[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha6-921-g201a033

Stefan Metzmacher metze at samba.org
Mon Feb 16 08:54:57 GMT 2009 

The branch, master has been updated
       via  201a033c8f19f37117b6f779cbabcf9def3bf655 (commit)
       via  df75afdefbac1b9aaa766bd365850d9298a39fd1 (commit)
       via  a096a4c2aec34cb57d9fa54dda7d62be0acf0247 (commit)
       via  406e6d61147e044bd07d5478fee58c9fa3618881 (commit)
      from  8e19a288052bca5efdb0277a40c1e0fdd099cc2b (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 201a033c8f19f37117b6f779cbabcf9def3bf655
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Feb 16 09:42:24 2009 +0100

    s4:netlogon: always return correct negotiate_flags in Authenticate[2|3]()
    
    metze

commit df75afdefbac1b9aaa766bd365850d9298a39fd1
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Feb 16 09:41:44 2009 +0100

    librpc: rerun make idl
    
    metze

commit a096a4c2aec34cb57d9fa54dda7d62be0acf0247
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Feb 16 09:40:36 2009 +0100

    netlogon.idl: add NETLOGON_REG_SUPPORTS_AES_SHA2 flags and use correct names for some other flags
    
    metze

commit 406e6d61147e044bd07d5478fee58c9fa3618881
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Feb 13 19:03:38 2009 +0100

    tevent: fix compiler warning in pytevent.c
    
    metze

-----------------------------------------------------------------------

Summary of changes:
 lib/tevent/pytevent.c                         |    4 ++-
 librpc/gen_ndr/ndr_netlogon.c                 |    5 ++-
 librpc/gen_ndr/netlogon.h                     |    7 ++++-
 librpc/idl/netlogon.idl                       |    8 ++++-
 source4/rpc_server/netlogon/dcerpc_netlogon.c |   32 ++++++++++++++++++++++++-
 5 files changed, 48 insertions(+), 8 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/tevent/pytevent.c b/lib/tevent/pytevent.c
index 9bffe3d..4c0cbfd 100644
--- a/lib/tevent/pytevent.c
+++ b/lib/tevent/pytevent.c
@@ -77,7 +77,9 @@ static PyObject *py_event_ctx_new(PyTypeObject *type, PyObject *args, PyObject *
     char *name = NULL;
     struct tevent_context *ev_ctx;
     PyTEventContextObject *ret;
-    if (!PyArg_ParseTupleAndKeywords(args, kwargs, "|s", (char **)kwnames, &name))
+    if (!PyArg_ParseTupleAndKeywords(args, kwargs, "|s",
+				     discard_const_p(char *, kwnames),
+				     &name))
         return NULL;
 
     if (name == NULL)
diff --git a/librpc/gen_ndr/ndr_netlogon.c b/librpc/gen_ndr/ndr_netlogon.c
index 751967a..11a3c5e 100644
--- a/librpc/gen_ndr/ndr_netlogon.c
+++ b/librpc/gen_ndr/ndr_netlogon.c
@@ -6486,7 +6486,7 @@ _PUBLIC_ void ndr_print_netr_NegotiateFlags(struct ndr_print *ndr, const char *n
 	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_CONCURRENT_RPC", NETLOGON_NEG_CONCURRENT_RPC, r);
 	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL", NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL, r);
 	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL", NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_128BIT", NETLOGON_NEG_128BIT, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_STRONG_KEYS", NETLOGON_NEG_STRONG_KEYS, r);
 	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_TRANSITIVE_TRUSTS", NETLOGON_NEG_TRANSITIVE_TRUSTS, r);
 	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_DNS_DOMAIN_TRUSTS", NETLOGON_NEG_DNS_DOMAIN_TRUSTS, r);
 	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_PASSWORD_SET2", NETLOGON_NEG_PASSWORD_SET2, r);
@@ -6494,8 +6494,9 @@ _PUBLIC_ void ndr_print_netr_NegotiateFlags(struct ndr_print *ndr, const char *n
 	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_CROSS_FOREST_TRUSTS", NETLOGON_NEG_CROSS_FOREST_TRUSTS, r);
 	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION", NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION, r);
 	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_RODC_PASSTHROUGH", NETLOGON_NEG_RODC_PASSTHROUGH, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_SUPPORTS_AES_SHA2", NETLOGON_NEG_SUPPORTS_AES_SHA2, r);
 	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_AUTHENTICATED_RPC_LSASS", NETLOGON_NEG_AUTHENTICATED_RPC_LSASS, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_SCHANNEL", NETLOGON_NEG_SCHANNEL, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_AUTHENTICATED_RPC", NETLOGON_NEG_AUTHENTICATED_RPC, r);
 	ndr->depth--;
 }
 
diff --git a/librpc/gen_ndr/netlogon.h b/librpc/gen_ndr/netlogon.h
index 74f5c2b..97116c8 100644
--- a/librpc/gen_ndr/netlogon.h
+++ b/librpc/gen_ndr/netlogon.h
@@ -12,6 +12,8 @@
 #ifndef _HEADER_netlogon
 #define _HEADER_netlogon
 
+#define NETLOGON_NEG_128BIT	( NETLOGON_NEG_STRONG_KEYS )
+#define NETLOGON_NEG_SCHANNEL	( NETLOGON_NEG_AUTHENTICATED_RPC )
 #define DSGETDC_VALID_FLAGS	( (DS_FORCE_REDISCOVERY|DS_DIRECTORY_SERVICE_REQUIRED|DS_DIRECTORY_SERVICE_PREFERRED|DS_GC_SERVER_REQUIRED|DS_PDC_REQUIRED|DS_BACKGROUND_ONLY|DS_IP_REQUIRED|DS_KDC_REQUIRED|DS_TIMESERV_REQUIRED|DS_WRITABLE_REQUIRED|DS_GOOD_TIMESERV_PREFERRED|DS_AVOID_SELF|DS_ONLY_LDAP_NEEDED|DS_IS_FLAT_NAME|DS_IS_DNS_NAME|DS_RETURN_FLAT_NAME|DS_RETURN_DNS_NAME) )
 #define DS_GFTI_UPDATE_TDO	( 0x1 )
 struct netr_UasInfo {
@@ -728,7 +730,7 @@ union netr_CONTROL_DATA_INFORMATION {
 #define NETLOGON_NEG_CONCURRENT_RPC ( 0x00000800 )
 #define NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL ( 0x00001000 )
 #define NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL ( 0x00002000 )
-#define NETLOGON_NEG_128BIT ( 0x00004000 )
+#define NETLOGON_NEG_STRONG_KEYS ( 0x00004000 )
 #define NETLOGON_NEG_TRANSITIVE_TRUSTS ( 0x00008000 )
 #define NETLOGON_NEG_DNS_DOMAIN_TRUSTS ( 0x00010000 )
 #define NETLOGON_NEG_PASSWORD_SET2 ( 0x00020000 )
@@ -736,8 +738,9 @@ union netr_CONTROL_DATA_INFORMATION {
 #define NETLOGON_NEG_CROSS_FOREST_TRUSTS ( 0x00080000 )
 #define NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION ( 0x00100000 )
 #define NETLOGON_NEG_RODC_PASSTHROUGH ( 0x00200000 )
+#define NETLOGON_NEG_SUPPORTS_AES_SHA2 ( 0x00400000 )
 #define NETLOGON_NEG_AUTHENTICATED_RPC_LSASS ( 0x20000000 )
-#define NETLOGON_NEG_SCHANNEL ( 0x40000000 )
+#define NETLOGON_NEG_AUTHENTICATED_RPC ( 0x40000000 )
 
 /* bitmap netr_ChangeLogFlags */
 #define NETR_CHANGELOG_IMMEDIATE_REPL_REQUIRED ( 0x0001 )
diff --git a/librpc/idl/netlogon.idl b/librpc/idl/netlogon.idl
index 532678e..4fd0cea 100644
--- a/librpc/idl/netlogon.idl
+++ b/librpc/idl/netlogon.idl
@@ -940,7 +940,7 @@ interface netlogon
 		NETLOGON_NEG_CONCURRENT_RPC		= 0x00000800,
 		NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL	= 0x00001000,
 		NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL	= 0x00002000,
-		NETLOGON_NEG_128BIT			= 0x00004000, /* STRONG_KEYS */
+		NETLOGON_NEG_STRONG_KEYS		= 0x00004000,
 		NETLOGON_NEG_TRANSITIVE_TRUSTS		= 0x00008000,
 		NETLOGON_NEG_DNS_DOMAIN_TRUSTS		= 0x00010000,
 		NETLOGON_NEG_PASSWORD_SET2		= 0x00020000,
@@ -948,10 +948,14 @@ interface netlogon
 		NETLOGON_NEG_CROSS_FOREST_TRUSTS	= 0x00080000,
 		NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION	= 0x00100000,
 		NETLOGON_NEG_RODC_PASSTHROUGH		= 0x00200000,
+		NETLOGON_NEG_SUPPORTS_AES_SHA2		= 0x00400000,
 		NETLOGON_NEG_AUTHENTICATED_RPC_LSASS	= 0x20000000,
-		NETLOGON_NEG_SCHANNEL			= 0x40000000 /* AUTHENTICATED_RPC */
+		NETLOGON_NEG_AUTHENTICATED_RPC		= 0x40000000
 	} netr_NegotiateFlags;
 
+	const uint32 NETLOGON_NEG_128BIT = NETLOGON_NEG_STRONG_KEYS;
+	const uint32 NETLOGON_NEG_SCHANNEL = NETLOGON_NEG_AUTHENTICATED_RPC;
+
 	NTSTATUS netr_ServerAuthenticate2(
 		[in,unique]  [string,charset(UTF16)] uint16 *server_name,
 		[in]         [string,charset(UTF16)] uint16 account_name[],
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index d5484d0..a7665b0 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -92,7 +92,37 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca
 
 	ZERO_STRUCTP(r->out.return_credentials);
 	*r->out.rid = 0;
-	*r->out.negotiate_flags = *r->in.negotiate_flags;
+
+	/*
+	 * According to Microsoft (see bugid #6099)
+	 * Windows 7 looks at the negotiate_flags
+	 * returned in this structure *even if the
+	 * call fails with access denied!
+	 */
+	*r->out.negotiate_flags = NETLOGON_NEG_ACCOUNT_LOCKOUT |
+				  NETLOGON_NEG_PERSISTENT_SAMREPL |
+				  NETLOGON_NEG_ARCFOUR |
+				  NETLOGON_NEG_PROMOTION_COUNT |
+				  NETLOGON_NEG_CHANGELOG_BDC |
+				  NETLOGON_NEG_FULL_SYNC_REPL |
+				  NETLOGON_NEG_MULTIPLE_SIDS |
+				  NETLOGON_NEG_REDO |
+				  NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL |
+				  NETLOGON_NEG_SEND_PASSWORD_INFO_PDC |
+				  NETLOGON_NEG_GENERIC_PASSTHROUGH |
+				  NETLOGON_NEG_CONCURRENT_RPC |
+				  NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL |
+				  NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL |
+				  NETLOGON_NEG_STRONG_KEYS |
+				  NETLOGON_NEG_TRANSITIVE_TRUSTS |
+				  NETLOGON_NEG_DNS_DOMAIN_TRUSTS |
+				  NETLOGON_NEG_PASSWORD_SET2 |
+				  NETLOGON_NEG_GETDOMAININFO |
+				  NETLOGON_NEG_CROSS_FOREST_TRUSTS |
+				  NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION |
+				  NETLOGON_NEG_RODC_PASSTHROUGH |
+				  NETLOGON_NEG_AUTHENTICATED_RPC_LSASS |
+				  NETLOGON_NEG_AUTHENTICATED_RPC;
 
 	if (!pipe_state) {
 		DEBUG(1, ("No challenge requested by client, cannot authenticate\n"));


-- 
Samba Shared Repository

More information about the samba-cvs mailing list