From 189783e5b9dabdb12fdff0381f8145aea57b5be6 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 11 Nov 2004 05:04:22 +0000 Subject: r3679: We now know a few more of the Netlogon negotiate flags. Interestingly, all the interesting flags are a '4' (as hex digits in the flag). Andrew Bartlett (This used to be commit 295e09fa3ea2cae48da1e934c1ec180e5678f0c9) --- source4/libcli/auth/credentials.h | 13 ++++++++----- source4/torture/rpc/samlogon.c | 37 +++++++++++++++++++++++++++++++------ 2 files changed, 39 insertions(+), 11 deletions(-) (limited to 'source4') diff --git a/source4/libcli/auth/credentials.h b/source4/libcli/auth/credentials.h index de0e086278..a6e119e1ad 100644 --- a/source4/libcli/auth/credentials.h +++ b/source4/libcli/auth/credentials.h @@ -30,16 +30,19 @@ struct creds_CredentialState { }; -#define NETLOGON_NEG_128BIT 0x4000 - /* for the timebeing, use the same neg flags as Samba3. */ /* The 7 here seems to be required to get Win2k not to downgrade us to NT4. Actually, anything other than 1ff would seem to do... */ -#define NETLOGON_NEG_AUTH2_FLAGS 0x000701ff +#define NETLOGON_NEG_AUTH2_FLAGS 0x000701ff + + +#define NETLOGON_NEG_ARCFOUR 0x00000004 +#define NETLOGON_NEG_128BIT 0x00004000 + +#define NETLOGON_NEG_SCHANNEL 0x40000000 /* these are the flags that ADS clients use */ -#define NETLOGON_NEG_AUTH2_ADS_FLAGS 0x600fffff +#define NETLOGON_NEG_AUTH2_ADS_FLAGS (0x200fbffb | NETLOGON_NEG_ARCFOUR | NETLOGON_NEG_128BIT | NETLOGON_NEG_SCHANNEL) -#define NETLOGON_NEG_SCHANNEL 0x40000000 diff --git a/source4/torture/rpc/samlogon.c b/source4/torture/rpc/samlogon.c index 470d1d9b60..6f58af3134 100644 --- a/source4/torture/rpc/samlogon.c +++ b/source4/torture/rpc/samlogon.c @@ -206,7 +206,7 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state, if (lm_key) { memcpy(lm_key, base->LMSessKey.key, 8); } - } else if (samlogon_state->creds->negotiate_flags) { + } else if (samlogon_state->creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) { static const char zeros[16]; if (memcmp(base->key.key, zeros, @@ -968,7 +968,7 @@ static BOOL test_InteractiveLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, E_deshash(plain_pass, pinfo.lmpassword.hash); E_md4hash(plain_pass, pinfo.ntpassword.hash); - if (creds->negotiate_flags) { + if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) { creds_arcfour_crypt(creds, pinfo.lmpassword.hash, 16); creds_arcfour_crypt(creds, pinfo.ntpassword.hash, 16); } else { @@ -1022,7 +1022,6 @@ BOOL torture_rpc_samlogon(void) return False; } - if (!test_SetupCredentials(p, mem_ctx, TEST_MACHINE_NAME, machine_pass, &creds)) { ret = False; @@ -1041,37 +1040,63 @@ BOOL torture_rpc_samlogon(void) return False; } + if (!test_InteractiveLogon(p, mem_ctx, &creds)) { + ret = False; + } + if (!test_SamLogon(p, mem_ctx, &creds)) { ret = False; } + if (!test_SetupCredentials2(p, mem_ctx, NETLOGON_NEG_ARCFOUR, + TEST_MACHINE_NAME, machine_pass, &creds)) { + return False; + } + if (!test_InteractiveLogon(p, mem_ctx, &creds)) { ret = False; } - if (!test_SetupCredentials3(p, mem_ctx, NETLOGON_NEG_AUTH2_FLAGS, + if (!test_SamLogon(p, mem_ctx, &creds)) { + ret = False; + } + + if (!test_SetupCredentials2(p, mem_ctx, NETLOGON_NEG_ARCFOUR | NETLOGON_NEG_128BIT, TEST_MACHINE_NAME, machine_pass, &creds)) { return False; } + if (!test_InteractiveLogon(p, mem_ctx, &creds)) { + ret = False; + } + if (!test_SamLogon(p, mem_ctx, &creds)) { ret = False; } + if (!test_SetupCredentials3(p, mem_ctx, NETLOGON_NEG_AUTH2_FLAGS, + TEST_MACHINE_NAME, machine_pass, &creds)) { + return False; + } + if (!test_InteractiveLogon(p, mem_ctx, &creds)) { ret = False; } + if (!test_SamLogon(p, mem_ctx, &creds)) { + ret = False; + } + if (!test_SetupCredentials3(p, mem_ctx, NETLOGON_NEG_AUTH2_ADS_FLAGS, TEST_MACHINE_NAME, machine_pass, &creds)) { return False; } - if (!test_SamLogon(p, mem_ctx, &creds)) { + if (!test_InteractiveLogon(p, mem_ctx, &creds)) { ret = False; } - if (!test_InteractiveLogon(p, mem_ctx, &creds)) { + if (!test_SamLogon(p, mem_ctx, &creds)) { ret = False; } -- cgit