git.ipfire.org Git - thirdparty/samba.git/commit

author	Stefan Metzmacher <metze@samba.org>
	Sat, 15 Jul 2023 14:11:48 +0000 (16:11 +0200)
committer	Jule Anger <janger@samba.org>
	Mon, 17 Jul 2023 08:28:30 +0000 (10:28 +0200)
commit	55d0a38601236b89871f1a2f2bf7ad36c590f1f4
tree	36a1874294f0c5dd0200b24990e7380acd825ef8	tree \| snapshot
parent	e14a5c36123ac01c91851cb40483e6251d9d43e9	commit \| diff

s4:rpc_server:netlogon: generate FAULT_INVALID_TAG for invalid netr_LogonGetCapabilities levels

This is important as Windows clients with KB5028166 seem to
call netr_LogonGetCapabilities with query_level=2 after
a call with query_level=1.

An unpatched Windows Server returns DCERPC_NCA_S_FAULT_INVALID_TAG
for query_level values other than 1.
While Samba tries to return NT_STATUS_NOT_SUPPORTED, but
later fails to marshall the response, which results
in DCERPC_FAULT_BAD_STUB_DATA instead.

Because we don't have any documentation for level 2 yet,
we just try to behave like an unpatched server and
generate DCERPC_NCA_S_FAULT_INVALID_TAG instead of
DCERPC_FAULT_BAD_STUB_DATA.
Which allows patched Windows clients to keep working
against a Samba DC.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15418

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit d5f1097b6220676d56ed5fc6707acf667b704518)

selftest/knownfail.d/netr_LogonGetCapabilities		diff \| blob \| blame \| history
source4/rpc_server/netlogon/dcerpc_netlogon.c		diff \| blob \| blame \| history