r3679: We now know a few more of the Netlogon negotiate flags.

Interestingly, all the interesting flags are a '4' (as hex digits in
the flag).

Andrew Bartlett
(This used to be commit 295e09fa3ea2cae48da1e934c1ec180e5678f0c9)

2 files changed, 39 insertions, 11 deletions

diff --git a/source4/libcli/auth/credentials.h b/source4/libcli/auth/credentials.h
index de0e086278..a6e119e1ad 100644
--- a/source4/libcli/auth/credentials.h
+++ b/source4/libcli/auth/credentials.h
@@ -30,16 +30,19 @@ struct creds_CredentialState {
 };
 
 
-#define NETLOGON_NEG_128BIT 0x4000
-
 
 /* for the timebeing, use the same neg flags as Samba3. */
 /* The 7 here seems to be required to get Win2k not to downgrade us
    to NT4.  Actually, anything other than 1ff would seem to do... */
-#define NETLOGON_NEG_AUTH2_FLAGS 0x000701ff
+#define NETLOGON_NEG_AUTH2_FLAGS     0x000701ff
+
+
+#define NETLOGON_NEG_ARCFOUR         0x00000004
+#define NETLOGON_NEG_128BIT          0x00004000
+
+#define NETLOGON_NEG_SCHANNEL        0x40000000
 
 /* these are the flags that ADS clients use */
-#define NETLOGON_NEG_AUTH2_ADS_FLAGS 0x600fffff
+#define NETLOGON_NEG_AUTH2_ADS_FLAGS (0x200fbffb | NETLOGON_NEG_ARCFOUR | NETLOGON_NEG_128BIT | NETLOGON_NEG_SCHANNEL)
 
-#define NETLOGON_NEG_SCHANNEL    0x40000000
 
diff --git a/source4/torture/rpc/samlogon.c b/source4/torture/rpc/samlogon.c
index 470d1d9b60..6f58af3134 100644
--- a/source4/torture/rpc/samlogon.c
+++ b/source4/torture/rpc/samlogon.c
@@ -206,7 +206,7 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state,
 		if (lm_key) {
 			memcpy(lm_key, base->LMSessKey.key, 8);
 		}
-	} else if (samlogon_state->creds->negotiate_flags) {
+	} else if (samlogon_state->creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
 		static const char zeros[16];
 			
 		if (memcmp(base->key.key, zeros,  
@@ -968,7 +968,7 @@ static BOOL test_InteractiveLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 	E_deshash(plain_pass, pinfo.lmpassword.hash);
 	E_md4hash(plain_pass, pinfo.ntpassword.hash);
 
-	if (creds->negotiate_flags) {
+	if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
 		creds_arcfour_crypt(creds, pinfo.lmpassword.hash, 16);
 		creds_arcfour_crypt(creds, pinfo.ntpassword.hash, 16);
 	} else {
@@ -1022,7 +1022,6 @@ BOOL torture_rpc_samlogon(void)
 		return False;
 	}
 
-
 	if (!test_SetupCredentials(p, mem_ctx, 
 				    TEST_MACHINE_NAME, machine_pass, &creds)) {
 		ret = False;
@@ -1041,37 +1040,63 @@ BOOL torture_rpc_samlogon(void)
 		return False;
 	}
 
+	if (!test_InteractiveLogon(p, mem_ctx, &creds)) {
+		ret = False;
+	}
+
 	if (!test_SamLogon(p, mem_ctx, &creds)) {
 		ret = False;
 	}
 
+	if (!test_SetupCredentials2(p, mem_ctx, NETLOGON_NEG_ARCFOUR,
+				    TEST_MACHINE_NAME, machine_pass, &creds)) {
+		return False;
+	}
+
 	if (!test_InteractiveLogon(p, mem_ctx, &creds)) {
 		ret = False;
 	}
 
-	if (!test_SetupCredentials3(p, mem_ctx, NETLOGON_NEG_AUTH2_FLAGS,
+	if (!test_SamLogon(p, mem_ctx, &creds)) {
+		ret = False;
+	}
+
+	if (!test_SetupCredentials2(p, mem_ctx, NETLOGON_NEG_ARCFOUR | NETLOGON_NEG_128BIT,
 				    TEST_MACHINE_NAME, machine_pass, &creds)) {
 		return False;
 	}
 
+	if (!test_InteractiveLogon(p, mem_ctx, &creds)) {
+		ret = False;
+	}
+
 	if (!test_SamLogon(p, mem_ctx, &creds)) {
 		ret = False;
 	}
 
+	if (!test_SetupCredentials3(p, mem_ctx, NETLOGON_NEG_AUTH2_FLAGS,
+				    TEST_MACHINE_NAME, machine_pass, &creds)) {
+		return False;
+	}
+
 	if (!test_InteractiveLogon(p, mem_ctx, &creds)) {
 		ret = False;
 	}
 
+	if (!test_SamLogon(p, mem_ctx, &creds)) {
+		ret = False;
+	}
+
 	if (!test_SetupCredentials3(p, mem_ctx, NETLOGON_NEG_AUTH2_ADS_FLAGS,
 				    TEST_MACHINE_NAME, machine_pass, &creds)) {
 		return False;
 	}
 
-	if (!test_SamLogon(p, mem_ctx, &creds)) {
+	if (!test_InteractiveLogon(p, mem_ctx, &creds)) {
 		ret = False;
 	}
 
-	if (!test_InteractiveLogon(p, mem_ctx, &creds)) {
+	if (!test_SamLogon(p, mem_ctx, &creds)) {
 		ret = False;
 	}