The branch, master has been updated via b699d40 auth/credentials: use CRED_CALLBACK_RESULT after a callback via 8ea36a8 auth/credentials: simplify password_tries state via 26a7420 auth/credentials: get the old password from secrets.tdb via 9325bd9 auth/credentials: keep cli_credentials private via bbd63dd s4:ntlm_auth: make use of cli_credentials_[set_]callback_data* via d47bf46 s4:torture/rpc: make use of cli_credentials_set_netlogon_creds() via d36fcaa s4:torture/gentest: make use of cli_credentials_get_username() via 36b3c95 s4:torture/shell: simplify cli_credentials_set_password() call via cfeeb3c s3:ntlm_auth: remove pointless credentials->priv_data = NULL; via b3cd44d auth/credentials: add cli_credentials_shallow_copy() via 6ff6778 auth/credentials: add cli_credentials_[set_]callback_data* via b8f0922 auth/credentials: remove pointless talloc_reference() from cli_credentials_get_principal_and_obtained() via 9535029 auth/credentials: remove pointless talloc_reference() from cli_credentials_get_unparsed_name() from cae48e9 tevent: Add echo server sample code
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit b699d404bb5d4385a757b5aa5d0e792cf9d5de59 Author: Stefan Metzmacher <me...@samba.org> Date: Wed Jul 31 14:32:36 2013 +0200 auth/credentials: use CRED_CALLBACK_RESULT after a callback We only do this if it's still CRED_CALLBACK after the callback, this allowes the callback to overwrite it. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> Autobuild-User(master): Andrew Bartlett <abart...@samba.org> Autobuild-Date(master): Mon Aug 5 09:36:05 CEST 2013 on sn-devel-104 commit 8ea36a8e58d499aa7bf342b365ca00cb39f295b6 Author: Stefan Metzmacher <me...@samba.org> Date: Wed Jul 31 14:25:54 2013 +0200 auth/credentials: simplify password_tries state Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 26a7420c1c4307023b22676cd85d95010ecbf603 Author: Stefan Metzmacher <me...@samba.org> Date: Wed Jul 31 13:39:17 2013 +0200 auth/credentials: get the old password from secrets.tdb Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 9325bd9cb6bb942ea989f4e32799c76ea8af3d3e Author: Stefan Metzmacher <me...@samba.org> Date: Wed Jul 31 12:41:40 2013 +0200 auth/credentials: keep cli_credentials private Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit bbd63dd8a17468d3e332969a30c06e2b2f1540fc Author: Stefan Metzmacher <me...@samba.org> Date: Wed Jul 31 13:24:21 2013 +0200 s4:ntlm_auth: make use of cli_credentials_[set_]callback_data* Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit d47bf469b8a9064f4f7033918b1fe519adfa0c26 Author: Stefan Metzmacher <me...@samba.org> Date: Wed Jul 31 13:23:41 2013 +0200 s4:torture/rpc: make use of cli_credentials_set_netlogon_creds() Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit d36fcaa5f3c4d1ad54d767f4a7c5fa6c8d69c00e Author: Stefan Metzmacher <me...@samba.org> Date: Wed Jul 31 13:23:08 2013 +0200 s4:torture/gentest: make use of cli_credentials_get_username() Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 36b3c9506c1ac5549a38140e7ffd57644290069f Author: Stefan Metzmacher <me...@samba.org> Date: Wed Jul 31 13:22:10 2013 +0200 s4:torture/shell: simplify cli_credentials_set_password() call All we want is to avoid a possible callback... Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit cfeeb3ce3de5d1df07299fb83327ae258da0bf8d Author: Stefan Metzmacher <me...@samba.org> Date: Wed Jul 31 13:20:13 2013 +0200 s3:ntlm_auth: remove pointless credentials->priv_data = NULL; Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit b3cd44d50cff99fa77611679d68d2d57434fefa4 Author: Stefan Metzmacher <me...@samba.org> Date: Wed Jul 31 13:21:14 2013 +0200 auth/credentials: add cli_credentials_shallow_copy() This is useful for testing. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 6ff6778bdc60f1cd4d52cba83bd47d3398fe5a20 Author: Stefan Metzmacher <me...@samba.org> Date: Wed Jul 31 12:52:17 2013 +0200 auth/credentials: add cli_credentials_[set_]callback_data* Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit b8f09226458dc13cf901f481ede89d8a6bb94ba7 Author: Stefan Metzmacher <me...@samba.org> Date: Wed Jul 31 12:33:25 2013 +0200 auth/credentials: remove pointless talloc_reference() from cli_credentials_get_principal_and_obtained() Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 953502925863377b5e566edff4ac68c63e8d151f Author: Stefan Metzmacher <me...@samba.org> Date: Wed Jul 31 12:33:25 2013 +0200 auth/credentials: remove pointless talloc_reference() from cli_credentials_get_unparsed_name() Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> ----------------------------------------------------------------------- Summary of changes: auth/credentials/credentials.c | 84 ++++++++++++++++++----- auth/credentials/credentials.h | 112 +++++------------------------- auth/credentials/credentials_internal.h | 114 +++++++++++++++++++++++++++++++ auth/credentials/credentials_krb5.c | 1 + auth/credentials/credentials_ntlm.c | 1 + auth/credentials/credentials_secrets.c | 12 +++ source3/utils/ntlm_auth.c | 1 - source4/torture/gentest.c | 3 +- source4/torture/rpc/schannel.c | 36 ++++------ source4/torture/shell.c | 5 +- source4/utils/ntlm_auth.c | 10 ++- 11 files changed, 238 insertions(+), 141 deletions(-) create mode 100644 auth/credentials/credentials_internal.h Changeset truncated at 500 lines: diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c index e636123..be497bc 100644 --- a/auth/credentials/credentials.c +++ b/auth/credentials/credentials.c @@ -24,6 +24,7 @@ #include "includes.h" #include "librpc/gen_ndr/samr.h" /* for struct samrPassword */ #include "auth/credentials/credentials.h" +#include "auth/credentials/credentials_internal.h" #include "libcli/auth/libcli_auth.h" #include "tevent.h" #include "param/param.h" @@ -103,7 +104,7 @@ _PUBLIC_ struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx) cred->machine_account = false; - cred->tries = 3; + cred->password_tries = 0; cred->callback_running = false; @@ -114,6 +115,32 @@ _PUBLIC_ struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx) return cred; } +_PUBLIC_ void cli_credentials_set_callback_data(struct cli_credentials *cred, + void *callback_data) +{ + cred->priv_data = callback_data; +} + +_PUBLIC_ void *_cli_credentials_callback_data(struct cli_credentials *cred) +{ + return cred->priv_data; +} + +_PUBLIC_ struct cli_credentials *cli_credentials_shallow_copy(TALLOC_CTX *mem_ctx, + struct cli_credentials *src) +{ + struct cli_credentials *dst; + + dst = talloc(mem_ctx, struct cli_credentials); + if (dst == NULL) { + return NULL; + } + + *dst = *src; + + return dst; +} + /** * Create a new anonymous credential * @param mem_ctx TALLOC_CTX parent for credentials structure @@ -179,8 +206,10 @@ _PUBLIC_ const char *cli_credentials_get_username(struct cli_credentials *cred) cred->callback_running = true; cred->username = cred->username_cb(cred); cred->callback_running = false; - cred->username_obtained = CRED_SPECIFIED; - cli_credentials_invalidate_ccache(cred, cred->username_obtained); + if (cred->username_obtained == CRED_CALLBACK) { + cred->username_obtained = CRED_CALLBACK_RESULT; + cli_credentials_invalidate_ccache(cred, cred->username_obtained); + } } return cred->username; @@ -248,8 +277,10 @@ _PUBLIC_ const char *cli_credentials_get_principal_and_obtained(struct cli_crede cred->callback_running = true; cred->principal = cred->principal_cb(cred); cred->callback_running = false; - cred->principal_obtained = CRED_SPECIFIED; - cli_credentials_invalidate_ccache(cred, cred->principal_obtained); + if (cred->principal_obtained == CRED_CALLBACK) { + cred->principal_obtained = CRED_CALLBACK_RESULT; + cli_credentials_invalidate_ccache(cred, cred->principal_obtained); + } } if (cred->principal_obtained < cred->username_obtained @@ -267,7 +298,7 @@ _PUBLIC_ const char *cli_credentials_get_principal_and_obtained(struct cli_crede } } *obtained = cred->principal_obtained; - return talloc_reference(mem_ctx, cred->principal); + return talloc_strdup(mem_ctx, cred->principal); } /** @@ -355,8 +386,10 @@ _PUBLIC_ const char *cli_credentials_get_password(struct cli_credentials *cred) cred->callback_running = true; cred->password = cred->password_cb(cred); cred->callback_running = false; - cred->password_obtained = CRED_CALLBACK_RESULT; - cli_credentials_invalidate_ccache(cred, cred->password_obtained); + if (cred->password_obtained == CRED_CALLBACK) { + cred->password_obtained = CRED_CALLBACK_RESULT; + cli_credentials_invalidate_ccache(cred, cred->password_obtained); + } } return cred->password; @@ -370,6 +403,7 @@ _PUBLIC_ bool cli_credentials_set_password(struct cli_credentials *cred, enum credentials_obtained obtained) { if (obtained >= cred->password_obtained) { + cred->password_tries = 0; cred->password = talloc_strdup(cred, val); if (cred->password) { /* Don't print the actual password in talloc memory dumps */ @@ -391,6 +425,7 @@ _PUBLIC_ bool cli_credentials_set_password_callback(struct cli_credentials *cred const char *(*password_cb) (struct cli_credentials *)) { if (cred->password_obtained < CRED_CALLBACK) { + cred->password_tries = 3; cred->password_cb = password_cb; cred->password_obtained = CRED_CALLBACK; cli_credentials_invalidate_ccache(cred, cred->password_obtained); @@ -473,8 +508,10 @@ _PUBLIC_ const char *cli_credentials_get_domain(struct cli_credentials *cred) cred->callback_running = true; cred->domain = cred->domain_cb(cred); cred->callback_running = false; - cred->domain_obtained = CRED_SPECIFIED; - cli_credentials_invalidate_ccache(cred, cred->domain_obtained); + if (cred->domain_obtained == CRED_CALLBACK) { + cred->domain_obtained = CRED_CALLBACK_RESULT; + cli_credentials_invalidate_ccache(cred, cred->domain_obtained); + } } return cred->domain; @@ -532,8 +569,10 @@ _PUBLIC_ const char *cli_credentials_get_realm(struct cli_credentials *cred) cred->callback_running = true; cred->realm = cred->realm_cb(cred); cred->callback_running = false; - cred->realm_obtained = CRED_SPECIFIED; - cli_credentials_invalidate_ccache(cred, cred->realm_obtained); + if (cred->realm_obtained == CRED_CALLBACK) { + cred->realm_obtained = CRED_CALLBACK_RESULT; + cli_credentials_invalidate_ccache(cred, cred->realm_obtained); + } } return cred->realm; @@ -583,7 +622,9 @@ _PUBLIC_ const char *cli_credentials_get_workstation(struct cli_credentials *cre cred->callback_running = true; cred->workstation = cred->workstation_cb(cred); cred->callback_running = false; - cred->workstation_obtained = CRED_SPECIFIED; + if (cred->workstation_obtained == CRED_CALLBACK) { + cred->workstation_obtained = CRED_CALLBACK_RESULT; + } } return cred->workstation; @@ -669,7 +710,7 @@ _PUBLIC_ const char *cli_credentials_get_unparsed_name(struct cli_credentials *c const char *name; if (bind_dn) { - name = talloc_reference(mem_ctx, bind_dn); + name = talloc_strdup(mem_ctx, bind_dn); } else { cli_credentials_get_ntlm_username_domain(credentials, mem_ctx, &username, &domain); if (domain && domain[0]) { @@ -870,12 +911,19 @@ _PUBLIC_ bool cli_credentials_wrong_password(struct cli_credentials *cred) if (cred->password_obtained != CRED_CALLBACK_RESULT) { return false; } - - cred->password_obtained = CRED_CALLBACK; - cred->tries--; + if (cred->password_tries == 0) { + return false; + } + + cred->password_tries--; + + if (cred->password_tries == 0) { + return false; + } - return (cred->tries > 0); + cred->password_obtained = CRED_CALLBACK; + return true; } _PUBLIC_ void cli_credentials_get_ntlm_username_domain(struct cli_credentials *cred, TALLOC_CTX *mem_ctx, diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h index dbc014f..cb09dc3 100644 --- a/auth/credentials/credentials.h +++ b/auth/credentials/credentials.h @@ -25,9 +25,17 @@ #include "../lib/util/data_blob.h" #include "librpc/gen_ndr/misc.h" +struct cli_credentials; struct ccache_container; struct tevent_context; struct netlogon_creds_CredentialState; +struct ldb_context; +struct ldb_message; +struct loadparm_context; +struct ccache_container; +struct gssapi_creds_container; +struct smb_krb5_context; +struct keytab_container; /* In order of priority */ enum credentials_obtained { @@ -57,99 +65,6 @@ enum credentials_krb_forwardable { #define CLI_CRED_NTLM_AUTH 0x08 #define CLI_CRED_CLEAR_AUTH 0x10 /* TODO: Push cleartext auth with this flag */ -struct cli_credentials { - enum credentials_obtained workstation_obtained; - enum credentials_obtained username_obtained; - enum credentials_obtained password_obtained; - enum credentials_obtained domain_obtained; - enum credentials_obtained realm_obtained; - enum credentials_obtained ccache_obtained; - enum credentials_obtained client_gss_creds_obtained; - enum credentials_obtained principal_obtained; - enum credentials_obtained keytab_obtained; - enum credentials_obtained server_gss_creds_obtained; - - /* Threshold values (essentially a MAX() over a number of the - * above) for the ccache and GSS credentials, to ensure we - * regenerate/pick correctly */ - - enum credentials_obtained ccache_threshold; - enum credentials_obtained client_gss_creds_threshold; - - const char *workstation; - const char *username; - const char *password; - const char *old_password; - const char *domain; - const char *realm; - const char *principal; - char *salt_principal; - char *impersonate_principal; - char *self_service; - char *target_service; - - const char *bind_dn; - - /* Allows authentication from a keytab or similar */ - struct samr_Password *nt_hash; - - /* Allows NTLM pass-though authentication */ - DATA_BLOB lm_response; - DATA_BLOB nt_response; - - struct ccache_container *ccache; - struct gssapi_creds_container *client_gss_creds; - struct keytab_container *keytab; - struct gssapi_creds_container *server_gss_creds; - - const char *(*workstation_cb) (struct cli_credentials *); - const char *(*password_cb) (struct cli_credentials *); - const char *(*username_cb) (struct cli_credentials *); - const char *(*domain_cb) (struct cli_credentials *); - const char *(*realm_cb) (struct cli_credentials *); - const char *(*principal_cb) (struct cli_credentials *); - - /* Private handle for the callback routines to use */ - void *priv_data; - - struct netlogon_creds_CredentialState *netlogon_creds; - enum netr_SchannelType secure_channel_type; - int kvno; - time_t password_last_changed_time; - - struct smb_krb5_context *smb_krb5_context; - - /* We are flagged to get machine account details from the - * secrets.ldb when we are asked for a username or password */ - bool machine_account_pending; - struct loadparm_context *machine_account_pending_lp_ctx; - - /* Is this a machine account? */ - bool machine_account; - - /* Should we be trying to use kerberos? */ - enum credentials_use_kerberos use_kerberos; - - /* Should we get a forwardable ticket? */ - enum credentials_krb_forwardable krb_forwardable; - - /* gensec features which should be used for connections */ - uint32_t gensec_features; - - /* Number of retries left before bailing out */ - int tries; - - /* Whether any callback is currently running */ - bool callback_running; -}; - -struct ldb_context; -struct ldb_message; -struct loadparm_context; -struct ccache_container; - -struct gssapi_creds_container; - const char *cli_credentials_get_workstation(struct cli_credentials *cred); bool cli_credentials_set_workstation(struct cli_credentials *cred, const char *val, @@ -332,6 +247,17 @@ bool cli_credentials_set_realm_callback(struct cli_credentials *cred, bool cli_credentials_set_workstation_callback(struct cli_credentials *cred, const char *(*workstation_cb) (struct cli_credentials *)); +void cli_credentials_set_callback_data(struct cli_credentials *cred, + void *callback_data); +void *_cli_credentials_callback_data(struct cli_credentials *cred); +#define cli_credentials_callback_data(_cred, _type) \ + talloc_get_type_abort(_cli_credentials_callback_data(_cred), _type) +#define cli_credentials_callback_data_void(_cred) \ + _cli_credentials_callback_data(_cred) + +struct cli_credentials *cli_credentials_shallow_copy(TALLOC_CTX *mem_ctx, + struct cli_credentials *src); + /** * Return attached NETLOGON credentials */ diff --git a/auth/credentials/credentials_internal.h b/auth/credentials/credentials_internal.h new file mode 100644 index 0000000..f2f79b9 --- /dev/null +++ b/auth/credentials/credentials_internal.h @@ -0,0 +1,114 @@ +/* + samba -- Unix SMB/CIFS implementation. + + Client credentials structure + + Copyright (C) Jelmer Vernooij 2004-2006 + Copyright (C) Andrew Bartlett <abart...@samba.org> 2005 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ +#ifndef __CREDENTIALS_INTERNAL_H__ +#define __CREDENTIALS_INTERNAL_H__ + +#include "../lib/util/data_blob.h" +#include "librpc/gen_ndr/misc.h" + +struct cli_credentials { + enum credentials_obtained workstation_obtained; + enum credentials_obtained username_obtained; + enum credentials_obtained password_obtained; + enum credentials_obtained domain_obtained; + enum credentials_obtained realm_obtained; + enum credentials_obtained ccache_obtained; + enum credentials_obtained client_gss_creds_obtained; + enum credentials_obtained principal_obtained; + enum credentials_obtained keytab_obtained; + enum credentials_obtained server_gss_creds_obtained; + + /* Threshold values (essentially a MAX() over a number of the + * above) for the ccache and GSS credentials, to ensure we + * regenerate/pick correctly */ + + enum credentials_obtained ccache_threshold; + enum credentials_obtained client_gss_creds_threshold; + + const char *workstation; + const char *username; + const char *password; + const char *old_password; + const char *domain; + const char *realm; + const char *principal; + char *salt_principal; + char *impersonate_principal; + char *self_service; + char *target_service; + + const char *bind_dn; + + /* Allows authentication from a keytab or similar */ + struct samr_Password *nt_hash; + + /* Allows NTLM pass-though authentication */ + DATA_BLOB lm_response; + DATA_BLOB nt_response; + + struct ccache_container *ccache; + struct gssapi_creds_container *client_gss_creds; + struct keytab_container *keytab; + struct gssapi_creds_container *server_gss_creds; + + const char *(*workstation_cb) (struct cli_credentials *); + const char *(*password_cb) (struct cli_credentials *); + const char *(*username_cb) (struct cli_credentials *); + const char *(*domain_cb) (struct cli_credentials *); + const char *(*realm_cb) (struct cli_credentials *); + const char *(*principal_cb) (struct cli_credentials *); + + /* Private handle for the callback routines to use */ + void *priv_data; + + struct netlogon_creds_CredentialState *netlogon_creds; + enum netr_SchannelType secure_channel_type; + int kvno; + time_t password_last_changed_time; + + struct smb_krb5_context *smb_krb5_context; + + /* We are flagged to get machine account details from the + * secrets.ldb when we are asked for a username or password */ + bool machine_account_pending; + struct loadparm_context *machine_account_pending_lp_ctx; + + /* Is this a machine account? */ + bool machine_account; + + /* Should we be trying to use kerberos? */ + enum credentials_use_kerberos use_kerberos; + + /* Should we get a forwardable ticket? */ + enum credentials_krb_forwardable krb_forwardable; + + /* gensec features which should be used for connections */ + uint32_t gensec_features; + + /* Number of retries left before bailing out */ + uint32_t password_tries; + + /* Whether any callback is currently running */ + bool callback_running; +}; + +#endif /* __CREDENTIALS_INTERNAL_H__ */ diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c index cc51f56..31fc9d2 100644 --- a/auth/credentials/credentials_krb5.c +++ b/auth/credentials/credentials_krb5.c @@ -26,6 +26,7 @@ #include "system/gssapi.h" #include "auth/kerberos/kerberos.h" #include "auth/credentials/credentials.h" +#include "auth/credentials/credentials_internal.h" #include "auth/credentials/credentials_proto.h" #include "auth/credentials/credentials_krb5.h" #include "auth/kerberos/kerberos_credentials.h" diff --git a/auth/credentials/credentials_ntlm.c b/auth/credentials/credentials_ntlm.c index 8f143bf..8c6be39 100644 --- a/auth/credentials/credentials_ntlm.c +++ b/auth/credentials/credentials_ntlm.c @@ -26,6 +26,7 @@ #include "../lib/crypto/crypto.h" #include "libcli/auth/libcli_auth.h" #include "auth/credentials/credentials.h" +#include "auth/credentials/credentials_internal.h" _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred, TALLOC_CTX *mem_ctx, int *flags, diff --git a/auth/credentials/credentials_secrets.c b/auth/credentials/credentials_secrets.c index 27ee607..6c1cded 100644 --- a/auth/credentials/credentials_secrets.c +++ b/auth/credentials/credentials_secrets.c @@ -28,6 +28,7 @@ #include "param/secrets.h" #include "system/filesys.h" #include "auth/credentials/credentials.h" +#include "auth/credentials/credentials_internal.h" #include "auth/credentials/credentials_proto.h" #include "auth/credentials/credentials_krb5.h" #include "auth/kerberos/kerberos_util.h" @@ -237,6 +238,7 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr bool secrets_tdb_password_more_recent; time_t secrets_tdb_lct = 0; char *secrets_tdb_password = NULL; + char *secrets_tdb_old_password = NULL; char *keystr; char *keystr_upper = NULL; char *secrets_tdb; @@ -284,6 +286,15 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr if (NT_STATUS_IS_OK(status)) { secrets_tdb_password = (char *)dbuf.dptr; } + keystr = talloc_asprintf(tmp_ctx, "%s/%s", + SECRETS_MACHINE_PASSWORD_PREV, + domain); + keystr_upper = strupper_talloc(tmp_ctx, keystr); -- Samba Shared Repository