summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2004-11-11 05:04:22 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:05:43 -0500
commit189783e5b9dabdb12fdff0381f8145aea57b5be6 (patch)
treed5fa4fd5b4d4e3f48657b2289df6f06ff3ef642c
parent8ea4cb31d90a039486cd87bb8be0f3cc05ce1c1f (diff)
downloadsamba-189783e5b9dabdb12fdff0381f8145aea57b5be6.tar.gz
samba-189783e5b9dabdb12fdff0381f8145aea57b5be6.tar.bz2
samba-189783e5b9dabdb12fdff0381f8145aea57b5be6.zip
r3679: We now know a few more of the Netlogon negotiate flags.
Interestingly, all the interesting flags are a '4' (as hex digits in the flag). Andrew Bartlett (This used to be commit 295e09fa3ea2cae48da1e934c1ec180e5678f0c9)
-rw-r--r--source4/libcli/auth/credentials.h13
-rw-r--r--source4/torture/rpc/samlogon.c37
2 files changed, 39 insertions, 11 deletions
diff --git a/source4/libcli/auth/credentials.h b/source4/libcli/auth/credentials.h
index de0e086278..a6e119e1ad 100644
--- a/source4/libcli/auth/credentials.h
+++ b/source4/libcli/auth/credentials.h
@@ -30,16 +30,19 @@ struct creds_CredentialState {
};
-#define NETLOGON_NEG_128BIT 0x4000
-
/* for the timebeing, use the same neg flags as Samba3. */
/* The 7 here seems to be required to get Win2k not to downgrade us
to NT4. Actually, anything other than 1ff would seem to do... */
-#define NETLOGON_NEG_AUTH2_FLAGS 0x000701ff
+#define NETLOGON_NEG_AUTH2_FLAGS 0x000701ff
+
+
+#define NETLOGON_NEG_ARCFOUR 0x00000004
+#define NETLOGON_NEG_128BIT 0x00004000
+
+#define NETLOGON_NEG_SCHANNEL 0x40000000
/* these are the flags that ADS clients use */
-#define NETLOGON_NEG_AUTH2_ADS_FLAGS 0x600fffff
+#define NETLOGON_NEG_AUTH2_ADS_FLAGS (0x200fbffb | NETLOGON_NEG_ARCFOUR | NETLOGON_NEG_128BIT | NETLOGON_NEG_SCHANNEL)
-#define NETLOGON_NEG_SCHANNEL 0x40000000
diff --git a/source4/torture/rpc/samlogon.c b/source4/torture/rpc/samlogon.c
index 470d1d9b60..6f58af3134 100644
--- a/source4/torture/rpc/samlogon.c
+++ b/source4/torture/rpc/samlogon.c
@@ -206,7 +206,7 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state,
if (lm_key) {
memcpy(lm_key, base->LMSessKey.key, 8);
}
- } else if (samlogon_state->creds->negotiate_flags) {
+ } else if (samlogon_state->creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
static const char zeros[16];
if (memcmp(base->key.key, zeros,
@@ -968,7 +968,7 @@ static BOOL test_InteractiveLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
E_deshash(plain_pass, pinfo.lmpassword.hash);
E_md4hash(plain_pass, pinfo.ntpassword.hash);
- if (creds->negotiate_flags) {
+ if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
creds_arcfour_crypt(creds, pinfo.lmpassword.hash, 16);
creds_arcfour_crypt(creds, pinfo.ntpassword.hash, 16);
} else {
@@ -1022,7 +1022,6 @@ BOOL torture_rpc_samlogon(void)
return False;
}
-
if (!test_SetupCredentials(p, mem_ctx,
TEST_MACHINE_NAME, machine_pass, &creds)) {
ret = False;
@@ -1041,37 +1040,63 @@ BOOL torture_rpc_samlogon(void)
return False;
}
+ if (!test_InteractiveLogon(p, mem_ctx, &creds)) {
+ ret = False;
+ }
+
if (!test_SamLogon(p, mem_ctx, &creds)) {
ret = False;
}
+ if (!test_SetupCredentials2(p, mem_ctx, NETLOGON_NEG_ARCFOUR,
+ TEST_MACHINE_NAME, machine_pass, &creds)) {
+ return False;
+ }
+
if (!test_InteractiveLogon(p, mem_ctx, &creds)) {
ret = False;
}
- if (!test_SetupCredentials3(p, mem_ctx, NETLOGON_NEG_AUTH2_FLAGS,
+ if (!test_SamLogon(p, mem_ctx, &creds)) {
+ ret = False;
+ }
+
+ if (!test_SetupCredentials2(p, mem_ctx, NETLOGON_NEG_ARCFOUR | NETLOGON_NEG_128BIT,
TEST_MACHINE_NAME, machine_pass, &creds)) {
return False;
}
+ if (!test_InteractiveLogon(p, mem_ctx, &creds)) {
+ ret = False;
+ }
+
if (!test_SamLogon(p, mem_ctx, &creds)) {
ret = False;
}
+ if (!test_SetupCredentials3(p, mem_ctx, NETLOGON_NEG_AUTH2_FLAGS,
+ TEST_MACHINE_NAME, machine_pass, &creds)) {
+ return False;
+ }
+
if (!test_InteractiveLogon(p, mem_ctx, &creds)) {
ret = False;
}
+ if (!test_SamLogon(p, mem_ctx, &creds)) {
+ ret = False;
+ }
+
if (!test_SetupCredentials3(p, mem_ctx, NETLOGON_NEG_AUTH2_ADS_FLAGS,
TEST_MACHINE_NAME, machine_pass, &creds)) {
return False;
}
- if (!test_SamLogon(p, mem_ctx, &creds)) {
+ if (!test_InteractiveLogon(p, mem_ctx, &creds)) {
ret = False;
}
- if (!test_InteractiveLogon(p, mem_ctx, &creds)) {
+ if (!test_SamLogon(p, mem_ctx, &creds)) {
ret = False;
}