + * (O) flag when the returned forest name is in DNS format. This is here + * always the case (see below). + */ + response.data.nt5_ex.server_type |= DS_DNS_FOREST_ROOT; + if (r->in.flags & DS_RETURN_DNS_NAME) { dc_name = response.data.nt5_ex.pdc_dns_name; domain_name = response.data.nt5_ex.dns_domain; + /* + * According to MS-NRPC 2.2.1.2.1 we should set the + * "DS_DNS_CONTROLLER" (M) and "DS_DNS_DOMAIN" (N) flags when + * the returned information is in DNS form. + */ + response.data.nt5_ex.server_type |= + DS_DNS_CONTROLLER | DS_DNS_DOMAIN; } else if (r->in.flags & DS_RETURN_FLAT_NAME) { dc_name = response.data.nt5_ex.pdc_name; domain_name = response.data.nt5_ex.domain_name; -- cgit