git.ipfire.org Git - thirdparty/samba.git/commit

author	Stefan Metzmacher <metze@samba.org>
	Sat, 15 Jul 2023 14:11:48 +0000 (16:11 +0200)
committer	Jule Anger <janger@samba.org>
	Mon, 17 Jul 2023 08:28:30 +0000 (10:28 +0200)
commit	56fad90eaef07d11665c35ffc872f34165496076
tree	b9e0a7845ca4486f60ad924f609f5393f3e62762	tree
parent	55d0a38601236b89871f1a2f2bf7ad36c590f1f4	commit \| diff

s3:rpc_server:netlogon: generate FAULT_INVALID_TAG for invalid netr_LogonGetCapabilities levels

This is important as Windows clients with KB5028166 seem to
call netr_LogonGetCapabilities with query_level=2 after
a call with query_level=1.

An unpatched Windows Server returns DCERPC_NCA_S_FAULT_INVALID_TAG
for query_level values other than 1.
While Samba tries to return NT_STATUS_NOT_SUPPORTED, but
later fails to marshall the response, which results
in DCERPC_FAULT_BAD_STUB_DATA instead.

Because we don't have any documentation for level 2 yet,
we just try to behave like an unpatched server and
generate DCERPC_NCA_S_FAULT_INVALID_TAG instead of
DCERPC_FAULT_BAD_STUB_DATA.
Which allows patched Windows clients to keep working
against a Samba DC.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15418

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Jul 17 07:35:09 UTC 2023 on atb-devel-224

(cherry picked from commit dfeabce44fbb78083fbbb2aa634fc4172cf83db9)

selftest/knownfail.d/netr_LogonGetCapabilities	[deleted file]	blob \| blame \| history
source3/rpc_server/netlogon/srv_netlog_nt.c		diff \| blob \| blame \| history