From a915575158485debaa0d417d5566c46a0dd77004 Mon Sep 17 00:00:00 2001
From: Matthieu Patou <mat@matws.net>
Date: Tue, 8 Sep 2009 12:21:09 +0400
Subject: Return a correct value for Supported Encryption Type

Vista and upper version use this value to check wether they should ask the DC
 to change the msDS-SupportedEncryptionTypes attribute or not.
 Declare the different value as a bitmap in Netlogon idl
---
 librpc/idl/netlogon.idl                       | 10 +++++++++-
 source4/rpc_server/netlogon/dcerpc_netlogon.c |  7 ++++++-
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/librpc/idl/netlogon.idl b/librpc/idl/netlogon.idl
index 736a0fd9e4..34081e25e1 100644
--- a/librpc/idl/netlogon.idl
+++ b/librpc/idl/netlogon.idl
@@ -1372,6 +1372,14 @@ interface netlogon
 		uint32 dummy_long4;
 	} netr_OneDomainInfo;
 
+ typedef [public,bitmap32bit] bitmap {
+		ENC_CRC32 = 0x00000001,
+		ENC_RSA_MD5 = 0x00000002,
+		ENC_RC4_HMAC_MD5 = 0x00000004,
+		ENC_HMAC_SHA1_96_AES128  = 0x00000008,
+		ENC_HMAC_SHA1_96_AES256  = 0x00000010
+	} netr_SupportedEncTypes;
+
 	typedef struct {
 		netr_OneDomainInfo primary_domain;
 		uint32 trusted_domain_count;
@@ -1382,7 +1390,7 @@ interface netlogon
 		lsa_String dummy_string3;
 		lsa_String dummy_string4;
 		netr_WorkstationFlags workstation_flags;
-		uint32 supported_enc_types;
+		netr_SupportedEncTypes supported_enc_types;
 		uint32 dummy_long3;
 		uint32 dummy_long4;
 	} netr_DomainInformation;
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index d597ca6886..e349df00db 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -1130,6 +1130,8 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal
 	struct netr_LsaPolicyInformation *lsa_policy_info;
 	struct netr_OsVersionInfoEx *os_version;
 	int ret1, ret2, i;
+	uint32_t client_supported_enc;
+	uint32_t default_supported_enc = ENC_CRC32|ENC_RSA_MD5|ENC_RC4_HMAC_MD5;
 	NTSTATUS status;
 
 	status = dcesrv_netr_creds_server_step_check(dce_call,
@@ -1176,6 +1178,9 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal
 							"dNSHostName",
 							NULL);
 
+		client_supported_enc = samdb_search_int64(sam_ctx, mem_ctx, default_supported_enc,
+						       workstation_dn,	"msDS-SupportedEncryptionTypes", 
+						       NULL);
 		/* Gets host informations and put them in our directory */
 		new_msg = ldb_msg_new(mem_ctx);
 		NT_STATUS_HAVE_NO_MEMORY(new_msg);
@@ -1321,7 +1326,7 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal
 		domain_info->dns_hostname.string = old_dns_hostname;
 		domain_info->workstation_flags =
 			r->in.query->workstation_info->workstation_flags;
-		domain_info->supported_enc_types = 0; /* w2008 gives this 0 */
+		domain_info->supported_enc_types = client_supported_enc;
 
 		r->out.info->domain_info = domain_info;
 	break;
-- 
cgit