The branch, master has been updated via 201a033c8f19f37117b6f779cbabcf9def3bf655 (commit) via df75afdefbac1b9aaa766bd365850d9298a39fd1 (commit) via a096a4c2aec34cb57d9fa54dda7d62be0acf0247 (commit) via 406e6d61147e044bd07d5478fee58c9fa3618881 (commit) from 8e19a288052bca5efdb0277a40c1e0fdd099cc2b (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 201a033c8f19f37117b6f779cbabcf9def3bf655 Author: Stefan Metzmacher <me...@samba.org> Date: Mon Feb 16 09:42:24 2009 +0100 s4:netlogon: always return correct negotiate_flags in Authenticate[2|3]() metze commit df75afdefbac1b9aaa766bd365850d9298a39fd1 Author: Stefan Metzmacher <me...@samba.org> Date: Mon Feb 16 09:41:44 2009 +0100 librpc: rerun make idl metze commit a096a4c2aec34cb57d9fa54dda7d62be0acf0247 Author: Stefan Metzmacher <me...@samba.org> Date: Mon Feb 16 09:40:36 2009 +0100 netlogon.idl: add NETLOGON_REG_SUPPORTS_AES_SHA2 flags and use correct names for some other flags metze commit 406e6d61147e044bd07d5478fee58c9fa3618881 Author: Stefan Metzmacher <me...@samba.org> Date: Fri Feb 13 19:03:38 2009 +0100 tevent: fix compiler warning in pytevent.c metze ----------------------------------------------------------------------- Summary of changes: lib/tevent/pytevent.c | 4 ++- librpc/gen_ndr/ndr_netlogon.c | 5 ++- librpc/gen_ndr/netlogon.h | 7 ++++- librpc/idl/netlogon.idl | 8 ++++- source4/rpc_server/netlogon/dcerpc_netlogon.c | 32 ++++++++++++++++++++++++- 5 files changed, 48 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/tevent/pytevent.c b/lib/tevent/pytevent.c index 9bffe3d..4c0cbfd 100644 --- a/lib/tevent/pytevent.c +++ b/lib/tevent/pytevent.c @@ -77,7 +77,9 @@ static PyObject *py_event_ctx_new(PyTypeObject *type, PyObject *args, PyObject * char *name = NULL; struct tevent_context *ev_ctx; PyTEventContextObject *ret; - if (!PyArg_ParseTupleAndKeywords(args, kwargs, "|s", (char **)kwnames, &name)) + if (!PyArg_ParseTupleAndKeywords(args, kwargs, "|s", + discard_const_p(char *, kwnames), + &name)) return NULL; if (name == NULL) diff --git a/librpc/gen_ndr/ndr_netlogon.c b/librpc/gen_ndr/ndr_netlogon.c index 751967a..11a3c5e 100644 --- a/librpc/gen_ndr/ndr_netlogon.c +++ b/librpc/gen_ndr/ndr_netlogon.c @@ -6486,7 +6486,7 @@ _PUBLIC_ void ndr_print_netr_NegotiateFlags(struct ndr_print *ndr, const char *n ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_CONCURRENT_RPC", NETLOGON_NEG_CONCURRENT_RPC, r); ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL", NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL, r); ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL", NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL, r); - ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_128BIT", NETLOGON_NEG_128BIT, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_STRONG_KEYS", NETLOGON_NEG_STRONG_KEYS, r); ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_TRANSITIVE_TRUSTS", NETLOGON_NEG_TRANSITIVE_TRUSTS, r); ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_DNS_DOMAIN_TRUSTS", NETLOGON_NEG_DNS_DOMAIN_TRUSTS, r); ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_PASSWORD_SET2", NETLOGON_NEG_PASSWORD_SET2, r); @@ -6494,8 +6494,9 @@ _PUBLIC_ void ndr_print_netr_NegotiateFlags(struct ndr_print *ndr, const char *n ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_CROSS_FOREST_TRUSTS", NETLOGON_NEG_CROSS_FOREST_TRUSTS, r); ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION", NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION, r); ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_RODC_PASSTHROUGH", NETLOGON_NEG_RODC_PASSTHROUGH, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_SUPPORTS_AES_SHA2", NETLOGON_NEG_SUPPORTS_AES_SHA2, r); ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_AUTHENTICATED_RPC_LSASS", NETLOGON_NEG_AUTHENTICATED_RPC_LSASS, r); - ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_SCHANNEL", NETLOGON_NEG_SCHANNEL, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NEG_AUTHENTICATED_RPC", NETLOGON_NEG_AUTHENTICATED_RPC, r); ndr->depth--; } diff --git a/librpc/gen_ndr/netlogon.h b/librpc/gen_ndr/netlogon.h index 74f5c2b..97116c8 100644 --- a/librpc/gen_ndr/netlogon.h +++ b/librpc/gen_ndr/netlogon.h @@ -12,6 +12,8 @@ #ifndef _HEADER_netlogon #define _HEADER_netlogon +#define NETLOGON_NEG_128BIT ( NETLOGON_NEG_STRONG_KEYS ) +#define NETLOGON_NEG_SCHANNEL ( NETLOGON_NEG_AUTHENTICATED_RPC ) #define DSGETDC_VALID_FLAGS ( (DS_FORCE_REDISCOVERY|DS_DIRECTORY_SERVICE_REQUIRED|DS_DIRECTORY_SERVICE_PREFERRED|DS_GC_SERVER_REQUIRED|DS_PDC_REQUIRED|DS_BACKGROUND_ONLY|DS_IP_REQUIRED|DS_KDC_REQUIRED|DS_TIMESERV_REQUIRED|DS_WRITABLE_REQUIRED|DS_GOOD_TIMESERV_PREFERRED|DS_AVOID_SELF|DS_ONLY_LDAP_NEEDED|DS_IS_FLAT_NAME|DS_IS_DNS_NAME|DS_RETURN_FLAT_NAME|DS_RETURN_DNS_NAME) ) #define DS_GFTI_UPDATE_TDO ( 0x1 ) struct netr_UasInfo { @@ -728,7 +730,7 @@ union netr_CONTROL_DATA_INFORMATION { #define NETLOGON_NEG_CONCURRENT_RPC ( 0x00000800 ) #define NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL ( 0x00001000 ) #define NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL ( 0x00002000 ) -#define NETLOGON_NEG_128BIT ( 0x00004000 ) +#define NETLOGON_NEG_STRONG_KEYS ( 0x00004000 ) #define NETLOGON_NEG_TRANSITIVE_TRUSTS ( 0x00008000 ) #define NETLOGON_NEG_DNS_DOMAIN_TRUSTS ( 0x00010000 ) #define NETLOGON_NEG_PASSWORD_SET2 ( 0x00020000 ) @@ -736,8 +738,9 @@ union netr_CONTROL_DATA_INFORMATION { #define NETLOGON_NEG_CROSS_FOREST_TRUSTS ( 0x00080000 ) #define NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION ( 0x00100000 ) #define NETLOGON_NEG_RODC_PASSTHROUGH ( 0x00200000 ) +#define NETLOGON_NEG_SUPPORTS_AES_SHA2 ( 0x00400000 ) #define NETLOGON_NEG_AUTHENTICATED_RPC_LSASS ( 0x20000000 ) -#define NETLOGON_NEG_SCHANNEL ( 0x40000000 ) +#define NETLOGON_NEG_AUTHENTICATED_RPC ( 0x40000000 ) /* bitmap netr_ChangeLogFlags */ #define NETR_CHANGELOG_IMMEDIATE_REPL_REQUIRED ( 0x0001 ) diff --git a/librpc/idl/netlogon.idl b/librpc/idl/netlogon.idl index 532678e..4fd0cea 100644 --- a/librpc/idl/netlogon.idl +++ b/librpc/idl/netlogon.idl @@ -940,7 +940,7 @@ interface netlogon NETLOGON_NEG_CONCURRENT_RPC = 0x00000800, NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL = 0x00001000, NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL = 0x00002000, - NETLOGON_NEG_128BIT = 0x00004000, /* STRONG_KEYS */ + NETLOGON_NEG_STRONG_KEYS = 0x00004000, NETLOGON_NEG_TRANSITIVE_TRUSTS = 0x00008000, NETLOGON_NEG_DNS_DOMAIN_TRUSTS = 0x00010000, NETLOGON_NEG_PASSWORD_SET2 = 0x00020000, @@ -948,10 +948,14 @@ interface netlogon NETLOGON_NEG_CROSS_FOREST_TRUSTS = 0x00080000, NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION = 0x00100000, NETLOGON_NEG_RODC_PASSTHROUGH = 0x00200000, + NETLOGON_NEG_SUPPORTS_AES_SHA2 = 0x00400000, NETLOGON_NEG_AUTHENTICATED_RPC_LSASS = 0x20000000, - NETLOGON_NEG_SCHANNEL = 0x40000000 /* AUTHENTICATED_RPC */ + NETLOGON_NEG_AUTHENTICATED_RPC = 0x40000000 } netr_NegotiateFlags; + const uint32 NETLOGON_NEG_128BIT = NETLOGON_NEG_STRONG_KEYS; + const uint32 NETLOGON_NEG_SCHANNEL = NETLOGON_NEG_AUTHENTICATED_RPC; + NTSTATUS netr_ServerAuthenticate2( [in,unique] [string,charset(UTF16)] uint16 *server_name, [in] [string,charset(UTF16)] uint16 account_name[], diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index d5484d0..a7665b0 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -92,7 +92,37 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca ZERO_STRUCTP(r->out.return_credentials); *r->out.rid = 0; - *r->out.negotiate_flags = *r->in.negotiate_flags; + + /* + * According to Microsoft (see bugid #6099) + * Windows 7 looks at the negotiate_flags + * returned in this structure *even if the + * call fails with access denied! + */ + *r->out.negotiate_flags = NETLOGON_NEG_ACCOUNT_LOCKOUT | + NETLOGON_NEG_PERSISTENT_SAMREPL | + NETLOGON_NEG_ARCFOUR | + NETLOGON_NEG_PROMOTION_COUNT | + NETLOGON_NEG_CHANGELOG_BDC | + NETLOGON_NEG_FULL_SYNC_REPL | + NETLOGON_NEG_MULTIPLE_SIDS | + NETLOGON_NEG_REDO | + NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL | + NETLOGON_NEG_SEND_PASSWORD_INFO_PDC | + NETLOGON_NEG_GENERIC_PASSTHROUGH | + NETLOGON_NEG_CONCURRENT_RPC | + NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL | + NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL | + NETLOGON_NEG_STRONG_KEYS | + NETLOGON_NEG_TRANSITIVE_TRUSTS | + NETLOGON_NEG_DNS_DOMAIN_TRUSTS | + NETLOGON_NEG_PASSWORD_SET2 | + NETLOGON_NEG_GETDOMAININFO | + NETLOGON_NEG_CROSS_FOREST_TRUSTS | + NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION | + NETLOGON_NEG_RODC_PASSTHROUGH | + NETLOGON_NEG_AUTHENTICATED_RPC_LSASS | + NETLOGON_NEG_AUTHENTICATED_RPC; if (!pipe_state) { DEBUG(1, ("No challenge requested by client, cannot authenticate\n")); -- Samba Shared Repository