[PATCH] Return a correct value for Supported Encryption Type
Matthieu Patou
mat at matws.net
Tue Sep 8 02:21:09 MDT 2009
Vista and upper version use this value to check wether they should ask the DC
to change the msDS-SupportedEncryptionTypes attribute or not.
Declare the different value as a bitmap in Netlogon idl.
---
librpc/gen_ndr/ndr_netlogon.c | 32 ++++++++++++++++++++++--
librpc/gen_ndr/ndr_netlogon.h | 3 ++
librpc/gen_ndr/netlogon.h | 7 +++++
librpc/idl/netlogon.idl | 10 +++++++-
source4/rpc_server/netlogon/dcerpc_netlogon.c | 7 ++++-
5 files changed, 54 insertions(+), 5 deletions(-)
diff --git a/librpc/gen_ndr/ndr_netlogon.c b/librpc/gen_ndr/ndr_netlogon.c
index 7337d26..daba526 100644
--- a/librpc/gen_ndr/ndr_netlogon.c
+++ b/librpc/gen_ndr/ndr_netlogon.c
@@ -8141,6 +8141,32 @@ _PUBLIC_ void ndr_print_netr_OneDomainInfo(struct ndr_print *ndr, const char *na
ndr->depth--;
}
+_PUBLIC_ enum ndr_err_code ndr_push_netr_SupportedEncTypes(struct ndr_push *ndr, int ndr_flags, uint32_t r)
+{
+ NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r));
+ return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_netr_SupportedEncTypes(struct ndr_pull *ndr, int ndr_flags, uint32_t *r)
+{
+ uint32_t v;
+ NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v));
+ *r = v;
+ return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_netr_SupportedEncTypes(struct ndr_print *ndr, const char *name, uint32_t r)
+{
+ ndr_print_uint32(ndr, name, r);
+ ndr->depth++;
+ ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ENC_CRC32", ENC_CRC32, r);
+ ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ENC_RSA_MD5", ENC_RSA_MD5, r);
+ ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ENC_RC4_HMAC_MD5", ENC_RC4_HMAC_MD5, r);
+ ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ENC_HMAC_SHA1_96_AES128", ENC_HMAC_SHA1_96_AES128, r);
+ ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ENC_HMAC_SHA1_96_AES256", ENC_HMAC_SHA1_96_AES256, r);
+ ndr->depth--;
+}
+
static enum ndr_err_code ndr_push_netr_DomainInformation(struct ndr_push *ndr, int ndr_flags, const struct netr_DomainInformation *r)
{
uint32_t cntr_trusted_domains_1;
@@ -8155,7 +8181,7 @@ static enum ndr_err_code ndr_push_netr_DomainInformation(struct ndr_push *ndr, i
NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->dummy_string3));
NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->dummy_string4));
NDR_CHECK(ndr_push_netr_WorkstationFlags(ndr, NDR_SCALARS, r->workstation_flags));
- NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->supported_enc_types));
+ NDR_CHECK(ndr_push_netr_SupportedEncTypes(ndr, NDR_SCALARS, r->supported_enc_types));
NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->dummy_long3));
NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->dummy_long4));
}
@@ -8201,7 +8227,7 @@ static enum ndr_err_code ndr_pull_netr_DomainInformation(struct ndr_pull *ndr, i
NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->dummy_string3));
NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->dummy_string4));
NDR_CHECK(ndr_pull_netr_WorkstationFlags(ndr, NDR_SCALARS, &r->workstation_flags));
- NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->supported_enc_types));
+ NDR_CHECK(ndr_pull_netr_SupportedEncTypes(ndr, NDR_SCALARS, &r->supported_enc_types));
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->dummy_long3));
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->dummy_long4));
}
@@ -8263,7 +8289,7 @@ _PUBLIC_ void ndr_print_netr_DomainInformation(struct ndr_print *ndr, const char
ndr_print_lsa_String(ndr, "dummy_string3", &r->dummy_string3);
ndr_print_lsa_String(ndr, "dummy_string4", &r->dummy_string4);
ndr_print_netr_WorkstationFlags(ndr, "workstation_flags", r->workstation_flags);
- ndr_print_uint32(ndr, "supported_enc_types", r->supported_enc_types);
+ ndr_print_netr_SupportedEncTypes(ndr, "supported_enc_types", r->supported_enc_types);
ndr_print_uint32(ndr, "dummy_long3", r->dummy_long3);
ndr_print_uint32(ndr, "dummy_long4", r->dummy_long4);
ndr->depth--;
diff --git a/librpc/gen_ndr/ndr_netlogon.h b/librpc/gen_ndr/ndr_netlogon.h
index 63e9c71..7b6f9a1 100644
--- a/librpc/gen_ndr/ndr_netlogon.h
+++ b/librpc/gen_ndr/ndr_netlogon.h
@@ -222,6 +222,9 @@ void ndr_print_netr_WorkstationInfo(struct ndr_print *ndr, const char *name, con
void ndr_print_netr_trust_extension(struct ndr_print *ndr, const char *name, const struct netr_trust_extension *r);
void ndr_print_netr_trust_extension_container(struct ndr_print *ndr, const char *name, const struct netr_trust_extension_container *r);
void ndr_print_netr_OneDomainInfo(struct ndr_print *ndr, const char *name, const struct netr_OneDomainInfo *r);
+enum ndr_err_code ndr_push_netr_SupportedEncTypes(struct ndr_push *ndr, int ndr_flags, uint32_t r);
+enum ndr_err_code ndr_pull_netr_SupportedEncTypes(struct ndr_pull *ndr, int ndr_flags, uint32_t *r);
+void ndr_print_netr_SupportedEncTypes(struct ndr_print *ndr, const char *name, uint32_t r);
void ndr_print_netr_DomainInformation(struct ndr_print *ndr, const char *name, const struct netr_DomainInformation *r);
void ndr_print_netr_DomainInfo(struct ndr_print *ndr, const char *name, const union netr_DomainInfo *r);
void ndr_print_netr_CryptPassword(struct ndr_print *ndr, const char *name, const struct netr_CryptPassword *r);
diff --git a/librpc/gen_ndr/netlogon.h b/librpc/gen_ndr/netlogon.h
index 931222f..0a314e1 100644
--- a/librpc/gen_ndr/netlogon.h
+++ b/librpc/gen_ndr/netlogon.h
@@ -1006,6 +1006,13 @@ struct netr_OneDomainInfo {
uint32_t dummy_long4;
};
+/* bitmap netr_SupportedEncTypes */
+#define ENC_CRC32 ( 0x00000001 )
+#define ENC_RSA_MD5 ( 0x00000002 )
+#define ENC_RC4_HMAC_MD5 ( 0x00000004 )
+#define ENC_HMAC_SHA1_96_AES128 ( 0x00000008 )
+#define ENC_HMAC_SHA1_96_AES256 ( 0x00000010 )
+
struct netr_DomainInformation {
struct netr_OneDomainInfo primary_domain;
uint32_t trusted_domain_count;
diff --git a/librpc/idl/netlogon.idl b/librpc/idl/netlogon.idl
index 736a0fd..34081e2 100644
--- a/librpc/idl/netlogon.idl
+++ b/librpc/idl/netlogon.idl
@@ -1372,6 +1372,14 @@ interface netlogon
uint32 dummy_long4;
} netr_OneDomainInfo;
+ typedef [public,bitmap32bit] bitmap {
+ ENC_CRC32 = 0x00000001,
+ ENC_RSA_MD5 = 0x00000002,
+ ENC_RC4_HMAC_MD5 = 0x00000004,
+ ENC_HMAC_SHA1_96_AES128 = 0x00000008,
+ ENC_HMAC_SHA1_96_AES256 = 0x00000010
+ } netr_SupportedEncTypes;
+
typedef struct {
netr_OneDomainInfo primary_domain;
uint32 trusted_domain_count;
@@ -1382,7 +1390,7 @@ interface netlogon
lsa_String dummy_string3;
lsa_String dummy_string4;
netr_WorkstationFlags workstation_flags;
- uint32 supported_enc_types;
+ netr_SupportedEncTypes supported_enc_types;
uint32 dummy_long3;
uint32 dummy_long4;
} netr_DomainInformation;
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index d597ca6..e349df0 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -1130,6 +1130,8 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal
struct netr_LsaPolicyInformation *lsa_policy_info;
struct netr_OsVersionInfoEx *os_version;
int ret1, ret2, i;
+ uint32_t client_supported_enc;
+ uint32_t default_supported_enc = ENC_CRC32|ENC_RSA_MD5|ENC_RC4_HMAC_MD5;
NTSTATUS status;
status = dcesrv_netr_creds_server_step_check(dce_call,
@@ -1176,6 +1178,9 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal
"dNSHostName",
NULL);
+ client_supported_enc = samdb_search_int64(sam_ctx, mem_ctx, default_supported_enc,
+ workstation_dn, "msDS-SupportedEncryptionTypes",
+ NULL);
/* Gets host informations and put them in our directory */
new_msg = ldb_msg_new(mem_ctx);
NT_STATUS_HAVE_NO_MEMORY(new_msg);
@@ -1321,7 +1326,7 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal
domain_info->dns_hostname.string = old_dns_hostname;
domain_info->workstation_flags =
r->in.query->workstation_info->workstation_flags;
- domain_info->supported_enc_types = 0; /* w2008 gives this 0 */
+ domain_info->supported_enc_types = client_supported_enc;
r->out.info->domain_info = domain_info;
break;
--
1.6.0.4
--------------010505060105090302050505--
More information about the samba-technical
mailing list