Remove the 'accoc_group_id' check in the RPC server.

This check breaks more than it fixes, and while technically not
correct, is the best solution we have at this time.  Otherwise,
SCHANNEL binds from WinXP fail.

Andrew Bartlett

diff --git a/source/rpc_server/dcerpc_server.c b/source/rpc_server/dcerpc_server.c
index d8dafd61f61f9d7aad80624cc17d5a004717e9af..91ae5fcd94a5facf896b7aa052ff53ccfccec534 100644 (file)
--- a/source/rpc_server/dcerpc_server.c
+++ b/source/rpc_server/dcerpc_server.c
@@ -534,9 +534,20 @@ static NTSTATUS dcesrv_bind(struct dcesrv_call_state *call)
        uint32_t context_id;
        const struct dcesrv_interface *iface;
 
+#if 0
+       /* It is not safe to enable this check - windows clients
+        * (WinXP in particular) will use it for NETLOGON calls, for
+        * the subsequent SCHANNEL bind.  It turns out that NETLOGON
+        * calls include no policy handles, so it is safe there.  Let
+        * the failure occour on the attempt to reuse a poilcy handle,
+        * rather than here */
+
+       /* Association groups allow policy handles to be shared across
+        * multiple client connections.  We don't implement this yet. */
        if (call->pkt.u.bind.assoc_group_id != 0) {
                return dcesrv_bind_nak(call, 0);        
        }
+#endif
 
        if (call->pkt.u.bind.num_contexts < 1 ||
            call->pkt.u.bind.ctx_list[0].num_transfer_syntaxes < 1) {