/* handle upgrades or downgrades automatically */
#define DCERPC_SCHANNEL_AUTO (1<<23)
+/* use aes schannel with hmac-sh256 session key */
+#define DCERPC_SCHANNEL_AES (1<<24)
+
/* The following definitions come from ../librpc/rpc/dcerpc_error.c */
const char *dcerpc_errstr(TALLOC_CTX *mem_ctx, uint32_t fault_code);
}
s->dcerpc_schannel_auto = false;
- if (lf & NETLOGON_NEG_STRONG_KEYS) {
+ if (lf & NETLOGON_NEG_SUPPORTS_AES) {
+ ln = "aes";
+ if (rf & NETLOGON_NEG_SUPPORTS_AES) {
+ composite_error(c, s->a.out.result);
+ return;
+ }
+ } else if (lf & NETLOGON_NEG_STRONG_KEYS) {
ln = "strong";
if (rf & NETLOGON_NEG_STRONG_KEYS) {
composite_error(c, s->a.out.result);
ln = "des";
}
- if (rf & NETLOGON_NEG_STRONG_KEYS) {
+ if (rf & NETLOGON_NEG_SUPPORTS_AES) {
+ rn = "aes";
+ } else if (rf & NETLOGON_NEG_STRONG_KEYS) {
rn = "strong";
} else {
rn = "des";
if (s->pipe->conn->flags & DCERPC_SCHANNEL_128) {
s->local_negotiate_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
}
+ if (s->pipe->conn->flags & DCERPC_SCHANNEL_AES) {
+ s->local_negotiate_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
+ s->local_negotiate_flags |= NETLOGON_NEG_SUPPORTS_AES;
+ }
if (s->pipe->conn->flags & DCERPC_SCHANNEL_AUTO) {
s->local_negotiate_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
+ s->local_negotiate_flags |= NETLOGON_NEG_SUPPORTS_AES;
s->dcerpc_schannel_auto = true;
}