From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 9 Aug 2023 14:41:33 +0000 (+0200)
Subject: s3:rpc_server: make use of dcesrv_register_default_auth_types[_machine_principal]()
X-Git-Tag: talloc-2.4.2~1260
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f35baa4eb2e68a4253f90f85052306471d61bd04;p=thirdparty%2Fsamba.git

s3:rpc_server: make use of dcesrv_register_default_auth_types[_machine_principal]()

This mostly matches windows now...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source3/rpc_server/rpcd_classic.c b/source3/rpc_server/rpcd_classic.c
index 484ea44122e..9766d0a760b 100644
--- a/source3/rpc_server/rpcd_classic.c
+++ b/source3/rpc_server/rpcd_classic.c
@@ -80,6 +80,7 @@ static NTSTATUS classic_servers(
 {
 	static const struct dcesrv_endpoint_server *ep_servers[7] = { NULL };
 	size_t num_servers = ARRAY_SIZE(ep_servers);
+	NTSTATUS status;
 	bool ok;
 
 	ep_servers[0] = srvsvc_get_ep_server();
@@ -118,6 +119,11 @@ static NTSTATUS classic_servers(
 
 	mangle_reset_cache();
 
+	status = dcesrv_register_default_auth_types_machine_principal(dce_ctx);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
 	*_ep_servers = ep_servers;
 	*_num_ep_servers = num_servers;
 	return NT_STATUS_OK;
diff --git a/source3/rpc_server/rpcd_epmapper.c b/source3/rpc_server/rpcd_epmapper.c
index 0d5f41a58fe..9b2cc4f9459 100644
--- a/source3/rpc_server/rpcd_epmapper.c
+++ b/source3/rpc_server/rpcd_epmapper.c
@@ -55,6 +55,26 @@ static NTSTATUS epmapper_servers(
 {
 	static const struct dcesrv_endpoint_server *ep_servers[] = { NULL };
 	size_t num_servers = ARRAY_SIZE(ep_servers);
+	NTSTATUS status;
+
+	/*
+	 * Windows Server 2022 registers the following auth_types
+	 * all with an empty principal name:
+	 *
+	 *  principle name for proto 9 (spnego) is ''
+	 *  principle name for proto 10 (ntlmssp) is ''
+	 *  principle name for proto 14 is ''
+	 *  principle name for proto 16 (gssapi_krb5) is ''
+	 *  principle name for proto 22 is ''
+	 *  principle name for proto 30 is ''
+	 *  principle name for proto 31 is ''
+	 *
+	 * We only register what we also support.
+	 */
+	status = dcesrv_register_default_auth_types(dce_ctx, "");
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
 
 	ep_servers[0] = epmapper_get_ep_server();
 
diff --git a/source3/rpc_server/rpcd_lsad.c b/source3/rpc_server/rpcd_lsad.c
index 1fe7c681c7c..d00f7049d69 100644
--- a/source3/rpc_server/rpcd_lsad.c
+++ b/source3/rpc_server/rpcd_lsad.c
@@ -75,6 +75,7 @@ static NTSTATUS lsad_servers(
 {
 	static const struct dcesrv_endpoint_server *ep_servers[4] = { NULL, };
 	size_t num_servers = ARRAY_SIZE(ep_servers);
+	NTSTATUS status;
 	bool ok;
 
 	ep_servers[0] = lsarpc_get_ep_server();
@@ -88,6 +89,11 @@ static NTSTATUS lsad_servers(
 		exit(1);
 	}
 
+	status = dcesrv_register_default_auth_types_machine_principal(dce_ctx);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
 	switch(lp_server_role()) {
 	case ROLE_STANDALONE:
 	case ROLE_DOMAIN_MEMBER:
@@ -103,6 +109,16 @@ static NTSTATUS lsad_servers(
 		num_servers = 0;
 		break;
 	default:
+		/*
+		 * As DC we also register schannel with an
+		 * empty principal
+		 */
+		status = dcesrv_auth_type_principal_register(dce_ctx,
+							     DCERPC_AUTH_TYPE_SCHANNEL,
+							     "");
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
 		break;
 	}