[SCM] Samba Shared Repository - branch master updated

Andrew Bartlett abartlet at samba.org
Mon Aug 5 01:37:02 MDT 2013


The branch, master has been updated
       via  b699d40 auth/credentials: use CRED_CALLBACK_RESULT after a callback
       via  8ea36a8 auth/credentials: simplify password_tries state
       via  26a7420 auth/credentials: get the old password from secrets.tdb
       via  9325bd9 auth/credentials: keep cli_credentials private
       via  bbd63dd s4:ntlm_auth: make use of cli_credentials_[set_]callback_data*
       via  d47bf46 s4:torture/rpc: make use of cli_credentials_set_netlogon_creds()
       via  d36fcaa s4:torture/gentest: make use of cli_credentials_get_username()
       via  36b3c95 s4:torture/shell: simplify cli_credentials_set_password() call
       via  cfeeb3c s3:ntlm_auth: remove pointless credentials->priv_data = NULL;
       via  b3cd44d auth/credentials: add cli_credentials_shallow_copy()
       via  6ff6778 auth/credentials: add cli_credentials_[set_]callback_data*
       via  b8f0922 auth/credentials: remove pointless talloc_reference() from cli_credentials_get_principal_and_obtained()
       via  9535029 auth/credentials: remove pointless talloc_reference() from cli_credentials_get_unparsed_name()
      from  cae48e9 tevent: Add echo server sample code

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit b699d404bb5d4385a757b5aa5d0e792cf9d5de59
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Jul 31 14:32:36 2013 +0200

    auth/credentials: use CRED_CALLBACK_RESULT after a callback
    
    We only do this if it's still CRED_CALLBACK after the callback,
    this allowes the callback to overwrite it.
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    
    Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
    Autobuild-Date(master): Mon Aug  5 09:36:05 CEST 2013 on sn-devel-104

commit 8ea36a8e58d499aa7bf342b365ca00cb39f295b6
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Jul 31 14:25:54 2013 +0200

    auth/credentials: simplify password_tries state
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

commit 26a7420c1c4307023b22676cd85d95010ecbf603
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Jul 31 13:39:17 2013 +0200

    auth/credentials: get the old password from secrets.tdb
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

commit 9325bd9cb6bb942ea989f4e32799c76ea8af3d3e
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Jul 31 12:41:40 2013 +0200

    auth/credentials: keep cli_credentials private
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

commit bbd63dd8a17468d3e332969a30c06e2b2f1540fc
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Jul 31 13:24:21 2013 +0200

    s4:ntlm_auth: make use of cli_credentials_[set_]callback_data*
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

commit d47bf469b8a9064f4f7033918b1fe519adfa0c26
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Jul 31 13:23:41 2013 +0200

    s4:torture/rpc: make use of cli_credentials_set_netlogon_creds()
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

commit d36fcaa5f3c4d1ad54d767f4a7c5fa6c8d69c00e
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Jul 31 13:23:08 2013 +0200

    s4:torture/gentest: make use of cli_credentials_get_username()
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

commit 36b3c9506c1ac5549a38140e7ffd57644290069f
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Jul 31 13:22:10 2013 +0200

    s4:torture/shell: simplify cli_credentials_set_password() call
    
    All we want is to avoid a possible callback...
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

commit cfeeb3ce3de5d1df07299fb83327ae258da0bf8d
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Jul 31 13:20:13 2013 +0200

    s3:ntlm_auth: remove pointless credentials->priv_data = NULL;
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

commit b3cd44d50cff99fa77611679d68d2d57434fefa4
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Jul 31 13:21:14 2013 +0200

    auth/credentials: add cli_credentials_shallow_copy()
    
    This is useful for testing.
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

commit 6ff6778bdc60f1cd4d52cba83bd47d3398fe5a20
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Jul 31 12:52:17 2013 +0200

    auth/credentials: add cli_credentials_[set_]callback_data*
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

commit b8f09226458dc13cf901f481ede89d8a6bb94ba7
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Jul 31 12:33:25 2013 +0200

    auth/credentials: remove pointless talloc_reference() from cli_credentials_get_principal_and_obtained()
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

commit 953502925863377b5e566edff4ac68c63e8d151f
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Jul 31 12:33:25 2013 +0200

    auth/credentials: remove pointless talloc_reference() from cli_credentials_get_unparsed_name()
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 auth/credentials/credentials.c          |   84 ++++++++++++++++++-----
 auth/credentials/credentials.h          |  112 +++++-------------------------
 auth/credentials/credentials_internal.h |  114 +++++++++++++++++++++++++++++++
 auth/credentials/credentials_krb5.c     |    1 +
 auth/credentials/credentials_ntlm.c     |    1 +
 auth/credentials/credentials_secrets.c  |   12 +++
 source3/utils/ntlm_auth.c               |    1 -
 source4/torture/gentest.c               |    3 +-
 source4/torture/rpc/schannel.c          |   36 ++++------
 source4/torture/shell.c                 |    5 +-
 source4/utils/ntlm_auth.c               |   10 ++-
 11 files changed, 238 insertions(+), 141 deletions(-)
 create mode 100644 auth/credentials/credentials_internal.h


Changeset truncated at 500 lines:

diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
index e636123..be497bc 100644
--- a/auth/credentials/credentials.c
+++ b/auth/credentials/credentials.c
@@ -24,6 +24,7 @@
 #include "includes.h"
 #include "librpc/gen_ndr/samr.h" /* for struct samrPassword */
 #include "auth/credentials/credentials.h"
+#include "auth/credentials/credentials_internal.h"
 #include "libcli/auth/libcli_auth.h"
 #include "tevent.h"
 #include "param/param.h"
@@ -103,7 +104,7 @@ _PUBLIC_ struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx)
 
 	cred->machine_account = false;
 
-	cred->tries = 3;
+	cred->password_tries = 0;
 
 	cred->callback_running = false;
 
@@ -114,6 +115,32 @@ _PUBLIC_ struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx)
 	return cred;
 }
 
+_PUBLIC_ void cli_credentials_set_callback_data(struct cli_credentials *cred,
+						void *callback_data)
+{
+	cred->priv_data = callback_data;
+}
+
+_PUBLIC_ void *_cli_credentials_callback_data(struct cli_credentials *cred)
+{
+	return cred->priv_data;
+}
+
+_PUBLIC_ struct cli_credentials *cli_credentials_shallow_copy(TALLOC_CTX *mem_ctx,
+						struct cli_credentials *src)
+{
+	struct cli_credentials *dst;
+
+	dst = talloc(mem_ctx, struct cli_credentials);
+	if (dst == NULL) {
+		return NULL;
+	}
+
+	*dst = *src;
+
+	return dst;
+}
+
 /**
  * Create a new anonymous credential
  * @param mem_ctx TALLOC_CTX parent for credentials structure 
@@ -179,8 +206,10 @@ _PUBLIC_ const char *cli_credentials_get_username(struct cli_credentials *cred)
 	    	cred->callback_running = true;
 		cred->username = cred->username_cb(cred);
 	    	cred->callback_running = false;
-		cred->username_obtained = CRED_SPECIFIED;
-		cli_credentials_invalidate_ccache(cred, cred->username_obtained);
+		if (cred->username_obtained == CRED_CALLBACK) {
+			cred->username_obtained = CRED_CALLBACK_RESULT;
+			cli_credentials_invalidate_ccache(cred, cred->username_obtained);
+		}
 	}
 
 	return cred->username;
@@ -248,8 +277,10 @@ _PUBLIC_ const char *cli_credentials_get_principal_and_obtained(struct cli_crede
 	    	cred->callback_running = true;
 		cred->principal = cred->principal_cb(cred);
 	    	cred->callback_running = false;
-		cred->principal_obtained = CRED_SPECIFIED;
-		cli_credentials_invalidate_ccache(cred, cred->principal_obtained);
+		if (cred->principal_obtained == CRED_CALLBACK) {
+			cred->principal_obtained = CRED_CALLBACK_RESULT;
+			cli_credentials_invalidate_ccache(cred, cred->principal_obtained);
+		}
 	}
 
 	if (cred->principal_obtained < cred->username_obtained
@@ -267,7 +298,7 @@ _PUBLIC_ const char *cli_credentials_get_principal_and_obtained(struct cli_crede
 		}
 	}
 	*obtained = cred->principal_obtained;
-	return talloc_reference(mem_ctx, cred->principal);
+	return talloc_strdup(mem_ctx, cred->principal);
 }
 
 /**
@@ -355,8 +386,10 @@ _PUBLIC_ const char *cli_credentials_get_password(struct cli_credentials *cred)
 	    	cred->callback_running = true;
 		cred->password = cred->password_cb(cred);
 	    	cred->callback_running = false;
-		cred->password_obtained = CRED_CALLBACK_RESULT;
-		cli_credentials_invalidate_ccache(cred, cred->password_obtained);
+		if (cred->password_obtained == CRED_CALLBACK) {
+			cred->password_obtained = CRED_CALLBACK_RESULT;
+			cli_credentials_invalidate_ccache(cred, cred->password_obtained);
+		}
 	}
 
 	return cred->password;
@@ -370,6 +403,7 @@ _PUBLIC_ bool cli_credentials_set_password(struct cli_credentials *cred,
 				  enum credentials_obtained obtained)
 {
 	if (obtained >= cred->password_obtained) {
+		cred->password_tries = 0;
 		cred->password = talloc_strdup(cred, val);
 		if (cred->password) {
 			/* Don't print the actual password in talloc memory dumps */
@@ -391,6 +425,7 @@ _PUBLIC_ bool cli_credentials_set_password_callback(struct cli_credentials *cred
 					   const char *(*password_cb) (struct cli_credentials *))
 {
 	if (cred->password_obtained < CRED_CALLBACK) {
+		cred->password_tries = 3;
 		cred->password_cb = password_cb;
 		cred->password_obtained = CRED_CALLBACK;
 		cli_credentials_invalidate_ccache(cred, cred->password_obtained);
@@ -473,8 +508,10 @@ _PUBLIC_ const char *cli_credentials_get_domain(struct cli_credentials *cred)
 	    	cred->callback_running = true;
 		cred->domain = cred->domain_cb(cred);
 	    	cred->callback_running = false;
-		cred->domain_obtained = CRED_SPECIFIED;
-		cli_credentials_invalidate_ccache(cred, cred->domain_obtained);
+		if (cred->domain_obtained == CRED_CALLBACK) {
+			cred->domain_obtained = CRED_CALLBACK_RESULT;
+			cli_credentials_invalidate_ccache(cred, cred->domain_obtained);
+		}
 	}
 
 	return cred->domain;
@@ -532,8 +569,10 @@ _PUBLIC_ const char *cli_credentials_get_realm(struct cli_credentials *cred)
 	    	cred->callback_running = true;
 		cred->realm = cred->realm_cb(cred);
 	    	cred->callback_running = false;
-		cred->realm_obtained = CRED_SPECIFIED;
-		cli_credentials_invalidate_ccache(cred, cred->realm_obtained);
+		if (cred->realm_obtained == CRED_CALLBACK) {
+			cred->realm_obtained = CRED_CALLBACK_RESULT;
+			cli_credentials_invalidate_ccache(cred, cred->realm_obtained);
+		}
 	}
 
 	return cred->realm;
@@ -583,7 +622,9 @@ _PUBLIC_ const char *cli_credentials_get_workstation(struct cli_credentials *cre
 	    	cred->callback_running = true;
 		cred->workstation = cred->workstation_cb(cred);
 	    	cred->callback_running = false;
-		cred->workstation_obtained = CRED_SPECIFIED;
+		if (cred->workstation_obtained == CRED_CALLBACK) {
+			cred->workstation_obtained = CRED_CALLBACK_RESULT;
+		}
 	}
 
 	return cred->workstation;
@@ -669,7 +710,7 @@ _PUBLIC_ const char *cli_credentials_get_unparsed_name(struct cli_credentials *c
 	const char *name;
 
 	if (bind_dn) {
-		name = talloc_reference(mem_ctx, bind_dn);
+		name = talloc_strdup(mem_ctx, bind_dn);
 	} else {
 		cli_credentials_get_ntlm_username_domain(credentials, mem_ctx, &username, &domain);
 		if (domain && domain[0]) {
@@ -870,12 +911,19 @@ _PUBLIC_ bool cli_credentials_wrong_password(struct cli_credentials *cred)
 	if (cred->password_obtained != CRED_CALLBACK_RESULT) {
 		return false;
 	}
-	
-	cred->password_obtained = CRED_CALLBACK;
 
-	cred->tries--;
+	if (cred->password_tries == 0) {
+		return false;
+	}
+
+	cred->password_tries--;
+
+	if (cred->password_tries == 0) {
+		return false;
+	}
 
-	return (cred->tries > 0);
+	cred->password_obtained = CRED_CALLBACK;
+	return true;
 }
 
 _PUBLIC_ void cli_credentials_get_ntlm_username_domain(struct cli_credentials *cred, TALLOC_CTX *mem_ctx, 
diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h
index dbc014f..cb09dc3 100644
--- a/auth/credentials/credentials.h
+++ b/auth/credentials/credentials.h
@@ -25,9 +25,17 @@
 #include "../lib/util/data_blob.h"
 #include "librpc/gen_ndr/misc.h"
 
+struct cli_credentials;
 struct ccache_container;
 struct tevent_context;
 struct netlogon_creds_CredentialState;
+struct ldb_context;
+struct ldb_message;
+struct loadparm_context;
+struct ccache_container;
+struct gssapi_creds_container;
+struct smb_krb5_context;
+struct keytab_container;
 
 /* In order of priority */
 enum credentials_obtained { 
@@ -57,99 +65,6 @@ enum credentials_krb_forwardable {
 #define CLI_CRED_NTLM_AUTH   0x08
 #define CLI_CRED_CLEAR_AUTH  0x10   /* TODO:  Push cleartext auth with this flag */
 
-struct cli_credentials {
-	enum credentials_obtained workstation_obtained;
-	enum credentials_obtained username_obtained;
-	enum credentials_obtained password_obtained;
-	enum credentials_obtained domain_obtained;
-	enum credentials_obtained realm_obtained;
-	enum credentials_obtained ccache_obtained;
-	enum credentials_obtained client_gss_creds_obtained;
-	enum credentials_obtained principal_obtained;
-	enum credentials_obtained keytab_obtained;
-	enum credentials_obtained server_gss_creds_obtained;
-
-	/* Threshold values (essentially a MAX() over a number of the
-	 * above) for the ccache and GSS credentials, to ensure we
-	 * regenerate/pick correctly */
-
-	enum credentials_obtained ccache_threshold;
-	enum credentials_obtained client_gss_creds_threshold;
-
-	const char *workstation;
-	const char *username;
-	const char *password;
-	const char *old_password;
-	const char *domain;
-	const char *realm;
-	const char *principal;
-	char *salt_principal;
-	char *impersonate_principal;
-	char *self_service;
-	char *target_service;
-
-	const char *bind_dn;
-
-	/* Allows authentication from a keytab or similar */
-	struct samr_Password *nt_hash;
-
-	/* Allows NTLM pass-though authentication */
-	DATA_BLOB lm_response;
-	DATA_BLOB nt_response;
-
-	struct ccache_container *ccache;
-	struct gssapi_creds_container *client_gss_creds;
-	struct keytab_container *keytab;
-	struct gssapi_creds_container *server_gss_creds;
-
-	const char *(*workstation_cb) (struct cli_credentials *);
-	const char *(*password_cb) (struct cli_credentials *);
-	const char *(*username_cb) (struct cli_credentials *);
-	const char *(*domain_cb) (struct cli_credentials *);
-	const char *(*realm_cb) (struct cli_credentials *);
-	const char *(*principal_cb) (struct cli_credentials *);
-
-	/* Private handle for the callback routines to use */
-	void *priv_data;
-
-	struct netlogon_creds_CredentialState *netlogon_creds;
-	enum netr_SchannelType secure_channel_type;
-	int kvno;
-	time_t password_last_changed_time;
-
-	struct smb_krb5_context *smb_krb5_context;
-
-	/* We are flagged to get machine account details from the
-	 * secrets.ldb when we are asked for a username or password */
-	bool machine_account_pending;
-	struct loadparm_context *machine_account_pending_lp_ctx;
-	
-	/* Is this a machine account? */
-	bool machine_account;
-
-	/* Should we be trying to use kerberos? */
-	enum credentials_use_kerberos use_kerberos;
-
-	/* Should we get a forwardable ticket? */
-	enum credentials_krb_forwardable krb_forwardable;
-
-	/* gensec features which should be used for connections */
-	uint32_t gensec_features;
-
-	/* Number of retries left before bailing out */
-	int tries;
-
-	/* Whether any callback is currently running */
-	bool callback_running;
-};
-
-struct ldb_context;
-struct ldb_message;
-struct loadparm_context;
-struct ccache_container;
-
-struct gssapi_creds_container;
-
 const char *cli_credentials_get_workstation(struct cli_credentials *cred);
 bool cli_credentials_set_workstation(struct cli_credentials *cred, 
 				     const char *val, 
@@ -332,6 +247,17 @@ bool cli_credentials_set_realm_callback(struct cli_credentials *cred,
 bool cli_credentials_set_workstation_callback(struct cli_credentials *cred,
 					      const char *(*workstation_cb) (struct cli_credentials *));
 
+void cli_credentials_set_callback_data(struct cli_credentials *cred,
+				       void *callback_data);
+void *_cli_credentials_callback_data(struct cli_credentials *cred);
+#define cli_credentials_callback_data(_cred, _type) \
+	talloc_get_type_abort(_cli_credentials_callback_data(_cred), _type)
+#define cli_credentials_callback_data_void(_cred) \
+	_cli_credentials_callback_data(_cred)
+
+struct cli_credentials *cli_credentials_shallow_copy(TALLOC_CTX *mem_ctx,
+						struct cli_credentials *src);
+
 /**
  * Return attached NETLOGON credentials 
  */
diff --git a/auth/credentials/credentials_internal.h b/auth/credentials/credentials_internal.h
new file mode 100644
index 0000000..f2f79b9
--- /dev/null
+++ b/auth/credentials/credentials_internal.h
@@ -0,0 +1,114 @@
+/*
+   samba -- Unix SMB/CIFS implementation.
+
+   Client credentials structure
+
+   Copyright (C) Jelmer Vernooij 2004-2006
+   Copyright (C) Andrew Bartlett <abartlet at samba.org> 2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+#ifndef __CREDENTIALS_INTERNAL_H__
+#define __CREDENTIALS_INTERNAL_H__
+
+#include "../lib/util/data_blob.h"
+#include "librpc/gen_ndr/misc.h"
+
+struct cli_credentials {
+	enum credentials_obtained workstation_obtained;
+	enum credentials_obtained username_obtained;
+	enum credentials_obtained password_obtained;
+	enum credentials_obtained domain_obtained;
+	enum credentials_obtained realm_obtained;
+	enum credentials_obtained ccache_obtained;
+	enum credentials_obtained client_gss_creds_obtained;
+	enum credentials_obtained principal_obtained;
+	enum credentials_obtained keytab_obtained;
+	enum credentials_obtained server_gss_creds_obtained;
+
+	/* Threshold values (essentially a MAX() over a number of the
+	 * above) for the ccache and GSS credentials, to ensure we
+	 * regenerate/pick correctly */
+
+	enum credentials_obtained ccache_threshold;
+	enum credentials_obtained client_gss_creds_threshold;
+
+	const char *workstation;
+	const char *username;
+	const char *password;
+	const char *old_password;
+	const char *domain;
+	const char *realm;
+	const char *principal;
+	char *salt_principal;
+	char *impersonate_principal;
+	char *self_service;
+	char *target_service;
+
+	const char *bind_dn;
+
+	/* Allows authentication from a keytab or similar */
+	struct samr_Password *nt_hash;
+
+	/* Allows NTLM pass-though authentication */
+	DATA_BLOB lm_response;
+	DATA_BLOB nt_response;
+
+	struct ccache_container *ccache;
+	struct gssapi_creds_container *client_gss_creds;
+	struct keytab_container *keytab;
+	struct gssapi_creds_container *server_gss_creds;
+
+	const char *(*workstation_cb) (struct cli_credentials *);
+	const char *(*password_cb) (struct cli_credentials *);
+	const char *(*username_cb) (struct cli_credentials *);
+	const char *(*domain_cb) (struct cli_credentials *);
+	const char *(*realm_cb) (struct cli_credentials *);
+	const char *(*principal_cb) (struct cli_credentials *);
+
+	/* Private handle for the callback routines to use */
+	void *priv_data;
+
+	struct netlogon_creds_CredentialState *netlogon_creds;
+	enum netr_SchannelType secure_channel_type;
+	int kvno;
+	time_t password_last_changed_time;
+
+	struct smb_krb5_context *smb_krb5_context;
+
+	/* We are flagged to get machine account details from the
+	 * secrets.ldb when we are asked for a username or password */
+	bool machine_account_pending;
+	struct loadparm_context *machine_account_pending_lp_ctx;
+
+	/* Is this a machine account? */
+	bool machine_account;
+
+	/* Should we be trying to use kerberos? */
+	enum credentials_use_kerberos use_kerberos;
+
+	/* Should we get a forwardable ticket? */
+	enum credentials_krb_forwardable krb_forwardable;
+
+	/* gensec features which should be used for connections */
+	uint32_t gensec_features;
+
+	/* Number of retries left before bailing out */
+	uint32_t password_tries;
+
+	/* Whether any callback is currently running */
+	bool callback_running;
+};
+
+#endif /* __CREDENTIALS_INTERNAL_H__ */
diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c
index cc51f56..31fc9d2 100644
--- a/auth/credentials/credentials_krb5.c
+++ b/auth/credentials/credentials_krb5.c
@@ -26,6 +26,7 @@
 #include "system/gssapi.h"
 #include "auth/kerberos/kerberos.h"
 #include "auth/credentials/credentials.h"
+#include "auth/credentials/credentials_internal.h"
 #include "auth/credentials/credentials_proto.h"
 #include "auth/credentials/credentials_krb5.h"
 #include "auth/kerberos/kerberos_credentials.h"
diff --git a/auth/credentials/credentials_ntlm.c b/auth/credentials/credentials_ntlm.c
index 8f143bf..8c6be39 100644
--- a/auth/credentials/credentials_ntlm.c
+++ b/auth/credentials/credentials_ntlm.c
@@ -26,6 +26,7 @@
 #include "../lib/crypto/crypto.h"
 #include "libcli/auth/libcli_auth.h"
 #include "auth/credentials/credentials.h"
+#include "auth/credentials/credentials_internal.h"
 
 _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred, TALLOC_CTX *mem_ctx, 
 					   int *flags,
diff --git a/auth/credentials/credentials_secrets.c b/auth/credentials/credentials_secrets.c
index 27ee607..6c1cded 100644
--- a/auth/credentials/credentials_secrets.c
+++ b/auth/credentials/credentials_secrets.c
@@ -28,6 +28,7 @@
 #include "param/secrets.h"
 #include "system/filesys.h"
 #include "auth/credentials/credentials.h"
+#include "auth/credentials/credentials_internal.h"
 #include "auth/credentials/credentials_proto.h"
 #include "auth/credentials/credentials_krb5.h"
 #include "auth/kerberos/kerberos_util.h"
@@ -237,6 +238,7 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr
 	bool secrets_tdb_password_more_recent;
 	time_t secrets_tdb_lct = 0;
 	char *secrets_tdb_password = NULL;
+	char *secrets_tdb_old_password = NULL;
 	char *keystr;
 	char *keystr_upper = NULL;
 	char *secrets_tdb;
@@ -284,6 +286,15 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr
 		if (NT_STATUS_IS_OK(status)) {
 			secrets_tdb_password = (char *)dbuf.dptr;
 		}
+		keystr = talloc_asprintf(tmp_ctx, "%s/%s",
+					 SECRETS_MACHINE_PASSWORD_PREV,
+					 domain);
+		keystr_upper = strupper_talloc(tmp_ctx, keystr);


-- 
Samba Shared Repository


More information about the samba-cvs mailing list