From ed728597d2abfacf9d6b3253db2c741880fe26d2 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 13 Dec 2024 16:01:27 +0100 Subject: [PATCH] s4:rpc_server/netlogon: an RODC is not allowed to call netr_ServerPasswordGet() Signed-off-by: Stefan Metzmacher Reviewed-by: Jennifer Sutton --- selftest/knownfail.d/samba.tests.krb5.netlogon | 14 -------------- source4/rpc_server/netlogon/dcerpc_netlogon.c | 1 - 2 files changed, 15 deletions(-) diff --git a/selftest/knownfail.d/samba.tests.krb5.netlogon b/selftest/knownfail.d/samba.tests.krb5.netlogon index 7f551d802b5..f7cea4d5550 100644 --- a/selftest/knownfail.d/samba.tests.krb5.netlogon +++ b/selftest/knownfail.d/samba.tests.krb5.netlogon @@ -1,20 +1,6 @@ # This is not implemented yet ^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_ticket_samlogon # The RODC handling is wrong -^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_check_passwords_rodc_auth3_01000000 -^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_check_passwords_rodc_auth3_613fffff -^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_check_passwords_rodc_auth3_e13fffff -^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_check_passwords_rodc_authK_00000000 -^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_check_passwords_rodc_authK_00000004 -^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_check_passwords_rodc_authK_00004000 -^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_check_passwords_rodc_authK_01000000 -^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_check_passwords_rodc_authK_01004004 -^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_check_passwords_rodc_authK_400001ff -^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_check_passwords_rodc_authK_413fffff -^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_check_passwords_rodc_authK_603fbffb -^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_check_passwords_rodc_authK_613fffff -^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_check_passwords_rodc_authK_80000000 -^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_check_passwords_rodc_authK_e13fffff ^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_send_to_sam_rodc_auth3_01000000 ^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_send_to_sam_rodc_auth3_613fffff ^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_send_to_sam_rodc_auth3_e13fffff diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index 84fd1c6d462..ccf303cff9a 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -3240,7 +3240,6 @@ static NTSTATUS dcesrv_netr_ServerPasswordGet(struct dcesrv_call_state *dce_call ZERO_STRUCT(old_owf_password); switch (r->in.secure_channel_type) { case SEC_CHAN_BDC: - case SEC_CHAN_RODC: break; default: ZERO_STRUCTP(r->out.password); -- 2.47.3