Andrew Bartlett schrieb: > The branch, v4-0-test has been updated > via 532ccbbe7aa360440f455dfa136f425b9996e998 (commit) > via f8628fa330abcd50923d995d5bda1f4811582ea9 (commit) > via 1c909973977ae117703c1ccf7589acc4625e76e5 (commit) > from b91bbc5fe4a47e5823be6be5f2f203f1f14105de (commit) > > http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test > > > - Log ----------------------------------------------------------------- > commit 532ccbbe7aa360440f455dfa136f425b9996e998 > Merge: f8628fa330abcd50923d995d5bda1f4811582ea9 > b91bbc5fe4a47e5823be6be5f2f203f1f14105de > Author: Andrew Bartlett <[EMAIL PROTECTED]> > Date: Wed Jul 23 16:15:46 2008 +1000 > > Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into > 4-0-local > > commit f8628fa330abcd50923d995d5bda1f4811582ea9 > Author: Andrew Bartlett <[EMAIL PROTECTED]> > Date: Wed Jul 23 16:14:20 2008 +1000 > > Remove the 'accoc_group_id' check in the RPC server. > > This check breaks more than it fixes, and while technically not > correct, is the best solution we have at this time. Otherwise, > SCHANNEL binds from WinXP fail. > > Andrew Bartlett > > commit 1c909973977ae117703c1ccf7589acc4625e76e5 > Author: Andrew Bartlett <[EMAIL PROTECTED]> > Date: Wed Jul 23 13:49:00 2008 +1000 > > Explain where some other OIDs are allocated. > > This is an odd place for an OID registry - we perhaps need a central > wiki page. > > Andrew Bartlett > > ----------------------------------------------------------------------- > > Summary of changes: > source/rpc_server/dcerpc_server.c | 11 +++++++++++ > source/setup/schema_samba4.ldif | 6 ++++++ > 2 files changed, 17 insertions(+), 0 deletions(-) > > > Changeset truncated at 500 lines: > > diff --git a/source/rpc_server/dcerpc_server.c > b/source/rpc_server/dcerpc_server.c > index d8dafd6..91ae5fc 100644 > --- a/source/rpc_server/dcerpc_server.c > +++ b/source/rpc_server/dcerpc_server.c > @@ -534,9 +534,20 @@ static NTSTATUS dcesrv_bind(struct dcesrv_call_state > *call) > uint32_t context_id; > const struct dcesrv_interface *iface; > > +#if 0 > + /* It is not safe to enable this check - windows clients > + * (WinXP in particular) will use it for NETLOGON calls, for > + * the subsequent SCHANNEL bind. It turns out that NETLOGON > + * calls include no policy handles, so it is safe there. Let > + * the failure occour on the attempt to reuse a poilcy handle, > + * rather than here */ > + > + /* Association groups allow policy handles to be shared across > + * multiple client connections. We don't implement this yet. */ > if (call->pkt.u.bind.assoc_group_id != 0) { > return dcesrv_bind_nak(call, 0); > } > +#endif
I think we should just allow 0 or the 0x12345678 value we give away and fail all other values... Would that be enough to make WinXP work? metze
signature.asc
Description: OpenPGP digital signature
