[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha6-912-g9a5d5cc

Mon Feb 16 02:13:45 GMT 2009

The branch, master has been updated
       via  9a5d5cc1db0ee60486f932e34cd7961b90c70a56 (commit)
      from  f608588ea3facd3f2e567d2c356a3a7466a0d1b0 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 9a5d5cc1db0ee60486f932e34cd7961b90c70a56
Author: Jeremy Allison <jra at samba.org>
Date:   Sun Feb 15 18:12:20 2009 -0800

    Attempt to fix bug #6099. According to Microsoft
    Windows 7 looks at the negotiate_flags
    returned in this structure *even if the
    call fails with access denied ! So in order
    to allow Win7 to connect to a Samba NT style
    PDC we set the flags before we know if it's
    an error or not.
    Jeremy.

-----------------------------------------------------------------------

Summary of changes:
 source3/rpc_server/srv_netlog_nt.c |   43 +++++++++++++++++++++--------------
 1 files changed, 26 insertions(+), 17 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index add4a43..8f7c8d6 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -510,6 +510,32 @@ NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p,
 	struct netr_Credential srv_chal_out;
 	const char *fn;
 
+	/* According to Microsoft (see bugid #6099)
+	 * Windows 7 looks at the negotiate_flags
+	 * returned in this structure *even if the
+	 * call fails with access denied ! So in order
+	 * to allow Win7 to connect to a Samba NT style
+	 * PDC we set the flags before we know if it's
+	 * an error or not.
+	 */
+
+	/* 0x000001ff */
+	srv_flgs = NETLOGON_NEG_ACCOUNT_LOCKOUT |
+		   NETLOGON_NEG_PERSISTENT_SAMREPL |
+		   NETLOGON_NEG_ARCFOUR |
+		   NETLOGON_NEG_PROMOTION_COUNT |
+		   NETLOGON_NEG_CHANGELOG_BDC |
+		   NETLOGON_NEG_FULL_SYNC_REPL |
+		   NETLOGON_NEG_MULTIPLE_SIDS |
+		   NETLOGON_NEG_REDO |
+		   NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL;
+
+	if (lp_server_schannel() != false) {
+		srv_flgs |= NETLOGON_NEG_SCHANNEL;
+	}
+
+	*r->out.negotiate_flags = srv_flgs;
+
 	switch (p->hdr_req.opnum) {
 		case NDR_NETR_SERVERAUTHENTICATE2:
 			fn = "_netr_ServerAuthenticate2";
@@ -568,26 +594,9 @@ NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p,
 			r->in.account_name));
 		return NT_STATUS_ACCESS_DENIED;
 	}
-
-	/* 0x000001ff */
-	srv_flgs = NETLOGON_NEG_ACCOUNT_LOCKOUT |
-		   NETLOGON_NEG_PERSISTENT_SAMREPL |
-		   NETLOGON_NEG_ARCFOUR |
-		   NETLOGON_NEG_PROMOTION_COUNT |
-		   NETLOGON_NEG_CHANGELOG_BDC |
-		   NETLOGON_NEG_FULL_SYNC_REPL |
-		   NETLOGON_NEG_MULTIPLE_SIDS |
-		   NETLOGON_NEG_REDO |
-		   NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL;
-
-	if (lp_server_schannel() != false) {
-		srv_flgs |= NETLOGON_NEG_SCHANNEL;
-	}
-
 	/* set up the LSA AUTH 2 response */
 	memcpy(r->out.return_credentials->data, &srv_chal_out.data,
 	       sizeof(r->out.return_credentials->data));
-	*r->out.negotiate_flags = srv_flgs;
 
 	fstrcpy(p->dc->mach_acct, r->in.account_name);
 	fstrcpy(p->dc->remote_machine, r->in.computer_name);


-- 
Samba Shared Repository
