The branch, master has been updated
via b699d40 auth/credentials: use CRED_CALLBACK_RESULT after a callback
via 8ea36a8 auth/credentials: simplify password_tries state
via 26a7420 auth/credentials: get the old password from secrets.tdb
via 9325bd9 auth/credentials: keep cli_credentials private
via bbd63dd s4:ntlm_auth: make use of
cli_credentials_[set_]callback_data*
via d47bf46 s4:torture/rpc: make use of
cli_credentials_set_netlogon_creds()
via d36fcaa s4:torture/gentest: make use of
cli_credentials_get_username()
via 36b3c95 s4:torture/shell: simplify cli_credentials_set_password()
call
via cfeeb3c s3:ntlm_auth: remove pointless credentials->priv_data =
NULL;
via b3cd44d auth/credentials: add cli_credentials_shallow_copy()
via 6ff6778 auth/credentials: add cli_credentials_[set_]callback_data*
via b8f0922 auth/credentials: remove pointless talloc_reference() from
cli_credentials_get_principal_and_obtained()
via 9535029 auth/credentials: remove pointless talloc_reference() from
cli_credentials_get_unparsed_name()
from cae48e9 tevent: Add echo server sample code
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit b699d404bb5d4385a757b5aa5d0e792cf9d5de59
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Jul 31 14:32:36 2013 +0200
auth/credentials: use CRED_CALLBACK_RESULT after a callback
We only do this if it's still CRED_CALLBACK after the callback,
this allowes the callback to overwrite it.
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
Autobuild-User(master): Andrew Bartlett <abart...@samba.org>
Autobuild-Date(master): Mon Aug 5 09:36:05 CEST 2013 on sn-devel-104
commit 8ea36a8e58d499aa7bf342b365ca00cb39f295b6
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Jul 31 14:25:54 2013 +0200
auth/credentials: simplify password_tries state
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 26a7420c1c4307023b22676cd85d95010ecbf603
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Jul 31 13:39:17 2013 +0200
auth/credentials: get the old password from secrets.tdb
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 9325bd9cb6bb942ea989f4e32799c76ea8af3d3e
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Jul 31 12:41:40 2013 +0200
auth/credentials: keep cli_credentials private
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit bbd63dd8a17468d3e332969a30c06e2b2f1540fc
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Jul 31 13:24:21 2013 +0200
s4:ntlm_auth: make use of cli_credentials_[set_]callback_data*
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit d47bf469b8a9064f4f7033918b1fe519adfa0c26
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Jul 31 13:23:41 2013 +0200
s4:torture/rpc: make use of cli_credentials_set_netlogon_creds()
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit d36fcaa5f3c4d1ad54d767f4a7c5fa6c8d69c00e
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Jul 31 13:23:08 2013 +0200
s4:torture/gentest: make use of cli_credentials_get_username()
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 36b3c9506c1ac5549a38140e7ffd57644290069f
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Jul 31 13:22:10 2013 +0200
s4:torture/shell: simplify cli_credentials_set_password() call
All we want is to avoid a possible callback...
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit cfeeb3ce3de5d1df07299fb83327ae258da0bf8d
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Jul 31 13:20:13 2013 +0200
s3:ntlm_auth: remove pointless credentials->priv_data = NULL;
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit b3cd44d50cff99fa77611679d68d2d57434fefa4
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Jul 31 13:21:14 2013 +0200
auth/credentials: add cli_credentials_shallow_copy()
This is useful for testing.
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 6ff6778bdc60f1cd4d52cba83bd47d3398fe5a20
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Jul 31 12:52:17 2013 +0200
auth/credentials: add cli_credentials_[set_]callback_data*
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit b8f09226458dc13cf901f481ede89d8a6bb94ba7
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Jul 31 12:33:25 2013 +0200
auth/credentials: remove pointless talloc_reference() from
cli_credentials_get_principal_and_obtained()
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 953502925863377b5e566edff4ac68c63e8d151f
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Jul 31 12:33:25 2013 +0200
auth/credentials: remove pointless talloc_reference() from
cli_credentials_get_unparsed_name()
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
auth/credentials/credentials.c | 84 ++++++++++++++++++-----
auth/credentials/credentials.h | 112 +++++-------------------------
auth/credentials/credentials_internal.h | 114 +++++++++++++++++++++++++++++++
auth/credentials/credentials_krb5.c | 1 +
auth/credentials/credentials_ntlm.c | 1 +
auth/credentials/credentials_secrets.c | 12 +++
source3/utils/ntlm_auth.c | 1 -
source4/torture/gentest.c | 3 +-
source4/torture/rpc/schannel.c | 36 ++++------
source4/torture/shell.c | 5 +-
source4/utils/ntlm_auth.c | 10 ++-
11 files changed, 238 insertions(+), 141 deletions(-)
create mode 100644 auth/credentials/credentials_internal.h
Changeset truncated at 500 lines:
diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
index e636123..be497bc 100644
--- a/auth/credentials/credentials.c
+++ b/auth/credentials/credentials.c
@@ -24,6 +24,7 @@
#include "includes.h"
#include "librpc/gen_ndr/samr.h" /* for struct samrPassword */
#include "auth/credentials/credentials.h"
+#include "auth/credentials/credentials_internal.h"
#include "libcli/auth/libcli_auth.h"
#include "tevent.h"
#include "param/param.h"
@@ -103,7 +104,7 @@ _PUBLIC_ struct cli_credentials
*cli_credentials_init(TALLOC_CTX *mem_ctx)
cred->machine_account = false;
- cred->tries = 3;
+ cred->password_tries = 0;
cred->callback_running = false;
@@ -114,6 +115,32 @@ _PUBLIC_ struct cli_credentials
*cli_credentials_init(TALLOC_CTX *mem_ctx)
return cred;
}
+_PUBLIC_ void cli_credentials_set_callback_data(struct cli_credentials *cred,
+ void *callback_data)
+{
+ cred->priv_data = callback_data;
+}
+
+_PUBLIC_ void *_cli_credentials_callback_data(struct cli_credentials *cred)
+{
+ return cred->priv_data;
+}
+
+_PUBLIC_ struct cli_credentials *cli_credentials_shallow_copy(TALLOC_CTX
*mem_ctx,
+ struct cli_credentials *src)
+{
+ struct cli_credentials *dst;
+
+ dst = talloc(mem_ctx, struct cli_credentials);
+ if (dst == NULL) {
+ return NULL;
+ }
+
+ *dst = *src;
+
+ return dst;
+}
+
/**
* Create a new anonymous credential
* @param mem_ctx TALLOC_CTX parent for credentials structure
@@ -179,8 +206,10 @@ _PUBLIC_ const char *cli_credentials_get_username(struct
cli_credentials *cred)
cred->callback_running = true;
cred->username = cred->username_cb(cred);
cred->callback_running = false;
- cred->username_obtained = CRED_SPECIFIED;
- cli_credentials_invalidate_ccache(cred,
cred->username_obtained);
+ if (cred->username_obtained == CRED_CALLBACK) {
+ cred->username_obtained = CRED_CALLBACK_RESULT;
+ cli_credentials_invalidate_ccache(cred,
cred->username_obtained);
+ }
}
return cred->username;
@@ -248,8 +277,10 @@ _PUBLIC_ const char
*cli_credentials_get_principal_and_obtained(struct cli_crede
cred->callback_running = true;
cred->principal = cred->principal_cb(cred);
cred->callback_running = false;
- cred->principal_obtained = CRED_SPECIFIED;
- cli_credentials_invalidate_ccache(cred,
cred->principal_obtained);
+ if (cred->principal_obtained == CRED_CALLBACK) {
+ cred->principal_obtained = CRED_CALLBACK_RESULT;
+ cli_credentials_invalidate_ccache(cred,
cred->principal_obtained);
+ }
}
if (cred->principal_obtained < cred->username_obtained
@@ -267,7 +298,7 @@ _PUBLIC_ const char
*cli_credentials_get_principal_and_obtained(struct cli_crede
}
}
*obtained = cred->principal_obtained;
- return talloc_reference(mem_ctx, cred->principal);
+ return talloc_strdup(mem_ctx, cred->principal);
}
/**
@@ -355,8 +386,10 @@ _PUBLIC_ const char *cli_credentials_get_password(struct
cli_credentials *cred)
cred->callback_running = true;
cred->password = cred->password_cb(cred);
cred->callback_running = false;
- cred->password_obtained = CRED_CALLBACK_RESULT;
- cli_credentials_invalidate_ccache(cred,
cred->password_obtained);
+ if (cred->password_obtained == CRED_CALLBACK) {
+ cred->password_obtained = CRED_CALLBACK_RESULT;
+ cli_credentials_invalidate_ccache(cred,
cred->password_obtained);
+ }
}
return cred->password;
@@ -370,6 +403,7 @@ _PUBLIC_ bool cli_credentials_set_password(struct
cli_credentials *cred,
enum credentials_obtained obtained)
{
if (obtained >= cred->password_obtained) {
+ cred->password_tries = 0;
cred->password = talloc_strdup(cred, val);
if (cred->password) {
/* Don't print the actual password in talloc memory
dumps */
@@ -391,6 +425,7 @@ _PUBLIC_ bool cli_credentials_set_password_callback(struct
cli_credentials *cred
const char *(*password_cb) (struct
cli_credentials *))
{
if (cred->password_obtained < CRED_CALLBACK) {
+ cred->password_tries = 3;
cred->password_cb = password_cb;
cred->password_obtained = CRED_CALLBACK;
cli_credentials_invalidate_ccache(cred,
cred->password_obtained);
@@ -473,8 +508,10 @@ _PUBLIC_ const char *cli_credentials_get_domain(struct
cli_credentials *cred)
cred->callback_running = true;
cred->domain = cred->domain_cb(cred);
cred->callback_running = false;
- cred->domain_obtained = CRED_SPECIFIED;
- cli_credentials_invalidate_ccache(cred, cred->domain_obtained);
+ if (cred->domain_obtained == CRED_CALLBACK) {
+ cred->domain_obtained = CRED_CALLBACK_RESULT;
+ cli_credentials_invalidate_ccache(cred,
cred->domain_obtained);
+ }
}
return cred->domain;
@@ -532,8 +569,10 @@ _PUBLIC_ const char *cli_credentials_get_realm(struct
cli_credentials *cred)
cred->callback_running = true;
cred->realm = cred->realm_cb(cred);
cred->callback_running = false;
- cred->realm_obtained = CRED_SPECIFIED;
- cli_credentials_invalidate_ccache(cred, cred->realm_obtained);
+ if (cred->realm_obtained == CRED_CALLBACK) {
+ cred->realm_obtained = CRED_CALLBACK_RESULT;
+ cli_credentials_invalidate_ccache(cred,
cred->realm_obtained);
+ }
}
return cred->realm;
@@ -583,7 +622,9 @@ _PUBLIC_ const char *cli_credentials_get_workstation(struct
cli_credentials *cre
cred->callback_running = true;
cred->workstation = cred->workstation_cb(cred);
cred->callback_running = false;
- cred->workstation_obtained = CRED_SPECIFIED;
+ if (cred->workstation_obtained == CRED_CALLBACK) {
+ cred->workstation_obtained = CRED_CALLBACK_RESULT;
+ }
}
return cred->workstation;
@@ -669,7 +710,7 @@ _PUBLIC_ const char
*cli_credentials_get_unparsed_name(struct cli_credentials *c
const char *name;
if (bind_dn) {
- name = talloc_reference(mem_ctx, bind_dn);
+ name = talloc_strdup(mem_ctx, bind_dn);
} else {
cli_credentials_get_ntlm_username_domain(credentials, mem_ctx,
&username, &domain);
if (domain && domain[0]) {
@@ -870,12 +911,19 @@ _PUBLIC_ bool cli_credentials_wrong_password(struct
cli_credentials *cred)
if (cred->password_obtained != CRED_CALLBACK_RESULT) {
return false;
}
-
- cred->password_obtained = CRED_CALLBACK;
- cred->tries--;
+ if (cred->password_tries == 0) {
+ return false;
+ }
+
+ cred->password_tries--;
+
+ if (cred->password_tries == 0) {
+ return false;
+ }
- return (cred->tries > 0);
+ cred->password_obtained = CRED_CALLBACK;
+ return true;
}
_PUBLIC_ void cli_credentials_get_ntlm_username_domain(struct cli_credentials
*cred, TALLOC_CTX *mem_ctx,
diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h
index dbc014f..cb09dc3 100644
--- a/auth/credentials/credentials.h
+++ b/auth/credentials/credentials.h
@@ -25,9 +25,17 @@
#include "../lib/util/data_blob.h"
#include "librpc/gen_ndr/misc.h"
+struct cli_credentials;
struct ccache_container;
struct tevent_context;
struct netlogon_creds_CredentialState;
+struct ldb_context;
+struct ldb_message;
+struct loadparm_context;
+struct ccache_container;
+struct gssapi_creds_container;
+struct smb_krb5_context;
+struct keytab_container;
/* In order of priority */
enum credentials_obtained {
@@ -57,99 +65,6 @@ enum credentials_krb_forwardable {
#define CLI_CRED_NTLM_AUTH 0x08
#define CLI_CRED_CLEAR_AUTH 0x10 /* TODO: Push cleartext auth with this
flag */
-struct cli_credentials {
- enum credentials_obtained workstation_obtained;
- enum credentials_obtained username_obtained;
- enum credentials_obtained password_obtained;
- enum credentials_obtained domain_obtained;
- enum credentials_obtained realm_obtained;
- enum credentials_obtained ccache_obtained;
- enum credentials_obtained client_gss_creds_obtained;
- enum credentials_obtained principal_obtained;
- enum credentials_obtained keytab_obtained;
- enum credentials_obtained server_gss_creds_obtained;
-
- /* Threshold values (essentially a MAX() over a number of the
- * above) for the ccache and GSS credentials, to ensure we
- * regenerate/pick correctly */
-
- enum credentials_obtained ccache_threshold;
- enum credentials_obtained client_gss_creds_threshold;
-
- const char *workstation;
- const char *username;
- const char *password;
- const char *old_password;
- const char *domain;
- const char *realm;
- const char *principal;
- char *salt_principal;
- char *impersonate_principal;
- char *self_service;
- char *target_service;
-
- const char *bind_dn;
-
- /* Allows authentication from a keytab or similar */
- struct samr_Password *nt_hash;
-
- /* Allows NTLM pass-though authentication */
- DATA_BLOB lm_response;
- DATA_BLOB nt_response;
-
- struct ccache_container *ccache;
- struct gssapi_creds_container *client_gss_creds;
- struct keytab_container *keytab;
- struct gssapi_creds_container *server_gss_creds;
-
- const char *(*workstation_cb) (struct cli_credentials *);
- const char *(*password_cb) (struct cli_credentials *);
- const char *(*username_cb) (struct cli_credentials *);
- const char *(*domain_cb) (struct cli_credentials *);
- const char *(*realm_cb) (struct cli_credentials *);
- const char *(*principal_cb) (struct cli_credentials *);
-
- /* Private handle for the callback routines to use */
- void *priv_data;
-
- struct netlogon_creds_CredentialState *netlogon_creds;
- enum netr_SchannelType secure_channel_type;
- int kvno;
- time_t password_last_changed_time;
-
- struct smb_krb5_context *smb_krb5_context;
-
- /* We are flagged to get machine account details from the
- * secrets.ldb when we are asked for a username or password */
- bool machine_account_pending;
- struct loadparm_context *machine_account_pending_lp_ctx;
-
- /* Is this a machine account? */
- bool machine_account;
-
- /* Should we be trying to use kerberos? */
- enum credentials_use_kerberos use_kerberos;
-
- /* Should we get a forwardable ticket? */
- enum credentials_krb_forwardable krb_forwardable;
-
- /* gensec features which should be used for connections */
- uint32_t gensec_features;
-
- /* Number of retries left before bailing out */
- int tries;
-
- /* Whether any callback is currently running */
- bool callback_running;
-};
-
-struct ldb_context;
-struct ldb_message;
-struct loadparm_context;
-struct ccache_container;
-
-struct gssapi_creds_container;
-
const char *cli_credentials_get_workstation(struct cli_credentials *cred);
bool cli_credentials_set_workstation(struct cli_credentials *cred,
const char *val,
@@ -332,6 +247,17 @@ bool cli_credentials_set_realm_callback(struct
cli_credentials *cred,
bool cli_credentials_set_workstation_callback(struct cli_credentials *cred,
const char *(*workstation_cb)
(struct cli_credentials *));
+void cli_credentials_set_callback_data(struct cli_credentials *cred,
+ void *callback_data);
+void *_cli_credentials_callback_data(struct cli_credentials *cred);
+#define cli_credentials_callback_data(_cred, _type) \
+ talloc_get_type_abort(_cli_credentials_callback_data(_cred), _type)
+#define cli_credentials_callback_data_void(_cred) \
+ _cli_credentials_callback_data(_cred)
+
+struct cli_credentials *cli_credentials_shallow_copy(TALLOC_CTX *mem_ctx,
+ struct cli_credentials *src);
+
/**
* Return attached NETLOGON credentials
*/
diff --git a/auth/credentials/credentials_internal.h
b/auth/credentials/credentials_internal.h
new file mode 100644
index 0000000..f2f79b9
--- /dev/null
+++ b/auth/credentials/credentials_internal.h
@@ -0,0 +1,114 @@
+/*
+ samba -- Unix SMB/CIFS implementation.
+
+ Client credentials structure
+
+ Copyright (C) Jelmer Vernooij 2004-2006
+ Copyright (C) Andrew Bartlett <abart...@samba.org> 2005
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+#ifndef __CREDENTIALS_INTERNAL_H__
+#define __CREDENTIALS_INTERNAL_H__
+
+#include "../lib/util/data_blob.h"
+#include "librpc/gen_ndr/misc.h"
+
+struct cli_credentials {
+ enum credentials_obtained workstation_obtained;
+ enum credentials_obtained username_obtained;
+ enum credentials_obtained password_obtained;
+ enum credentials_obtained domain_obtained;
+ enum credentials_obtained realm_obtained;
+ enum credentials_obtained ccache_obtained;
+ enum credentials_obtained client_gss_creds_obtained;
+ enum credentials_obtained principal_obtained;
+ enum credentials_obtained keytab_obtained;
+ enum credentials_obtained server_gss_creds_obtained;
+
+ /* Threshold values (essentially a MAX() over a number of the
+ * above) for the ccache and GSS credentials, to ensure we
+ * regenerate/pick correctly */
+
+ enum credentials_obtained ccache_threshold;
+ enum credentials_obtained client_gss_creds_threshold;
+
+ const char *workstation;
+ const char *username;
+ const char *password;
+ const char *old_password;
+ const char *domain;
+ const char *realm;
+ const char *principal;
+ char *salt_principal;
+ char *impersonate_principal;
+ char *self_service;
+ char *target_service;
+
+ const char *bind_dn;
+
+ /* Allows authentication from a keytab or similar */
+ struct samr_Password *nt_hash;
+
+ /* Allows NTLM pass-though authentication */
+ DATA_BLOB lm_response;
+ DATA_BLOB nt_response;
+
+ struct ccache_container *ccache;
+ struct gssapi_creds_container *client_gss_creds;
+ struct keytab_container *keytab;
+ struct gssapi_creds_container *server_gss_creds;
+
+ const char *(*workstation_cb) (struct cli_credentials *);
+ const char *(*password_cb) (struct cli_credentials *);
+ const char *(*username_cb) (struct cli_credentials *);
+ const char *(*domain_cb) (struct cli_credentials *);
+ const char *(*realm_cb) (struct cli_credentials *);
+ const char *(*principal_cb) (struct cli_credentials *);
+
+ /* Private handle for the callback routines to use */
+ void *priv_data;
+
+ struct netlogon_creds_CredentialState *netlogon_creds;
+ enum netr_SchannelType secure_channel_type;
+ int kvno;
+ time_t password_last_changed_time;
+
+ struct smb_krb5_context *smb_krb5_context;
+
+ /* We are flagged to get machine account details from the
+ * secrets.ldb when we are asked for a username or password */
+ bool machine_account_pending;
+ struct loadparm_context *machine_account_pending_lp_ctx;
+
+ /* Is this a machine account? */
+ bool machine_account;
+
+ /* Should we be trying to use kerberos? */
+ enum credentials_use_kerberos use_kerberos;
+
+ /* Should we get a forwardable ticket? */
+ enum credentials_krb_forwardable krb_forwardable;
+
+ /* gensec features which should be used for connections */
+ uint32_t gensec_features;
+
+ /* Number of retries left before bailing out */
+ uint32_t password_tries;
+
+ /* Whether any callback is currently running */
+ bool callback_running;
+};
+
+#endif /* __CREDENTIALS_INTERNAL_H__ */
diff --git a/auth/credentials/credentials_krb5.c
b/auth/credentials/credentials_krb5.c
index cc51f56..31fc9d2 100644
--- a/auth/credentials/credentials_krb5.c
+++ b/auth/credentials/credentials_krb5.c
@@ -26,6 +26,7 @@
#include "system/gssapi.h"
#include "auth/kerberos/kerberos.h"
#include "auth/credentials/credentials.h"
+#include "auth/credentials/credentials_internal.h"
#include "auth/credentials/credentials_proto.h"
#include "auth/credentials/credentials_krb5.h"
#include "auth/kerberos/kerberos_credentials.h"
diff --git a/auth/credentials/credentials_ntlm.c
b/auth/credentials/credentials_ntlm.c
index 8f143bf..8c6be39 100644
--- a/auth/credentials/credentials_ntlm.c
+++ b/auth/credentials/credentials_ntlm.c
@@ -26,6 +26,7 @@
#include "../lib/crypto/crypto.h"
#include "libcli/auth/libcli_auth.h"
#include "auth/credentials/credentials.h"
+#include "auth/credentials/credentials_internal.h"
_PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials
*cred, TALLOC_CTX *mem_ctx,
int *flags,
diff --git a/auth/credentials/credentials_secrets.c
b/auth/credentials/credentials_secrets.c
index 27ee607..6c1cded 100644
--- a/auth/credentials/credentials_secrets.c
+++ b/auth/credentials/credentials_secrets.c
@@ -28,6 +28,7 @@
#include "param/secrets.h"
#include "system/filesys.h"
#include "auth/credentials/credentials.h"
+#include "auth/credentials/credentials_internal.h"
#include "auth/credentials/credentials_proto.h"
#include "auth/credentials/credentials_krb5.h"
#include "auth/kerberos/kerberos_util.h"
@@ -237,6 +238,7 @@ _PUBLIC_ NTSTATUS
cli_credentials_set_machine_account(struct cli_credentials *cr
bool secrets_tdb_password_more_recent;
time_t secrets_tdb_lct = 0;
char *secrets_tdb_password = NULL;
+ char *secrets_tdb_old_password = NULL;
char *keystr;
char *keystr_upper = NULL;
char *secrets_tdb;
@@ -284,6 +286,15 @@ _PUBLIC_ NTSTATUS
cli_credentials_set_machine_account(struct cli_credentials *cr
if (NT_STATUS_IS_OK(status)) {
secrets_tdb_password = (char *)dbuf.dptr;
}
+ keystr = talloc_asprintf(tmp_ctx, "%s/%s",
+ SECRETS_MACHINE_PASSWORD_PREV,
+ domain);
+ keystr_upper = strupper_talloc(tmp_ctx, keystr);
--
Samba Shared Repository
