diff options
| -rw-r--r-- | source4/librpc/rpc/dcerpc.h | 2 | ||||
| -rw-r--r-- | source4/librpc/rpc/dcerpc_schannel.c | 8 | ||||
| -rw-r--r-- | source4/torture/rpc/schannel.c | 23 |
3 files changed, 26 insertions, 7 deletions
diff --git a/source4/librpc/rpc/dcerpc.h b/source4/librpc/rpc/dcerpc.h index d81f0ab965..7bd6f98118 100644 --- a/source4/librpc/rpc/dcerpc.h +++ b/source4/librpc/rpc/dcerpc.h @@ -91,6 +91,8 @@ struct dcerpc_pipe { #define DCERPC_SCHANNEL_ANY (DCERPC_SCHANNEL_BDC| \ DCERPC_SCHANNEL_DOMAIN| \ DCERPC_SCHANNEL_WORKSTATION) +/* use a 128 bit session key */ +#define DCERPC_SCHANNEL_128 (1<<11) #define DCERPC_AUTH_OPTIONS (DCERPC_SEAL|DCERPC_SIGN|DCERPC_SCHANNEL_ANY) diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c index f81429c1f3..22285bd56b 100644 --- a/source4/librpc/rpc/dcerpc_schannel.c +++ b/source4/librpc/rpc/dcerpc_schannel.c @@ -91,7 +91,13 @@ NTSTATUS dcerpc_schannel_key(struct dcerpc_pipe *p, struct samr_Password mach_pwd; struct creds_CredentialState creds; const char *workgroup, *workstation; - uint32_t negotiate_flags = NETLOGON_NEG_AUTH2_FLAGS; + uint32_t negotiate_flags; + + if (p->flags & DCERPC_SCHANNEL_128) { + negotiate_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; + } else { + negotiate_flags = NETLOGON_NEG_AUTH2_FLAGS; + } workstation = username; workgroup = domain; diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c index 8d30f16b06..712c2563a3 100644 --- a/source4/torture/rpc/schannel.c +++ b/source4/torture/rpc/schannel.c @@ -24,6 +24,9 @@ #define TEST_MACHINE_NAME "schanneltest" +/* + do some samr ops using the schannel connection + */ static BOOL test_samr_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) { NTSTATUS status; @@ -48,7 +51,9 @@ static BOOL test_samr_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) return True; } - +/* + test a schannel connection with the given flags + */ static BOOL test_schannel(TALLOC_CTX *mem_ctx, uint16 acct_flags, uint32 dcerpc_flags, uint32 schannel_type) @@ -97,7 +102,9 @@ failed: return False; } - +/* + a schannel test suite + */ BOOL torture_rpc_schannel(int dummy) { TALLOC_CTX *mem_ctx; @@ -107,10 +114,14 @@ BOOL torture_rpc_schannel(int dummy) uint32 dcerpc_flags; uint32 schannel_type; } tests[] = { - { ACB_WSTRUST, DCERPC_SCHANNEL_WORKSTATION | DCERPC_SIGN, 3 }, - { ACB_WSTRUST, DCERPC_SCHANNEL_WORKSTATION | DCERPC_SEAL, 3 }, - { ACB_SVRTRUST, DCERPC_SCHANNEL_BDC | DCERPC_SIGN, 3 }, - { ACB_SVRTRUST, DCERPC_SCHANNEL_BDC | DCERPC_SEAL, 3 } + { ACB_WSTRUST, DCERPC_SCHANNEL_WORKSTATION | DCERPC_SIGN, 3 }, + { ACB_WSTRUST, DCERPC_SCHANNEL_WORKSTATION | DCERPC_SEAL, 3 }, + { ACB_WSTRUST, DCERPC_SCHANNEL_WORKSTATION | DCERPC_SIGN | DCERPC_SCHANNEL_128, 3 }, + { ACB_WSTRUST, DCERPC_SCHANNEL_WORKSTATION | DCERPC_SEAL | DCERPC_SCHANNEL_128, 3 }, + { ACB_SVRTRUST, DCERPC_SCHANNEL_BDC | DCERPC_SIGN, 3 }, + { ACB_SVRTRUST, DCERPC_SCHANNEL_BDC | DCERPC_SEAL, 3 }, + { ACB_SVRTRUST, DCERPC_SCHANNEL_BDC | DCERPC_SIGN | DCERPC_SCHANNEL_128, 3 }, + { ACB_SVRTRUST, DCERPC_SCHANNEL_BDC | DCERPC_SEAL | DCERPC_SCHANNEL_128, 3 } }; int i; |