return _netr_LogonControl2Ex(p, &l);
}
-/****************************************************************************
-Send a message to smbd to do a sam synchronisation
-**************************************************************************/
-
-static void send_sync_message(struct messaging_context *msg_ctx)
-{
- DEBUG(3, ("sending sam synchronisation message\n"));
- message_send_all(msg_ctx, MSG_SMB_SAM_SYNC, NULL, 0, NULL);
-}
-
/*************************************************************************
_netr_LogonControl2
*************************************************************************/
return WERR_UNKNOWN_LEVEL;
}
- if (lp_server_role() == ROLE_DOMAIN_BDC) {
- send_sync_message(p->msg_ctx);
- }
-
return WERR_OK;
}
srv_flgs |= NETLOGON_NEG_SCHANNEL;
}
+ /*
+ * Support authenticaten of trusted domains.
+ *
+ * These flags are the minimum required set which works with win2k3
+ * and win2k8.
+ */
+ if (pdb_capabilities() & PDB_CAP_TRUSTED_DOMAINS_EX) {
+ srv_flgs |= NETLOGON_NEG_TRANSITIVE_TRUSTS |
+ NETLOGON_NEG_DNS_DOMAIN_TRUSTS |
+ NETLOGON_NEG_CROSS_FOREST_TRUSTS |
+ NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION;
+ }
+
switch (p->opnum) {
case NDR_NETR_SERVERAUTHENTICATE:
fn = "_netr_ServerAuthenticate";
&mach_pwd,
r->in.credentials,
r->out.return_credentials,
- *r->in.negotiate_flags);
+ srv_flgs);
if (!creds) {
DEBUG(0,("%s: netlogon_creds_server_check failed. Rejecting auth "
"request from client %s machine account %s\n",
NTSTATUS _netr_LogonGetCapabilities(struct pipes_struct *p,
struct netr_LogonGetCapabilities *r)
{
- return NT_STATUS_NOT_IMPLEMENTED;
+ struct netlogon_creds_CredentialState *creds;
+ NTSTATUS status;
+
+ become_root();
+ status = netr_creds_server_step_check(p, p->mem_ctx,
+ r->in.computer_name,
+ r->in.credential,
+ r->out.return_authenticator,
+ &creds);
+ unbecome_root();
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ if (r->in.query_level != 1) {
+ return NT_STATUS_NOT_SUPPORTED;
+ }
+
+ r->out.capabilities->server_capabilities = creds->negotiate_flags;
+
+ return NT_STATUS_OK;
}
/****************************************************************