[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Sat Sep 16 10:29:03 UTC 2017
The branch, master has been updated
via adf46ff cli_credentials: Apply some const
via 602ec88 libcli: Apply some const
via aea214f notifyd: Clarify a comment
via 6222cd7 netlogon_creds_cli: Use data_blob_cmp in netlogon_creds_cli_validate
via 6344570 netlogon_creds_cli: Simplify netlogon_creds_cli_context_global
via 7f09c08 netlogon_creds_cli: Simplify netlogon_creds_cli_context_common
via f08a04c netlogon_creds_cli: Simplify netlogon_creds_cli_context_common
via 2591e32 rpc_client3: Fix a debug message
via 1de1fd8 netlogon_creds_cli: A netlogon_creds_cli_context needs a msg_ctx
via 47557ac netlogon_creds_cli: Remove an obsolete comment
via 3101ac9 netlogon_creds_cli: Avoid a static const struct
via b62bba8 cli_netlogon: Eliminate rpccli_setup_netlogon_creds_with_creds
via 7a3d1b5 cli_netlogon: Rename rpccli_create_netlogon_creds_with_creds
via db92fd6 cli_netlogon: Make rpccli_setup_netlogon_creds static
via 696a387 libnet: Use rpccli_setup_netlogon_creds_with_creds in join_unsecure
via fe3dfd9 cli_netlogon: Make rpccli_create_netlogon_creds static
via a6ad0da libnet: Use rpccli_create_netlogon_creds_with_creds in join_unsecure
via 9dd0b7f cli_netlogon: Pass server_dns_domain through rpccli_create_netlogon_creds
via 849e63f netlogon_creds_cli: Pass "server_dns_domain" through netlogon_creds_cli_context_global
via 2968bfd netlogon_creds_cli: Add "dns_domain" to netlogon_creds_cli_context
via 43c104a s3: Avoid netlogon_creds_cli.h in includes.h
via d1d298b lib: util_tdb.h needs tdb.h
from 2a003b1 lib: tevent: Remove select backend.
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit adf46ff0eaf9c88f513644e8bbf112d270636971
Author: Volker Lendecke <vl at samba.org>
Date: Thu Sep 7 12:34:34 2017 +0200
cli_credentials: Apply some const
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Sat Sep 16 12:28:17 CEST 2017 on sn-devel-144
commit 602ec8884bc276b63af38dcf04e107bcd659680f
Author: Volker Lendecke <vl at samba.org>
Date: Thu Sep 7 12:34:03 2017 +0200
libcli: Apply some const
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit aea214fce64f64eb71094248ac0b2c32bcc065f4
Author: Volker Lendecke <vl at samba.org>
Date: Wed Sep 6 18:20:25 2017 +0200
notifyd: Clarify a comment
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 6222cd71eee3afe88931b74e7f508ca0a969f718
Author: Volker Lendecke <vl at samba.org>
Date: Mon Aug 21 12:00:23 2017 +0200
netlogon_creds_cli: Use data_blob_cmp in netlogon_creds_cli_validate
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 6344570a307eb70979ebb43feb3faf0fb2cbf4c8
Author: Volker Lendecke <vl at samba.org>
Date: Mon Aug 21 11:54:29 2017 +0200
netlogon_creds_cli: Simplify netlogon_creds_cli_context_global
(require_sign_or_seal == false) looks odd :-)
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 7f09c0865ea35eb8d5f90264a27ee523e5df0e38
Author: Volker Lendecke <vl at samba.org>
Date: Mon Aug 21 11:34:45 2017 +0200
netlogon_creds_cli: Simplify netlogon_creds_cli_context_common
IMHO a full talloc_stackframe is overkill for the one allocation that is left
here.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit f08a04c18400371b1951a24c45fcae146bb7ea33
Author: Volker Lendecke <vl at samba.org>
Date: Mon Aug 21 11:34:45 2017 +0200
netlogon_creds_cli: Simplify netlogon_creds_cli_context_common
printf knows to only print part of a string. No need to talloc_strdup.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 2591e320c07606e4ddfdeacbe46a43d0f4de0f53
Author: Volker Lendecke <vl at samba.org>
Date: Tue Sep 5 14:08:41 2017 +0200
rpc_client3: Fix a debug message
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 1de1fd86533d05d92e7df411fac2091f4abbc0bc
Author: Volker Lendecke <vl at samba.org>
Date: Tue Sep 5 14:56:58 2017 +0200
netlogon_creds_cli: A netlogon_creds_cli_context needs a msg_ctx
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 47557ac9b11c215906b7a1cd7b3a7c6982aac282
Author: Volker Lendecke <vl at samba.org>
Date: Fri Aug 25 11:39:16 2017 +0200
netlogon_creds_cli: Remove an obsolete comment
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 3101ac93e20027f8c0b9bfe59af55637ec1d5739
Author: Volker Lendecke <vl at samba.org>
Date: Fri Aug 25 11:27:30 2017 +0200
netlogon_creds_cli: Avoid a static const struct
Same number of .text bytes, but simpler code.
Yes, this is {{0}} instead of {0}, which I always promote. I've just read a
comment on stackoverflow (which I've unfortunately just closed the tab for :-()
that {{0}} might actually be the correct way to init a struct to zero if the
first struct element is again a struct. I'm lost. 25 years of C coding and I
have no clue of the language :-(
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit b62bba83ba8544adfc3700e927247ec942735538
Author: Volker Lendecke <vl at samba.org>
Date: Wed Sep 6 17:31:38 2017 +0200
cli_netlogon: Eliminate rpccli_setup_netlogon_creds_with_creds
Inlining the code from rpccli_setup_netlogon_creds
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 7a3d1b5a6fcbbd6d12cb3568a7ac62e50c056a5b
Author: Volker Lendecke <vl at samba.org>
Date: Wed Sep 6 17:23:47 2017 +0200
cli_netlogon: Rename rpccli_create_netlogon_creds_with_creds
This creates a context with access to a credentials, not credentials
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit db92fd6a5038ec5ec4ffbf93ac3a44948413f7d8
Author: Volker Lendecke <vl at samba.org>
Date: Wed Sep 6 14:21:36 2017 +0200
cli_netlogon: Make rpccli_setup_netlogon_creds static
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 696a387d57a27a9fe4de42fee6910319e098ab41
Author: Volker Lendecke <vl at samba.org>
Date: Wed Sep 6 14:20:32 2017 +0200
libnet: Use rpccli_setup_netlogon_creds_with_creds in join_unsecure
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit fe3dfd9a0c39d8e0cf884804db4df672d315ba27
Author: Volker Lendecke <vl at samba.org>
Date: Wed Sep 6 14:14:28 2017 +0200
cli_netlogon: Make rpccli_create_netlogon_creds static
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit a6ad0da292912d3b970914cb965b0cd890aa56c7
Author: Volker Lendecke <vl at samba.org>
Date: Wed Sep 6 14:12:27 2017 +0200
libnet: Use rpccli_create_netlogon_creds_with_creds in join_unsecure
rpccli_create_netlogon_creds_with_creds just extracts the values we set here
from cli_credentials, and the lower-level interface is supposed to go away.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 9dd0b7fb2c1447a1d2ff5040fad993c09f63f3a4
Author: Volker Lendecke <vl at samba.org>
Date: Wed Sep 6 13:48:18 2017 +0200
cli_netlogon: Pass server_dns_domain through rpccli_create_netlogon_creds
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 849e63ff68ec44f81aced8eab64f7098bb2a958d
Author: Volker Lendecke <vl at samba.org>
Date: Wed Sep 6 13:32:34 2017 +0200
netlogon_creds_cli: Pass "server_dns_domain" through netlogon_creds_cli_context_global
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 2968bfdd1aa898cb60b125920fb299b2e790a7c7
Author: Volker Lendecke <vl at samba.org>
Date: Wed Sep 6 13:29:07 2017 +0200
netlogon_creds_cli: Add "dns_domain" to netlogon_creds_cli_context
Used later for creating schannel cli_credentials
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 43c104a8e22dfb665b83771e648214b235698d7e
Author: Volker Lendecke <vl at samba.org>
Date: Tue Sep 5 13:37:41 2017 +0200
s3: Avoid netlogon_creds_cli.h in includes.h
There's no point recompiling all of source3 if netlogon_creds_cli.h is changed
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit d1d298bb17f3660d12056ef62ca3975ab783cf74
Author: Volker Lendecke <vl at samba.org>
Date: Sun Aug 6 15:42:08 2017 +0200
lib: util_tdb.h needs tdb.h
It uses TDB_DATA
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
auth/credentials/credentials.c | 5 +-
auth/credentials/credentials.h | 5 +-
lib/util/util_tdb.h | 2 +
libcli/auth/credentials.c | 5 +-
libcli/auth/netlogon_creds_cli.c | 88 ++++++++++++++-----------------
libcli/auth/netlogon_creds_cli.h | 1 +
libcli/auth/proto.h | 5 +-
source3/include/includes.h | 1 -
source3/lib/netapi/netapi.c | 1 +
source3/libnet/libnet_join.c | 57 ++++++++++++---------
source3/rpc_client/cli_netlogon.c | 94 ++++++++++++++--------------------
source3/rpc_client/cli_netlogon.h | 35 +++++--------
source3/rpc_client/cli_pipe.c | 2 +-
source3/rpc_client/cli_pipe_schannel.c | 12 ++---
source3/rpcclient/rpcclient.c | 14 ++---
source3/smbd/notifyd/notifyd.c | 2 +-
source3/winbindd/winbindd_cm.c | 18 +++----
17 files changed, 163 insertions(+), 184 deletions(-)
Changeset truncated at 500 lines:
diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
index 1a4ec53..105c73c 100644
--- a/auth/credentials/credentials.c
+++ b/auth/credentials/credentials.c
@@ -959,8 +959,9 @@ _PUBLIC_ void cli_credentials_guess(struct cli_credentials *cred,
* Attach NETLOGON credentials for use with SCHANNEL
*/
-_PUBLIC_ void cli_credentials_set_netlogon_creds(struct cli_credentials *cred,
- struct netlogon_creds_CredentialState *netlogon_creds)
+_PUBLIC_ void cli_credentials_set_netlogon_creds(
+ struct cli_credentials *cred,
+ const struct netlogon_creds_CredentialState *netlogon_creds)
{
TALLOC_FREE(cred->netlogon_creds);
if (netlogon_creds == NULL) {
diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h
index e75694a..9fe6a82 100644
--- a/auth/credentials/credentials.h
+++ b/auth/credentials/credentials.h
@@ -158,8 +158,9 @@ void cli_credentials_set_secure_channel_type(struct cli_credentials *cred,
enum netr_SchannelType secure_channel_type);
void cli_credentials_set_password_last_changed_time(struct cli_credentials *cred,
time_t last_change_time);
-void cli_credentials_set_netlogon_creds(struct cli_credentials *cred,
- struct netlogon_creds_CredentialState *netlogon_creds);
+void cli_credentials_set_netlogon_creds(
+ struct cli_credentials *cred,
+ const struct netlogon_creds_CredentialState *netlogon_creds);
NTSTATUS cli_credentials_set_krb5_context(struct cli_credentials *cred,
struct smb_krb5_context *smb_krb5_context);
NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred,
diff --git a/lib/util/util_tdb.h b/lib/util/util_tdb.h
index 3b50789..63d80d1 100644
--- a/lib/util/util_tdb.h
+++ b/lib/util/util_tdb.h
@@ -22,6 +22,8 @@
#ifndef _____LIB_UTIL_UTIL_TDB_H__
#define _____LIB_UTIL_UTIL_TDB_H__
+#include <tdb.h>
+
/***************************************************************
Make a TDB_DATA and keep the const warning in one place
****************************************************************/
diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
index ddff5e9..acf88c9 100644
--- a/libcli/auth/credentials.c
+++ b/libcli/auth/credentials.c
@@ -811,8 +811,9 @@ union netr_LogonLevel *netlogon_creds_shallow_copy_logon(TALLOC_CTX *mem_ctx,
copy a netlogon_creds_CredentialState struct
*/
-struct netlogon_creds_CredentialState *netlogon_creds_copy(TALLOC_CTX *mem_ctx,
- struct netlogon_creds_CredentialState *creds_in)
+struct netlogon_creds_CredentialState *netlogon_creds_copy(
+ TALLOC_CTX *mem_ctx,
+ const struct netlogon_creds_CredentialState *creds_in)
{
struct netlogon_creds_CredentialState *creds = talloc_zero(mem_ctx, struct netlogon_creds_CredentialState);
diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c
index 526ee39..dc05316 100644
--- a/libcli/auth/netlogon_creds_cli.c
+++ b/libcli/auth/netlogon_creds_cli.c
@@ -54,6 +54,7 @@ struct netlogon_creds_cli_context {
struct {
const char *computer;
const char *netbios_domain;
+ const char *dns_domain;
uint32_t cached_flags;
bool try_validation6;
bool try_logon_ex;
@@ -105,34 +106,31 @@ static NTSTATUS netlogon_creds_cli_context_common(
uint32_t required_flags,
const char *server_computer,
const char *server_netbios_domain,
+ const char *server_dns_domain,
TALLOC_CTX *mem_ctx,
struct netlogon_creds_cli_context **_context)
{
struct netlogon_creds_cli_context *context = NULL;
- TALLOC_CTX *frame = talloc_stackframe();
char *_key_name = NULL;
- char *server_netbios_name = NULL;
+ size_t server_netbios_name_len;
char *p = NULL;
*_context = NULL;
context = talloc_zero(mem_ctx, struct netlogon_creds_cli_context);
if (context == NULL) {
- TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
context->client.computer = talloc_strdup(context, client_computer);
if (context->client.computer == NULL) {
TALLOC_FREE(context);
- TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
context->client.account = talloc_strdup(context, client_account);
if (context->client.account == NULL) {
TALLOC_FREE(context);
- TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
@@ -144,14 +142,18 @@ static NTSTATUS netlogon_creds_cli_context_common(
context->server.computer = talloc_strdup(context, server_computer);
if (context->server.computer == NULL) {
TALLOC_FREE(context);
- TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
context->server.netbios_domain = talloc_strdup(context, server_netbios_domain);
if (context->server.netbios_domain == NULL) {
TALLOC_FREE(context);
- TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ context->server.dns_domain = talloc_strdup(context, server_dns_domain);
+ if (context->server.dns_domain == NULL) {
+ TALLOC_FREE(context);
return NT_STATUS_NO_MEMORY;
}
@@ -163,40 +165,35 @@ static NTSTATUS netlogon_creds_cli_context_common(
* For now we have to deal with
* "HOSTNAME" vs. "hostname.example.com".
*/
- server_netbios_name = talloc_strdup(frame, server_computer);
- if (server_netbios_name == NULL) {
- TALLOC_FREE(context);
- TALLOC_FREE(frame);
- return NT_STATUS_NO_MEMORY;
- }
- p = strchr(server_netbios_name, '.');
+ p = strchr(server_computer, '.');
if (p != NULL) {
- p[0] = '\0';
+ server_netbios_name_len = p-server_computer;
+ } else {
+ server_netbios_name_len = strlen(server_computer);
}
- _key_name = talloc_asprintf(frame, "CLI[%s/%s]/SRV[%s/%s]",
+ _key_name = talloc_asprintf(context, "CLI[%s/%s]/SRV[%.*s/%s]",
client_computer,
client_account,
- server_netbios_name,
+ (int)server_netbios_name_len,
+ server_computer,
server_netbios_domain);
if (_key_name == NULL) {
TALLOC_FREE(context);
- TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
context->db.key_name = talloc_strdup_upper(context, _key_name);
+ TALLOC_FREE(_key_name);
if (context->db.key_name == NULL) {
TALLOC_FREE(context);
- TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
context->db.key_data = string_term_tdb_data(context->db.key_name);
*_context = context;
- TALLOC_FREE(frame);
return NT_STATUS_OK;
}
@@ -255,6 +252,7 @@ NTSTATUS netlogon_creds_cli_context_global(struct loadparm_context *lp_ctx,
enum netr_SchannelType type,
const char *server_computer,
const char *server_netbios_domain,
+ const char *server_dns_domain,
TALLOC_CTX *mem_ctx,
struct netlogon_creds_cli_context **_context)
{
@@ -273,6 +271,10 @@ NTSTATUS netlogon_creds_cli_context_global(struct loadparm_context *lp_ctx,
*_context = NULL;
+ if (msg_ctx == NULL) {
+ return NT_STATUS_INVALID_PARAMETER_MIX;
+ }
+
client_computer = lpcfg_netbios_name(lp_ctx);
if (strlen(client_computer) > 15) {
return NT_STATUS_INVALID_PARAMETER_MIX;
@@ -379,11 +381,11 @@ NTSTATUS netlogon_creds_cli_context_global(struct loadparm_context *lp_ctx,
proposed_flags |= NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION;
}
- if (require_sign_or_seal == false) {
- proposed_flags &= ~NETLOGON_NEG_AUTHENTICATED_RPC;
- } else {
+ if (require_sign_or_seal) {
required_flags |= NETLOGON_NEG_ARCFOUR;
required_flags |= NETLOGON_NEG_AUTHENTICATED_RPC;
+ } else {
+ proposed_flags &= ~NETLOGON_NEG_AUTHENTICATED_RPC;
}
if (reject_md5_servers) {
@@ -415,6 +417,7 @@ NTSTATUS netlogon_creds_cli_context_global(struct loadparm_context *lp_ctx,
required_flags,
server_computer,
server_netbios_domain,
+ "",
mem_ctx,
&context);
if (!NT_STATUS_IS_OK(status)) {
@@ -422,13 +425,11 @@ NTSTATUS netlogon_creds_cli_context_global(struct loadparm_context *lp_ctx,
return status;
}
- if (msg_ctx != NULL) {
- context->db.g_ctx = g_lock_ctx_init(context, msg_ctx);
- if (context->db.g_ctx == NULL) {
- TALLOC_FREE(context);
- TALLOC_FREE(frame);
- return NT_STATUS_NO_MEMORY;
- }
+ context->db.g_ctx = g_lock_ctx_init(context, msg_ctx);
+ if (context->db.g_ctx == NULL) {
+ TALLOC_FREE(context);
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
}
if (netlogon_creds_cli_global_db != NULL) {
@@ -475,6 +476,7 @@ NTSTATUS netlogon_creds_cli_context_tmp(const char *client_computer,
required_flags,
server_computer,
server_netbios_domain,
+ "",
mem_ctx,
&context);
if (!NT_STATUS_IS_OK(status)) {
@@ -560,7 +562,6 @@ NTSTATUS netlogon_creds_cli_get(struct netlogon_creds_cli_context *context,
.status = NT_STATUS_INTERNAL_ERROR,
.required_flags = context->client.required_flags,
};
- static const struct netr_Credential zero_creds;
*_creds = NULL;
@@ -580,9 +581,9 @@ NTSTATUS netlogon_creds_cli_get(struct netlogon_creds_cli_context *context,
* mark it as invalid for step operations.
*/
fstate.creds->sequence = 0;
- fstate.creds->seed = zero_creds;
- fstate.creds->client = zero_creds;
- fstate.creds->server = zero_creds;
+ fstate.creds->seed = (struct netr_Credential) {{0}};
+ fstate.creds->client = (struct netr_Credential) {{0}};
+ fstate.creds->server = (struct netr_Credential) {{0}};
if (context->server.cached_flags == fstate.creds->negotiate_flags) {
*_creds = fstate.creds;
@@ -602,10 +603,7 @@ NTSTATUS netlogon_creds_cli_get(struct netlogon_creds_cli_context *context,
*
* The credentials chain is not per NETLOGON pipe
* connection, but globally on the server/client pair
- * by computer name, while the client is free to use
- * any computer name. We include the cluster node number
- * in our computer name in order to avoid cross node
- * coordination of the credential chain.
+ * by computer name.
*
* It's also important to use NetlogonValidationSamInfo4 (6),
* because it relies on the rpc transport encryption
@@ -671,19 +669,11 @@ bool netlogon_creds_cli_validate(struct netlogon_creds_cli_context *context,
return false;
}
- if (blob1.length != blob2.length) {
- TALLOC_FREE(frame);
- return false;
- }
-
- cmp = memcmp(blob1.data, blob2.data, blob1.length);
- if (cmp != 0) {
- TALLOC_FREE(frame);
- return false;
- }
+ cmp = data_blob_cmp(&blob1, &blob2);
TALLOC_FREE(frame);
- return true;
+
+ return (cmp == 0);
}
NTSTATUS netlogon_creds_cli_store(struct netlogon_creds_cli_context *context,
diff --git a/libcli/auth/netlogon_creds_cli.h b/libcli/auth/netlogon_creds_cli.h
index 32902f1..fbc59f6 100644
--- a/libcli/auth/netlogon_creds_cli.h
+++ b/libcli/auth/netlogon_creds_cli.h
@@ -40,6 +40,7 @@ NTSTATUS netlogon_creds_cli_context_global(struct loadparm_context *lp_ctx,
enum netr_SchannelType type,
const char *server_computer,
const char *server_netbios_domain,
+ const char *server_dns_domain,
TALLOC_CTX *mem_ctx,
struct netlogon_creds_cli_context **_context);
NTSTATUS netlogon_creds_cli_context_tmp(const char *client_computer,
diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h
index a03f45e..82febe7 100644
--- a/libcli/auth/proto.h
+++ b/libcli/auth/proto.h
@@ -38,8 +38,9 @@ void netlogon_creds_client_authenticator(struct netlogon_creds_CredentialState *
struct netr_Authenticator *next);
bool netlogon_creds_client_check(struct netlogon_creds_CredentialState *creds,
const struct netr_Credential *received_credentials);
-struct netlogon_creds_CredentialState *netlogon_creds_copy(TALLOC_CTX *mem_ctx,
- struct netlogon_creds_CredentialState *creds_in);
+struct netlogon_creds_CredentialState *netlogon_creds_copy(
+ TALLOC_CTX *mem_ctx,
+ const struct netlogon_creds_CredentialState *creds_in);
/*****************************************************************
The above functions are common to the client and server interface
diff --git a/source3/include/includes.h b/source3/include/includes.h
index 58bfaa7..e82bfad 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -317,7 +317,6 @@ typedef char fstring[FSTRING_LEN];
#include "../libcli/util/ntstatus.h"
#include "../libcli/util/error.h"
-#include "../libcli/auth/netlogon_creds_cli.h"
#include "../lib/util/charset/charset.h"
#include "dynconfig/dynconfig.h"
#include "locking.h"
diff --git a/source3/lib/netapi/netapi.c b/source3/lib/netapi/netapi.c
index 093348b..f8f79c6 100644
--- a/source3/lib/netapi/netapi.c
+++ b/source3/lib/netapi/netapi.c
@@ -18,6 +18,7 @@
*/
#include "includes.h"
+#include "../libcli/auth/netlogon_creds_cli.h"
#include "lib/netapi/netapi.h"
#include "lib/netapi/netapi_private.h"
#include "secrets.h"
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 591c177..5880913 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -1122,8 +1122,8 @@ static NTSTATUS libnet_join_joindomain_rpc_unsecure(TALLOC_CTX *mem_ctx,
{
TALLOC_CTX *frame = talloc_stackframe();
struct rpc_pipe_client *netlogon_pipe = NULL;
+ struct cli_credentials *cli_creds;
struct netlogon_creds_cli_context *netlogon_creds = NULL;
- struct samr_Password current_nt_hash;
size_t len = 0;
bool ok;
DATA_BLOB new_trust_blob = data_blob_null;
@@ -1148,26 +1148,35 @@ static NTSTATUS libnet_join_joindomain_rpc_unsecure(TALLOC_CTX *mem_ctx,
}
}
+ cli_creds = cli_credentials_init(talloc_tos());
+ if (cli_creds == NULL) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ cli_credentials_set_username(cli_creds, r->out.account_name,
+ CRED_SPECIFIED);
+ cli_credentials_set_domain(cli_creds, r->in.domain_name,
+ CRED_SPECIFIED);
+ cli_credentials_set_realm(cli_creds, "", CRED_SPECIFIED);
+ cli_credentials_set_secure_channel_type(cli_creds,
+ r->in.secure_channel_type);
+
/* according to WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED */
- E_md4hash(r->in.admin_password, current_nt_hash.hash);
-
- status = rpccli_create_netlogon_creds(netlogon_pipe->desthost,
- r->in.domain_name,
- r->out.account_name,
- r->in.secure_channel_type,
- r->in.msg_ctx,
- frame,
- &netlogon_creds);
+ cli_credentials_set_password(cli_creds, r->in.admin_password,
+ CRED_SPECIFIED);
+
+ status = rpccli_create_netlogon_creds_ctx(
+ cli_creds, netlogon_pipe->desthost, r->in.msg_ctx,
+ frame, &netlogon_creds);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(frame);
return status;
}
- status = rpccli_setup_netlogon_creds(cli, NCACN_NP,
- netlogon_creds,
- true, /* force_reauth */
- current_nt_hash,
- NULL); /* previous_nt_hash */
+ status = rpccli_setup_netlogon_creds(
+ cli, NCACN_NP, netlogon_creds, true /* force_reauth */,
+ cli_creds);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(frame);
return status;
@@ -1608,21 +1617,21 @@ NTSTATUS libnet_join_ok(struct messaging_context *msg_ctx,
return status;
}
- status = rpccli_create_netlogon_creds_with_creds(cli_creds,
- dc_name,
- msg_ctx,
- frame,
- &netlogon_creds);
+ status = rpccli_create_netlogon_creds_ctx(cli_creds,
+ dc_name,
+ msg_ctx,
+ frame,
+ &netlogon_creds);
if (!NT_STATUS_IS_OK(status)) {
cli_shutdown(cli);
TALLOC_FREE(frame);
return status;
}
- status = rpccli_setup_netlogon_creds_with_creds(cli, NCACN_NP,
- netlogon_creds,
- true, /* force_reauth */
- cli_creds);
+ status = rpccli_setup_netlogon_creds(cli, NCACN_NP,
+ netlogon_creds,
+ true, /* force_reauth */
+ cli_creds);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("connect_to_domain_password_server: "
"unable to open the domain client session to "
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index 719b985..2c3e205 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -86,13 +86,15 @@ NTSTATUS rpccli_pre_open_netlogon_creds(void)
return NT_STATUS_OK;
}
-NTSTATUS rpccli_create_netlogon_creds(const char *server_computer,
- const char *server_netbios_domain,
- const char *client_account,
- enum netr_SchannelType sec_chan_type,
- struct messaging_context *msg_ctx,
- TALLOC_CTX *mem_ctx,
- struct netlogon_creds_cli_context **netlogon_creds)
+static NTSTATUS rpccli_create_netlogon_creds(
+ const char *server_computer,
+ const char *server_netbios_domain,
+ const char *server_dns_domain,
+ const char *client_account,
+ enum netr_SchannelType sec_chan_type,
+ struct messaging_context *msg_ctx,
+ TALLOC_CTX *mem_ctx,
+ struct netlogon_creds_cli_context **netlogon_creds)
{
TALLOC_CTX *frame = talloc_stackframe();
struct loadparm_context *lp_ctx;
@@ -115,6 +117,7 @@ NTSTATUS rpccli_create_netlogon_creds(const char *server_computer,
sec_chan_type,
server_computer,
server_netbios_domain,
+ server_dns_domain,
mem_ctx, netlogon_creds);
TALLOC_FREE(frame);
if (!NT_STATUS_IS_OK(status)) {
@@ -124,14 +127,16 @@ NTSTATUS rpccli_create_netlogon_creds(const char *server_computer,
return NT_STATUS_OK;
}
-NTSTATUS rpccli_create_netlogon_creds_with_creds(struct cli_credentials *creds,
- const char *server_computer,
- struct messaging_context *msg_ctx,
- TALLOC_CTX *mem_ctx,
- struct netlogon_creds_cli_context **netlogon_creds)
+NTSTATUS rpccli_create_netlogon_creds_ctx(
+ struct cli_credentials *creds,
+ const char *server_computer,
+ struct messaging_context *msg_ctx,
--
Samba Shared Repository
More information about the samba-cvs
mailing list