s3:netlogon: fix the supported flags in ServerAuthenticate2()

If we choose to support 128bit encryption report it to the client!!!
Otherwise the client tries to decrypt it with the wrong algorithm.

This partly fixes incoming trusts against w2k8r2.

metze

diff --git a/source/rpc_server/srv_netlog_nt.c b/source/rpc_server/srv_netlog_nt.c
index 4bf9c13dc458c6de835f8d0b1cef320e7ec0b168..3a79957de0ff6c538169670ff67323a98c7f61db 100644 (file)
--- a/source/rpc_server/srv_netlog_nt.c
+++ b/source/rpc_server/srv_netlog_nt.c
@@ -446,6 +446,11 @@ NTSTATUS _net_auth_2(pipes_struct *p, NET_Q_AUTH_2 *q_u, NET_R_AUTH_2 *r_u)
                srv_flgs.neg_flags |= NETLOGON_NEG_SCHANNEL;
        }
 
+       /* Ensure we support strong (128-bit) keys. */
+       if (q_u->clnt_flgs.neg_flags & NETLOGON_NEG_128BIT) {
+               srv_flgs.neg_flags |= NETLOGON_NEG_128BIT;
+       }
+
        /* set up the initial LSA AUTH 2 response */
        ZERO_STRUCT(srv_chal_out);
        init_net_r_auth_2(r_u, &srv_chal_out, &srv_flgs, NT_STATUS_OK);