From: Stefan Metzmacher Date: Mon, 27 May 2019 10:38:43 +0000 (+0200) Subject: s3:rpc_server:netlogon: don't require NEG_AUTHENTICATED_RPC in netr_ServerAuthenticate*() X-Git-Tag: ldb-2.0.5~515 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=fa5215ce5b93fb032df341e718d7011e619f0916;p=thirdparty%2Fsamba.git s3:rpc_server:netlogon: don't require NEG_AUTHENTICATED_RPC in netr_ServerAuthenticate*() The domain join with VMWare Horizon Quickprep seems to use netr_ServerAuthenticate3() with just the NEG_STRONG_KEYS (and in addition the NEG_SUPPORTS_AES) just to verify a password. Note: NETLOGON_NEG_SCHANNEL is an alias to NEG_AUTHENTICATED_RPC. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13464 (maybe) BUG: https://bugzilla.samba.org/show_bug.cgi?id=13949 Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c index a846a728f24..8c7b0db77fc 100644 --- a/source3/rpc_server/netlogon/srv_netlog_nt.c +++ b/source3/rpc_server/netlogon/srv_netlog_nt.c @@ -926,7 +926,7 @@ NTSTATUS _netr_ServerAuthenticate3(struct pipes_struct *p, srv_flgs |= NETLOGON_NEG_SUPPORTS_AES; } - if (lp_server_schannel() != false) { + if (in_neg_flags & NETLOGON_NEG_SCHANNEL) { srv_flgs |= NETLOGON_NEG_SCHANNEL; } @@ -967,17 +967,6 @@ NTSTATUS _netr_ServerAuthenticate3(struct pipes_struct *p, goto out; } - if ( (lp_server_schannel() == true) && - ((in_neg_flags & NETLOGON_NEG_SCHANNEL) == 0) ) { - - /* schannel must be used, but client did not offer it. */ - DEBUG(0,("%s: schannel required but client failed " - "to offer it. Client was %s\n", - fn, r->in.account_name)); - status = NT_STATUS_ACCESS_DENIED; - goto out; - } - status = get_md4pw(&mach_pwd, r->in.account_name, r->in.secure_channel_type,