s4:netlogon: correctly calculate the negotiate_flags

We need to bit-wise AND the client and server flags.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 7329930163ab013bf8a929309e9b8d53890347c9..8cba3e39069f53c3475b05b737c94e9bfb5c310d 100644 (file)
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -91,42 +91,39 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca
 
        const char *trust_dom_attrs[] = {"flatname", NULL};
        const char *account_name;
+       uint32_t server_flags = 0;
        uint32_t negotiate_flags = 0;
 
        ZERO_STRUCTP(r->out.return_credentials);
        *r->out.rid = 0;
 
-       negotiate_flags = NETLOGON_NEG_ACCOUNT_LOCKOUT |
-                         NETLOGON_NEG_PERSISTENT_SAMREPL |
-                         NETLOGON_NEG_ARCFOUR |
-                         NETLOGON_NEG_PROMOTION_COUNT |
-                         NETLOGON_NEG_CHANGELOG_BDC |
-                         NETLOGON_NEG_FULL_SYNC_REPL |
-                         NETLOGON_NEG_MULTIPLE_SIDS |
-                         NETLOGON_NEG_REDO |
-                         NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL |
-                         NETLOGON_NEG_SEND_PASSWORD_INFO_PDC |
-                         NETLOGON_NEG_GENERIC_PASSTHROUGH |
-                         NETLOGON_NEG_CONCURRENT_RPC |
-                         NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL |
-                         NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL |
-                         NETLOGON_NEG_TRANSITIVE_TRUSTS |
-                         NETLOGON_NEG_DNS_DOMAIN_TRUSTS |
-                         NETLOGON_NEG_PASSWORD_SET2 |
-                         NETLOGON_NEG_GETDOMAININFO |
-                         NETLOGON_NEG_CROSS_FOREST_TRUSTS |
-                         NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION |
-                         NETLOGON_NEG_RODC_PASSTHROUGH |
-                         NETLOGON_NEG_AUTHENTICATED_RPC_LSASS |
-                         NETLOGON_NEG_AUTHENTICATED_RPC;
-
-       if (*r->in.negotiate_flags & NETLOGON_NEG_STRONG_KEYS) {
-               negotiate_flags |= NETLOGON_NEG_STRONG_KEYS;
-       }
-
-       if (*r->in.negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
-               negotiate_flags |= NETLOGON_NEG_SUPPORTS_AES;
-       }
+       server_flags = NETLOGON_NEG_ACCOUNT_LOCKOUT |
+                      NETLOGON_NEG_PERSISTENT_SAMREPL |
+                      NETLOGON_NEG_ARCFOUR |
+                      NETLOGON_NEG_PROMOTION_COUNT |
+                      NETLOGON_NEG_CHANGELOG_BDC |
+                      NETLOGON_NEG_FULL_SYNC_REPL |
+                      NETLOGON_NEG_MULTIPLE_SIDS |
+                      NETLOGON_NEG_REDO |
+                      NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL |
+                      NETLOGON_NEG_SEND_PASSWORD_INFO_PDC |
+                      NETLOGON_NEG_GENERIC_PASSTHROUGH |
+                      NETLOGON_NEG_CONCURRENT_RPC |
+                      NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL |
+                      NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL |
+                      NETLOGON_NEG_STRONG_KEYS |
+                      NETLOGON_NEG_TRANSITIVE_TRUSTS |
+                      NETLOGON_NEG_DNS_DOMAIN_TRUSTS |
+                      NETLOGON_NEG_PASSWORD_SET2 |
+                      NETLOGON_NEG_GETDOMAININFO |
+                      NETLOGON_NEG_CROSS_FOREST_TRUSTS |
+                      NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION |
+                      NETLOGON_NEG_RODC_PASSTHROUGH |
+                      NETLOGON_NEG_SUPPORTS_AES |
+                      NETLOGON_NEG_AUTHENTICATED_RPC_LSASS |
+                      NETLOGON_NEG_AUTHENTICATED_RPC;
+
+       negotiate_flags = *r->in.negotiate_flags & server_flags;
 
        /*
         * According to Microsoft (see bugid #6099)