The branch, master has been updated via adf46ff cli_credentials: Apply some const via 602ec88 libcli: Apply some const via aea214f notifyd: Clarify a comment via 6222cd7 netlogon_creds_cli: Use data_blob_cmp in netlogon_creds_cli_validate via 6344570 netlogon_creds_cli: Simplify netlogon_creds_cli_context_global via 7f09c08 netlogon_creds_cli: Simplify netlogon_creds_cli_context_common via f08a04c netlogon_creds_cli: Simplify netlogon_creds_cli_context_common via 2591e32 rpc_client3: Fix a debug message via 1de1fd8 netlogon_creds_cli: A netlogon_creds_cli_context needs a msg_ctx via 47557ac netlogon_creds_cli: Remove an obsolete comment via 3101ac9 netlogon_creds_cli: Avoid a static const struct via b62bba8 cli_netlogon: Eliminate rpccli_setup_netlogon_creds_with_creds via 7a3d1b5 cli_netlogon: Rename rpccli_create_netlogon_creds_with_creds via db92fd6 cli_netlogon: Make rpccli_setup_netlogon_creds static via 696a387 libnet: Use rpccli_setup_netlogon_creds_with_creds in join_unsecure via fe3dfd9 cli_netlogon: Make rpccli_create_netlogon_creds static via a6ad0da libnet: Use rpccli_create_netlogon_creds_with_creds in join_unsecure via 9dd0b7f cli_netlogon: Pass server_dns_domain through rpccli_create_netlogon_creds via 849e63f netlogon_creds_cli: Pass "server_dns_domain" through netlogon_creds_cli_context_global via 2968bfd netlogon_creds_cli: Add "dns_domain" to netlogon_creds_cli_context via 43c104a s3: Avoid netlogon_creds_cli.h in includes.h via d1d298b lib: util_tdb.h needs tdb.h from 2a003b1 lib: tevent: Remove select backend.
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit adf46ff0eaf9c88f513644e8bbf112d270636971 Author: Volker Lendecke <v...@samba.org> Date: Thu Sep 7 12:34:34 2017 +0200 cli_credentials: Apply some const Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> Autobuild-User(master): Andrew Bartlett <abart...@samba.org> Autobuild-Date(master): Sat Sep 16 12:28:17 CEST 2017 on sn-devel-144 commit 602ec8884bc276b63af38dcf04e107bcd659680f Author: Volker Lendecke <v...@samba.org> Date: Thu Sep 7 12:34:03 2017 +0200 libcli: Apply some const Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit aea214fce64f64eb71094248ac0b2c32bcc065f4 Author: Volker Lendecke <v...@samba.org> Date: Wed Sep 6 18:20:25 2017 +0200 notifyd: Clarify a comment Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 6222cd71eee3afe88931b74e7f508ca0a969f718 Author: Volker Lendecke <v...@samba.org> Date: Mon Aug 21 12:00:23 2017 +0200 netlogon_creds_cli: Use data_blob_cmp in netlogon_creds_cli_validate Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 6344570a307eb70979ebb43feb3faf0fb2cbf4c8 Author: Volker Lendecke <v...@samba.org> Date: Mon Aug 21 11:54:29 2017 +0200 netlogon_creds_cli: Simplify netlogon_creds_cli_context_global (require_sign_or_seal == false) looks odd :-) Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 7f09c0865ea35eb8d5f90264a27ee523e5df0e38 Author: Volker Lendecke <v...@samba.org> Date: Mon Aug 21 11:34:45 2017 +0200 netlogon_creds_cli: Simplify netlogon_creds_cli_context_common IMHO a full talloc_stackframe is overkill for the one allocation that is left here. Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit f08a04c18400371b1951a24c45fcae146bb7ea33 Author: Volker Lendecke <v...@samba.org> Date: Mon Aug 21 11:34:45 2017 +0200 netlogon_creds_cli: Simplify netlogon_creds_cli_context_common printf knows to only print part of a string. No need to talloc_strdup. Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 2591e320c07606e4ddfdeacbe46a43d0f4de0f53 Author: Volker Lendecke <v...@samba.org> Date: Tue Sep 5 14:08:41 2017 +0200 rpc_client3: Fix a debug message Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 1de1fd86533d05d92e7df411fac2091f4abbc0bc Author: Volker Lendecke <v...@samba.org> Date: Tue Sep 5 14:56:58 2017 +0200 netlogon_creds_cli: A netlogon_creds_cli_context needs a msg_ctx Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 47557ac9b11c215906b7a1cd7b3a7c6982aac282 Author: Volker Lendecke <v...@samba.org> Date: Fri Aug 25 11:39:16 2017 +0200 netlogon_creds_cli: Remove an obsolete comment Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 3101ac93e20027f8c0b9bfe59af55637ec1d5739 Author: Volker Lendecke <v...@samba.org> Date: Fri Aug 25 11:27:30 2017 +0200 netlogon_creds_cli: Avoid a static const struct Same number of .text bytes, but simpler code. Yes, this is {{0}} instead of {0}, which I always promote. I've just read a comment on stackoverflow (which I've unfortunately just closed the tab for :-() that {{0}} might actually be the correct way to init a struct to zero if the first struct element is again a struct. I'm lost. 25 years of C coding and I have no clue of the language :-( Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit b62bba83ba8544adfc3700e927247ec942735538 Author: Volker Lendecke <v...@samba.org> Date: Wed Sep 6 17:31:38 2017 +0200 cli_netlogon: Eliminate rpccli_setup_netlogon_creds_with_creds Inlining the code from rpccli_setup_netlogon_creds Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 7a3d1b5a6fcbbd6d12cb3568a7ac62e50c056a5b Author: Volker Lendecke <v...@samba.org> Date: Wed Sep 6 17:23:47 2017 +0200 cli_netlogon: Rename rpccli_create_netlogon_creds_with_creds This creates a context with access to a credentials, not credentials Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit db92fd6a5038ec5ec4ffbf93ac3a44948413f7d8 Author: Volker Lendecke <v...@samba.org> Date: Wed Sep 6 14:21:36 2017 +0200 cli_netlogon: Make rpccli_setup_netlogon_creds static Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 696a387d57a27a9fe4de42fee6910319e098ab41 Author: Volker Lendecke <v...@samba.org> Date: Wed Sep 6 14:20:32 2017 +0200 libnet: Use rpccli_setup_netlogon_creds_with_creds in join_unsecure Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit fe3dfd9a0c39d8e0cf884804db4df672d315ba27 Author: Volker Lendecke <v...@samba.org> Date: Wed Sep 6 14:14:28 2017 +0200 cli_netlogon: Make rpccli_create_netlogon_creds static Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit a6ad0da292912d3b970914cb965b0cd890aa56c7 Author: Volker Lendecke <v...@samba.org> Date: Wed Sep 6 14:12:27 2017 +0200 libnet: Use rpccli_create_netlogon_creds_with_creds in join_unsecure rpccli_create_netlogon_creds_with_creds just extracts the values we set here from cli_credentials, and the lower-level interface is supposed to go away. Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 9dd0b7fb2c1447a1d2ff5040fad993c09f63f3a4 Author: Volker Lendecke <v...@samba.org> Date: Wed Sep 6 13:48:18 2017 +0200 cli_netlogon: Pass server_dns_domain through rpccli_create_netlogon_creds Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 849e63ff68ec44f81aced8eab64f7098bb2a958d Author: Volker Lendecke <v...@samba.org> Date: Wed Sep 6 13:32:34 2017 +0200 netlogon_creds_cli: Pass "server_dns_domain" through netlogon_creds_cli_context_global Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 2968bfdd1aa898cb60b125920fb299b2e790a7c7 Author: Volker Lendecke <v...@samba.org> Date: Wed Sep 6 13:29:07 2017 +0200 netlogon_creds_cli: Add "dns_domain" to netlogon_creds_cli_context Used later for creating schannel cli_credentials Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 43c104a8e22dfb665b83771e648214b235698d7e Author: Volker Lendecke <v...@samba.org> Date: Tue Sep 5 13:37:41 2017 +0200 s3: Avoid netlogon_creds_cli.h in includes.h There's no point recompiling all of source3 if netlogon_creds_cli.h is changed Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit d1d298bb17f3660d12056ef62ca3975ab783cf74 Author: Volker Lendecke <v...@samba.org> Date: Sun Aug 6 15:42:08 2017 +0200 lib: util_tdb.h needs tdb.h It uses TDB_DATA Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> ----------------------------------------------------------------------- Summary of changes: auth/credentials/credentials.c | 5 +- auth/credentials/credentials.h | 5 +- lib/util/util_tdb.h | 2 + libcli/auth/credentials.c | 5 +- libcli/auth/netlogon_creds_cli.c | 88 ++++++++++++++----------------- libcli/auth/netlogon_creds_cli.h | 1 + libcli/auth/proto.h | 5 +- source3/include/includes.h | 1 - source3/lib/netapi/netapi.c | 1 + source3/libnet/libnet_join.c | 57 ++++++++++++--------- source3/rpc_client/cli_netlogon.c | 94 ++++++++++++++-------------------- source3/rpc_client/cli_netlogon.h | 35 +++++-------- source3/rpc_client/cli_pipe.c | 2 +- source3/rpc_client/cli_pipe_schannel.c | 12 ++--- source3/rpcclient/rpcclient.c | 14 ++--- source3/smbd/notifyd/notifyd.c | 2 +- source3/winbindd/winbindd_cm.c | 18 +++---- 17 files changed, 163 insertions(+), 184 deletions(-) Changeset truncated at 500 lines: diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c index 1a4ec53..105c73c 100644 --- a/auth/credentials/credentials.c +++ b/auth/credentials/credentials.c @@ -959,8 +959,9 @@ _PUBLIC_ void cli_credentials_guess(struct cli_credentials *cred, * Attach NETLOGON credentials for use with SCHANNEL */ -_PUBLIC_ void cli_credentials_set_netlogon_creds(struct cli_credentials *cred, - struct netlogon_creds_CredentialState *netlogon_creds) +_PUBLIC_ void cli_credentials_set_netlogon_creds( + struct cli_credentials *cred, + const struct netlogon_creds_CredentialState *netlogon_creds) { TALLOC_FREE(cred->netlogon_creds); if (netlogon_creds == NULL) { diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h index e75694a..9fe6a82 100644 --- a/auth/credentials/credentials.h +++ b/auth/credentials/credentials.h @@ -158,8 +158,9 @@ void cli_credentials_set_secure_channel_type(struct cli_credentials *cred, enum netr_SchannelType secure_channel_type); void cli_credentials_set_password_last_changed_time(struct cli_credentials *cred, time_t last_change_time); -void cli_credentials_set_netlogon_creds(struct cli_credentials *cred, - struct netlogon_creds_CredentialState *netlogon_creds); +void cli_credentials_set_netlogon_creds( + struct cli_credentials *cred, + const struct netlogon_creds_CredentialState *netlogon_creds); NTSTATUS cli_credentials_set_krb5_context(struct cli_credentials *cred, struct smb_krb5_context *smb_krb5_context); NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred, diff --git a/lib/util/util_tdb.h b/lib/util/util_tdb.h index 3b50789..63d80d1 100644 --- a/lib/util/util_tdb.h +++ b/lib/util/util_tdb.h @@ -22,6 +22,8 @@ #ifndef _____LIB_UTIL_UTIL_TDB_H__ #define _____LIB_UTIL_UTIL_TDB_H__ +#include <tdb.h> + /*************************************************************** Make a TDB_DATA and keep the const warning in one place ****************************************************************/ diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c index ddff5e9..acf88c9 100644 --- a/libcli/auth/credentials.c +++ b/libcli/auth/credentials.c @@ -811,8 +811,9 @@ union netr_LogonLevel *netlogon_creds_shallow_copy_logon(TALLOC_CTX *mem_ctx, copy a netlogon_creds_CredentialState struct */ -struct netlogon_creds_CredentialState *netlogon_creds_copy(TALLOC_CTX *mem_ctx, - struct netlogon_creds_CredentialState *creds_in) +struct netlogon_creds_CredentialState *netlogon_creds_copy( + TALLOC_CTX *mem_ctx, + const struct netlogon_creds_CredentialState *creds_in) { struct netlogon_creds_CredentialState *creds = talloc_zero(mem_ctx, struct netlogon_creds_CredentialState); diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c index 526ee39..dc05316 100644 --- a/libcli/auth/netlogon_creds_cli.c +++ b/libcli/auth/netlogon_creds_cli.c @@ -54,6 +54,7 @@ struct netlogon_creds_cli_context { struct { const char *computer; const char *netbios_domain; + const char *dns_domain; uint32_t cached_flags; bool try_validation6; bool try_logon_ex; @@ -105,34 +106,31 @@ static NTSTATUS netlogon_creds_cli_context_common( uint32_t required_flags, const char *server_computer, const char *server_netbios_domain, + const char *server_dns_domain, TALLOC_CTX *mem_ctx, struct netlogon_creds_cli_context **_context) { struct netlogon_creds_cli_context *context = NULL; - TALLOC_CTX *frame = talloc_stackframe(); char *_key_name = NULL; - char *server_netbios_name = NULL; + size_t server_netbios_name_len; char *p = NULL; *_context = NULL; context = talloc_zero(mem_ctx, struct netlogon_creds_cli_context); if (context == NULL) { - TALLOC_FREE(frame); return NT_STATUS_NO_MEMORY; } context->client.computer = talloc_strdup(context, client_computer); if (context->client.computer == NULL) { TALLOC_FREE(context); - TALLOC_FREE(frame); return NT_STATUS_NO_MEMORY; } context->client.account = talloc_strdup(context, client_account); if (context->client.account == NULL) { TALLOC_FREE(context); - TALLOC_FREE(frame); return NT_STATUS_NO_MEMORY; } @@ -144,14 +142,18 @@ static NTSTATUS netlogon_creds_cli_context_common( context->server.computer = talloc_strdup(context, server_computer); if (context->server.computer == NULL) { TALLOC_FREE(context); - TALLOC_FREE(frame); return NT_STATUS_NO_MEMORY; } context->server.netbios_domain = talloc_strdup(context, server_netbios_domain); if (context->server.netbios_domain == NULL) { TALLOC_FREE(context); - TALLOC_FREE(frame); + return NT_STATUS_NO_MEMORY; + } + + context->server.dns_domain = talloc_strdup(context, server_dns_domain); + if (context->server.dns_domain == NULL) { + TALLOC_FREE(context); return NT_STATUS_NO_MEMORY; } @@ -163,40 +165,35 @@ static NTSTATUS netlogon_creds_cli_context_common( * For now we have to deal with * "HOSTNAME" vs. "hostname.example.com". */ - server_netbios_name = talloc_strdup(frame, server_computer); - if (server_netbios_name == NULL) { - TALLOC_FREE(context); - TALLOC_FREE(frame); - return NT_STATUS_NO_MEMORY; - } - p = strchr(server_netbios_name, '.'); + p = strchr(server_computer, '.'); if (p != NULL) { - p[0] = '\0'; + server_netbios_name_len = p-server_computer; + } else { + server_netbios_name_len = strlen(server_computer); } - _key_name = talloc_asprintf(frame, "CLI[%s/%s]/SRV[%s/%s]", + _key_name = talloc_asprintf(context, "CLI[%s/%s]/SRV[%.*s/%s]", client_computer, client_account, - server_netbios_name, + (int)server_netbios_name_len, + server_computer, server_netbios_domain); if (_key_name == NULL) { TALLOC_FREE(context); - TALLOC_FREE(frame); return NT_STATUS_NO_MEMORY; } context->db.key_name = talloc_strdup_upper(context, _key_name); + TALLOC_FREE(_key_name); if (context->db.key_name == NULL) { TALLOC_FREE(context); - TALLOC_FREE(frame); return NT_STATUS_NO_MEMORY; } context->db.key_data = string_term_tdb_data(context->db.key_name); *_context = context; - TALLOC_FREE(frame); return NT_STATUS_OK; } @@ -255,6 +252,7 @@ NTSTATUS netlogon_creds_cli_context_global(struct loadparm_context *lp_ctx, enum netr_SchannelType type, const char *server_computer, const char *server_netbios_domain, + const char *server_dns_domain, TALLOC_CTX *mem_ctx, struct netlogon_creds_cli_context **_context) { @@ -273,6 +271,10 @@ NTSTATUS netlogon_creds_cli_context_global(struct loadparm_context *lp_ctx, *_context = NULL; + if (msg_ctx == NULL) { + return NT_STATUS_INVALID_PARAMETER_MIX; + } + client_computer = lpcfg_netbios_name(lp_ctx); if (strlen(client_computer) > 15) { return NT_STATUS_INVALID_PARAMETER_MIX; @@ -379,11 +381,11 @@ NTSTATUS netlogon_creds_cli_context_global(struct loadparm_context *lp_ctx, proposed_flags |= NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION; } - if (require_sign_or_seal == false) { - proposed_flags &= ~NETLOGON_NEG_AUTHENTICATED_RPC; - } else { + if (require_sign_or_seal) { required_flags |= NETLOGON_NEG_ARCFOUR; required_flags |= NETLOGON_NEG_AUTHENTICATED_RPC; + } else { + proposed_flags &= ~NETLOGON_NEG_AUTHENTICATED_RPC; } if (reject_md5_servers) { @@ -415,6 +417,7 @@ NTSTATUS netlogon_creds_cli_context_global(struct loadparm_context *lp_ctx, required_flags, server_computer, server_netbios_domain, + "", mem_ctx, &context); if (!NT_STATUS_IS_OK(status)) { @@ -422,13 +425,11 @@ NTSTATUS netlogon_creds_cli_context_global(struct loadparm_context *lp_ctx, return status; } - if (msg_ctx != NULL) { - context->db.g_ctx = g_lock_ctx_init(context, msg_ctx); - if (context->db.g_ctx == NULL) { - TALLOC_FREE(context); - TALLOC_FREE(frame); - return NT_STATUS_NO_MEMORY; - } + context->db.g_ctx = g_lock_ctx_init(context, msg_ctx); + if (context->db.g_ctx == NULL) { + TALLOC_FREE(context); + TALLOC_FREE(frame); + return NT_STATUS_NO_MEMORY; } if (netlogon_creds_cli_global_db != NULL) { @@ -475,6 +476,7 @@ NTSTATUS netlogon_creds_cli_context_tmp(const char *client_computer, required_flags, server_computer, server_netbios_domain, + "", mem_ctx, &context); if (!NT_STATUS_IS_OK(status)) { @@ -560,7 +562,6 @@ NTSTATUS netlogon_creds_cli_get(struct netlogon_creds_cli_context *context, .status = NT_STATUS_INTERNAL_ERROR, .required_flags = context->client.required_flags, }; - static const struct netr_Credential zero_creds; *_creds = NULL; @@ -580,9 +581,9 @@ NTSTATUS netlogon_creds_cli_get(struct netlogon_creds_cli_context *context, * mark it as invalid for step operations. */ fstate.creds->sequence = 0; - fstate.creds->seed = zero_creds; - fstate.creds->client = zero_creds; - fstate.creds->server = zero_creds; + fstate.creds->seed = (struct netr_Credential) {{0}}; + fstate.creds->client = (struct netr_Credential) {{0}}; + fstate.creds->server = (struct netr_Credential) {{0}}; if (context->server.cached_flags == fstate.creds->negotiate_flags) { *_creds = fstate.creds; @@ -602,10 +603,7 @@ NTSTATUS netlogon_creds_cli_get(struct netlogon_creds_cli_context *context, * * The credentials chain is not per NETLOGON pipe * connection, but globally on the server/client pair - * by computer name, while the client is free to use - * any computer name. We include the cluster node number - * in our computer name in order to avoid cross node - * coordination of the credential chain. + * by computer name. * * It's also important to use NetlogonValidationSamInfo4 (6), * because it relies on the rpc transport encryption @@ -671,19 +669,11 @@ bool netlogon_creds_cli_validate(struct netlogon_creds_cli_context *context, return false; } - if (blob1.length != blob2.length) { - TALLOC_FREE(frame); - return false; - } - - cmp = memcmp(blob1.data, blob2.data, blob1.length); - if (cmp != 0) { - TALLOC_FREE(frame); - return false; - } + cmp = data_blob_cmp(&blob1, &blob2); TALLOC_FREE(frame); - return true; + + return (cmp == 0); } NTSTATUS netlogon_creds_cli_store(struct netlogon_creds_cli_context *context, diff --git a/libcli/auth/netlogon_creds_cli.h b/libcli/auth/netlogon_creds_cli.h index 32902f1..fbc59f6 100644 --- a/libcli/auth/netlogon_creds_cli.h +++ b/libcli/auth/netlogon_creds_cli.h @@ -40,6 +40,7 @@ NTSTATUS netlogon_creds_cli_context_global(struct loadparm_context *lp_ctx, enum netr_SchannelType type, const char *server_computer, const char *server_netbios_domain, + const char *server_dns_domain, TALLOC_CTX *mem_ctx, struct netlogon_creds_cli_context **_context); NTSTATUS netlogon_creds_cli_context_tmp(const char *client_computer, diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h index a03f45e..82febe7 100644 --- a/libcli/auth/proto.h +++ b/libcli/auth/proto.h @@ -38,8 +38,9 @@ void netlogon_creds_client_authenticator(struct netlogon_creds_CredentialState * struct netr_Authenticator *next); bool netlogon_creds_client_check(struct netlogon_creds_CredentialState *creds, const struct netr_Credential *received_credentials); -struct netlogon_creds_CredentialState *netlogon_creds_copy(TALLOC_CTX *mem_ctx, - struct netlogon_creds_CredentialState *creds_in); +struct netlogon_creds_CredentialState *netlogon_creds_copy( + TALLOC_CTX *mem_ctx, + const struct netlogon_creds_CredentialState *creds_in); /***************************************************************** The above functions are common to the client and server interface diff --git a/source3/include/includes.h b/source3/include/includes.h index 58bfaa7..e82bfad 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -317,7 +317,6 @@ typedef char fstring[FSTRING_LEN]; #include "../libcli/util/ntstatus.h" #include "../libcli/util/error.h" -#include "../libcli/auth/netlogon_creds_cli.h" #include "../lib/util/charset/charset.h" #include "dynconfig/dynconfig.h" #include "locking.h" diff --git a/source3/lib/netapi/netapi.c b/source3/lib/netapi/netapi.c index 093348b..f8f79c6 100644 --- a/source3/lib/netapi/netapi.c +++ b/source3/lib/netapi/netapi.c @@ -18,6 +18,7 @@ */ #include "includes.h" +#include "../libcli/auth/netlogon_creds_cli.h" #include "lib/netapi/netapi.h" #include "lib/netapi/netapi_private.h" #include "secrets.h" diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 591c177..5880913 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1122,8 +1122,8 @@ static NTSTATUS libnet_join_joindomain_rpc_unsecure(TALLOC_CTX *mem_ctx, { TALLOC_CTX *frame = talloc_stackframe(); struct rpc_pipe_client *netlogon_pipe = NULL; + struct cli_credentials *cli_creds; struct netlogon_creds_cli_context *netlogon_creds = NULL; - struct samr_Password current_nt_hash; size_t len = 0; bool ok; DATA_BLOB new_trust_blob = data_blob_null; @@ -1148,26 +1148,35 @@ static NTSTATUS libnet_join_joindomain_rpc_unsecure(TALLOC_CTX *mem_ctx, } } + cli_creds = cli_credentials_init(talloc_tos()); + if (cli_creds == NULL) { + TALLOC_FREE(frame); + return NT_STATUS_NO_MEMORY; + } + + cli_credentials_set_username(cli_creds, r->out.account_name, + CRED_SPECIFIED); + cli_credentials_set_domain(cli_creds, r->in.domain_name, + CRED_SPECIFIED); + cli_credentials_set_realm(cli_creds, "", CRED_SPECIFIED); + cli_credentials_set_secure_channel_type(cli_creds, + r->in.secure_channel_type); + /* according to WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED */ - E_md4hash(r->in.admin_password, current_nt_hash.hash); - - status = rpccli_create_netlogon_creds(netlogon_pipe->desthost, - r->in.domain_name, - r->out.account_name, - r->in.secure_channel_type, - r->in.msg_ctx, - frame, - &netlogon_creds); + cli_credentials_set_password(cli_creds, r->in.admin_password, + CRED_SPECIFIED); + + status = rpccli_create_netlogon_creds_ctx( + cli_creds, netlogon_pipe->desthost, r->in.msg_ctx, + frame, &netlogon_creds); if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(frame); return status; } - status = rpccli_setup_netlogon_creds(cli, NCACN_NP, - netlogon_creds, - true, /* force_reauth */ - current_nt_hash, - NULL); /* previous_nt_hash */ + status = rpccli_setup_netlogon_creds( + cli, NCACN_NP, netlogon_creds, true /* force_reauth */, + cli_creds); if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(frame); return status; @@ -1608,21 +1617,21 @@ NTSTATUS libnet_join_ok(struct messaging_context *msg_ctx, return status; } - status = rpccli_create_netlogon_creds_with_creds(cli_creds, - dc_name, - msg_ctx, - frame, - &netlogon_creds); + status = rpccli_create_netlogon_creds_ctx(cli_creds, + dc_name, + msg_ctx, + frame, + &netlogon_creds); if (!NT_STATUS_IS_OK(status)) { cli_shutdown(cli); TALLOC_FREE(frame); return status; } - status = rpccli_setup_netlogon_creds_with_creds(cli, NCACN_NP, - netlogon_creds, - true, /* force_reauth */ - cli_creds); + status = rpccli_setup_netlogon_creds(cli, NCACN_NP, + netlogon_creds, + true, /* force_reauth */ + cli_creds); if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("connect_to_domain_password_server: " "unable to open the domain client session to " diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c index 719b985..2c3e205 100644 --- a/source3/rpc_client/cli_netlogon.c +++ b/source3/rpc_client/cli_netlogon.c @@ -86,13 +86,15 @@ NTSTATUS rpccli_pre_open_netlogon_creds(void) return NT_STATUS_OK; } -NTSTATUS rpccli_create_netlogon_creds(const char *server_computer, - const char *server_netbios_domain, - const char *client_account, - enum netr_SchannelType sec_chan_type, - struct messaging_context *msg_ctx, - TALLOC_CTX *mem_ctx, - struct netlogon_creds_cli_context **netlogon_creds) +static NTSTATUS rpccli_create_netlogon_creds( + const char *server_computer, + const char *server_netbios_domain, + const char *server_dns_domain, + const char *client_account, + enum netr_SchannelType sec_chan_type, + struct messaging_context *msg_ctx, + TALLOC_CTX *mem_ctx, + struct netlogon_creds_cli_context **netlogon_creds) { TALLOC_CTX *frame = talloc_stackframe(); struct loadparm_context *lp_ctx; @@ -115,6 +117,7 @@ NTSTATUS rpccli_create_netlogon_creds(const char *server_computer, sec_chan_type, server_computer, server_netbios_domain, + server_dns_domain, mem_ctx, netlogon_creds); TALLOC_FREE(frame); if (!NT_STATUS_IS_OK(status)) { @@ -124,14 +127,16 @@ NTSTATUS rpccli_create_netlogon_creds(const char *server_computer, return NT_STATUS_OK; } -NTSTATUS rpccli_create_netlogon_creds_with_creds(struct cli_credentials *creds, - const char *server_computer, - struct messaging_context *msg_ctx, - TALLOC_CTX *mem_ctx, - struct netlogon_creds_cli_context **netlogon_creds) +NTSTATUS rpccli_create_netlogon_creds_ctx( + struct cli_credentials *creds, + const char *server_computer, + struct messaging_context *msg_ctx, -- Samba Shared Repository