> Andrew Bartlett schrieb:
> > The branch, v4-0-test has been updated
> > via 532ccbbe7aa360440f455dfa136f425b9996e998 (commit)
> > via f8628fa330abcd50923d995d5bda1f4811582ea9 (commit)
> > via 1c909973977ae117703c1ccf7589acc4625e76e5 (commit)
> > from b91bbc5fe4a47e5823be6be5f2f203f1f14105de (commit)
> >
> >
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test> >
> >
> > - Log -----------------------------------------------------------------
> > commit 532ccbbe7aa360440f455dfa136f425b9996e998
> > Merge: f8628fa330abcd50923d995d5bda1f4811582ea9 b91bbc5fe4a47e5823be6be5f2f203f1f14105de
> > Author: Andrew Bartlett <
abartlet@...>
> > Date: Wed Jul 23 16:15:46 2008 +1000
> >
> > Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
> >
> > commit f8628fa330abcd50923d995d5bda1f4811582ea9
> > Author: Andrew Bartlett <
abartlet@...>
> > Date: Wed Jul 23 16:14:20 2008 +1000
> >
> > Remove the 'accoc_group_id' check in the RPC server.
> >
> > This check breaks more than it fixes, and while technically not
> > correct, is the best solution we have at this time. Otherwise,
> > SCHANNEL binds from WinXP fail.
> >
> > Andrew Bartlett
> >
> > commit 1c909973977ae117703c1ccf7589acc4625e76e5
> > Author: Andrew Bartlett <
abartlet@...>
> > Date: Wed Jul 23 13:49:00 2008 +1000
> >
> > Explain where some other OIDs are allocated.
> >
> > This is an odd place for an OID registry - we perhaps need a central
> > wiki page.
> >
> > Andrew Bartlett
> >
> > -----------------------------------------------------------------------
> >
> > Summary of changes:
> > source/rpc_server/dcerpc_server.c | 11 +++++++++++
> > source/setup/schema_samba4.ldif | 6 ++++++
> > 2 files changed, 17 insertions(+), 0 deletions(-)
> >
> >
> > Changeset truncated at 500 lines:
> >
> > diff --git a/source/rpc_server/dcerpc_server.c b/source/rpc_server/dcerpc_server.c
> > index d8dafd6..91ae5fc 100644
> > --- a/source/rpc_server/dcerpc_server.c
> > +++ b/source/rpc_server/dcerpc_server.c
> > @@ -534,9 +534,20 @@ static NTSTATUS dcesrv_bind(struct dcesrv_call_state *call)
> > uint32_t context_id;
> > const struct dcesrv_interface *iface;
> >
> > +#if 0
> > + /* It is not safe to enable this check - windows clients
> > + * (WinXP in particular) will use it for NETLOGON calls, for
> > + * the subsequent SCHANNEL bind. It turns out that NETLOGON
> > + * calls include no policy handles, so it is safe there. Let
> > + * the failure occour on the attempt to reuse a poilcy handle,
> > + * rather than here */
> > +
> > + /* Association groups allow policy handles to be shared across
> > + * multiple client connections. We don't implement this yet. */
> > if (call->pkt.u.bind.assoc_group_id != 0) {
> > return dcesrv_bind_nak(call, 0);
> > }
> > +#endif
>
> I think we should just allow 0 or the 0x12345678 value we give away
> and fail all other values...
>
> Would that be enough to make WinXP work?
signature.asc (260 bytes)