[SCM] Samba Shared Repository - branch master updated -
release-4-0-0alpha6-921-g201a033
Stefan Metzmacher
metze at samba.org
Mon Feb 16 08:54:57 GMT 2009
The branch, master has been updated
via 201a033c8f19f37117b6f779cbabcf9def3bf655 (commit)
via df75afdefbac1b9aaa766bd365850d9298a39fd1 (commit)
via a096a4c2aec34cb57d9fa54dda7d62be0acf0247 (commit)
via 406e6d61147e044bd07d5478fee58c9fa3618881 (commit)
from 8e19a288052bca5efdb0277a40c1e0fdd099cc2b (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 201a033c8f19f37117b6f779cbabcf9def3bf655
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Feb 16 09:42:24 2009 +0100
s4:netlogon: always return correct negotiate_flags in Authenticate[2|3]()
metze
commit df75afdefbac1b9aaa766bd365850d9298a39fd1
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Feb 16 09:41:44 2009 +0100
librpc: rerun make idl
metze
commit a096a4c2aec34cb57d9fa54dda7d62be0acf0247
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Feb 16 09:40:36 2009 +0100
netlogon.idl: add NETLOGON_REG_SUPPORTS_AES_SHA2 flags and use correct names for some other flags
metze
commit 406e6d61147e044bd07d5478fee58c9fa3618881
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Feb 13 19:03:38 2009 +0100
tevent: fix compiler warning in pytevent.c
metze
-----------------------------------------------------------------------
Summary of changes:
lib/tevent/pytevent.c | 4 ++-
librpc/gen_ndr/ndr_netlogon.c | 5 ++-
librpc/gen_ndr/netlogon.h | 7 ++++-
librpc/idl/netlogon.idl | 8 ++++-
source4/rpc_server/netlogon/dcerpc_netlogon.c | 32 ++++++++++++++++++++++++-
5 files changed, 48 insertions(+), 8 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/tevent/pytevent.c b/lib/tevent/pytevent.c
index 9bffe3d..4c0cbfd 100644
--- a/lib/tevent/pytevent.c
+++ b/lib/tevent/pytevent.c
@@ -77,7 +77,9 @@ static PyObject *py_event_ctx_new(PyTypeObject *type, PyObject *args, PyObject *
char *name = NULL;
struct tevent_context *ev_ctx;
PyTEventContextObject *ret;
- if (!PyArg_ParseTupleAndKeywords(args, kwargs, "|s", (char **)kwnames, &name))
+ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "|s",
+ discard_const_p(char *, kwnames),
+ &name))
return NULL;
if (name == NULL)
diff --git a/librpc/gen_ndr/ndr_netlogon.c b/librpc/gen_ndr/ndr_netlogon.c
index 751967a..11a3c5e 100644
--- a/librpc/gen_ndr/ndr_netlogon.c
+++ b/librpc/gen_ndr/ndr_netlogon.c
@@ -6486,7 +6486,7 @@ _PUBLIC_ void ndr_print_netr_NegotiateFlags(struct ndr_print *ndr, const char *n
ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_CONCURRENT_RPC", NETLOGON_NEG_CONCURRENT_RPC, r);
ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL", NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL, r);
ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL", NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL, r);
- ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_128BIT", NETLOGON_NEG_128BIT, r);
+ ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_STRONG_KEYS", NETLOGON_NEG_STRONG_KEYS, r);
ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_TRANSITIVE_TRUSTS", NETLOGON_NEG_TRANSITIVE_TRUSTS, r);
ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_DNS_DOMAIN_TRUSTS", NETLOGON_NEG_DNS_DOMAIN_TRUSTS, r);
ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_PASSWORD_SET2", NETLOGON_NEG_PASSWORD_SET2, r);
@@ -6494,8 +6494,9 @@ _PUBLIC_ void ndr_print_netr_NegotiateFlags(struct ndr_print *ndr, const char *n
ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_CROSS_FOREST_TRUSTS", NETLOGON_NEG_CROSS_FOREST_TRUSTS, r);
ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION", NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION, r);
ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_RODC_PASSTHROUGH", NETLOGON_NEG_RODC_PASSTHROUGH, r);
+ ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_SUPPORTS_AES_SHA2", NETLOGON_NEG_SUPPORTS_AES_SHA2, r);
ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_AUTHENTICATED_RPC_LSASS", NETLOGON_NEG_AUTHENTICATED_RPC_LSASS, r);
- ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_SCHANNEL", NETLOGON_NEG_SCHANNEL, r);
+ ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_AUTHENTICATED_RPC", NETLOGON_NEG_AUTHENTICATED_RPC, r);
ndr->depth--;
}
diff --git a/librpc/gen_ndr/netlogon.h b/librpc/gen_ndr/netlogon.h
index 74f5c2b..97116c8 100644
--- a/librpc/gen_ndr/netlogon.h
+++ b/librpc/gen_ndr/netlogon.h
@@ -12,6 +12,8 @@
#ifndef _HEADER_netlogon
#define _HEADER_netlogon
+#define NETLOGON_NEG_128BIT ( NETLOGON_NEG_STRONG_KEYS )
+#define NETLOGON_NEG_SCHANNEL ( NETLOGON_NEG_AUTHENTICATED_RPC )
#define DSGETDC_VALID_FLAGS ( (DS_FORCE_REDISCOVERY|DS_DIRECTORY_SERVICE_REQUIRED|DS_DIRECTORY_SERVICE_PREFERRED|DS_GC_SERVER_REQUIRED|DS_PDC_REQUIRED|DS_BACKGROUND_ONLY|DS_IP_REQUIRED|DS_KDC_REQUIRED|DS_TIMESERV_REQUIRED|DS_WRITABLE_REQUIRED|DS_GOOD_TIMESERV_PREFERRED|DS_AVOID_SELF|DS_ONLY_LDAP_NEEDED|DS_IS_FLAT_NAME|DS_IS_DNS_NAME|DS_RETURN_FLAT_NAME|DS_RETURN_DNS_NAME) )
#define DS_GFTI_UPDATE_TDO ( 0x1 )
struct netr_UasInfo {
@@ -728,7 +730,7 @@ union netr_CONTROL_DATA_INFORMATION {
#define NETLOGON_NEG_CONCURRENT_RPC ( 0x00000800 )
#define NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL ( 0x00001000 )
#define NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL ( 0x00002000 )
-#define NETLOGON_NEG_128BIT ( 0x00004000 )
+#define NETLOGON_NEG_STRONG_KEYS ( 0x00004000 )
#define NETLOGON_NEG_TRANSITIVE_TRUSTS ( 0x00008000 )
#define NETLOGON_NEG_DNS_DOMAIN_TRUSTS ( 0x00010000 )
#define NETLOGON_NEG_PASSWORD_SET2 ( 0x00020000 )
@@ -736,8 +738,9 @@ union netr_CONTROL_DATA_INFORMATION {
#define NETLOGON_NEG_CROSS_FOREST_TRUSTS ( 0x00080000 )
#define NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION ( 0x00100000 )
#define NETLOGON_NEG_RODC_PASSTHROUGH ( 0x00200000 )
+#define NETLOGON_NEG_SUPPORTS_AES_SHA2 ( 0x00400000 )
#define NETLOGON_NEG_AUTHENTICATED_RPC_LSASS ( 0x20000000 )
-#define NETLOGON_NEG_SCHANNEL ( 0x40000000 )
+#define NETLOGON_NEG_AUTHENTICATED_RPC ( 0x40000000 )
/* bitmap netr_ChangeLogFlags */
#define NETR_CHANGELOG_IMMEDIATE_REPL_REQUIRED ( 0x0001 )
diff --git a/librpc/idl/netlogon.idl b/librpc/idl/netlogon.idl
index 532678e..4fd0cea 100644
--- a/librpc/idl/netlogon.idl
+++ b/librpc/idl/netlogon.idl
@@ -940,7 +940,7 @@ interface netlogon
NETLOGON_NEG_CONCURRENT_RPC = 0x00000800,
NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL = 0x00001000,
NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL = 0x00002000,
- NETLOGON_NEG_128BIT = 0x00004000, /* STRONG_KEYS */
+ NETLOGON_NEG_STRONG_KEYS = 0x00004000,
NETLOGON_NEG_TRANSITIVE_TRUSTS = 0x00008000,
NETLOGON_NEG_DNS_DOMAIN_TRUSTS = 0x00010000,
NETLOGON_NEG_PASSWORD_SET2 = 0x00020000,
@@ -948,10 +948,14 @@ interface netlogon
NETLOGON_NEG_CROSS_FOREST_TRUSTS = 0x00080000,
NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION = 0x00100000,
NETLOGON_NEG_RODC_PASSTHROUGH = 0x00200000,
+ NETLOGON_NEG_SUPPORTS_AES_SHA2 = 0x00400000,
NETLOGON_NEG_AUTHENTICATED_RPC_LSASS = 0x20000000,
- NETLOGON_NEG_SCHANNEL = 0x40000000 /* AUTHENTICATED_RPC */
+ NETLOGON_NEG_AUTHENTICATED_RPC = 0x40000000
} netr_NegotiateFlags;
+ const uint32 NETLOGON_NEG_128BIT = NETLOGON_NEG_STRONG_KEYS;
+ const uint32 NETLOGON_NEG_SCHANNEL = NETLOGON_NEG_AUTHENTICATED_RPC;
+
NTSTATUS netr_ServerAuthenticate2(
[in,unique] [string,charset(UTF16)] uint16 *server_name,
[in] [string,charset(UTF16)] uint16 account_name[],
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index d5484d0..a7665b0 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -92,7 +92,37 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca
ZERO_STRUCTP(r->out.return_credentials);
*r->out.rid = 0;
- *r->out.negotiate_flags = *r->in.negotiate_flags;
+
+ /*
+ * According to Microsoft (see bugid #6099)
+ * Windows 7 looks at the negotiate_flags
+ * returned in this structure *even if the
+ * call fails with access denied!
+ */
+ *r->out.negotiate_flags = NETLOGON_NEG_ACCOUNT_LOCKOUT |
+ NETLOGON_NEG_PERSISTENT_SAMREPL |
+ NETLOGON_NEG_ARCFOUR |
+ NETLOGON_NEG_PROMOTION_COUNT |
+ NETLOGON_NEG_CHANGELOG_BDC |
+ NETLOGON_NEG_FULL_SYNC_REPL |
+ NETLOGON_NEG_MULTIPLE_SIDS |
+ NETLOGON_NEG_REDO |
+ NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL |
+ NETLOGON_NEG_SEND_PASSWORD_INFO_PDC |
+ NETLOGON_NEG_GENERIC_PASSTHROUGH |
+ NETLOGON_NEG_CONCURRENT_RPC |
+ NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL |
+ NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL |
+ NETLOGON_NEG_STRONG_KEYS |
+ NETLOGON_NEG_TRANSITIVE_TRUSTS |
+ NETLOGON_NEG_DNS_DOMAIN_TRUSTS |
+ NETLOGON_NEG_PASSWORD_SET2 |
+ NETLOGON_NEG_GETDOMAININFO |
+ NETLOGON_NEG_CROSS_FOREST_TRUSTS |
+ NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION |
+ NETLOGON_NEG_RODC_PASSTHROUGH |
+ NETLOGON_NEG_AUTHENTICATED_RPC_LSASS |
+ NETLOGON_NEG_AUTHENTICATED_RPC;
if (!pipe_state) {
DEBUG(1, ("No challenge requested by client, cannot authenticate\n"));
--
Samba Shared Repository
More information about the samba-cvs
mailing list