s4:librpc/rpc: add DCERPC_SCHANNEL_AES support

author Stefan Metzmacher <metze@samba.org>

Fri, 23 Dec 2011 14:20:26 +0000 (15:20 +0100)

committer Andreas Schneider <asn@samba.org>

Tue, 17 Jul 2012 08:58:39 +0000 (10:58 +0200)
author Stefan Metzmacher <metze@samba.org>
Fri, 23 Dec 2011 14:20:26 +0000 (15:20 +0100)
committer Andreas Schneider <asn@samba.org>
Tue, 17 Jul 2012 08:58:39 +0000 (10:58 +0200)
diff --git a/librpc/rpc/rpc_common.h b/librpc/rpc/rpc_common.h

index a28835fa6347f216896eb04802f53530ac28d039..e2b37550e1f3c0d54eed9cb6fc422e44766b2a88 100644 (file)
--- a/librpc/rpc/rpc_common.h
+++ b/librpc/rpc/rpc_common.h
@@ -110,6 +110,9 @@ struct dcerpc_binding {
  /* handle upgrades or downgrades automatically */
  #define DCERPC_SCHANNEL_AUTO           (1<<23)
  
+/* use aes schannel with hmac-sh256 session key */
+#define DCERPC_SCHANNEL_AES            (1<<24)
+
  /* The following definitions come from ../librpc/rpc/dcerpc_error.c  */
  
  const char *dcerpc_errstr(TALLOC_CTX *mem_ctx, uint32_t fault_code);
diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c

index 3a3dec068b7f97feb155fca9bea1e398046e7bb6..f3e52585ae15882e7589b16f683cd4de6a886779 100644 (file)
--- a/source4/librpc/rpc/dcerpc_schannel.c
+++ b/source4/librpc/rpc/dcerpc_schannel.c
@@ -243,7 +243,13 @@ static void continue_srv_auth2(struct tevent_req *subreq)
                 }
                 s->dcerpc_schannel_auto = false;
  
-               if (lf & NETLOGON_NEG_STRONG_KEYS) {
+               if (lf & NETLOGON_NEG_SUPPORTS_AES)  {
+                       ln = "aes";
+                       if (rf & NETLOGON_NEG_SUPPORTS_AES) {
+                               composite_error(c, s->a.out.result);
+                               return;
+                       }
+               } else if (lf & NETLOGON_NEG_STRONG_KEYS) {
                         ln = "strong";
                         if (rf & NETLOGON_NEG_STRONG_KEYS) {
                                 composite_error(c, s->a.out.result);
@@ -253,7 +259,9 @@ static void continue_srv_auth2(struct tevent_req *subreq)
                         ln = "des";
                 }
  
-               if (rf & NETLOGON_NEG_STRONG_KEYS) {
+               if (rf & NETLOGON_NEG_SUPPORTS_AES)  {
+                       rn = "aes";
+               } else if (rf & NETLOGON_NEG_STRONG_KEYS) {
                         rn = "strong";
                 } else {
                         rn = "des";
@@ -324,8 +332,13 @@ struct composite_context *dcerpc_schannel_key_send(TALLOC_CTX *mem_ctx,
         if (s->pipe->conn->flags & DCERPC_SCHANNEL_128) {
                 s->local_negotiate_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
         }
+       if (s->pipe->conn->flags & DCERPC_SCHANNEL_AES) {
+               s->local_negotiate_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
+               s->local_negotiate_flags |= NETLOGON_NEG_SUPPORTS_AES;
+       }
         if (s->pipe->conn->flags & DCERPC_SCHANNEL_AUTO) {
                 s->local_negotiate_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
+               s->local_negotiate_flags |= NETLOGON_NEG_SUPPORTS_AES;
                 s->dcerpc_schannel_auto = true;
         }
author	Stefan Metzmacher <metze@samba.org>
	Fri, 23 Dec 2011 14:20:26 +0000 (15:20 +0100)
committer	Andreas Schneider <asn@samba.org>
	Tue, 17 Jul 2012 08:58:39 +0000 (10:58 +0200)
librpc/rpc/rpc_common.h		patch \| blob \| history
source4/librpc/rpc/dcerpc_schannel.c		patch \| blob \| history