git.samba.org - samba.git/commit

author	Stefan Metzmacher <metze@samba.org>
	Sat, 15 Jul 2023 14:11:48 +0000 (16:11 +0200)
committer	Stefan Metzmacher <metze@samba.org>
	Mon, 17 Jul 2023 06:37:31 +0000 (06:37 +0000)
commit	d5f1097b6220676d56ed5fc6707acf667b704518
tree	415e0c46035ef324ec681088699ba11eed10cac4	tree
parent	404ce08e9088968311c714e756f5d58ce2cef715	commit \| diff

s4:rpc_server:netlogon: generate FAULT_INVALID_TAG for invalid netr_LogonGetCapabilities levels

This is important as Windows clients with KB5028166 seem to
call netr_LogonGetCapabilities with query_level=2 after
a call with query_level=1.

An unpatched Windows Server returns DCERPC_NCA_S_FAULT_INVALID_TAG
for query_level values other than 1.
While Samba tries to return NT_STATUS_NOT_SUPPORTED, but
later fails to marshall the response, which results
in DCERPC_FAULT_BAD_STUB_DATA instead.

Because we don't have any documentation for level 2 yet,
we just try to behave like an unpatched server and
generate DCERPC_NCA_S_FAULT_INVALID_TAG instead of
DCERPC_FAULT_BAD_STUB_DATA.
Which allows patched Windows clients to keep working
against a Samba DC.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15418

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

selftest/knownfail.d/netr_LogonGetCapabilities		diff \| blob \| history
source4/rpc_server/netlogon/dcerpc_netlogon.c		diff \| blob \| history