summaryrefslogtreecommitdiff
path: root/source3/include
diff options
context:
space:
mode:
authorVolker Lendecke <vlendec@samba.org>2003-04-04 15:21:04 +0000
committerVolker Lendecke <vlendec@samba.org>2003-04-04 15:21:04 +0000
commit02bb4e1b8ae931d9eefa2fbd4a6f5456aca99b2b (patch)
tree099bc90dbf63fd218f7f6d45cf88223b172c0c34 /source3/include
parentd9613a1a3c37dca9f695b1361a0fd5d2b3f503cd (diff)
downloadsamba-02bb4e1b8ae931d9eefa2fbd4a6f5456aca99b2b.tar.gz
samba-02bb4e1b8ae931d9eefa2fbd4a6f5456aca99b2b.tar.bz2
samba-02bb4e1b8ae931d9eefa2fbd4a6f5456aca99b2b.zip
This is a merge of the NETLOGON schannel server code from Samba
TNG. Actually, it exists in the main Samba cvs tree in APPLIANCE_TNG as I found out later :-) It adds a new parameter: server schannel = yes/auto/no defaulting to auto. What does this mean to the user: No requireSignOrSeal registry patch for XP anymore. Many thanks for this code to Luke Leighton, Elrond and anybody else I forgot to mention. My next thing will be to see if this applies cleanly to 3_0. Please test and comment! Volker (This used to be commit e1f953241eb020f19fe657f29afdae28dcf5a03b)
Diffstat (limited to 'source3/include')
-rw-r--r--source3/include/ntdomain.h7
-rw-r--r--source3/include/rpc_dce.h39
2 files changed, 44 insertions, 2 deletions
diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h
index cf5bb5046c..d02195b378 100644
--- a/source3/include/ntdomain.h
+++ b/source3/include/ntdomain.h
@@ -192,6 +192,13 @@ typedef struct pipes_struct
uint32 ntlmssp_seq_num;
struct dcinfo dc; /* Keeps the creds data. */
+ /* Hmm. In my understanding the authentication happens
+ implicitly later, so there are no two stages for
+ schannel. */
+
+ BOOL netsec_auth_validated;
+ struct netsec_auth_struct netsec_auth;
+
/*
* Windows user info.
*/
diff --git a/source3/include/rpc_dce.h b/source3/include/rpc_dce.h
index 6a8c650650..7e8bc3949e 100644
--- a/source3/include/rpc_dce.h
+++ b/source3/include/rpc_dce.h
@@ -55,6 +55,13 @@ enum RPC_PKT_TYPE
#define NTLMSSP_AUTH_TYPE 0xa
#define NTLMSSP_AUTH_LEVEL 0x6
+/* Netlogon schannel auth type and level */
+#define NETSEC_AUTH_TYPE 0x44
+#define NETSEC_AUTH_LEVEL 0x6
+#define NETSEC_SIGNATURE { 0x77, 0x00, 0x7a, 0x00, 0xff, 0xff, 0x00, 0x00 }
+#define RPC_AUTH_NETSEC_CHK_LEN 0x20
+#define NETLOGON_NEG_SCHANNEL 0x40000000
+
/* Maximum PDU fragment size. */
#define MAX_PDU_FRAG_LEN 0x1630
/* #define MAX_PDU_FRAG_LEN 0x10b8 this is what w2k sets */
@@ -199,6 +206,34 @@ typedef struct rpc_hdr_auth_info
#define RPC_HDR_AUTH_LEN 8
+/* this is TEMPORARILY coded up as a specific structure */
+/* this structure comes after the bind request */
+/* RPC_AUTH_NETSEC_NEG */
+typedef struct rpc_auth_netsec_neg_info
+{
+ uint32 unknown1;
+ uint32 unknown2;
+ fstring domain; /* calling workstations's domain */
+ fstring myname; /* calling workstation's name */
+} RPC_AUTH_NETSEC_NEG;
+
+/* attached to the end of encrypted rpc requests and responses */
+/* RPC_AUTH_NETSEC_CHK */
+typedef struct rpc_auth_netsec_chk_info
+{
+ uint8 sig [8]; /* 77 00 7a 00 ff ff 00 00 */
+ uint8 data1[8];
+ uint8 data3[8]; /* verifier, seq num */
+ uint8 data8[8]; /* random 8-byte nonce */
+} RPC_AUTH_NETSEC_CHK;
+
+struct netsec_auth_struct
+{
+ RPC_AUTH_NETSEC_NEG netsec_neg;
+ uchar sess_key[16];
+ uint32 seq_num;
+};
+
/* RPC_BIND_REQ - ms req bind */
typedef struct rpc_bind_req_info
{
@@ -248,8 +283,8 @@ typedef struct rpc_hdr_ba_info
/* RPC_AUTH_VERIFIER */
typedef struct rpc_auth_verif_info
{
- fstring signature; /* "NTLMSSP" */
- uint32 msg_type; /* NTLMSSP_MESSAGE_TYPE (1,2,3) */
+ fstring signature; /* "NTLMSSP".. Ok, not quite anymore */
+ uint32 msg_type; /* NTLMSSP_MESSAGE_TYPE (1,2,3) and 5 for schannel */
} RPC_AUTH_VERIFIER;