summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2004-06-06 07:58:16 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:56:33 -0500
commit8a3d1a5fb7f7fa20789c451350ae4f2ca411a33f (patch)
treeef302e49ee9593eaeec980cd46191188c093181d
parenta1318baa5503648ffcff2e9cd625b6848ad285b8 (diff)
downloadsamba-8a3d1a5fb7f7fa20789c451350ae4f2ca411a33f.tar.gz
samba-8a3d1a5fb7f7fa20789c451350ae4f2ca411a33f.tar.bz2
samba-8a3d1a5fb7f7fa20789c451350ae4f2ca411a33f.zip
r1042: added testing of 128 bit schannel session keys
(This used to be commit 96fc2b6f1e7372cc3646bd52172187b8a689c15a)
-rw-r--r--source4/librpc/rpc/dcerpc.h2
-rw-r--r--source4/librpc/rpc/dcerpc_schannel.c8
-rw-r--r--source4/torture/rpc/schannel.c23
3 files changed, 26 insertions, 7 deletions
diff --git a/source4/librpc/rpc/dcerpc.h b/source4/librpc/rpc/dcerpc.h
index d81f0ab965..7bd6f98118 100644
--- a/source4/librpc/rpc/dcerpc.h
+++ b/source4/librpc/rpc/dcerpc.h
@@ -91,6 +91,8 @@ struct dcerpc_pipe {
#define DCERPC_SCHANNEL_ANY (DCERPC_SCHANNEL_BDC| \
DCERPC_SCHANNEL_DOMAIN| \
DCERPC_SCHANNEL_WORKSTATION)
+/* use a 128 bit session key */
+#define DCERPC_SCHANNEL_128 (1<<11)
#define DCERPC_AUTH_OPTIONS (DCERPC_SEAL|DCERPC_SIGN|DCERPC_SCHANNEL_ANY)
diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c
index f81429c1f3..22285bd56b 100644
--- a/source4/librpc/rpc/dcerpc_schannel.c
+++ b/source4/librpc/rpc/dcerpc_schannel.c
@@ -91,7 +91,13 @@ NTSTATUS dcerpc_schannel_key(struct dcerpc_pipe *p,
struct samr_Password mach_pwd;
struct creds_CredentialState creds;
const char *workgroup, *workstation;
- uint32_t negotiate_flags = NETLOGON_NEG_AUTH2_FLAGS;
+ uint32_t negotiate_flags;
+
+ if (p->flags & DCERPC_SCHANNEL_128) {
+ negotiate_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
+ } else {
+ negotiate_flags = NETLOGON_NEG_AUTH2_FLAGS;
+ }
workstation = username;
workgroup = domain;
diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c
index 8d30f16b06..712c2563a3 100644
--- a/source4/torture/rpc/schannel.c
+++ b/source4/torture/rpc/schannel.c
@@ -24,6 +24,9 @@
#define TEST_MACHINE_NAME "schanneltest"
+/*
+ do some samr ops using the schannel connection
+ */
static BOOL test_samr_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
{
NTSTATUS status;
@@ -48,7 +51,9 @@ static BOOL test_samr_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
return True;
}
-
+/*
+ test a schannel connection with the given flags
+ */
static BOOL test_schannel(TALLOC_CTX *mem_ctx,
uint16 acct_flags, uint32 dcerpc_flags,
uint32 schannel_type)
@@ -97,7 +102,9 @@ failed:
return False;
}
-
+/*
+ a schannel test suite
+ */
BOOL torture_rpc_schannel(int dummy)
{
TALLOC_CTX *mem_ctx;
@@ -107,10 +114,14 @@ BOOL torture_rpc_schannel(int dummy)
uint32 dcerpc_flags;
uint32 schannel_type;
} tests[] = {
- { ACB_WSTRUST, DCERPC_SCHANNEL_WORKSTATION | DCERPC_SIGN, 3 },
- { ACB_WSTRUST, DCERPC_SCHANNEL_WORKSTATION | DCERPC_SEAL, 3 },
- { ACB_SVRTRUST, DCERPC_SCHANNEL_BDC | DCERPC_SIGN, 3 },
- { ACB_SVRTRUST, DCERPC_SCHANNEL_BDC | DCERPC_SEAL, 3 }
+ { ACB_WSTRUST, DCERPC_SCHANNEL_WORKSTATION | DCERPC_SIGN, 3 },
+ { ACB_WSTRUST, DCERPC_SCHANNEL_WORKSTATION | DCERPC_SEAL, 3 },
+ { ACB_WSTRUST, DCERPC_SCHANNEL_WORKSTATION | DCERPC_SIGN | DCERPC_SCHANNEL_128, 3 },
+ { ACB_WSTRUST, DCERPC_SCHANNEL_WORKSTATION | DCERPC_SEAL | DCERPC_SCHANNEL_128, 3 },
+ { ACB_SVRTRUST, DCERPC_SCHANNEL_BDC | DCERPC_SIGN, 3 },
+ { ACB_SVRTRUST, DCERPC_SCHANNEL_BDC | DCERPC_SEAL, 3 },
+ { ACB_SVRTRUST, DCERPC_SCHANNEL_BDC | DCERPC_SIGN | DCERPC_SCHANNEL_128, 3 },
+ { ACB_SVRTRUST, DCERPC_SCHANNEL_BDC | DCERPC_SEAL | DCERPC_SCHANNEL_128, 3 }
};
int i;