s3-schannel: Fix Bug #6697. Interdomain trusts with Windows 2008 R2 DCs.

[obnox/samba-ctdb.git] / source / include / rpc_dce.h

diff --git a/source/include/rpc_dce.h b/source/include/rpc_dce.h
index 09e5f25da8c5a90c53b6904f829f438ae4a57033..b2e7b06812b973b0312bf6c0d0bbf7a615711a59 100644 (file)
--- a/source/include/rpc_dce.h
+++ b/source/include/rpc_dce.h
@@ -7,7 +7,7 @@
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2 of the License, or
+   the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.
    
    This program is distributed in the hope that it will be useful,
@@ -16,8 +16,7 @@
    GNU General Public License for more details.
    
    You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
 #ifndef _DCE_RPC_H /* _DCE_RPC_H */
@@ -99,18 +98,51 @@ enum RPC_PKT_TYPE {
 #define RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN         0x20
 #define RPC_AUTH_SCHANNEL_SIGN_ONLY_CHK_LEN    0x18
 
-
-#define NETLOGON_NEG_ARCFOUR                   0x00000004
-#define NETLOGON_NEG_128BIT                    0x00004000
-#define NETLOGON_NEG_SCHANNEL                  0x40000000
-
 /* The 7 here seems to be required to get Win2k not to downgrade us
    to NT4.  Actually, anything other than 1ff would seem to do... */
 #define NETLOGON_NEG_AUTH2_FLAGS 0x000701ff
+/*
+       (NETLOGON_NEG_ACCOUNT_LOCKOUT |
+        NETLOGON_NEG_PERSISTENT_SAMREPL |
+        NETLOGON_NEG_ARCFOUR |
+        NETLOGON_NEG_PROMOTION_COUNT |
+        NETLOGON_NEG_CHANGELOG_BDC |
+        NETLOGON_NEG_FULL_SYNC_REPL |
+        NETLOGON_NEG_MULTIPLE_SIDS |
+        NETLOGON_NEG_REDO |
+        NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL |
+        NETLOGON_NEG_DNS_DOMAIN_TRUSTS |
+        NETLOGON_NEG_PASSWORD_SET2 |
+        NETLOGON_NEG_GETDOMAININFO)
+*/
 #define NETLOGON_NEG_DOMAIN_TRUST_ACCOUNT      0x2010b000
- 
+
 /* these are the flags that ADS clients use */
-#define NETLOGON_NEG_AUTH2_ADS_FLAGS (0x200fbffb | NETLOGON_NEG_ARCFOUR | NETLOGON_NEG_128BIT | NETLOGON_NEG_SCHANNEL)
+#define NETLOGON_NEG_AUTH2_ADS_FLAGS 0x600fffff
+/*
+       (NETLOGON_NEG_ACCOUNT_LOCKOUT |
+        NETLOGON_NEG_PERSISTENT_SAMREPL |
+        NETLOGON_NEG_ARCFOUR |
+        NETLOGON_NEG_PROMOTION_COUNT |
+        NETLOGON_NEG_CHANGELOG_BDC |
+        NETLOGON_NEG_FULL_SYNC_REPL |
+        NETLOGON_NEG_MULTIPLE_SIDS |
+        NETLOGON_NEG_REDO |
+        NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL |
+        NETLOGON_NEG_SEND_PASSWORD_INFO_PDC |
+        NETLOGON_NEG_GENERIC_PASSTHROUGH |
+        NETLOGON_NEG_CONCURRENT_RPC |
+        NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL |
+        NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL |
+        NETLOGON_NEG_128BIT |
+        NETLOGON_NEG_TRANSITIVE_TRUSTS |
+        NETLOGON_NEG_DNS_DOMAIN_TRUSTS |
+        NETLOGON_NEG_PASSWORD_SET2 |
+        NETLOGON_NEG_GETDOMAININFO |
+        NETLOGON_NEG_CROSS_FOREST_TRUSTS |
+        NETLOGON_NEG_AUTHENTICATED_RPC_LSASS |
+        NETLOGON_NEG_SCHANNEL)
+*/
 
 enum schannel_direction {
        SENDER_IS_INITIATOR,
@@ -118,7 +150,7 @@ enum schannel_direction {
 };
 
 /* Maximum size of the signing data in a fragment. */
-#define RPC_MAX_SIGN_SIZE 0x20 /* 32 */
+#define RPC_MAX_SIGN_SIZE 0x38 /* 56 */
 
 /* Maximum PDU fragment size. */
 /* #define MAX_PDU_FRAG_LEN 0x1630             this is what wnt sets */