1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
samba-mirror/source4/rpc_server
Stefan Metzmacher 585df7e022 s4:rpc_server:netlogon: generate FAULT_INVALID_TAG for invalid netr_LogonGetCapabilities levels
This is important as Windows clients with KB5028166 seem to
call netr_LogonGetCapabilities with query_level=2 after
a call with query_level=1.

An unpatched Windows Server returns DCERPC_NCA_S_FAULT_INVALID_TAG
for query_level values other than 1.
While Samba tries to return NT_STATUS_NOT_SUPPORTED, but
later fails to marshall the response, which results
in DCERPC_FAULT_BAD_STUB_DATA instead.

Because we don't have any documentation for level 2 yet,
we just try to behave like an unpatched server and
generate DCERPC_NCA_S_FAULT_INVALID_TAG instead of
DCERPC_FAULT_BAD_STUB_DATA.
Which allows patched Windows clients to keep working
against a Samba DC.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15418

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit d5f1097b62)
2023-07-17 10:28:47 +02:00
..
backupkey lib/util: remove extra safe_string.h file 2020-08-28 02:18:40 +00:00
browser werror: replace WERR_UNKNOWN_LEVEL with WERR_INVALID_LEVEL in source4/rpc_server/ 2016-09-28 00:04:35 +02:00
common CVE-2021-3738 s4:rpc_server/common: provide assoc_group aware dcesrv_samdb_connect_as_{system,user}() helpers 2021-11-09 19:45:34 +00:00
dnsserver s4:rpc_server/dnsserver: make use of dsdb_dc_functional_level() 2021-12-24 02:16:33 +00:00
drsuapi s4-rpc_server:getncchanges Add "old Samba" mode regarding GET_ANC/GET_TGT 2022-10-07 08:45:15 +00:00
echo s4:rpc_server: only pass context to op_bind() hooks 2019-01-12 03:13:39 +01:00
epmapper epmapper: Simplify _epm_Map() 2021-01-28 16:58:35 +00:00
eventlog s4:rpc_server/eventlog: make use of dcesrv_handle_create() 2019-01-12 03:13:34 +01:00
lsa CVE-2022-32746 ldb: Make use of functions for appending to an ldb_message 2022-07-24 09:20:21 +02:00
netlogon s4:rpc_server:netlogon: generate FAULT_INVALID_TAG for invalid netr_LogonGetCapabilities levels 2023-07-17 10:28:47 +02:00
remote s4:rpc_server: Check return code of cli_credentials_set_conf() 2021-06-29 02:19:35 +00:00
samr s4:rpc_server: Add transaction for dcesrv_samr_SetUserInfo() 2022-09-18 16:46:09 +00:00
srvsvc smb.conf: Remove "share backend" option 2021-03-26 03:04:39 +00:00
tests dnsp.idl: fix dnsp_ip4_array definition 2019-06-21 08:49:19 +00:00
unixinfo wbclient: "ev" is no longer used in wbc_xids_to_sids 2016-09-28 00:04:36 +02:00
winreg s4:rpc_server/winreg: don't cache an ldb connection per presentation context 2019-01-12 03:13:39 +01:00
wkssvc werror: replace WERR_UNKNOWN_LEVEL with WERR_INVALID_LEVEL in source4/rpc_server/ 2016-09-28 00:04:35 +02:00
dcerpc_server.c s4:rpc_server: Set Kerberos to desired 2021-04-28 03:43:34 +00:00
dcerpc_server.h s4:rpc_server: Move core structures and prototypes to core library 2019-10-18 16:07:37 +00:00
dcerpc_server.pc.in
service_rpc.c dcesrv_core: wrap gensec_*() calls in [un]become_root() calls 2022-01-30 10:57:11 +00:00
wscript_build CVE-2022-38023 s4:rpc_server/netlogon: Move schannel and credentials check functions to librpc 2023-01-23 10:01:59 +00:00