[PATCH] s4: Return a correct value for Supported Encryption Type

Matthieu Patou mat at matws.net
Mon Sep 7 13:17:21 MDT 2009 

  Vista and upper version use this value to check wether they should ask the DC
  to change the msDS-SupportedEncryptionTypes attribute or not.
---
 source4/rpc_server/netlogon/dcerpc_netlogon.c |    7 ++++++-
 1 files changed, 6 insertions(+), 1 deletions(-)

diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index cee94d8..4c15bc1 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -1129,6 +1129,8 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal
 	struct netr_LsaPolicyInformation *lsa_policy_info;
 	struct netr_OsVersionInfoEx *os_version;
 	int ret1, ret2, i;
+	uint32_t client_supported_enc;
+	uint32_t default_supported_enc = 0x0f;
 	NTSTATUS status;
 
 	status = dcesrv_netr_creds_server_step_check(dce_call,
@@ -1161,6 +1163,9 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal
 						       workstation_dn,	"dNSHostName", 
 						       NULL);
 
+		client_supported_enc = samdb_search_int64(sam_ctx, mem_ctx, default_supported_enc,
+						       workstation_dn,	"msDS-SupportedEncryptionTypes", 
+						       NULL);
 		/* Gets host informations and put them in our directory */
 		new_msg = ldb_msg_new(mem_ctx);
 		NT_STATUS_HAVE_NO_MEMORY(new_msg);
@@ -1306,7 +1311,7 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal
 		domain_info->dns_hostname.string = old_dns_hostname;
 		domain_info->workstation_flags =
 			r->in.query->workstation_info->workstation_flags;
-		domain_info->supported_enc_types = 0; /* w2008 gives this 0 */
+		domain_info->supported_enc_types = client_supported_enc;
 
 		r->out.info->domain_info = domain_info;
 	break;
-- 
1.6.0.4


--------------000806020703030103020600
Content-Type: text/x-patch;
 name="0001-s4-Return-a-correct-value-for-Supported-Encryption_64bitvariant.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename*0="0001-s4-Return-a-correct-value-for-Supported-Encryption_64bi";
 filename*1="tvariant.patch"

More information about the samba-technical mailing list