s4:netlogon: always return correct negotiate_flags in Authenticate[2|3]()

metze

1 files changed, 31 insertions, 1 deletions

diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index d5484d0da02..a7665b0e145 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -92,7 +92,37 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca
 
 	ZERO_STRUCTP(r->out.return_credentials);
 	*r->out.rid = 0;
-	*r->out.negotiate_flags = *r->in.negotiate_flags;
+
+	/*
+	 * According to Microsoft (see bugid #6099)
+	 * Windows 7 looks at the negotiate_flags
+	 * returned in this structure *even if the
+	 * call fails with access denied!
+	 */
+	*r->out.negotiate_flags = NETLOGON_NEG_ACCOUNT_LOCKOUT |
+				  NETLOGON_NEG_PERSISTENT_SAMREPL |
+				  NETLOGON_NEG_ARCFOUR |
+				  NETLOGON_NEG_PROMOTION_COUNT |
+				  NETLOGON_NEG_CHANGELOG_BDC |
+				  NETLOGON_NEG_FULL_SYNC_REPL |
+				  NETLOGON_NEG_MULTIPLE_SIDS |
+				  NETLOGON_NEG_REDO |
+				  NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL |
+				  NETLOGON_NEG_SEND_PASSWORD_INFO_PDC |
+				  NETLOGON_NEG_GENERIC_PASSTHROUGH |
+				  NETLOGON_NEG_CONCURRENT_RPC |
+				  NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL |
+				  NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL |
+				  NETLOGON_NEG_STRONG_KEYS |
+				  NETLOGON_NEG_TRANSITIVE_TRUSTS |
+				  NETLOGON_NEG_DNS_DOMAIN_TRUSTS |
+				  NETLOGON_NEG_PASSWORD_SET2 |
+				  NETLOGON_NEG_GETDOMAININFO |
+				  NETLOGON_NEG_CROSS_FOREST_TRUSTS |
+				  NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION |
+				  NETLOGON_NEG_RODC_PASSTHROUGH |
+				  NETLOGON_NEG_AUTHENTICATED_RPC_LSASS |
+				  NETLOGON_NEG_AUTHENTICATED_RPC;
 
 	if (!pipe_state) {
 		DEBUG(1, ("No challenge requested by client, cannot authenticate\n"));