s3-netlogon: Add support to authenticate trusted domains.

author Sumit Bose <sbose@redhat.com>

Tue, 22 Nov 2011 13:02:20 +0000 (08:02 -0500)

committer Andreas Schneider <asn@cryptomilk.org>

Thu, 22 Dec 2011 16:48:24 +0000 (17:48 +0100)
author Sumit Bose <sbose@redhat.com>
Tue, 22 Nov 2011 13:02:20 +0000 (08:02 -0500)
committer Andreas Schneider <asn@cryptomilk.org>
Thu, 22 Dec 2011 16:48:24 +0000 (17:48 +0100)
diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c

index f681e909dd32f421a43d47cb356c184d0f5c805b..086a0ea3c5ab90a59b76918aa3e2f6331a80208e 100644 (file)
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -907,6 +907,19 @@ NTSTATUS _netr_ServerAuthenticate3(struct pipes_struct *p,
                 srv_flgs |= NETLOGON_NEG_SCHANNEL;
         }
  
+       /*
+        * Support authenticaten of trusted domains.
+        *
+        * These flags are the minimum required set which works with win2k3
+        * and win2k8.
+        */
+       if (pdb_capabilities() & PDB_CAP_TRUSTED_DOMAINS_EX) {
+               srv_flgs |= NETLOGON_NEG_TRANSITIVE_TRUSTS |
+                           NETLOGON_NEG_DNS_DOMAIN_TRUSTS |
+                           NETLOGON_NEG_CROSS_FOREST_TRUSTS |
+                           NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION;
+       }
+
         switch (p->opnum) {
                 case NDR_NETR_SERVERAUTHENTICATE:
                         fn = "_netr_ServerAuthenticate";
author	Sumit Bose <sbose@redhat.com>
	Tue, 22 Nov 2011 13:02:20 +0000 (08:02 -0500)
committer	Andreas Schneider <asn@cryptomilk.org>
	Thu, 22 Dec 2011 16:48:24 +0000 (17:48 +0100)