svn commit: samba r3679 - in branches/SAMBA_4_0/source: libcli/auth
torture/rpc
abartlet at samba.org
abartlet at samba.org
Thu Nov 11 05:04:22 GMT 2004
Author: abartlet
Date: 2004-11-11 05:04:22 +0000 (Thu, 11 Nov 2004)
New Revision: 3679
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=3679
Log:
We now know a few more of the Netlogon negotiate flags.
Interestingly, all the interesting flags are a '4' (as hex digits in
the flag).
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/libcli/auth/credentials.h
branches/SAMBA_4_0/source/torture/rpc/samlogon.c
Changeset:
Modified: branches/SAMBA_4_0/source/libcli/auth/credentials.h
===================================================================
--- branches/SAMBA_4_0/source/libcli/auth/credentials.h 2004-11-11 05:02:51 UTC (rev 3678)
+++ branches/SAMBA_4_0/source/libcli/auth/credentials.h 2004-11-11 05:04:22 UTC (rev 3679)
@@ -30,16 +30,19 @@
};
-#define NETLOGON_NEG_128BIT 0x4000
-
/* for the timebeing, use the same neg flags as Samba3. */
/* The 7 here seems to be required to get Win2k not to downgrade us
to NT4. Actually, anything other than 1ff would seem to do... */
-#define NETLOGON_NEG_AUTH2_FLAGS 0x000701ff
+#define NETLOGON_NEG_AUTH2_FLAGS 0x000701ff
+
+#define NETLOGON_NEG_ARCFOUR 0x00000004
+#define NETLOGON_NEG_128BIT 0x00004000
+
+#define NETLOGON_NEG_SCHANNEL 0x40000000
+
/* these are the flags that ADS clients use */
-#define NETLOGON_NEG_AUTH2_ADS_FLAGS 0x600fffff
+#define NETLOGON_NEG_AUTH2_ADS_FLAGS (0x200fbffb | NETLOGON_NEG_ARCFOUR | NETLOGON_NEG_128BIT | NETLOGON_NEG_SCHANNEL)
-#define NETLOGON_NEG_SCHANNEL 0x40000000
Modified: branches/SAMBA_4_0/source/torture/rpc/samlogon.c
===================================================================
--- branches/SAMBA_4_0/source/torture/rpc/samlogon.c 2004-11-11 05:02:51 UTC (rev 3678)
+++ branches/SAMBA_4_0/source/torture/rpc/samlogon.c 2004-11-11 05:04:22 UTC (rev 3679)
@@ -206,7 +206,7 @@
if (lm_key) {
memcpy(lm_key, base->LMSessKey.key, 8);
}
- } else if (samlogon_state->creds->negotiate_flags) {
+ } else if (samlogon_state->creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
static const char zeros[16];
if (memcmp(base->key.key, zeros,
@@ -968,7 +968,7 @@
E_deshash(plain_pass, pinfo.lmpassword.hash);
E_md4hash(plain_pass, pinfo.ntpassword.hash);
- if (creds->negotiate_flags) {
+ if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
creds_arcfour_crypt(creds, pinfo.lmpassword.hash, 16);
creds_arcfour_crypt(creds, pinfo.ntpassword.hash, 16);
} else {
@@ -1022,7 +1022,6 @@
return False;
}
-
if (!test_SetupCredentials(p, mem_ctx,
TEST_MACHINE_NAME, machine_pass, &creds)) {
ret = False;
@@ -1041,37 +1040,63 @@
return False;
}
+ if (!test_InteractiveLogon(p, mem_ctx, &creds)) {
+ ret = False;
+ }
+
if (!test_SamLogon(p, mem_ctx, &creds)) {
ret = False;
}
+ if (!test_SetupCredentials2(p, mem_ctx, NETLOGON_NEG_ARCFOUR,
+ TEST_MACHINE_NAME, machine_pass, &creds)) {
+ return False;
+ }
+
if (!test_InteractiveLogon(p, mem_ctx, &creds)) {
ret = False;
}
- if (!test_SetupCredentials3(p, mem_ctx, NETLOGON_NEG_AUTH2_FLAGS,
+ if (!test_SamLogon(p, mem_ctx, &creds)) {
+ ret = False;
+ }
+
+ if (!test_SetupCredentials2(p, mem_ctx, NETLOGON_NEG_ARCFOUR | NETLOGON_NEG_128BIT,
TEST_MACHINE_NAME, machine_pass, &creds)) {
return False;
}
+ if (!test_InteractiveLogon(p, mem_ctx, &creds)) {
+ ret = False;
+ }
+
if (!test_SamLogon(p, mem_ctx, &creds)) {
ret = False;
}
+ if (!test_SetupCredentials3(p, mem_ctx, NETLOGON_NEG_AUTH2_FLAGS,
+ TEST_MACHINE_NAME, machine_pass, &creds)) {
+ return False;
+ }
+
if (!test_InteractiveLogon(p, mem_ctx, &creds)) {
ret = False;
}
+ if (!test_SamLogon(p, mem_ctx, &creds)) {
+ ret = False;
+ }
+
if (!test_SetupCredentials3(p, mem_ctx, NETLOGON_NEG_AUTH2_ADS_FLAGS,
TEST_MACHINE_NAME, machine_pass, &creds)) {
return False;
}
- if (!test_SamLogon(p, mem_ctx, &creds)) {
+ if (!test_InteractiveLogon(p, mem_ctx, &creds)) {
ret = False;
}
- if (!test_InteractiveLogon(p, mem_ctx, &creds)) {
+ if (!test_SamLogon(p, mem_ctx, &creds)) {
ret = False;
}
More information about the samba-cvs
mailing list