diff options
author | Andrew Bartlett <abartlet@samba.org> | 2004-11-11 05:04:22 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:05:43 -0500 |
commit | 189783e5b9dabdb12fdff0381f8145aea57b5be6 (patch) | |
tree | d5fa4fd5b4d4e3f48657b2289df6f06ff3ef642c | |
parent | 8ea4cb31d90a039486cd87bb8be0f3cc05ce1c1f (diff) | |
download | samba-189783e5b9dabdb12fdff0381f8145aea57b5be6.tar.gz samba-189783e5b9dabdb12fdff0381f8145aea57b5be6.tar.bz2 samba-189783e5b9dabdb12fdff0381f8145aea57b5be6.zip |
r3679: We now know a few more of the Netlogon negotiate flags.
Interestingly, all the interesting flags are a '4' (as hex digits in
the flag).
Andrew Bartlett
(This used to be commit 295e09fa3ea2cae48da1e934c1ec180e5678f0c9)
-rw-r--r-- | source4/libcli/auth/credentials.h | 13 | ||||
-rw-r--r-- | source4/torture/rpc/samlogon.c | 37 |
2 files changed, 39 insertions, 11 deletions
diff --git a/source4/libcli/auth/credentials.h b/source4/libcli/auth/credentials.h index de0e086278..a6e119e1ad 100644 --- a/source4/libcli/auth/credentials.h +++ b/source4/libcli/auth/credentials.h @@ -30,16 +30,19 @@ struct creds_CredentialState { }; -#define NETLOGON_NEG_128BIT 0x4000 - /* for the timebeing, use the same neg flags as Samba3. */ /* The 7 here seems to be required to get Win2k not to downgrade us to NT4. Actually, anything other than 1ff would seem to do... */ -#define NETLOGON_NEG_AUTH2_FLAGS 0x000701ff +#define NETLOGON_NEG_AUTH2_FLAGS 0x000701ff + + +#define NETLOGON_NEG_ARCFOUR 0x00000004 +#define NETLOGON_NEG_128BIT 0x00004000 + +#define NETLOGON_NEG_SCHANNEL 0x40000000 /* these are the flags that ADS clients use */ -#define NETLOGON_NEG_AUTH2_ADS_FLAGS 0x600fffff +#define NETLOGON_NEG_AUTH2_ADS_FLAGS (0x200fbffb | NETLOGON_NEG_ARCFOUR | NETLOGON_NEG_128BIT | NETLOGON_NEG_SCHANNEL) -#define NETLOGON_NEG_SCHANNEL 0x40000000 diff --git a/source4/torture/rpc/samlogon.c b/source4/torture/rpc/samlogon.c index 470d1d9b60..6f58af3134 100644 --- a/source4/torture/rpc/samlogon.c +++ b/source4/torture/rpc/samlogon.c @@ -206,7 +206,7 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state, if (lm_key) { memcpy(lm_key, base->LMSessKey.key, 8); } - } else if (samlogon_state->creds->negotiate_flags) { + } else if (samlogon_state->creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) { static const char zeros[16]; if (memcmp(base->key.key, zeros, @@ -968,7 +968,7 @@ static BOOL test_InteractiveLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, E_deshash(plain_pass, pinfo.lmpassword.hash); E_md4hash(plain_pass, pinfo.ntpassword.hash); - if (creds->negotiate_flags) { + if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) { creds_arcfour_crypt(creds, pinfo.lmpassword.hash, 16); creds_arcfour_crypt(creds, pinfo.ntpassword.hash, 16); } else { @@ -1022,7 +1022,6 @@ BOOL torture_rpc_samlogon(void) return False; } - if (!test_SetupCredentials(p, mem_ctx, TEST_MACHINE_NAME, machine_pass, &creds)) { ret = False; @@ -1041,37 +1040,63 @@ BOOL torture_rpc_samlogon(void) return False; } + if (!test_InteractiveLogon(p, mem_ctx, &creds)) { + ret = False; + } + if (!test_SamLogon(p, mem_ctx, &creds)) { ret = False; } + if (!test_SetupCredentials2(p, mem_ctx, NETLOGON_NEG_ARCFOUR, + TEST_MACHINE_NAME, machine_pass, &creds)) { + return False; + } + if (!test_InteractiveLogon(p, mem_ctx, &creds)) { ret = False; } - if (!test_SetupCredentials3(p, mem_ctx, NETLOGON_NEG_AUTH2_FLAGS, + if (!test_SamLogon(p, mem_ctx, &creds)) { + ret = False; + } + + if (!test_SetupCredentials2(p, mem_ctx, NETLOGON_NEG_ARCFOUR | NETLOGON_NEG_128BIT, TEST_MACHINE_NAME, machine_pass, &creds)) { return False; } + if (!test_InteractiveLogon(p, mem_ctx, &creds)) { + ret = False; + } + if (!test_SamLogon(p, mem_ctx, &creds)) { ret = False; } + if (!test_SetupCredentials3(p, mem_ctx, NETLOGON_NEG_AUTH2_FLAGS, + TEST_MACHINE_NAME, machine_pass, &creds)) { + return False; + } + if (!test_InteractiveLogon(p, mem_ctx, &creds)) { ret = False; } + if (!test_SamLogon(p, mem_ctx, &creds)) { + ret = False; + } + if (!test_SetupCredentials3(p, mem_ctx, NETLOGON_NEG_AUTH2_ADS_FLAGS, TEST_MACHINE_NAME, machine_pass, &creds)) { return False; } - if (!test_SamLogon(p, mem_ctx, &creds)) { + if (!test_InteractiveLogon(p, mem_ctx, &creds)) { ret = False; } - if (!test_InteractiveLogon(p, mem_ctx, &creds)) { + if (!test_SamLogon(p, mem_ctx, &creds)) { ret = False; } |