diff options
| author | Stefan Metzmacher <metze@samba.org> | 2013-12-23 10:12:24 +0100 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2014-01-07 12:47:18 +0100 |
| commit | 3b77b804cdc9e7621f026ef9bc8e7059f471348e (patch) | |
| tree | f72b161b24173ca449e49bb513b32aab92fdf257 | |
| parent | 0d4806f9f056c3e37f5aed1ef19e2924aa8f4151 (diff) | |
| download | samba-3b77b804cdc9e7621f026ef9bc8e7059f471348e.tar.gz samba-3b77b804cdc9e7621f026ef9bc8e7059f471348e.tar.xz samba-3b77b804cdc9e7621f026ef9bc8e7059f471348e.zip | |
s4:netlogon: correctly calculate the negotiate_flags
We need to bit-wise AND the client and server flags.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
| -rw-r--r-- | source4/rpc_server/netlogon/dcerpc_netlogon.c | 59 |
1 files changed, 28 insertions, 31 deletions
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index 7329930163..8cba3e3906 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -91,42 +91,39 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca const char *trust_dom_attrs[] = {"flatname", NULL}; const char *account_name; + uint32_t server_flags = 0; uint32_t negotiate_flags = 0; ZERO_STRUCTP(r->out.return_credentials); *r->out.rid = 0; - negotiate_flags = NETLOGON_NEG_ACCOUNT_LOCKOUT | - NETLOGON_NEG_PERSISTENT_SAMREPL | - NETLOGON_NEG_ARCFOUR | - NETLOGON_NEG_PROMOTION_COUNT | - NETLOGON_NEG_CHANGELOG_BDC | - NETLOGON_NEG_FULL_SYNC_REPL | - NETLOGON_NEG_MULTIPLE_SIDS | - NETLOGON_NEG_REDO | - NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL | - NETLOGON_NEG_SEND_PASSWORD_INFO_PDC | - NETLOGON_NEG_GENERIC_PASSTHROUGH | - NETLOGON_NEG_CONCURRENT_RPC | - NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL | - NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL | - NETLOGON_NEG_TRANSITIVE_TRUSTS | - NETLOGON_NEG_DNS_DOMAIN_TRUSTS | - NETLOGON_NEG_PASSWORD_SET2 | - NETLOGON_NEG_GETDOMAININFO | - NETLOGON_NEG_CROSS_FOREST_TRUSTS | - NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION | - NETLOGON_NEG_RODC_PASSTHROUGH | - NETLOGON_NEG_AUTHENTICATED_RPC_LSASS | - NETLOGON_NEG_AUTHENTICATED_RPC; - - if (*r->in.negotiate_flags & NETLOGON_NEG_STRONG_KEYS) { - negotiate_flags |= NETLOGON_NEG_STRONG_KEYS; - } - - if (*r->in.negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { - negotiate_flags |= NETLOGON_NEG_SUPPORTS_AES; - } + server_flags = NETLOGON_NEG_ACCOUNT_LOCKOUT | + NETLOGON_NEG_PERSISTENT_SAMREPL | + NETLOGON_NEG_ARCFOUR | + NETLOGON_NEG_PROMOTION_COUNT | + NETLOGON_NEG_CHANGELOG_BDC | + NETLOGON_NEG_FULL_SYNC_REPL | + NETLOGON_NEG_MULTIPLE_SIDS | + NETLOGON_NEG_REDO | + NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL | + NETLOGON_NEG_SEND_PASSWORD_INFO_PDC | + NETLOGON_NEG_GENERIC_PASSTHROUGH | + NETLOGON_NEG_CONCURRENT_RPC | + NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL | + NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL | + NETLOGON_NEG_STRONG_KEYS | + NETLOGON_NEG_TRANSITIVE_TRUSTS | + NETLOGON_NEG_DNS_DOMAIN_TRUSTS | + NETLOGON_NEG_PASSWORD_SET2 | + NETLOGON_NEG_GETDOMAININFO | + NETLOGON_NEG_CROSS_FOREST_TRUSTS | + NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION | + NETLOGON_NEG_RODC_PASSTHROUGH | + NETLOGON_NEG_SUPPORTS_AES | + NETLOGON_NEG_AUTHENTICATED_RPC_LSASS | + NETLOGON_NEG_AUTHENTICATED_RPC; + + negotiate_flags = *r->in.negotiate_flags & server_flags; /* * According to Microsoft (see bugid #6099) |