diff options
author | Jeremy Allison <jra@samba.org> | 2009-02-15 18:18:38 -0800 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2009-02-16 09:57:07 +0100 |
commit | 21c25e0585d54c3f172e1e4601085df7a6572ae9 (patch) | |
tree | f0e89ca1021683748d002caa3af31057051eb4de | |
parent | c6f5b98974b45986142f2e1506f8a1146101db7e (diff) | |
download | samba-21c25e0585d54c3f172e1e4601085df7a6572ae9.tar.gz |
Attempt to fix bug #6099. According to Microsoft
Windows 7 looks at the negotiate_flags
returned in this structure *even if the
call fails with access denied ! So in order
to allow Win7 to connect to a Samba NT style
PDC we set the flags before we know if it's
an error or not.
Jeremy.
(cherry picked from commit cafc9efceadcefa9154874e9846158cf23ee1645)
-rw-r--r-- | source/rpc_server/srv_netlog_nt.c | 43 |
1 files changed, 26 insertions, 17 deletions
diff --git a/source/rpc_server/srv_netlog_nt.c b/source/rpc_server/srv_netlog_nt.c index d3751011e22..2efef7f8200 100644 --- a/source/rpc_server/srv_netlog_nt.c +++ b/source/rpc_server/srv_netlog_nt.c @@ -474,6 +474,32 @@ NTSTATUS _netr_ServerAuthenticate2(pipes_struct *p, uint32_t srv_flgs; struct netr_Credential srv_chal_out; + /* According to Microsoft (see bugid #6099) + * Windows 7 looks at the negotiate_flags + * returned in this structure *even if the + * call fails with access denied ! So in order + * to allow Win7 to connect to a Samba NT style + * PDC we set the flags before we know if it's + * an error or not. + */ + + /* 0x000001ff */ + srv_flgs = NETLOGON_NEG_ACCOUNT_LOCKOUT | + NETLOGON_NEG_PERSISTENT_SAMREPL | + NETLOGON_NEG_ARCFOUR | + NETLOGON_NEG_PROMOTION_COUNT | + NETLOGON_NEG_CHANGELOG_BDC | + NETLOGON_NEG_FULL_SYNC_REPL | + NETLOGON_NEG_MULTIPLE_SIDS | + NETLOGON_NEG_REDO | + NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL; + + if (lp_server_schannel() != false) { + srv_flgs |= NETLOGON_NEG_SCHANNEL; + } + + *r->out.negotiate_flags = srv_flgs; + /* We use this as the key to store the creds: */ /* r->in.computer_name */ @@ -520,26 +546,9 @@ NTSTATUS _netr_ServerAuthenticate2(pipes_struct *p, r->in.account_name)); return NT_STATUS_ACCESS_DENIED; } - - /* 0x000001ff */ - srv_flgs = NETLOGON_NEG_ACCOUNT_LOCKOUT | - NETLOGON_NEG_PERSISTENT_SAMREPL | - NETLOGON_NEG_ARCFOUR | - NETLOGON_NEG_PROMOTION_COUNT | - NETLOGON_NEG_CHANGELOG_BDC | - NETLOGON_NEG_FULL_SYNC_REPL | - NETLOGON_NEG_MULTIPLE_SIDS | - NETLOGON_NEG_REDO | - NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL; - - if (lp_server_schannel() != false) { - srv_flgs |= NETLOGON_NEG_SCHANNEL; - } - /* set up the LSA AUTH 2 response */ memcpy(r->out.return_credentials->data, &srv_chal_out.data, sizeof(r->out.return_credentials->data)); - *r->out.negotiate_flags = srv_flgs; fstrcpy(p->dc->mach_acct, r->in.account_name); fstrcpy(p->dc->remote_machine, r->in.computer_name); |