The branch, master has been updated
       via  adf46ff cli_credentials: Apply some const
       via  602ec88 libcli: Apply some const
       via  aea214f notifyd: Clarify a comment
       via  6222cd7 netlogon_creds_cli: Use data_blob_cmp in 
netlogon_creds_cli_validate
       via  6344570 netlogon_creds_cli: Simplify 
netlogon_creds_cli_context_global
       via  7f09c08 netlogon_creds_cli: Simplify 
netlogon_creds_cli_context_common
       via  f08a04c netlogon_creds_cli: Simplify 
netlogon_creds_cli_context_common
       via  2591e32 rpc_client3: Fix a debug message
       via  1de1fd8 netlogon_creds_cli: A netlogon_creds_cli_context needs a 
msg_ctx
       via  47557ac netlogon_creds_cli: Remove an obsolete comment
       via  3101ac9 netlogon_creds_cli: Avoid a static const struct
       via  b62bba8 cli_netlogon: Eliminate 
rpccli_setup_netlogon_creds_with_creds
       via  7a3d1b5 cli_netlogon: Rename rpccli_create_netlogon_creds_with_creds
       via  db92fd6 cli_netlogon: Make rpccli_setup_netlogon_creds static
       via  696a387 libnet: Use rpccli_setup_netlogon_creds_with_creds in 
join_unsecure
       via  fe3dfd9 cli_netlogon: Make rpccli_create_netlogon_creds static
       via  a6ad0da libnet: Use rpccli_create_netlogon_creds_with_creds in 
join_unsecure
       via  9dd0b7f cli_netlogon: Pass server_dns_domain through 
rpccli_create_netlogon_creds
       via  849e63f netlogon_creds_cli: Pass "server_dns_domain" through 
netlogon_creds_cli_context_global
       via  2968bfd netlogon_creds_cli: Add "dns_domain" to 
netlogon_creds_cli_context
       via  43c104a s3: Avoid netlogon_creds_cli.h in includes.h
       via  d1d298b lib: util_tdb.h needs tdb.h
      from  2a003b1 lib: tevent: Remove select backend.

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit adf46ff0eaf9c88f513644e8bbf112d270636971
Author: Volker Lendecke <v...@samba.org>
Date:   Thu Sep 7 12:34:34 2017 +0200

    cli_credentials: Apply some const
    
    Signed-off-by: Volker Lendecke <v...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>
    
    Autobuild-User(master): Andrew Bartlett <abart...@samba.org>
    Autobuild-Date(master): Sat Sep 16 12:28:17 CEST 2017 on sn-devel-144

commit 602ec8884bc276b63af38dcf04e107bcd659680f
Author: Volker Lendecke <v...@samba.org>
Date:   Thu Sep 7 12:34:03 2017 +0200

    libcli: Apply some const
    
    Signed-off-by: Volker Lendecke <v...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>

commit aea214fce64f64eb71094248ac0b2c32bcc065f4
Author: Volker Lendecke <v...@samba.org>
Date:   Wed Sep 6 18:20:25 2017 +0200

    notifyd: Clarify a comment
    
    Signed-off-by: Volker Lendecke <v...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>

commit 6222cd71eee3afe88931b74e7f508ca0a969f718
Author: Volker Lendecke <v...@samba.org>
Date:   Mon Aug 21 12:00:23 2017 +0200

    netlogon_creds_cli: Use data_blob_cmp in netlogon_creds_cli_validate
    
    Signed-off-by: Volker Lendecke <v...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>

commit 6344570a307eb70979ebb43feb3faf0fb2cbf4c8
Author: Volker Lendecke <v...@samba.org>
Date:   Mon Aug 21 11:54:29 2017 +0200

    netlogon_creds_cli: Simplify netlogon_creds_cli_context_global
    
    (require_sign_or_seal == false) looks odd :-)
    
    Signed-off-by: Volker Lendecke <v...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>

commit 7f09c0865ea35eb8d5f90264a27ee523e5df0e38
Author: Volker Lendecke <v...@samba.org>
Date:   Mon Aug 21 11:34:45 2017 +0200

    netlogon_creds_cli: Simplify netlogon_creds_cli_context_common
    
    IMHO a full talloc_stackframe is overkill for the one allocation that is 
left
    here.
    
    Signed-off-by: Volker Lendecke <v...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>

commit f08a04c18400371b1951a24c45fcae146bb7ea33
Author: Volker Lendecke <v...@samba.org>
Date:   Mon Aug 21 11:34:45 2017 +0200

    netlogon_creds_cli: Simplify netlogon_creds_cli_context_common
    
    printf knows to only print part of a string. No need to talloc_strdup.
    
    Signed-off-by: Volker Lendecke <v...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>

commit 2591e320c07606e4ddfdeacbe46a43d0f4de0f53
Author: Volker Lendecke <v...@samba.org>
Date:   Tue Sep 5 14:08:41 2017 +0200

    rpc_client3: Fix a debug message
    
    Signed-off-by: Volker Lendecke <v...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>

commit 1de1fd86533d05d92e7df411fac2091f4abbc0bc
Author: Volker Lendecke <v...@samba.org>
Date:   Tue Sep 5 14:56:58 2017 +0200

    netlogon_creds_cli: A netlogon_creds_cli_context needs a msg_ctx
    
    Signed-off-by: Volker Lendecke <v...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>

commit 47557ac9b11c215906b7a1cd7b3a7c6982aac282
Author: Volker Lendecke <v...@samba.org>
Date:   Fri Aug 25 11:39:16 2017 +0200

    netlogon_creds_cli: Remove an obsolete comment
    
    Signed-off-by: Volker Lendecke <v...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>

commit 3101ac93e20027f8c0b9bfe59af55637ec1d5739
Author: Volker Lendecke <v...@samba.org>
Date:   Fri Aug 25 11:27:30 2017 +0200

    netlogon_creds_cli: Avoid a static const struct
    
    Same number of .text bytes, but simpler code.
    
    Yes, this is {{0}} instead of {0}, which I always promote. I've just read a
    comment on stackoverflow (which I've unfortunately just closed the tab for 
:-()
    that {{0}} might actually be the correct way to init a struct to zero if the
    first struct element is again a struct. I'm lost. 25 years of C coding and I
    have no clue of the language :-(
    
    Signed-off-by: Volker Lendecke <v...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>

commit b62bba83ba8544adfc3700e927247ec942735538
Author: Volker Lendecke <v...@samba.org>
Date:   Wed Sep 6 17:31:38 2017 +0200

    cli_netlogon: Eliminate rpccli_setup_netlogon_creds_with_creds
    
    Inlining the code from rpccli_setup_netlogon_creds
    
    Signed-off-by: Volker Lendecke <v...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>

commit 7a3d1b5a6fcbbd6d12cb3568a7ac62e50c056a5b
Author: Volker Lendecke <v...@samba.org>
Date:   Wed Sep 6 17:23:47 2017 +0200

    cli_netlogon: Rename rpccli_create_netlogon_creds_with_creds
    
    This creates a context with access to a credentials, not credentials
    
    Signed-off-by: Volker Lendecke <v...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>

commit db92fd6a5038ec5ec4ffbf93ac3a44948413f7d8
Author: Volker Lendecke <v...@samba.org>
Date:   Wed Sep 6 14:21:36 2017 +0200

    cli_netlogon: Make rpccli_setup_netlogon_creds static
    
    Signed-off-by: Volker Lendecke <v...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>

commit 696a387d57a27a9fe4de42fee6910319e098ab41
Author: Volker Lendecke <v...@samba.org>
Date:   Wed Sep 6 14:20:32 2017 +0200

    libnet: Use rpccli_setup_netlogon_creds_with_creds in join_unsecure
    
    Signed-off-by: Volker Lendecke <v...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>

commit fe3dfd9a0c39d8e0cf884804db4df672d315ba27
Author: Volker Lendecke <v...@samba.org>
Date:   Wed Sep 6 14:14:28 2017 +0200

    cli_netlogon: Make rpccli_create_netlogon_creds static
    
    Signed-off-by: Volker Lendecke <v...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>

commit a6ad0da292912d3b970914cb965b0cd890aa56c7
Author: Volker Lendecke <v...@samba.org>
Date:   Wed Sep 6 14:12:27 2017 +0200

    libnet: Use rpccli_create_netlogon_creds_with_creds in join_unsecure
    
    rpccli_create_netlogon_creds_with_creds just extracts the values we set here
    from cli_credentials, and the lower-level interface is supposed to go away.
    
    Signed-off-by: Volker Lendecke <v...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>

commit 9dd0b7fb2c1447a1d2ff5040fad993c09f63f3a4
Author: Volker Lendecke <v...@samba.org>
Date:   Wed Sep 6 13:48:18 2017 +0200

    cli_netlogon: Pass server_dns_domain through rpccli_create_netlogon_creds
    
    Signed-off-by: Volker Lendecke <v...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>

commit 849e63ff68ec44f81aced8eab64f7098bb2a958d
Author: Volker Lendecke <v...@samba.org>
Date:   Wed Sep 6 13:32:34 2017 +0200

    netlogon_creds_cli: Pass "server_dns_domain" through 
netlogon_creds_cli_context_global
    
    Signed-off-by: Volker Lendecke <v...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>

commit 2968bfdd1aa898cb60b125920fb299b2e790a7c7
Author: Volker Lendecke <v...@samba.org>
Date:   Wed Sep 6 13:29:07 2017 +0200

    netlogon_creds_cli: Add "dns_domain" to netlogon_creds_cli_context
    
    Used later for creating schannel cli_credentials
    
    Signed-off-by: Volker Lendecke <v...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>

commit 43c104a8e22dfb665b83771e648214b235698d7e
Author: Volker Lendecke <v...@samba.org>
Date:   Tue Sep 5 13:37:41 2017 +0200

    s3: Avoid netlogon_creds_cli.h in includes.h
    
    There's no point recompiling all of source3 if netlogon_creds_cli.h is 
changed
    
    Signed-off-by: Volker Lendecke <v...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>

commit d1d298bb17f3660d12056ef62ca3975ab783cf74
Author: Volker Lendecke <v...@samba.org>
Date:   Sun Aug 6 15:42:08 2017 +0200

    lib: util_tdb.h needs tdb.h
    
    It uses TDB_DATA
    
    Signed-off-by: Volker Lendecke <v...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>

-----------------------------------------------------------------------

Summary of changes:
 auth/credentials/credentials.c         |  5 +-
 auth/credentials/credentials.h         |  5 +-
 lib/util/util_tdb.h                    |  2 +
 libcli/auth/credentials.c              |  5 +-
 libcli/auth/netlogon_creds_cli.c       | 88 ++++++++++++++-----------------
 libcli/auth/netlogon_creds_cli.h       |  1 +
 libcli/auth/proto.h                    |  5 +-
 source3/include/includes.h             |  1 -
 source3/lib/netapi/netapi.c            |  1 +
 source3/libnet/libnet_join.c           | 57 ++++++++++++---------
 source3/rpc_client/cli_netlogon.c      | 94 ++++++++++++++--------------------
 source3/rpc_client/cli_netlogon.h      | 35 +++++--------
 source3/rpc_client/cli_pipe.c          |  2 +-
 source3/rpc_client/cli_pipe_schannel.c | 12 ++---
 source3/rpcclient/rpcclient.c          | 14 ++---
 source3/smbd/notifyd/notifyd.c         |  2 +-
 source3/winbindd/winbindd_cm.c         | 18 +++----
 17 files changed, 163 insertions(+), 184 deletions(-)


Changeset truncated at 500 lines:

diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
index 1a4ec53..105c73c 100644
--- a/auth/credentials/credentials.c
+++ b/auth/credentials/credentials.c
@@ -959,8 +959,9 @@ _PUBLIC_ void cli_credentials_guess(struct cli_credentials 
*cred,
  * Attach NETLOGON credentials for use with SCHANNEL
  */
 
-_PUBLIC_ void cli_credentials_set_netlogon_creds(struct cli_credentials *cred, 
-                                                struct 
netlogon_creds_CredentialState *netlogon_creds)
+_PUBLIC_ void cli_credentials_set_netlogon_creds(
+       struct cli_credentials *cred,
+       const struct netlogon_creds_CredentialState *netlogon_creds)
 {
        TALLOC_FREE(cred->netlogon_creds);
        if (netlogon_creds == NULL) {
diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h
index e75694a..9fe6a82 100644
--- a/auth/credentials/credentials.h
+++ b/auth/credentials/credentials.h
@@ -158,8 +158,9 @@ void cli_credentials_set_secure_channel_type(struct 
cli_credentials *cred,
                                     enum netr_SchannelType 
secure_channel_type);
 void cli_credentials_set_password_last_changed_time(struct cli_credentials 
*cred,
                                                             time_t 
last_change_time);
-void cli_credentials_set_netlogon_creds(struct cli_credentials *cred, 
-                                       struct netlogon_creds_CredentialState 
*netlogon_creds);
+void cli_credentials_set_netlogon_creds(
+       struct cli_credentials *cred,
+       const struct netlogon_creds_CredentialState *netlogon_creds);
 NTSTATUS cli_credentials_set_krb5_context(struct cli_credentials *cred, 
                                          struct smb_krb5_context 
*smb_krb5_context);
 NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred,
diff --git a/lib/util/util_tdb.h b/lib/util/util_tdb.h
index 3b50789..63d80d1 100644
--- a/lib/util/util_tdb.h
+++ b/lib/util/util_tdb.h
@@ -22,6 +22,8 @@
 #ifndef _____LIB_UTIL_UTIL_TDB_H__
 #define _____LIB_UTIL_UTIL_TDB_H__
 
+#include <tdb.h>
+
 /***************************************************************
  Make a TDB_DATA and keep the const warning in one place
 ****************************************************************/
diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
index ddff5e9..acf88c9 100644
--- a/libcli/auth/credentials.c
+++ b/libcli/auth/credentials.c
@@ -811,8 +811,9 @@ union netr_LogonLevel 
*netlogon_creds_shallow_copy_logon(TALLOC_CTX *mem_ctx,
   copy a netlogon_creds_CredentialState struct
 */
 
-struct netlogon_creds_CredentialState *netlogon_creds_copy(TALLOC_CTX *mem_ctx,
-                                                          struct 
netlogon_creds_CredentialState *creds_in)
+struct netlogon_creds_CredentialState *netlogon_creds_copy(
+       TALLOC_CTX *mem_ctx,
+       const struct netlogon_creds_CredentialState *creds_in)
 {
        struct netlogon_creds_CredentialState *creds = talloc_zero(mem_ctx, 
struct netlogon_creds_CredentialState);
 
diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c
index 526ee39..dc05316 100644
--- a/libcli/auth/netlogon_creds_cli.c
+++ b/libcli/auth/netlogon_creds_cli.c
@@ -54,6 +54,7 @@ struct netlogon_creds_cli_context {
        struct {
                const char *computer;
                const char *netbios_domain;
+               const char *dns_domain;
                uint32_t cached_flags;
                bool try_validation6;
                bool try_logon_ex;
@@ -105,34 +106,31 @@ static NTSTATUS netlogon_creds_cli_context_common(
                                uint32_t required_flags,
                                const char *server_computer,
                                const char *server_netbios_domain,
+                               const char *server_dns_domain,
                                TALLOC_CTX *mem_ctx,
                                struct netlogon_creds_cli_context **_context)
 {
        struct netlogon_creds_cli_context *context = NULL;
-       TALLOC_CTX *frame = talloc_stackframe();
        char *_key_name = NULL;
-       char *server_netbios_name = NULL;
+       size_t server_netbios_name_len;
        char *p = NULL;
 
        *_context = NULL;
 
        context = talloc_zero(mem_ctx, struct netlogon_creds_cli_context);
        if (context == NULL) {
-               TALLOC_FREE(frame);
                return NT_STATUS_NO_MEMORY;
        }
 
        context->client.computer = talloc_strdup(context, client_computer);
        if (context->client.computer == NULL) {
                TALLOC_FREE(context);
-               TALLOC_FREE(frame);
                return NT_STATUS_NO_MEMORY;
        }
 
        context->client.account = talloc_strdup(context, client_account);
        if (context->client.account == NULL) {
                TALLOC_FREE(context);
-               TALLOC_FREE(frame);
                return NT_STATUS_NO_MEMORY;
        }
 
@@ -144,14 +142,18 @@ static NTSTATUS netlogon_creds_cli_context_common(
        context->server.computer = talloc_strdup(context, server_computer);
        if (context->server.computer == NULL) {
                TALLOC_FREE(context);
-               TALLOC_FREE(frame);
                return NT_STATUS_NO_MEMORY;
        }
 
        context->server.netbios_domain = talloc_strdup(context, 
server_netbios_domain);
        if (context->server.netbios_domain == NULL) {
                TALLOC_FREE(context);
-               TALLOC_FREE(frame);
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       context->server.dns_domain = talloc_strdup(context, server_dns_domain);
+       if (context->server.dns_domain == NULL) {
+               TALLOC_FREE(context);
                return NT_STATUS_NO_MEMORY;
        }
 
@@ -163,40 +165,35 @@ static NTSTATUS netlogon_creds_cli_context_common(
         * For now we have to deal with
         * "HOSTNAME" vs. "hostname.example.com".
         */
-       server_netbios_name = talloc_strdup(frame, server_computer);
-       if (server_netbios_name == NULL) {
-               TALLOC_FREE(context);
-               TALLOC_FREE(frame);
-               return NT_STATUS_NO_MEMORY;
-       }
 
-       p = strchr(server_netbios_name, '.');
+       p = strchr(server_computer, '.');
        if (p != NULL) {
-               p[0] = '\0';
+               server_netbios_name_len = p-server_computer;
+       } else {
+               server_netbios_name_len = strlen(server_computer);
        }
 
-       _key_name = talloc_asprintf(frame, "CLI[%s/%s]/SRV[%s/%s]",
+       _key_name = talloc_asprintf(context, "CLI[%s/%s]/SRV[%.*s/%s]",
                                    client_computer,
                                    client_account,
-                                   server_netbios_name,
+                                   (int)server_netbios_name_len,
+                                   server_computer,
                                    server_netbios_domain);
        if (_key_name == NULL) {
                TALLOC_FREE(context);
-               TALLOC_FREE(frame);
                return NT_STATUS_NO_MEMORY;
        }
 
        context->db.key_name = talloc_strdup_upper(context, _key_name);
+       TALLOC_FREE(_key_name);
        if (context->db.key_name == NULL) {
                TALLOC_FREE(context);
-               TALLOC_FREE(frame);
                return NT_STATUS_NO_MEMORY;
        }
 
        context->db.key_data = string_term_tdb_data(context->db.key_name);
 
        *_context = context;
-       TALLOC_FREE(frame);
        return NT_STATUS_OK;
 }
 
@@ -255,6 +252,7 @@ NTSTATUS netlogon_creds_cli_context_global(struct 
loadparm_context *lp_ctx,
                                enum netr_SchannelType type,
                                const char *server_computer,
                                const char *server_netbios_domain,
+                               const char *server_dns_domain,
                                TALLOC_CTX *mem_ctx,
                                struct netlogon_creds_cli_context **_context)
 {
@@ -273,6 +271,10 @@ NTSTATUS netlogon_creds_cli_context_global(struct 
loadparm_context *lp_ctx,
 
        *_context = NULL;
 
+       if (msg_ctx == NULL) {
+               return NT_STATUS_INVALID_PARAMETER_MIX;
+       }
+
        client_computer = lpcfg_netbios_name(lp_ctx);
        if (strlen(client_computer) > 15) {
                return NT_STATUS_INVALID_PARAMETER_MIX;
@@ -379,11 +381,11 @@ NTSTATUS netlogon_creds_cli_context_global(struct 
loadparm_context *lp_ctx,
                proposed_flags |= NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION;
        }
 
-       if (require_sign_or_seal == false) {
-               proposed_flags &= ~NETLOGON_NEG_AUTHENTICATED_RPC;
-       } else {
+       if (require_sign_or_seal) {
                required_flags |= NETLOGON_NEG_ARCFOUR;
                required_flags |= NETLOGON_NEG_AUTHENTICATED_RPC;
+       } else {
+               proposed_flags &= ~NETLOGON_NEG_AUTHENTICATED_RPC;
        }
 
        if (reject_md5_servers) {
@@ -415,6 +417,7 @@ NTSTATUS netlogon_creds_cli_context_global(struct 
loadparm_context *lp_ctx,
                                                   required_flags,
                                                   server_computer,
                                                   server_netbios_domain,
+                                                  "",
                                                   mem_ctx,
                                                   &context);
        if (!NT_STATUS_IS_OK(status)) {
@@ -422,13 +425,11 @@ NTSTATUS netlogon_creds_cli_context_global(struct 
loadparm_context *lp_ctx,
                return status;
        }
 
-       if (msg_ctx != NULL) {
-               context->db.g_ctx = g_lock_ctx_init(context, msg_ctx);
-               if (context->db.g_ctx == NULL) {
-                       TALLOC_FREE(context);
-                       TALLOC_FREE(frame);
-                       return NT_STATUS_NO_MEMORY;
-               }
+       context->db.g_ctx = g_lock_ctx_init(context, msg_ctx);
+       if (context->db.g_ctx == NULL) {
+               TALLOC_FREE(context);
+               TALLOC_FREE(frame);
+               return NT_STATUS_NO_MEMORY;
        }
 
        if (netlogon_creds_cli_global_db != NULL) {
@@ -475,6 +476,7 @@ NTSTATUS netlogon_creds_cli_context_tmp(const char 
*client_computer,
                                                   required_flags,
                                                   server_computer,
                                                   server_netbios_domain,
+                                                  "",
                                                   mem_ctx,
                                                   &context);
        if (!NT_STATUS_IS_OK(status)) {
@@ -560,7 +562,6 @@ NTSTATUS netlogon_creds_cli_get(struct 
netlogon_creds_cli_context *context,
                .status = NT_STATUS_INTERNAL_ERROR,
                .required_flags = context->client.required_flags,
        };
-       static const struct netr_Credential zero_creds;
 
        *_creds = NULL;
 
@@ -580,9 +581,9 @@ NTSTATUS netlogon_creds_cli_get(struct 
netlogon_creds_cli_context *context,
         * mark it as invalid for step operations.
         */
        fstate.creds->sequence = 0;
-       fstate.creds->seed = zero_creds;
-       fstate.creds->client = zero_creds;
-       fstate.creds->server = zero_creds;
+       fstate.creds->seed = (struct netr_Credential) {{0}};
+       fstate.creds->client = (struct netr_Credential) {{0}};
+       fstate.creds->server = (struct netr_Credential) {{0}};
 
        if (context->server.cached_flags == fstate.creds->negotiate_flags) {
                *_creds = fstate.creds;
@@ -602,10 +603,7 @@ NTSTATUS netlogon_creds_cli_get(struct 
netlogon_creds_cli_context *context,
         *
         * The credentials chain is not per NETLOGON pipe
         * connection, but globally on the server/client pair
-        * by computer name, while the client is free to use
-        * any computer name. We include the cluster node number
-        * in our computer name in order to avoid cross node
-        * coordination of the credential chain.
+        * by computer name.
         *
         * It's also important to use NetlogonValidationSamInfo4 (6),
         * because it relies on the rpc transport encryption
@@ -671,19 +669,11 @@ bool netlogon_creds_cli_validate(struct 
netlogon_creds_cli_context *context,
                return false;
        }
 
-       if (blob1.length != blob2.length) {
-               TALLOC_FREE(frame);
-               return false;
-       }
-
-       cmp = memcmp(blob1.data, blob2.data, blob1.length);
-       if (cmp != 0) {
-               TALLOC_FREE(frame);
-               return false;
-       }
+       cmp = data_blob_cmp(&blob1, &blob2);
 
        TALLOC_FREE(frame);
-       return true;
+
+       return (cmp == 0);
 }
 
 NTSTATUS netlogon_creds_cli_store(struct netlogon_creds_cli_context *context,
diff --git a/libcli/auth/netlogon_creds_cli.h b/libcli/auth/netlogon_creds_cli.h
index 32902f1..fbc59f6 100644
--- a/libcli/auth/netlogon_creds_cli.h
+++ b/libcli/auth/netlogon_creds_cli.h
@@ -40,6 +40,7 @@ NTSTATUS netlogon_creds_cli_context_global(struct 
loadparm_context *lp_ctx,
                                enum netr_SchannelType type,
                                const char *server_computer,
                                const char *server_netbios_domain,
+                               const char *server_dns_domain,
                                TALLOC_CTX *mem_ctx,
                                struct netlogon_creds_cli_context **_context);
 NTSTATUS netlogon_creds_cli_context_tmp(const char *client_computer,
diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h
index a03f45e..82febe7 100644
--- a/libcli/auth/proto.h
+++ b/libcli/auth/proto.h
@@ -38,8 +38,9 @@ void netlogon_creds_client_authenticator(struct 
netlogon_creds_CredentialState *
                                struct netr_Authenticator *next);
 bool netlogon_creds_client_check(struct netlogon_creds_CredentialState *creds,
                        const struct netr_Credential *received_credentials);
-struct netlogon_creds_CredentialState *netlogon_creds_copy(TALLOC_CTX *mem_ctx,
-                                                          struct 
netlogon_creds_CredentialState *creds_in);
+struct netlogon_creds_CredentialState *netlogon_creds_copy(
+       TALLOC_CTX *mem_ctx,
+       const struct netlogon_creds_CredentialState *creds_in);
 
 /*****************************************************************
 The above functions are common to the client and server interface
diff --git a/source3/include/includes.h b/source3/include/includes.h
index 58bfaa7..e82bfad 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -317,7 +317,6 @@ typedef char fstring[FSTRING_LEN];
 
 #include "../libcli/util/ntstatus.h"
 #include "../libcli/util/error.h"
-#include "../libcli/auth/netlogon_creds_cli.h"
 #include "../lib/util/charset/charset.h"
 #include "dynconfig/dynconfig.h"
 #include "locking.h"
diff --git a/source3/lib/netapi/netapi.c b/source3/lib/netapi/netapi.c
index 093348b..f8f79c6 100644
--- a/source3/lib/netapi/netapi.c
+++ b/source3/lib/netapi/netapi.c
@@ -18,6 +18,7 @@
  */
 
 #include "includes.h"
+#include "../libcli/auth/netlogon_creds_cli.h"
 #include "lib/netapi/netapi.h"
 #include "lib/netapi/netapi_private.h"
 #include "secrets.h"
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 591c177..5880913 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -1122,8 +1122,8 @@ static NTSTATUS 
libnet_join_joindomain_rpc_unsecure(TALLOC_CTX *mem_ctx,
 {
        TALLOC_CTX *frame = talloc_stackframe();
        struct rpc_pipe_client *netlogon_pipe = NULL;
+       struct cli_credentials *cli_creds;
        struct netlogon_creds_cli_context *netlogon_creds = NULL;
-       struct samr_Password current_nt_hash;
        size_t len = 0;
        bool ok;
        DATA_BLOB new_trust_blob = data_blob_null;
@@ -1148,26 +1148,35 @@ static NTSTATUS 
libnet_join_joindomain_rpc_unsecure(TALLOC_CTX *mem_ctx,
                }
        }
 
+       cli_creds = cli_credentials_init(talloc_tos());
+       if (cli_creds == NULL) {
+               TALLOC_FREE(frame);
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       cli_credentials_set_username(cli_creds, r->out.account_name,
+                                    CRED_SPECIFIED);
+       cli_credentials_set_domain(cli_creds, r->in.domain_name,
+                                  CRED_SPECIFIED);
+       cli_credentials_set_realm(cli_creds, "", CRED_SPECIFIED);
+       cli_credentials_set_secure_channel_type(cli_creds,
+                                               r->in.secure_channel_type);
+
        /* according to WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED */
-       E_md4hash(r->in.admin_password, current_nt_hash.hash);
-
-       status = rpccli_create_netlogon_creds(netlogon_pipe->desthost,
-                                             r->in.domain_name,
-                                             r->out.account_name,
-                                             r->in.secure_channel_type,
-                                             r->in.msg_ctx,
-                                             frame,
-                                             &netlogon_creds);
+       cli_credentials_set_password(cli_creds, r->in.admin_password,
+                                    CRED_SPECIFIED);
+
+       status = rpccli_create_netlogon_creds_ctx(
+               cli_creds, netlogon_pipe->desthost, r->in.msg_ctx,
+               frame, &netlogon_creds);
        if (!NT_STATUS_IS_OK(status)) {
                TALLOC_FREE(frame);
                return status;
        }
 
-       status = rpccli_setup_netlogon_creds(cli, NCACN_NP,
-                                            netlogon_creds,
-                                            true, /* force_reauth */
-                                            current_nt_hash,
-                                            NULL); /* previous_nt_hash */
+       status = rpccli_setup_netlogon_creds(
+               cli, NCACN_NP, netlogon_creds, true /* force_reauth */,
+               cli_creds);
        if (!NT_STATUS_IS_OK(status)) {
                TALLOC_FREE(frame);
                return status;
@@ -1608,21 +1617,21 @@ NTSTATUS libnet_join_ok(struct messaging_context 
*msg_ctx,
                return status;
        }
 
-       status = rpccli_create_netlogon_creds_with_creds(cli_creds,
-                                                        dc_name,
-                                                        msg_ctx,
-                                                        frame,
-                                                        &netlogon_creds);
+       status = rpccli_create_netlogon_creds_ctx(cli_creds,
+                                                 dc_name,
+                                                 msg_ctx,
+                                                 frame,
+                                                 &netlogon_creds);
        if (!NT_STATUS_IS_OK(status)) {
                cli_shutdown(cli);
                TALLOC_FREE(frame);
                return status;
        }
 
-       status = rpccli_setup_netlogon_creds_with_creds(cli, NCACN_NP,
-                                                       netlogon_creds,
-                                                       true, /* force_reauth */
-                                                       cli_creds);
+       status = rpccli_setup_netlogon_creds(cli, NCACN_NP,
+                                            netlogon_creds,
+                                            true, /* force_reauth */
+                                            cli_creds);
        if (!NT_STATUS_IS_OK(status)) {
                DEBUG(0,("connect_to_domain_password_server: "
                         "unable to open the domain client session to "
diff --git a/source3/rpc_client/cli_netlogon.c 
b/source3/rpc_client/cli_netlogon.c
index 719b985..2c3e205 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -86,13 +86,15 @@ NTSTATUS rpccli_pre_open_netlogon_creds(void)
        return NT_STATUS_OK;
 }
 
-NTSTATUS rpccli_create_netlogon_creds(const char *server_computer,
-                                     const char *server_netbios_domain,
-                                     const char *client_account,
-                                     enum netr_SchannelType sec_chan_type,
-                                     struct messaging_context *msg_ctx,
-                                     TALLOC_CTX *mem_ctx,
-                                     struct netlogon_creds_cli_context 
**netlogon_creds)
+static NTSTATUS rpccli_create_netlogon_creds(
+       const char *server_computer,
+       const char *server_netbios_domain,
+       const char *server_dns_domain,
+       const char *client_account,
+       enum netr_SchannelType sec_chan_type,
+       struct messaging_context *msg_ctx,
+       TALLOC_CTX *mem_ctx,
+       struct netlogon_creds_cli_context **netlogon_creds)
 {
        TALLOC_CTX *frame = talloc_stackframe();
        struct loadparm_context *lp_ctx;
@@ -115,6 +117,7 @@ NTSTATUS rpccli_create_netlogon_creds(const char 
*server_computer,
                                                   sec_chan_type,
                                                   server_computer,
                                                   server_netbios_domain,
+                                                  server_dns_domain,
                                                   mem_ctx, netlogon_creds);
        TALLOC_FREE(frame);
        if (!NT_STATUS_IS_OK(status)) {
@@ -124,14 +127,16 @@ NTSTATUS rpccli_create_netlogon_creds(const char 
*server_computer,
        return NT_STATUS_OK;
 }
 
-NTSTATUS rpccli_create_netlogon_creds_with_creds(struct cli_credentials *creds,
-                                                const char *server_computer,
-                                                struct messaging_context 
*msg_ctx,
-                                                TALLOC_CTX *mem_ctx,
-                                                struct 
netlogon_creds_cli_context **netlogon_creds)
+NTSTATUS rpccli_create_netlogon_creds_ctx(
+       struct cli_credentials *creds,
+       const char *server_computer,
+       struct messaging_context *msg_ctx,


-- 
Samba Shared Repository

Reply via email to