diff options
| author | Stefan Metzmacher <metze@samba.org> | 2011-12-23 15:20:26 +0100 |
|---|---|---|
| committer | Andreas Schneider <asn@samba.org> | 2012-07-17 10:58:39 +0200 |
| commit | 780006db9de7a55030ba07fc5236c85bee7b4961 (patch) | |
| tree | 2eb0d813d4bb95bf462169f668a253dec8336377 | |
| parent | a7208de06a6b47ef0b6947d50b46efc79d1198ce (diff) | |
| download | samba-780006db9de7a55030ba07fc5236c85bee7b4961.tar.gz samba-780006db9de7a55030ba07fc5236c85bee7b4961.tar.bz2 samba-780006db9de7a55030ba07fc5236c85bee7b4961.zip | |
s4:librpc/rpc: add DCERPC_SCHANNEL_AES support
metze
Signed-off-by: Günther Deschner <gd@samba.org>
| -rw-r--r-- | librpc/rpc/rpc_common.h | 3 | ||||
| -rw-r--r-- | source4/librpc/rpc/dcerpc_schannel.c | 17 |
2 files changed, 18 insertions, 2 deletions
diff --git a/librpc/rpc/rpc_common.h b/librpc/rpc/rpc_common.h index a28835fa63..e2b37550e1 100644 --- a/librpc/rpc/rpc_common.h +++ b/librpc/rpc/rpc_common.h @@ -110,6 +110,9 @@ struct dcerpc_binding { /* handle upgrades or downgrades automatically */ #define DCERPC_SCHANNEL_AUTO (1<<23) +/* use aes schannel with hmac-sh256 session key */ +#define DCERPC_SCHANNEL_AES (1<<24) + /* The following definitions come from ../librpc/rpc/dcerpc_error.c */ const char *dcerpc_errstr(TALLOC_CTX *mem_ctx, uint32_t fault_code); diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c index 3a3dec068b..f3e52585ae 100644 --- a/source4/librpc/rpc/dcerpc_schannel.c +++ b/source4/librpc/rpc/dcerpc_schannel.c @@ -243,7 +243,13 @@ static void continue_srv_auth2(struct tevent_req *subreq) } s->dcerpc_schannel_auto = false; - if (lf & NETLOGON_NEG_STRONG_KEYS) { + if (lf & NETLOGON_NEG_SUPPORTS_AES) { + ln = "aes"; + if (rf & NETLOGON_NEG_SUPPORTS_AES) { + composite_error(c, s->a.out.result); + return; + } + } else if (lf & NETLOGON_NEG_STRONG_KEYS) { ln = "strong"; if (rf & NETLOGON_NEG_STRONG_KEYS) { composite_error(c, s->a.out.result); @@ -253,7 +259,9 @@ static void continue_srv_auth2(struct tevent_req *subreq) ln = "des"; } - if (rf & NETLOGON_NEG_STRONG_KEYS) { + if (rf & NETLOGON_NEG_SUPPORTS_AES) { + rn = "aes"; + } else if (rf & NETLOGON_NEG_STRONG_KEYS) { rn = "strong"; } else { rn = "des"; @@ -324,8 +332,13 @@ struct composite_context *dcerpc_schannel_key_send(TALLOC_CTX *mem_ctx, if (s->pipe->conn->flags & DCERPC_SCHANNEL_128) { s->local_negotiate_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; } + if (s->pipe->conn->flags & DCERPC_SCHANNEL_AES) { + s->local_negotiate_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; + s->local_negotiate_flags |= NETLOGON_NEG_SUPPORTS_AES; + } if (s->pipe->conn->flags & DCERPC_SCHANNEL_AUTO) { s->local_negotiate_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; + s->local_negotiate_flags |= NETLOGON_NEG_SUPPORTS_AES; s->dcerpc_schannel_auto = true; } |