diff options
author | Andrew Tridgell <tridge@samba.org> | 2004-06-06 07:58:16 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:56:33 -0500 |
commit | 8a3d1a5fb7f7fa20789c451350ae4f2ca411a33f (patch) | |
tree | ef302e49ee9593eaeec980cd46191188c093181d | |
parent | a1318baa5503648ffcff2e9cd625b6848ad285b8 (diff) | |
download | samba-8a3d1a5fb7f7fa20789c451350ae4f2ca411a33f.tar.gz samba-8a3d1a5fb7f7fa20789c451350ae4f2ca411a33f.tar.bz2 samba-8a3d1a5fb7f7fa20789c451350ae4f2ca411a33f.zip |
r1042: added testing of 128 bit schannel session keys
(This used to be commit 96fc2b6f1e7372cc3646bd52172187b8a689c15a)
-rw-r--r-- | source4/librpc/rpc/dcerpc.h | 2 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc_schannel.c | 8 | ||||
-rw-r--r-- | source4/torture/rpc/schannel.c | 23 |
3 files changed, 26 insertions, 7 deletions
diff --git a/source4/librpc/rpc/dcerpc.h b/source4/librpc/rpc/dcerpc.h index d81f0ab965..7bd6f98118 100644 --- a/source4/librpc/rpc/dcerpc.h +++ b/source4/librpc/rpc/dcerpc.h @@ -91,6 +91,8 @@ struct dcerpc_pipe { #define DCERPC_SCHANNEL_ANY (DCERPC_SCHANNEL_BDC| \ DCERPC_SCHANNEL_DOMAIN| \ DCERPC_SCHANNEL_WORKSTATION) +/* use a 128 bit session key */ +#define DCERPC_SCHANNEL_128 (1<<11) #define DCERPC_AUTH_OPTIONS (DCERPC_SEAL|DCERPC_SIGN|DCERPC_SCHANNEL_ANY) diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c index f81429c1f3..22285bd56b 100644 --- a/source4/librpc/rpc/dcerpc_schannel.c +++ b/source4/librpc/rpc/dcerpc_schannel.c @@ -91,7 +91,13 @@ NTSTATUS dcerpc_schannel_key(struct dcerpc_pipe *p, struct samr_Password mach_pwd; struct creds_CredentialState creds; const char *workgroup, *workstation; - uint32_t negotiate_flags = NETLOGON_NEG_AUTH2_FLAGS; + uint32_t negotiate_flags; + + if (p->flags & DCERPC_SCHANNEL_128) { + negotiate_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; + } else { + negotiate_flags = NETLOGON_NEG_AUTH2_FLAGS; + } workstation = username; workgroup = domain; diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c index 8d30f16b06..712c2563a3 100644 --- a/source4/torture/rpc/schannel.c +++ b/source4/torture/rpc/schannel.c @@ -24,6 +24,9 @@ #define TEST_MACHINE_NAME "schanneltest" +/* + do some samr ops using the schannel connection + */ static BOOL test_samr_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) { NTSTATUS status; @@ -48,7 +51,9 @@ static BOOL test_samr_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) return True; } - +/* + test a schannel connection with the given flags + */ static BOOL test_schannel(TALLOC_CTX *mem_ctx, uint16 acct_flags, uint32 dcerpc_flags, uint32 schannel_type) @@ -97,7 +102,9 @@ failed: return False; } - +/* + a schannel test suite + */ BOOL torture_rpc_schannel(int dummy) { TALLOC_CTX *mem_ctx; @@ -107,10 +114,14 @@ BOOL torture_rpc_schannel(int dummy) uint32 dcerpc_flags; uint32 schannel_type; } tests[] = { - { ACB_WSTRUST, DCERPC_SCHANNEL_WORKSTATION | DCERPC_SIGN, 3 }, - { ACB_WSTRUST, DCERPC_SCHANNEL_WORKSTATION | DCERPC_SEAL, 3 }, - { ACB_SVRTRUST, DCERPC_SCHANNEL_BDC | DCERPC_SIGN, 3 }, - { ACB_SVRTRUST, DCERPC_SCHANNEL_BDC | DCERPC_SEAL, 3 } + { ACB_WSTRUST, DCERPC_SCHANNEL_WORKSTATION | DCERPC_SIGN, 3 }, + { ACB_WSTRUST, DCERPC_SCHANNEL_WORKSTATION | DCERPC_SEAL, 3 }, + { ACB_WSTRUST, DCERPC_SCHANNEL_WORKSTATION | DCERPC_SIGN | DCERPC_SCHANNEL_128, 3 }, + { ACB_WSTRUST, DCERPC_SCHANNEL_WORKSTATION | DCERPC_SEAL | DCERPC_SCHANNEL_128, 3 }, + { ACB_SVRTRUST, DCERPC_SCHANNEL_BDC | DCERPC_SIGN, 3 }, + { ACB_SVRTRUST, DCERPC_SCHANNEL_BDC | DCERPC_SEAL, 3 }, + { ACB_SVRTRUST, DCERPC_SCHANNEL_BDC | DCERPC_SIGN | DCERPC_SCHANNEL_128, 3 }, + { ACB_SVRTRUST, DCERPC_SCHANNEL_BDC | DCERPC_SEAL | DCERPC_SCHANNEL_128, 3 } }; int i; |