summaryrefslogtreecommitdiff
path: root/libcli/auth
diff options
context:
space:
mode:
Diffstat (limited to 'libcli/auth')
-rw-r--r--libcli/auth/credentials.h43
-rw-r--r--libcli/auth/libcli_auth.h3
-rw-r--r--libcli/auth/ntlm_check.c1
3 files changed, 44 insertions, 3 deletions
diff --git a/libcli/auth/credentials.h b/libcli/auth/credentials.h
index 4e11cb090f..a3dd363064 100644
--- a/libcli/auth/credentials.h
+++ b/libcli/auth/credentials.h
@@ -35,12 +35,51 @@ struct creds_CredentialState {
struct dom_sid *sid;
};
-/* for the timebeing, use the same neg flags as Samba3. */
/* The 7 here seems to be required to get Win2k not to downgrade us
to NT4. Actually, anything other than 1ff would seem to do... */
-#define NETLOGON_NEG_AUTH2_FLAGS 0x000701ff
+#define NETLOGON_NEG_AUTH2_FLAGS 0x000701ff
+/*
+ (NETLOGON_NEG_ACCOUNT_LOCKOUT |
+ NETLOGON_NEG_PERSISTENT_SAMREPL |
+ NETLOGON_NEG_ARCFOUR |
+ NETLOGON_NEG_PROMOTION_COUNT |
+ NETLOGON_NEG_CHANGELOG_BDC |
+ NETLOGON_NEG_FULL_SYNC_REPL |
+ NETLOGON_NEG_MULTIPLE_SIDS |
+ NETLOGON_NEG_REDO |
+ NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL |
+ NETLOGON_NEG_DNS_DOMAIN_TRUSTS |
+ NETLOGON_NEG_PASSWORD_SET2 |
+ NETLOGON_NEG_GETDOMAININFO)
+*/
+#define NETLOGON_NEG_DOMAIN_TRUST_ACCOUNT 0x2010b000
/* these are the flags that ADS clients use */
+/*
+ (NETLOGON_NEG_ACCOUNT_LOCKOUT |
+ NETLOGON_NEG_PERSISTENT_SAMREPL |
+ NETLOGON_NEG_ARCFOUR |
+ NETLOGON_NEG_PROMOTION_COUNT |
+ NETLOGON_NEG_CHANGELOG_BDC |
+ NETLOGON_NEG_FULL_SYNC_REPL |
+ NETLOGON_NEG_MULTIPLE_SIDS |
+ NETLOGON_NEG_REDO |
+ NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL |
+ NETLOGON_NEG_SEND_PASSWORD_INFO_PDC |
+ NETLOGON_NEG_GENERIC_PASSTHROUGH |
+ NETLOGON_NEG_CONCURRENT_RPC |
+ NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL |
+ NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL |
+ NETLOGON_NEG_128BIT |
+ NETLOGON_NEG_TRANSITIVE_TRUSTS |
+ NETLOGON_NEG_DNS_DOMAIN_TRUSTS |
+ NETLOGON_NEG_PASSWORD_SET2 |
+ NETLOGON_NEG_GETDOMAININFO |
+ NETLOGON_NEG_CROSS_FOREST_TRUSTS |
+ NETLOGON_NEG_AUTHENTICATED_RPC_LSASS |
+ NETLOGON_NEG_SCHANNEL)
+*/
+
#define NETLOGON_NEG_AUTH2_ADS_FLAGS (0x200fbffb | NETLOGON_NEG_ARCFOUR | NETLOGON_NEG_128BIT | NETLOGON_NEG_SCHANNEL)
diff --git a/libcli/auth/libcli_auth.h b/libcli/auth/libcli_auth.h
index ec1c1e7d98..f278ee539e 100644
--- a/libcli/auth/libcli_auth.h
+++ b/libcli/auth/libcli_auth.h
@@ -18,7 +18,10 @@
#define __LIBCLI_AUTH_H__
#include "librpc/gen_ndr/netlogon.h"
+#include "librpc/gen_ndr/wkssvc.h"
#include "libcli/auth/credentials.h"
+#include "libcli/auth/ntlm_check.h"
#include "libcli/auth/proto.h"
+#include "libcli/auth/msrpc_parse.h"
#endif /* __LIBCLI_AUTH_H__ */
diff --git a/libcli/auth/ntlm_check.c b/libcli/auth/ntlm_check.c
index 0805b1b043..5ad03cfe12 100644
--- a/libcli/auth/ntlm_check.c
+++ b/libcli/auth/ntlm_check.c
@@ -23,7 +23,6 @@
#include "../lib/crypto/crypto.h"
#include "librpc/gen_ndr/netlogon.h"
#include "libcli/auth/libcli_auth.h"
-#include "auth/ntlm/ntlm_check.h"
/****************************************************************************
Core of smb password checking routine.