[PATCH] Some refactoring for netlogon_creds_cli
Volker Lendecke
Volker.Lendecke at SerNet.DE
Fri Sep 15 23:20:45 UTC 2017
Hi!
Attached together with some little cleanup.
Review appreciated!
Thanks, Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------
From d520647d41008048b216fefe30a256f50b99629c Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sun, 6 Aug 2017 15:42:08 +0200
Subject: [PATCH 01/21] lib: util_tdb.h needs tdb.h
It uses TDB_DATA
Signed-off-by: Volker Lendecke <vl at samba.org>
---
lib/util/util_tdb.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lib/util/util_tdb.h b/lib/util/util_tdb.h
index 3b50789b015..63d80d1fb58 100644
--- a/lib/util/util_tdb.h
+++ b/lib/util/util_tdb.h
@@ -22,6 +22,8 @@
#ifndef _____LIB_UTIL_UTIL_TDB_H__
#define _____LIB_UTIL_UTIL_TDB_H__
+#include <tdb.h>
+
/***************************************************************
Make a TDB_DATA and keep the const warning in one place
****************************************************************/
--
2.11.0
From 33b03b49a39252a77db046e33a7d44875f0dc631 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sun, 6 Aug 2017 15:49:01 +0200
Subject: [PATCH 02/21] winbind: Remove the use of "talloc_dict"
As members we only collect names, indexed by sids. This is served
well by just a simple dbwrap_rbt.
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/winbindd/wb_getgrsid.c | 13 +++-----
source3/winbindd/wb_group_members.c | 60 ++++++++++++------------------------
source3/winbindd/wb_next_grent.c | 4 +--
source3/winbindd/winbindd.h | 2 --
source3/winbindd/winbindd_getgrent.c | 4 +--
source3/winbindd/winbindd_getgrgid.c | 2 +-
source3/winbindd/winbindd_getgrnam.c | 2 +-
source3/winbindd/winbindd_group.c | 48 ++++++++++++++++-------------
source3/winbindd/winbindd_proto.h | 17 +++++-----
9 files changed, 65 insertions(+), 87 deletions(-)
diff --git a/source3/winbindd/wb_getgrsid.c b/source3/winbindd/wb_getgrsid.c
index acfedf62c9d..b8b28ed2da8 100644
--- a/source3/winbindd/wb_getgrsid.c
+++ b/source3/winbindd/wb_getgrsid.c
@@ -21,6 +21,7 @@
#include "winbindd.h"
#include "librpc/gen_ndr/ndr_winbind_c.h"
#include "../libcli/security/security.h"
+#include "lib/dbwrap/dbwrap_rbt.h"
struct wb_getgrsid_state {
struct tevent_context *ev;
@@ -30,7 +31,7 @@ struct wb_getgrsid_state {
const char *name;
enum lsa_SidType type;
gid_t gid;
- struct talloc_dict *members;
+ struct db_context *members;
};
static void wb_getgrsid_lookupsid_done(struct tevent_req *subreq);
@@ -150,7 +151,7 @@ static void wb_getgrsid_sid2gid_done(struct tevent_req *subreq)
return;
}
- state->members = talloc_dict_init(state);
+ state->members = db_open_rbt(state);
if (tevent_req_nomem(state->members, req)) {
return;
}
@@ -163,11 +164,7 @@ static void wb_getgrsid_sid2gid_done(struct tevent_req *subreq)
return;
}
- status = add_wbint_Principal_to_dict(talloc_tos(),
- &state->sid,
- &name,
- state->type,
- state->members);
+ status = add_member_to_db(state->members, &state->sid, name);
if (!NT_STATUS_IS_OK(status)) {
tevent_req_nterror(req, status);
return;
@@ -207,7 +204,7 @@ static void wb_getgrsid_got_members(struct tevent_req *subreq)
NTSTATUS wb_getgrsid_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
const char **domname, const char **name, gid_t *gid,
- struct talloc_dict **members)
+ struct db_context **members)
{
struct wb_getgrsid_state *state = tevent_req_data(
req, struct wb_getgrsid_state);
diff --git a/source3/winbindd/wb_group_members.c b/source3/winbindd/wb_group_members.c
index 5a20d87514c..7978b188143 100644
--- a/source3/winbindd/wb_group_members.c
+++ b/source3/winbindd/wb_group_members.c
@@ -22,6 +22,9 @@
#include "librpc/gen_ndr/ndr_winbind_c.h"
#include "../librpc/gen_ndr/ndr_security.h"
#include "../libcli/security/security.h"
+#include "lib/util/util_tdb.h"
+#include "lib/dbwrap/dbwrap.h"
+#include "lib/dbwrap/dbwrap_rbt.h"
/*
* We have 3 sets of routines here:
@@ -268,14 +271,14 @@ static NTSTATUS wb_groups_members_recv(struct tevent_req *req,
/*
* This is the routine expanding a list of groups up to a certain level. We
- * collect the users in a talloc_dict: We have to add them without duplicates,
- * and talloc_dict is an indexed (here indexed by SID) data structure.
+ * collect the users in a rbt database: We have to add them without duplicates,
+ * and the db is indexed by SID.
*/
struct wb_group_members_state {
struct tevent_context *ev;
int depth;
- struct talloc_dict *users;
+ struct db_context *users;
struct wbint_Principal *groups;
};
@@ -301,7 +304,7 @@ struct tevent_req *wb_group_members_send(TALLOC_CTX *mem_ctx,
}
state->ev = ev;
state->depth = max_depth;
- state->users = talloc_dict_init(state);
+ state->users = db_open_rbt(state);
if (tevent_req_nomem(state->users, req)) {
return tevent_req_post(req, ev);
}
@@ -349,40 +352,18 @@ static NTSTATUS wb_group_members_next_subreq(
return NT_STATUS_OK;
}
-
-/**
- * compose a wbint_Principal and add it to talloc_dict
- *
- * NOTE: this has a side effect: *name needs to be talloc'd
- * and it is talloc_move'd to mem_ctx.
- */
-NTSTATUS add_wbint_Principal_to_dict(TALLOC_CTX *mem_ctx,
- struct dom_sid *sid,
- const char **name,
- enum lsa_SidType type,
- struct talloc_dict *dict)
+NTSTATUS add_member_to_db(struct db_context *db, struct dom_sid *sid,
+ const char *name)
{
- struct wbint_Principal *m;
- DATA_BLOB key;
- bool ok;
-
- m = talloc(mem_ctx, struct wbint_Principal);
- if (m == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
- sid_copy(&m->sid, sid);
- m->name = talloc_move(m, name);
- m->type = type;
-
- key = data_blob_const(&m->sid, sizeof(m->sid));
+ size_t len = ndr_size_dom_sid(sid, 0);
+ uint8_t sidbuf[len];
+ TDB_DATA key = { .dptr = sidbuf, .dsize = sizeof(sidbuf) };
+ NTSTATUS status;
- ok = talloc_dict_set(dict, key, &m);
- if (!ok) {
- return NT_STATUS_NO_MEMORY;
- }
+ sid_linearize(sidbuf, sizeof(sidbuf), sid);
- return NT_STATUS_OK;
+ status = dbwrap_store(db, key, string_term_tdb_data(name), 0);
+ return status;
}
static void wb_group_members_done(struct tevent_req *subreq)
@@ -433,11 +414,8 @@ static void wb_group_members_done(struct tevent_req *subreq)
/*
* Add a copy of members[i] to state->users
*/
- status = add_wbint_Principal_to_dict(talloc_tos(),
- &members[i].sid,
- &members[i].name,
- members[i].type,
- state->users);
+ status = add_member_to_db(state->users, &members[i].sid,
+ members[i].name);
if (tevent_req_nterror(req, status)) {
return;
}
@@ -476,7 +454,7 @@ static void wb_group_members_done(struct tevent_req *subreq)
}
NTSTATUS wb_group_members_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
- struct talloc_dict **members)
+ struct db_context **members)
{
struct wb_group_members_state *state = tevent_req_data(
req, struct wb_group_members_state);
diff --git a/source3/winbindd/wb_next_grent.c b/source3/winbindd/wb_next_grent.c
index fd925b609e5..d249287cc40 100644
--- a/source3/winbindd/wb_next_grent.c
+++ b/source3/winbindd/wb_next_grent.c
@@ -27,7 +27,7 @@ struct wb_next_grent_state {
int max_nesting;
struct getgrent_state *gstate;
struct winbindd_gr *gr;
- struct talloc_dict *members;
+ struct db_context *members;
};
static void wb_next_grent_fetch_done(struct tevent_req *subreq);
@@ -150,7 +150,7 @@ static void wb_next_grent_getgrsid_done(struct tevent_req *subreq)
}
NTSTATUS wb_next_grent_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
- struct talloc_dict **members)
+ struct db_context **members)
{
struct wb_next_grent_state *state = tevent_req_data(
req, struct wb_next_grent_state);
diff --git a/source3/winbindd/winbindd.h b/source3/winbindd/winbindd.h
index 6951112629d..396f7f7946e 100644
--- a/source3/winbindd/winbindd.h
+++ b/source3/winbindd/winbindd.h
@@ -28,8 +28,6 @@
#include "librpc/gen_ndr/dcerpc.h"
#include "librpc/gen_ndr/winbind.h"
-#include "talloc_dict.h"
-
#include "../lib/util/tevent_ntstatus.h"
#ifdef HAVE_LIBNSCD
diff --git a/source3/winbindd/winbindd_getgrent.c b/source3/winbindd/winbindd_getgrent.c
index 21da75b4c52..2c8cbac083a 100644
--- a/source3/winbindd/winbindd_getgrent.c
+++ b/source3/winbindd/winbindd_getgrent.c
@@ -26,7 +26,7 @@ struct winbindd_getgrent_state {
int max_groups;
int num_groups;
struct winbindd_gr *groups;
- struct talloc_dict **members;
+ struct db_context **members;
};
static void winbindd_getgrent_done(struct tevent_req *subreq);
@@ -72,7 +72,7 @@ struct tevent_req *winbindd_getgrent_send(TALLOC_CTX *mem_ctx,
return tevent_req_post(req, ev);
}
- state->members = talloc_array(state, struct talloc_dict *,
+ state->members = talloc_array(state, struct db_context *,
state->max_groups);
if (tevent_req_nomem(state->members, req)) {
TALLOC_FREE(state->groups);
diff --git a/source3/winbindd/winbindd_getgrgid.c b/source3/winbindd/winbindd_getgrgid.c
index 8e8bdeea86a..640ebfa4969 100644
--- a/source3/winbindd/winbindd_getgrgid.c
+++ b/source3/winbindd/winbindd_getgrgid.c
@@ -28,7 +28,7 @@ struct winbindd_getgrgid_state {
const char *domname;
const char *name;
gid_t gid;
- struct talloc_dict *members;
+ struct db_context *members;
};
static void winbindd_getgrgid_gid2sid_done(struct tevent_req *subreq);
diff --git a/source3/winbindd/winbindd_getgrnam.c b/source3/winbindd/winbindd_getgrnam.c
index 12b16513caa..02d9abc28a2 100644
--- a/source3/winbindd/winbindd_getgrnam.c
+++ b/source3/winbindd/winbindd_getgrnam.c
@@ -27,7 +27,7 @@ struct winbindd_getgrnam_state {
const char *domname;
const char *name;
gid_t gid;
- struct talloc_dict *members;
+ struct db_context *members;
};
static void winbindd_getgrnam_lookupname_done(struct tevent_req *subreq);
diff --git a/source3/winbindd/winbindd_group.c b/source3/winbindd/winbindd_group.c
index ae461bf3748..b5c9d3cf94e 100644
--- a/source3/winbindd/winbindd_group.c
+++ b/source3/winbindd/winbindd_group.c
@@ -24,6 +24,7 @@
#include "includes.h"
#include "winbindd.h"
+#include "lib/dbwrap/dbwrap.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
@@ -79,14 +80,19 @@ struct getgr_countmem {
size_t len;
};
-static int getgr_calc_memberlen(DATA_BLOB key, void *data, void *priv)
+static int getgr_calc_memberlen(struct db_record *rec, void *private_data)
{
- struct wbint_Principal *m = talloc_get_type_abort(
- data, struct wbint_Principal);
- struct getgr_countmem *buf = (struct getgr_countmem *)priv;
+ struct getgr_countmem *buf = private_data;
+ TDB_DATA data = dbwrap_record_get_value(rec);
+ size_t len;
buf->num += 1;
- buf->len += strlen(m->name) + 1;
+
+ len = buf->len + data.dsize;
+ if (len < buf->len) {
+ return 0;
+ }
+ buf->len = len;
return 0;
}
@@ -95,37 +101,37 @@ struct getgr_stringmem {
char *buf;
};
-static int getgr_unparse_members(DATA_BLOB key, void *data, void *priv)
+static int getgr_unparse_members(struct db_record *rec, void *private_data)
{
- struct wbint_Principal *m = talloc_get_type_abort(
- data, struct wbint_Principal);
- struct getgr_stringmem *buf = (struct getgr_stringmem *)priv;
+ struct getgr_stringmem *buf = private_data;
+ TDB_DATA data = dbwrap_record_get_value(rec);
int len;
- len = strlen(m->name);
+ len = data.dsize-1;
- memcpy(buf->buf + buf->ofs, m->name, len);
+ memcpy(buf->buf + buf->ofs, data.dptr, len);
buf->ofs += len;
buf->buf[buf->ofs] = ',';
buf->ofs += 1;
return 0;
}
-NTSTATUS winbindd_print_groupmembers(struct talloc_dict *members,
+NTSTATUS winbindd_print_groupmembers(struct db_context *members,
TALLOC_CTX *mem_ctx,
int *num_members, char **result)
{
struct getgr_countmem c;
struct getgr_stringmem m;
- int res;
+ int count;
+ NTSTATUS status;
c.num = 0;
c.len = 0;
- res = talloc_dict_traverse(members, getgr_calc_memberlen, &c);
- if (res == -1) {
- DEBUG(5, ("talloc_dict_traverse failed\n"));
- return NT_STATUS_INTERNAL_ERROR;
+ status = dbwrap_traverse(members, getgr_calc_memberlen, &c, &count);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_NOTICE("dbwrap_traverse failed: %s\n", nt_errstr(status));
+ return status;
}
m.ofs = 0;
@@ -135,11 +141,11 @@ NTSTATUS winbindd_print_groupmembers(struct talloc_dict *members,
return NT_STATUS_NO_MEMORY;
}
- res = talloc_dict_traverse(members, getgr_unparse_members, &m);
- if (res == -1) {
- DEBUG(5, ("talloc_dict_traverse failed\n"));
+ status = dbwrap_traverse(members, getgr_unparse_members, &m, &count);
+ if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(m.buf);
- return NT_STATUS_INTERNAL_ERROR;
+ DBG_NOTICE("dbwrap_traverse failed: %s\n", nt_errstr(status));
+ return status;
}
m.buf[c.len-1] = '\0';
diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h
index 7560fc53bae..46e6530105a 100644
--- a/source3/winbindd/winbindd_proto.h
+++ b/source3/winbindd/winbindd_proto.h
@@ -339,7 +339,9 @@ struct winbindd_domain *wb_child_domain(void);
/* The following definitions come from winbindd/winbindd_group.c */
bool fill_grent(TALLOC_CTX *mem_ctx, struct winbindd_gr *gr,
const char *dom_name, const char *gr_name, gid_t unix_gid);
-NTSTATUS winbindd_print_groupmembers(struct talloc_dict *members,
+
+struct db_context;
+NTSTATUS winbindd_print_groupmembers(struct db_context *members,
TALLOC_CTX *mem_ctx,
int *num_members, char **result);
@@ -661,12 +663,9 @@ struct tevent_req *wb_group_members_send(TALLOC_CTX *mem_ctx,
enum lsa_SidType type,
int max_depth);
NTSTATUS wb_group_members_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
- struct talloc_dict **members);
-NTSTATUS add_wbint_Principal_to_dict(TALLOC_CTX *mem_ctx,
- struct dom_sid *sid,
- const char **name,
- enum lsa_SidType type,
- struct talloc_dict *dict);
+ struct db_context **members);
+NTSTATUS add_member_to_db(struct db_context *db, struct dom_sid *sid,
+ const char *name);
struct tevent_req *wb_getgrsid_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
@@ -674,7 +673,7 @@ struct tevent_req *wb_getgrsid_send(TALLOC_CTX *mem_ctx,
int max_nesting);
NTSTATUS wb_getgrsid_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
const char **domname, const char **name, gid_t *gid,
- struct talloc_dict **members);
+ struct db_context **members);
struct tevent_req *winbindd_getgrgid_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
@@ -778,7 +777,7 @@ struct tevent_req *wb_next_grent_send(TALLOC_CTX *mem_ctx,
struct getgrent_state *gstate,
struct winbindd_gr *gr);
NTSTATUS wb_next_grent_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
- struct talloc_dict **members);
+ struct db_context **members);
struct tevent_req *winbindd_setgrent_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
--
2.11.0
From dfa5d16cb3fe1ea73e262d5ee555834dd7ad57b7 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sun, 6 Aug 2017 15:51:49 +0200
Subject: [PATCH 03/21] lib: Remove talloc_dict
Looked like a good idea at its time, but its only user did not need
it anyway
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/include/talloc_dict.h | 60 --------------
source3/lib/talloc_dict.c | 177 ------------------------------------------
source3/selftest/tests.py | 1 -
source3/torture/torture.c | 57 --------------
source3/wscript_build | 1 -
5 files changed, 296 deletions(-)
delete mode 100644 source3/include/talloc_dict.h
delete mode 100644 source3/lib/talloc_dict.c
diff --git a/source3/include/talloc_dict.h b/source3/include/talloc_dict.h
deleted file mode 100644
index 8305f8d15e2..00000000000
--- a/source3/include/talloc_dict.h
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- Little dictionary style data structure based on dbwrap_rbt
- Copyright (C) Volker Lendecke 2009
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#ifndef __TALLOC_DICT_H__
-#define __TALLOC_DICT_H__
-
-#include "includes.h"
-
-struct talloc_dict;
-
-/*
- * Create a talloc_dict structure.
- */
-
-struct talloc_dict *talloc_dict_init(TALLOC_CTX *mem_ctx);
-
-/*
- * Add a talloced object to the dict. Nulls out the pointer to indicate that
- * the talloc ownership has been taken. If an object for "key" already exists,
- * the existing object is talloc_free()ed and overwritten by the new
- * object. If "data" is NULL, object for key "key" is deleted. Return false
- * for "no memory".
- */
-
-bool talloc_dict_set(struct talloc_dict *dict, DATA_BLOB key, void *data);
-
-/*
- * Fetch a talloced object. If "mem_ctx!=NULL", talloc_move the object there
- * and delete it from the dict.
- */
-
-void *talloc_dict_fetch(struct talloc_dict *dict, DATA_BLOB key,
- TALLOC_CTX *mem_ctx);
-
-/*
- * Traverse a talloc_dict. If "fn" returns non-null, quit the traverse
- */
-
-int talloc_dict_traverse(struct talloc_dict *dict,
- int (*fn)(DATA_BLOB key, void *data,
- void *private_data),
- void *private_data);
-
-#endif
diff --git a/source3/lib/talloc_dict.c b/source3/lib/talloc_dict.c
deleted file mode 100644
index 75946790147..00000000000
--- a/source3/lib/talloc_dict.c
+++ /dev/null
@@ -1,177 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- Little dictionary style data structure based on dbwrap_rbt
- Copyright (C) Volker Lendecke 2009
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "includes.h"
-#include "dbwrap/dbwrap.h"
-#include "dbwrap/dbwrap_rbt.h"
-#include "talloc_dict.h"
-#include "util_tdb.h"
-
-struct talloc_dict {
- struct db_context *db;
-};
-
-struct talloc_dict *talloc_dict_init(TALLOC_CTX *mem_ctx)
-{
- struct talloc_dict *result;
-
- result = talloc(mem_ctx, struct talloc_dict);
- if (result == NULL) {
- return NULL;
- }
- result->db = db_open_rbt(result);
- if (result->db == NULL) {
- TALLOC_FREE(result);
- return NULL;
- }
- return result;
-}
-
-/*
- * Add a talloced object to the dict. Nulls out the pointer to indicate that
- * the talloc ownership has been taken. If an object for "key" already exists,
- * the existing object is talloc_free()ed and overwritten by the new
- * object. If "data" is NULL, object for key "key" is deleted. Return false
- * for "no memory".
- */
-
-bool talloc_dict_set(struct talloc_dict *dict, DATA_BLOB key, void *pdata)
-{
- struct db_record *rec;
- NTSTATUS status = NT_STATUS_OK;
- void *data = *(void **)pdata;
- TDB_DATA value;
-
- rec = dbwrap_fetch_locked(dict->db, talloc_tos(),
- make_tdb_data(key.data, key.length));
- if (rec == NULL) {
- return false;
- }
-
- value = dbwrap_record_get_value(rec);
-
- if (value.dsize != 0) {
- void *old_data;
- if (value.dsize != sizeof(void *)) {
- TALLOC_FREE(rec);
- return false;
- }
- memcpy(&old_data, value.dptr, sizeof(old_data));
- TALLOC_FREE(old_data);
- if (data == NULL) {
- status = dbwrap_record_delete(rec);
- }
- }
- if (data != NULL) {
- void *mydata = talloc_move(dict->db, &data);
- *(void **)pdata = NULL;
- status = dbwrap_record_store(rec,
- make_tdb_data((uint8_t *)&mydata,
- sizeof(mydata)), 0);
- }
- TALLOC_FREE(rec);
- return NT_STATUS_IS_OK(status);
-}
-
-/*
- * Fetch a talloced object. If "mem_ctx!=NULL", talloc_move the object there
- * and delete it from the dict.
- */
-
-void *talloc_dict_fetch(struct talloc_dict *dict, DATA_BLOB key,
- TALLOC_CTX *mem_ctx)
-{
- struct db_record *rec;
- void *result;
- TDB_DATA value;
-
- rec = dbwrap_fetch_locked(dict->db, talloc_tos(),
- make_tdb_data(key.data, key.length));
- if (rec == NULL) {
- return NULL;
- }
-
- value = dbwrap_record_get_value(rec);
- if (value.dsize != sizeof(void *)) {
- TALLOC_FREE(rec);
- return NULL;
- }
- result = *(void **)value.dptr;
-
- if (mem_ctx != NULL) {
- NTSTATUS status;
- status = dbwrap_record_delete(rec);
- if (!NT_STATUS_IS_OK(status)) {
- TALLOC_FREE(rec);
- return NULL;
- }
- result = talloc_move(mem_ctx, &result);
- }
-
- return result;
-}
-
-struct talloc_dict_traverse_state {
- int (*fn)(DATA_BLOB key, void *data, void *private_data);
- void *private_data;
-};
-
-static int talloc_dict_traverse_fn(struct db_record *rec, void *private_data)
-{
- TDB_DATA key;
- TDB_DATA value;
- struct talloc_dict_traverse_state *state =
- (struct talloc_dict_traverse_state *)private_data;
- void *p;
-
- key = dbwrap_record_get_key(rec);
- value = dbwrap_record_get_value(rec);
-
- if (value.dsize != sizeof(void *)) {
- return -1;
- }
-
- memcpy(&p, value.dptr, sizeof(p));
- return state->fn(data_blob_const(key.dptr, key.dsize),
- p, state->private_data);
-}
-
-/*
- * Traverse a talloc_dict. If "fn" returns non-null, quit the traverse
- */
-
-int talloc_dict_traverse(struct talloc_dict *dict,
- int (*fn)(DATA_BLOB key, void *data,
- void *private_data),
- void *private_data)
-{
- struct talloc_dict_traverse_state state;
- NTSTATUS status;
- int count = 0;
-
- state.fn = fn;
- state.private_data = private_data;
- status = dbwrap_traverse(dict->db, talloc_dict_traverse_fn, &state,
- &count);
- if (!NT_STATUS_IS_OK(status)) {
- return -1;
- } else {
- return count;
- }
-}
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 7bb0e510624..a8260ef5272 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -124,7 +124,6 @@ plantestsuite("samba3.smbtorture_s3.plain(%s).%s" % (env, t), env, [os.path.join
local_tests = [
"LOCAL-SUBSTITUTE",
"LOCAL-GENCACHE",
- "LOCAL-TALLOC-DICT",
"LOCAL-BASE64",
"LOCAL-RBTREE",
"LOCAL-MEMCACHE",
diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index 636eef0f986..8731447cd8a 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -31,7 +31,6 @@
#include "dbwrap/dbwrap.h"
#include "dbwrap/dbwrap_open.h"
#include "dbwrap/dbwrap_rbt.h"
-#include "talloc_dict.h"
#include "async_smb.h"
#include "libsmb/libsmb.h"
#include "libsmb/clirap.h"
@@ -10314,61 +10313,6 @@ failed:
return false;
}
-
-struct talloc_dict_test {
- int content;
-};
-
-static int talloc_dict_traverse_fn(DATA_BLOB key, void *data, void *priv)
-{
- int *count = (int *)priv;
- *count += 1;
- return 0;
-}
-
-static bool run_local_talloc_dict(int dummy)
-{
- struct talloc_dict *dict;
- struct talloc_dict_test *t;
- int key, count, res;
- bool ok;
-
- dict = talloc_dict_init(talloc_tos());
- if (dict == NULL) {
- return false;
- }
-
- t = talloc(talloc_tos(), struct talloc_dict_test);
- if (t == NULL) {
- return false;
- }
-
- key = 1;
- t->content = 1;
- ok = talloc_dict_set(dict, data_blob_const(&key, sizeof(key)), &t);
- if (!ok) {
- return false;
- }
-
- count = 0;
- res = talloc_dict_traverse(dict, talloc_dict_traverse_fn, &count);
- if (res == -1) {
- return false;
- }
-
- if (count != 1) {
- return false;
- }
-
- if (count != res) {
- return false;
- }
-
- TALLOC_FREE(dict);
-
- return true;
-}
-
static bool run_local_string_to_sid(int dummy) {
struct dom_sid sid;
@@ -11657,7 +11601,6 @@ static struct {
{ "PIDHIGH", run_pidhigh },
{ "LOCAL-SUBSTITUTE", run_local_substitute, 0},
{ "LOCAL-GENCACHE", run_local_gencache, 0},
- { "LOCAL-TALLOC-DICT", run_local_talloc_dict, 0},
{ "LOCAL-DBWRAP-WATCH1", run_dbwrap_watch1, 0 },
{ "LOCAL-DBWRAP-WATCH2", run_dbwrap_watch2, 0 },
{ "LOCAL-DBWRAP-DO-LOCKED1", run_dbwrap_do_locked1, 0 },
diff --git a/source3/wscript_build b/source3/wscript_build
index 7cf757b93d6..ea5eaf28b12 100644
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -382,7 +382,6 @@ bld.SAMBA3_SUBSYSTEM('samba3core',
lib/messages.c
lib/util_cluster.c
lib/id_cache.c
- lib/talloc_dict.c
lib/serverid.c
lib/server_id_watch.c
lib/server_id_db_util.c
--
2.11.0
From cb901981041e084f722898097859157c9ced1830 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 5 Sep 2017 13:37:41 +0200
Subject: [PATCH 04/21] s3: Avoid netlogon_creds_cli.h in includes.h
There's no point recompiling all of source3 if netlogon_creds_cli.h is changed
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/include/includes.h | 1 -
source3/lib/netapi/netapi.c | 1 +
source3/rpcclient/rpcclient.c | 1 +
3 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/source3/include/includes.h b/source3/include/includes.h
index 58bfaa719a1..e82bfad4147 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -317,7 +317,6 @@ typedef char fstring[FSTRING_LEN];
#include "../libcli/util/ntstatus.h"
#include "../libcli/util/error.h"
-#include "../libcli/auth/netlogon_creds_cli.h"
#include "../lib/util/charset/charset.h"
#include "dynconfig/dynconfig.h"
#include "locking.h"
diff --git a/source3/lib/netapi/netapi.c b/source3/lib/netapi/netapi.c
index 093348baefa..f8f79c69baf 100644
--- a/source3/lib/netapi/netapi.c
+++ b/source3/lib/netapi/netapi.c
@@ -18,6 +18,7 @@
*/
#include "includes.h"
+#include "../libcli/auth/netlogon_creds_cli.h"
#include "lib/netapi/netapi.h"
#include "lib/netapi/netapi_private.h"
#include "secrets.h"
diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index 3203df24c07..269a2a0d34b 100644
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -20,6 +20,7 @@
*/
#include "includes.h"
+#include "../libcli/auth/netlogon_creds_cli.h"
#include "popt_common.h"
#include "rpcclient.h"
#include "../libcli/auth/libcli_auth.h"
--
2.11.0
From e9767f06121c0849d15dc8081bb438925df80408 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Wed, 6 Sep 2017 13:29:07 +0200
Subject: [PATCH 05/21] netlogon_creds_cli: Add "dns_domain" to
netlogon_creds_cli_context
Used later for creating schannel cli_credentials
Signed-off-by: Volker Lendecke <vl at samba.org>
---
libcli/auth/netlogon_creds_cli.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c
index 526ee3962fc..854645caf6d 100644
--- a/libcli/auth/netlogon_creds_cli.c
+++ b/libcli/auth/netlogon_creds_cli.c
@@ -54,6 +54,7 @@ struct netlogon_creds_cli_context {
struct {
const char *computer;
const char *netbios_domain;
+ const char *dns_domain;
uint32_t cached_flags;
bool try_validation6;
bool try_logon_ex;
@@ -105,6 +106,7 @@ static NTSTATUS netlogon_creds_cli_context_common(
uint32_t required_flags,
const char *server_computer,
const char *server_netbios_domain,
+ const char *server_dns_domain,
TALLOC_CTX *mem_ctx,
struct netlogon_creds_cli_context **_context)
{
@@ -155,6 +157,13 @@ static NTSTATUS netlogon_creds_cli_context_common(
return NT_STATUS_NO_MEMORY;
}
+ context->server.dns_domain = talloc_strdup(context, server_dns_domain);
+ if (context->server.dns_domain == NULL) {
+ TALLOC_FREE(context);
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+
/*
* TODO:
* Force the callers to provide a unique
@@ -415,6 +424,7 @@ NTSTATUS netlogon_creds_cli_context_global(struct loadparm_context *lp_ctx,
required_flags,
server_computer,
server_netbios_domain,
+ "",
mem_ctx,
&context);
if (!NT_STATUS_IS_OK(status)) {
@@ -475,6 +485,7 @@ NTSTATUS netlogon_creds_cli_context_tmp(const char *client_computer,
required_flags,
server_computer,
server_netbios_domain,
+ "",
mem_ctx,
&context);
if (!NT_STATUS_IS_OK(status)) {
--
2.11.0
From 063232e8768e39bca87e71c8cff4182b23a4e9e0 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Wed, 6 Sep 2017 13:32:34 +0200
Subject: [PATCH 06/21] netlogon_creds_cli: Pass "server_dns_domain" through
netlogon_creds_cli_context_global
Signed-off-by: Volker Lendecke <vl at samba.org>
---
libcli/auth/netlogon_creds_cli.c | 1 +
libcli/auth/netlogon_creds_cli.h | 1 +
source3/rpc_client/cli_netlogon.c | 1 +
3 files changed, 3 insertions(+)
diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c
index 854645caf6d..6cf8242041a 100644
--- a/libcli/auth/netlogon_creds_cli.c
+++ b/libcli/auth/netlogon_creds_cli.c
@@ -264,6 +264,7 @@ NTSTATUS netlogon_creds_cli_context_global(struct loadparm_context *lp_ctx,
enum netr_SchannelType type,
const char *server_computer,
const char *server_netbios_domain,
+ const char *server_dns_domain,
TALLOC_CTX *mem_ctx,
struct netlogon_creds_cli_context **_context)
{
diff --git a/libcli/auth/netlogon_creds_cli.h b/libcli/auth/netlogon_creds_cli.h
index 32902f103a9..fbc59f6fe57 100644
--- a/libcli/auth/netlogon_creds_cli.h
+++ b/libcli/auth/netlogon_creds_cli.h
@@ -40,6 +40,7 @@ NTSTATUS netlogon_creds_cli_context_global(struct loadparm_context *lp_ctx,
enum netr_SchannelType type,
const char *server_computer,
const char *server_netbios_domain,
+ const char *server_dns_domain,
TALLOC_CTX *mem_ctx,
struct netlogon_creds_cli_context **_context);
NTSTATUS netlogon_creds_cli_context_tmp(const char *client_computer,
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index 719b98584f3..dad4d6ffd66 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -115,6 +115,7 @@ NTSTATUS rpccli_create_netlogon_creds(const char *server_computer,
sec_chan_type,
server_computer,
server_netbios_domain,
+ "",
mem_ctx, netlogon_creds);
TALLOC_FREE(frame);
if (!NT_STATUS_IS_OK(status)) {
--
2.11.0
From 8f2dd4607ec2109244d5901fda62f59445ae7957 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Wed, 6 Sep 2017 13:48:18 +0200
Subject: [PATCH 07/21] cli_netlogon: Pass server_dns_domain through
rpccli_create_netlogon_creds
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/libnet/libnet_join.c | 1 +
source3/rpc_client/cli_netlogon.c | 6 +++++-
source3/rpc_client/cli_netlogon.h | 1 +
3 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 591c177b44b..36b9addcf4f 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -1153,6 +1153,7 @@ static NTSTATUS libnet_join_joindomain_rpc_unsecure(TALLOC_CTX *mem_ctx,
status = rpccli_create_netlogon_creds(netlogon_pipe->desthost,
r->in.domain_name,
+ "", /* Never unsecure in AD */
r->out.account_name,
r->in.secure_channel_type,
r->in.msg_ctx,
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index dad4d6ffd66..ced83da9d77 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -88,6 +88,7 @@ NTSTATUS rpccli_pre_open_netlogon_creds(void)
NTSTATUS rpccli_create_netlogon_creds(const char *server_computer,
const char *server_netbios_domain,
+ const char *server_dns_domain,
const char *client_account,
enum netr_SchannelType sec_chan_type,
struct messaging_context *msg_ctx,
@@ -115,7 +116,7 @@ NTSTATUS rpccli_create_netlogon_creds(const char *server_computer,
sec_chan_type,
server_computer,
server_netbios_domain,
- "",
+ server_dns_domain,
mem_ctx, netlogon_creds);
TALLOC_FREE(frame);
if (!NT_STATUS_IS_OK(status)) {
@@ -133,6 +134,7 @@ NTSTATUS rpccli_create_netlogon_creds_with_creds(struct cli_credentials *creds,
{
enum netr_SchannelType sec_chan_type;
const char *server_netbios_domain;
+ const char *server_dns_domain;
const char *client_account;
sec_chan_type = cli_credentials_get_secure_channel_type(creds);
@@ -142,9 +144,11 @@ NTSTATUS rpccli_create_netlogon_creds_with_creds(struct cli_credentials *creds,
client_account = cli_credentials_get_username(creds);
server_netbios_domain = cli_credentials_get_domain(creds);
+ server_dns_domain = cli_credentials_get_realm(creds);
return rpccli_create_netlogon_creds(server_computer,
server_netbios_domain,
+ server_dns_domain,
client_account,
sec_chan_type,
msg_ctx, mem_ctx,
diff --git a/source3/rpc_client/cli_netlogon.h b/source3/rpc_client/cli_netlogon.h
index bef0def947d..33f0a7e068c 100644
--- a/source3/rpc_client/cli_netlogon.h
+++ b/source3/rpc_client/cli_netlogon.h
@@ -35,6 +35,7 @@ struct dcerpc_binding_handle;
NTSTATUS rpccli_pre_open_netlogon_creds(void);
NTSTATUS rpccli_create_netlogon_creds(const char *server_computer,
const char *server_netbios_domain,
+ const char *server_dns_domain,
const char *client_account,
enum netr_SchannelType sec_chan_type,
struct messaging_context *msg_ctx,
--
2.11.0
From 81ec34ebbe4632cd4114f80fe3a041bdd56b6468 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Wed, 6 Sep 2017 14:12:27 +0200
Subject: [PATCH 08/21] libnet: Use rpccli_create_netlogon_creds_with_creds in
join_unsecure
rpccli_create_netlogon_creds_with_creds just extracts the values we set here
from cli_credentials, and the lower-level interface is supposed to go away.
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/libnet/libnet_join.c | 26 ++++++++++++++++++--------
1 file changed, 18 insertions(+), 8 deletions(-)
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 36b9addcf4f..f3fd48c9cd8 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -1122,6 +1122,7 @@ static NTSTATUS libnet_join_joindomain_rpc_unsecure(TALLOC_CTX *mem_ctx,
{
TALLOC_CTX *frame = talloc_stackframe();
struct rpc_pipe_client *netlogon_pipe = NULL;
+ struct cli_credentials *cli_creds;
struct netlogon_creds_cli_context *netlogon_creds = NULL;
struct samr_Password current_nt_hash;
size_t len = 0;
@@ -1151,14 +1152,23 @@ static NTSTATUS libnet_join_joindomain_rpc_unsecure(TALLOC_CTX *mem_ctx,
/* according to WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED */
E_md4hash(r->in.admin_password, current_nt_hash.hash);
- status = rpccli_create_netlogon_creds(netlogon_pipe->desthost,
- r->in.domain_name,
- "", /* Never unsecure in AD */
- r->out.account_name,
- r->in.secure_channel_type,
- r->in.msg_ctx,
- frame,
- &netlogon_creds);
+ cli_creds = cli_credentials_init(talloc_tos());
+ if (cli_creds == NULL) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ cli_credentials_set_username(cli_creds, r->out.account_name,
+ CRED_SPECIFIED);
+ cli_credentials_set_domain(cli_creds, r->in.domain_name,
+ CRED_SPECIFIED);
+ cli_credentials_set_realm(cli_creds, "", CRED_SPECIFIED);
+ cli_credentials_set_secure_channel_type(cli_creds,
+ r->in.secure_channel_type);
+
+ status = rpccli_create_netlogon_creds_with_creds(
+ cli_creds, netlogon_pipe->desthost, r->in.msg_ctx,
+ frame, &netlogon_creds);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(frame);
return status;
--
2.11.0
From f9411c05ae68415b509b4ab77d96693cff572ce5 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Wed, 6 Sep 2017 14:14:28 +0200
Subject: [PATCH 09/21] cli_netlogon: Make rpccli_create_netlogon_creds static
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/rpc_client/cli_netlogon.c | 17 +++++++++--------
source3/rpc_client/cli_netlogon.h | 8 --------
2 files changed, 9 insertions(+), 16 deletions(-)
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index ced83da9d77..f4e3df3ec43 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -86,14 +86,15 @@ NTSTATUS rpccli_pre_open_netlogon_creds(void)
return NT_STATUS_OK;
}
-NTSTATUS rpccli_create_netlogon_creds(const char *server_computer,
- const char *server_netbios_domain,
- const char *server_dns_domain,
- const char *client_account,
- enum netr_SchannelType sec_chan_type,
- struct messaging_context *msg_ctx,
- TALLOC_CTX *mem_ctx,
- struct netlogon_creds_cli_context **netlogon_creds)
+static NTSTATUS rpccli_create_netlogon_creds(
+ const char *server_computer,
+ const char *server_netbios_domain,
+ const char *server_dns_domain,
+ const char *client_account,
+ enum netr_SchannelType sec_chan_type,
+ struct messaging_context *msg_ctx,
+ TALLOC_CTX *mem_ctx,
+ struct netlogon_creds_cli_context **netlogon_creds)
{
TALLOC_CTX *frame = talloc_stackframe();
struct loadparm_context *lp_ctx;
diff --git a/source3/rpc_client/cli_netlogon.h b/source3/rpc_client/cli_netlogon.h
index 33f0a7e068c..b71feda4464 100644
--- a/source3/rpc_client/cli_netlogon.h
+++ b/source3/rpc_client/cli_netlogon.h
@@ -33,14 +33,6 @@ struct dcerpc_binding_handle;
/* The following definitions come from rpc_client/cli_netlogon.c */
NTSTATUS rpccli_pre_open_netlogon_creds(void);
-NTSTATUS rpccli_create_netlogon_creds(const char *server_computer,
- const char *server_netbios_domain,
- const char *server_dns_domain,
- const char *client_account,
- enum netr_SchannelType sec_chan_type,
- struct messaging_context *msg_ctx,
- TALLOC_CTX *mem_ctx,
- struct netlogon_creds_cli_context **netlogon_creds);
NTSTATUS rpccli_create_netlogon_creds_with_creds(struct cli_credentials *creds,
const char *server_computer,
struct messaging_context *msg_ctx,
--
2.11.0
From bddf6ae81c30995dd5509ed7e6cc01eeb96d3571 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Wed, 6 Sep 2017 14:20:32 +0200
Subject: [PATCH 10/21] libnet: Use rpccli_setup_netlogon_creds_with_creds in
join_unsecure
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/libnet/libnet_join.c | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index f3fd48c9cd8..a4696698d7d 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -1124,7 +1124,6 @@ static NTSTATUS libnet_join_joindomain_rpc_unsecure(TALLOC_CTX *mem_ctx,
struct rpc_pipe_client *netlogon_pipe = NULL;
struct cli_credentials *cli_creds;
struct netlogon_creds_cli_context *netlogon_creds = NULL;
- struct samr_Password current_nt_hash;
size_t len = 0;
bool ok;
DATA_BLOB new_trust_blob = data_blob_null;
@@ -1149,9 +1148,6 @@ static NTSTATUS libnet_join_joindomain_rpc_unsecure(TALLOC_CTX *mem_ctx,
}
}
- /* according to WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED */
- E_md4hash(r->in.admin_password, current_nt_hash.hash);
-
cli_creds = cli_credentials_init(talloc_tos());
if (cli_creds == NULL) {
TALLOC_FREE(frame);
@@ -1166,6 +1162,10 @@ static NTSTATUS libnet_join_joindomain_rpc_unsecure(TALLOC_CTX *mem_ctx,
cli_credentials_set_secure_channel_type(cli_creds,
r->in.secure_channel_type);
+ /* according to WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED */
+ cli_credentials_set_password(cli_creds, r->in.admin_password,
+ CRED_SPECIFIED);
+
status = rpccli_create_netlogon_creds_with_creds(
cli_creds, netlogon_pipe->desthost, r->in.msg_ctx,
frame, &netlogon_creds);
@@ -1174,11 +1174,9 @@ static NTSTATUS libnet_join_joindomain_rpc_unsecure(TALLOC_CTX *mem_ctx,
return status;
}
- status = rpccli_setup_netlogon_creds(cli, NCACN_NP,
- netlogon_creds,
- true, /* force_reauth */
- current_nt_hash,
- NULL); /* previous_nt_hash */
+ status = rpccli_setup_netlogon_creds_with_creds(
+ cli, NCACN_NP, netlogon_creds, true /* force_reauth */,
+ cli_creds);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(frame);
return status;
--
2.11.0
From bfa12c9ebffb3e83b4b5d4b2ae1b79673bfbef7a Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Wed, 6 Sep 2017 14:21:36 +0200
Subject: [PATCH 11/21] cli_netlogon: Make rpccli_setup_netlogon_creds static
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/rpc_client/cli_netlogon.c | 13 +++++++------
source3/rpc_client/cli_netlogon.h | 6 ------
2 files changed, 7 insertions(+), 12 deletions(-)
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index f4e3df3ec43..9d245b8be7d 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -156,12 +156,13 @@ NTSTATUS rpccli_create_netlogon_creds_with_creds(struct cli_credentials *creds,
netlogon_creds);
}
-NTSTATUS rpccli_setup_netlogon_creds(struct cli_state *cli,
- enum dcerpc_transport_t transport,
- struct netlogon_creds_cli_context *netlogon_creds,
- bool force_reauth,
- struct samr_Password current_nt_hash,
- const struct samr_Password *previous_nt_hash)
+static NTSTATUS rpccli_setup_netlogon_creds(
+ struct cli_state *cli,
+ enum dcerpc_transport_t transport,
+ struct netlogon_creds_cli_context *netlogon_creds,
+ bool force_reauth,
+ struct samr_Password current_nt_hash,
+ const struct samr_Password *previous_nt_hash)
{
TALLOC_CTX *frame = talloc_stackframe();
struct rpc_pipe_client *netlogon_pipe = NULL;
diff --git a/source3/rpc_client/cli_netlogon.h b/source3/rpc_client/cli_netlogon.h
index b71feda4464..a6fcf1cec4f 100644
--- a/source3/rpc_client/cli_netlogon.h
+++ b/source3/rpc_client/cli_netlogon.h
@@ -38,12 +38,6 @@ NTSTATUS rpccli_create_netlogon_creds_with_creds(struct cli_credentials *creds,
struct messaging_context *msg_ctx,
TALLOC_CTX *mem_ctx,
struct netlogon_creds_cli_context **netlogon_creds);
-NTSTATUS rpccli_setup_netlogon_creds(struct cli_state *cli,
- enum dcerpc_transport_t transport,
- struct netlogon_creds_cli_context *netlogon_creds,
- bool force_reauth,
- struct samr_Password current_nt_hash,
- const struct samr_Password *previous_nt_hash);
NTSTATUS rpccli_setup_netlogon_creds_with_creds(struct cli_state *cli,
enum dcerpc_transport_t transport,
struct netlogon_creds_cli_context *netlogon_creds,
--
2.11.0
From 9e8208a353fd3389e3dd03afa93099acaf4e4604 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Wed, 6 Sep 2017 17:23:47 +0200
Subject: [PATCH 12/21] cli_netlogon: Rename
rpccli_create_netlogon_creds_with_creds
This creates a context with access to a credentials, not credentials
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/libnet/libnet_join.c | 12 ++++++------
source3/rpc_client/cli_netlogon.c | 11 ++++++-----
source3/rpc_client/cli_netlogon.h | 11 ++++++-----
source3/rpc_client/cli_pipe_schannel.c | 10 +++++-----
source3/rpcclient/rpcclient.c | 2 +-
source3/winbindd/winbindd_cm.c | 10 +++++-----
6 files changed, 29 insertions(+), 27 deletions(-)
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index a4696698d7d..e588001d7d6 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -1166,7 +1166,7 @@ static NTSTATUS libnet_join_joindomain_rpc_unsecure(TALLOC_CTX *mem_ctx,
cli_credentials_set_password(cli_creds, r->in.admin_password,
CRED_SPECIFIED);
- status = rpccli_create_netlogon_creds_with_creds(
+ status = rpccli_create_netlogon_creds_ctx(
cli_creds, netlogon_pipe->desthost, r->in.msg_ctx,
frame, &netlogon_creds);
if (!NT_STATUS_IS_OK(status)) {
@@ -1617,11 +1617,11 @@ NTSTATUS libnet_join_ok(struct messaging_context *msg_ctx,
return status;
}
- status = rpccli_create_netlogon_creds_with_creds(cli_creds,
- dc_name,
- msg_ctx,
- frame,
- &netlogon_creds);
+ status = rpccli_create_netlogon_creds_ctx(cli_creds,
+ dc_name,
+ msg_ctx,
+ frame,
+ &netlogon_creds);
if (!NT_STATUS_IS_OK(status)) {
cli_shutdown(cli);
TALLOC_FREE(frame);
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index 9d245b8be7d..75234a6799c 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -127,11 +127,12 @@ static NTSTATUS rpccli_create_netlogon_creds(
return NT_STATUS_OK;
}
-NTSTATUS rpccli_create_netlogon_creds_with_creds(struct cli_credentials *creds,
- const char *server_computer,
- struct messaging_context *msg_ctx,
- TALLOC_CTX *mem_ctx,
- struct netlogon_creds_cli_context **netlogon_creds)
+NTSTATUS rpccli_create_netlogon_creds_ctx(
+ struct cli_credentials *creds,
+ const char *server_computer,
+ struct messaging_context *msg_ctx,
+ TALLOC_CTX *mem_ctx,
+ struct netlogon_creds_cli_context **netlogon_creds)
{
enum netr_SchannelType sec_chan_type;
const char *server_netbios_domain;
diff --git a/source3/rpc_client/cli_netlogon.h b/source3/rpc_client/cli_netlogon.h
index a6fcf1cec4f..62cdc63e77e 100644
--- a/source3/rpc_client/cli_netlogon.h
+++ b/source3/rpc_client/cli_netlogon.h
@@ -33,11 +33,12 @@ struct dcerpc_binding_handle;
/* The following definitions come from rpc_client/cli_netlogon.c */
NTSTATUS rpccli_pre_open_netlogon_creds(void);
-NTSTATUS rpccli_create_netlogon_creds_with_creds(struct cli_credentials *creds,
- const char *server_computer,
- struct messaging_context *msg_ctx,
- TALLOC_CTX *mem_ctx,
- struct netlogon_creds_cli_context **netlogon_creds);
+NTSTATUS rpccli_create_netlogon_creds_ctx(
+ struct cli_credentials *creds,
+ const char *server_computer,
+ struct messaging_context *msg_ctx,
+ TALLOC_CTX *mem_ctx,
+ struct netlogon_creds_cli_context **netlogon_creds);
NTSTATUS rpccli_setup_netlogon_creds_with_creds(struct cli_state *cli,
enum dcerpc_transport_t transport,
struct netlogon_creds_cli_context *netlogon_creds,
diff --git a/source3/rpc_client/cli_pipe_schannel.c b/source3/rpc_client/cli_pipe_schannel.c
index 1790247e04e..0a1dd79b986 100644
--- a/source3/rpc_client/cli_pipe_schannel.c
+++ b/source3/rpc_client/cli_pipe_schannel.c
@@ -62,11 +62,11 @@ NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli,
return status;
}
- status = rpccli_create_netlogon_creds_with_creds(cli_creds,
- dc_name,
- msg_ctx,
- frame,
- &netlogon_creds);
+ status = rpccli_create_netlogon_creds_ctx(cli_creds,
+ dc_name,
+ msg_ctx,
+ frame,
+ &netlogon_creds);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(frame);
return status;
diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index 269a2a0d34b..05bbb0b478b 100644
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -803,7 +803,7 @@ static NTSTATUS do_cmd(struct cli_state *cli,
return ntresult;
}
- ntresult = rpccli_create_netlogon_creds_with_creds(creds,
+ ntresult = rpccli_create_netlogon_creds_ctx(creds,
dc_name,
rpcclient_msg_ctx,
rpcclient_msg_ctx,
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 316964226d6..5fd8f086b87 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -3277,11 +3277,11 @@ static NTSTATUS cm_connect_netlogon_transport(struct winbindd_domain *domain,
return NT_STATUS_OK;
}
- result = rpccli_create_netlogon_creds_with_creds(creds,
- domain->dcname,
- msg_ctx,
- domain,
- &conn->netlogon_creds_ctx);
+ result = rpccli_create_netlogon_creds_ctx(creds,
+ domain->dcname,
+ msg_ctx,
+ domain,
+ &conn->netlogon_creds_ctx);
if (!NT_STATUS_IS_OK(result)) {
DEBUG(1, ("rpccli_create_netlogon_creds failed for %s, "
"unable to create NETLOGON credentials: %s\n",
--
2.11.0
From 7cebc882cabd30ecefc862f0f699ba250ef6a2a2 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Wed, 6 Sep 2017 17:31:38 +0200
Subject: [PATCH 13/21] cli_netlogon: Eliminate
rpccli_setup_netlogon_creds_with_creds
Inlining the code from rpccli_setup_netlogon_creds
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/libnet/libnet_join.c | 10 +++---
source3/rpc_client/cli_netlogon.c | 56 +++++++++-------------------------
source3/rpc_client/cli_netlogon.h | 11 ++++---
source3/rpc_client/cli_pipe_schannel.c | 2 +-
source3/rpcclient/rpcclient.c | 11 ++++---
source3/winbindd/winbindd_cm.c | 8 ++---
6 files changed, 37 insertions(+), 61 deletions(-)
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index e588001d7d6..5880913a39f 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -1174,7 +1174,7 @@ static NTSTATUS libnet_join_joindomain_rpc_unsecure(TALLOC_CTX *mem_ctx,
return status;
}
- status = rpccli_setup_netlogon_creds_with_creds(
+ status = rpccli_setup_netlogon_creds(
cli, NCACN_NP, netlogon_creds, true /* force_reauth */,
cli_creds);
if (!NT_STATUS_IS_OK(status)) {
@@ -1628,10 +1628,10 @@ NTSTATUS libnet_join_ok(struct messaging_context *msg_ctx,
return status;
}
- status = rpccli_setup_netlogon_creds_with_creds(cli, NCACN_NP,
- netlogon_creds,
- true, /* force_reauth */
- cli_creds);
+ status = rpccli_setup_netlogon_creds(cli, NCACN_NP,
+ netlogon_creds,
+ true, /* force_reauth */
+ cli_creds);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("connect_to_domain_password_server: "
"unable to open the domain client session to "
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index 75234a6799c..2c3e205e2f4 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -157,13 +157,12 @@ NTSTATUS rpccli_create_netlogon_creds_ctx(
netlogon_creds);
}
-static NTSTATUS rpccli_setup_netlogon_creds(
+NTSTATUS rpccli_setup_netlogon_creds(
struct cli_state *cli,
enum dcerpc_transport_t transport,
struct netlogon_creds_cli_context *netlogon_creds,
bool force_reauth,
- struct samr_Password current_nt_hash,
- const struct samr_Password *previous_nt_hash)
+ struct cli_credentials *cli_creds)
{
TALLOC_CTX *frame = talloc_stackframe();
struct rpc_pipe_client *netlogon_pipe = NULL;
@@ -193,6 +192,19 @@ static NTSTATUS rpccli_setup_netlogon_creds(
TALLOC_FREE(creds);
}
+ nt_hashes[0] = cli_credentials_get_nt_hash(cli_creds, talloc_tos());
+ if (nt_hashes[0] == NULL) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+ num_nt_hashes = 1;
+
+ nt_hashes[1] = cli_credentials_get_old_nt_hash(cli_creds,
+ talloc_tos());
+ if (nt_hashes[1] != NULL) {
+ num_nt_hashes = 2;
+ }
+
status = cli_rpc_pipe_open_noauth_transport(cli,
transport,
&ndr_table_netlogon,
@@ -207,13 +219,6 @@ static NTSTATUS rpccli_setup_netlogon_creds(
}
talloc_steal(frame, netlogon_pipe);
- nt_hashes[0] = ¤t_nt_hash;
- num_nt_hashes = 1;
- if (previous_nt_hash != NULL) {
- nt_hashes[1] = previous_nt_hash;
- num_nt_hashes = 2;
- }
-
status = netlogon_creds_cli_auth(netlogon_creds,
netlogon_pipe->binding_handle,
num_nt_hashes,
@@ -240,37 +245,6 @@ static NTSTATUS rpccli_setup_netlogon_creds(
return NT_STATUS_OK;
}
-NTSTATUS rpccli_setup_netlogon_creds_with_creds(struct cli_state *cli,
- enum dcerpc_transport_t transport,
- struct netlogon_creds_cli_context *netlogon_creds,
- bool force_reauth,
- struct cli_credentials *creds)
-{
- struct samr_Password *current_nt_hash = NULL;
- struct samr_Password *previous_nt_hash = NULL;
- NTSTATUS status;
-
- current_nt_hash = cli_credentials_get_nt_hash(creds, talloc_tos());
- if (current_nt_hash == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
- previous_nt_hash = cli_credentials_get_old_nt_hash(creds, talloc_tos());
-
- status = rpccli_setup_netlogon_creds(cli, transport,
- netlogon_creds,
- force_reauth,
- *current_nt_hash,
- previous_nt_hash);
- TALLOC_FREE(current_nt_hash);
- TALLOC_FREE(previous_nt_hash);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- return NT_STATUS_OK;
-}
-
static NTSTATUS map_validation_to_info3(TALLOC_CTX *mem_ctx,
uint16_t validation_level,
union netr_Validation *validation,
diff --git a/source3/rpc_client/cli_netlogon.h b/source3/rpc_client/cli_netlogon.h
index 62cdc63e77e..d66bcd3b55b 100644
--- a/source3/rpc_client/cli_netlogon.h
+++ b/source3/rpc_client/cli_netlogon.h
@@ -39,11 +39,12 @@ NTSTATUS rpccli_create_netlogon_creds_ctx(
struct messaging_context *msg_ctx,
TALLOC_CTX *mem_ctx,
struct netlogon_creds_cli_context **netlogon_creds);
-NTSTATUS rpccli_setup_netlogon_creds_with_creds(struct cli_state *cli,
- enum dcerpc_transport_t transport,
- struct netlogon_creds_cli_context *netlogon_creds,
- bool force_reauth,
- struct cli_credentials *creds);
+NTSTATUS rpccli_setup_netlogon_creds(
+ struct cli_state *cli,
+ enum dcerpc_transport_t transport,
+ struct netlogon_creds_cli_context *netlogon_creds,
+ bool force_reauth,
+ struct cli_credentials *cli_creds);
NTSTATUS rpccli_netlogon_password_logon(struct netlogon_creds_cli_context *creds,
struct dcerpc_binding_handle *binding_handle,
TALLOC_CTX *mem_ctx,
diff --git a/source3/rpc_client/cli_pipe_schannel.c b/source3/rpc_client/cli_pipe_schannel.c
index 0a1dd79b986..a94429538c7 100644
--- a/source3/rpc_client/cli_pipe_schannel.c
+++ b/source3/rpc_client/cli_pipe_schannel.c
@@ -72,7 +72,7 @@ NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli,
return status;
}
- status = rpccli_setup_netlogon_creds_with_creds(cli, transport,
+ status = rpccli_setup_netlogon_creds(cli, transport,
netlogon_creds,
false, /* force_reauth */
cli_creds);
diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index 05bbb0b478b..c1039ed84c5 100644
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -816,11 +816,12 @@ static NTSTATUS do_cmd(struct cli_state *cli,
return ntresult;
}
- ntresult = rpccli_setup_netlogon_creds_with_creds(cli,
- NCACN_NP,
- rpcclient_netlogon_creds,
- false, /* force_reauth */
- creds);
+ ntresult = rpccli_setup_netlogon_creds(
+ cli,
+ NCACN_NP,
+ rpcclient_netlogon_creds,
+ false, /* force_reauth */
+ creds);
TALLOC_FREE(creds);
if (!NT_STATUS_IS_OK(ntresult)) {
DEBUG(0, ("Could not initialise credentials for %s.\n",
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 5fd8f086b87..b2d14c47b40 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -3289,10 +3289,10 @@ static NTSTATUS cm_connect_netlogon_transport(struct winbindd_domain *domain,
return result;
}
- result = rpccli_setup_netlogon_creds_with_creds(conn->cli, transport,
- conn->netlogon_creds_ctx,
- conn->netlogon_force_reauth,
- creds);
+ result = rpccli_setup_netlogon_creds(conn->cli, transport,
+ conn->netlogon_creds_ctx,
+ conn->netlogon_force_reauth,
+ creds);
conn->netlogon_force_reauth = false;
if (!NT_STATUS_IS_OK(result)) {
DEBUG(1, ("rpccli_setup_netlogon_creds failed for %s, "
--
2.11.0
From 75358b41b21ab823066d80b6abf2e9579bdfb5e4 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 25 Aug 2017 11:27:30 +0200
Subject: [PATCH 14/21] netlogon_creds_cli: Avoid a static const struct
Same number of .text bytes, but simpler code.
Yes, this is {{0}} instead of {0}, which I always promote. I've just read a
comment on stackoverflow (which I've unfortunately just closed the tab for :-()
that {{0}} might actually be the correct way to init a struct to zero if the
first struct element is again a struct. I'm lost. 25 years of C coding and I
have no clue of the language :-(
Signed-off-by: Volker Lendecke <vl at samba.org>
---
libcli/auth/netlogon_creds_cli.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c
index 6cf8242041a..2b238b701bc 100644
--- a/libcli/auth/netlogon_creds_cli.c
+++ b/libcli/auth/netlogon_creds_cli.c
@@ -572,7 +572,6 @@ NTSTATUS netlogon_creds_cli_get(struct netlogon_creds_cli_context *context,
.status = NT_STATUS_INTERNAL_ERROR,
.required_flags = context->client.required_flags,
};
- static const struct netr_Credential zero_creds;
*_creds = NULL;
@@ -592,9 +591,9 @@ NTSTATUS netlogon_creds_cli_get(struct netlogon_creds_cli_context *context,
* mark it as invalid for step operations.
*/
fstate.creds->sequence = 0;
- fstate.creds->seed = zero_creds;
- fstate.creds->client = zero_creds;
- fstate.creds->server = zero_creds;
+ fstate.creds->seed = (struct netr_Credential) {{0}};
+ fstate.creds->client = (struct netr_Credential) {{0}};
+ fstate.creds->server = (struct netr_Credential) {{0}};
if (context->server.cached_flags == fstate.creds->negotiate_flags) {
*_creds = fstate.creds;
--
2.11.0
From 68e30d708e619614464f3bfffb3b16033d9910f0 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 25 Aug 2017 11:39:16 +0200
Subject: [PATCH 15/21] netlogon_creds_cli: Remove an obsolete comment
Signed-off-by: Volker Lendecke <vl at samba.org>
---
libcli/auth/netlogon_creds_cli.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c
index 2b238b701bc..5ec72aa1990 100644
--- a/libcli/auth/netlogon_creds_cli.c
+++ b/libcli/auth/netlogon_creds_cli.c
@@ -613,10 +613,7 @@ NTSTATUS netlogon_creds_cli_get(struct netlogon_creds_cli_context *context,
*
* The credentials chain is not per NETLOGON pipe
* connection, but globally on the server/client pair
- * by computer name, while the client is free to use
- * any computer name. We include the cluster node number
- * in our computer name in order to avoid cross node
- * coordination of the credential chain.
+ * by computer name.
*
* It's also important to use NetlogonValidationSamInfo4 (6),
* because it relies on the rpc transport encryption
--
2.11.0
From ef60176e866723df7daad0a16cf5dae43381ffc3 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 5 Sep 2017 14:56:58 +0200
Subject: [PATCH 16/21] netlogon_creds_cli: A netlogon_creds_cli_context needs
a msg_ctx
Signed-off-by: Volker Lendecke <vl at samba.org>
---
libcli/auth/netlogon_creds_cli.c | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c
index 5ec72aa1990..751c09f4bdd 100644
--- a/libcli/auth/netlogon_creds_cli.c
+++ b/libcli/auth/netlogon_creds_cli.c
@@ -283,6 +283,10 @@ NTSTATUS netlogon_creds_cli_context_global(struct loadparm_context *lp_ctx,
*_context = NULL;
+ if (msg_ctx == NULL) {
+ return NT_STATUS_INVALID_PARAMETER_MIX;
+ }
+
client_computer = lpcfg_netbios_name(lp_ctx);
if (strlen(client_computer) > 15) {
return NT_STATUS_INVALID_PARAMETER_MIX;
@@ -433,13 +437,11 @@ NTSTATUS netlogon_creds_cli_context_global(struct loadparm_context *lp_ctx,
return status;
}
- if (msg_ctx != NULL) {
- context->db.g_ctx = g_lock_ctx_init(context, msg_ctx);
- if (context->db.g_ctx == NULL) {
- TALLOC_FREE(context);
- TALLOC_FREE(frame);
- return NT_STATUS_NO_MEMORY;
- }
+ context->db.g_ctx = g_lock_ctx_init(context, msg_ctx);
+ if (context->db.g_ctx == NULL) {
+ TALLOC_FREE(context);
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
}
if (netlogon_creds_cli_global_db != NULL) {
--
2.11.0
From 10d8ebea620d37f38361966ec4ab9c94ec1ab3a2 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 5 Sep 2017 14:08:41 +0200
Subject: [PATCH 17/21] rpc_client3: Fix a debug message
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/rpc_client/cli_pipe.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 63b6cf4b458..6cdb5df0bfd 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -3294,7 +3294,7 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_creds(struct cli_state *cli,
status = netlogon_creds_cli_lock(netlogon_creds, rpccli, &ncreds);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, ("netlogon_creds_cli_get returned %s\n",
+ DEBUG(0, ("netlogon_creds_cli_lock returned %s\n",
nt_errstr(status)));
TALLOC_FREE(rpccli);
return status;
--
2.11.0
From 2b979023c2f4490c010ccca79cdf84df836d6360 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Mon, 21 Aug 2017 11:34:45 +0200
Subject: [PATCH 18/21] netlogon_creds_cli: Simplify
netlogon_creds_cli_context_common
printf knows to only print part of a string. No need to talloc_strdup.
Signed-off-by: Volker Lendecke <vl at samba.org>
---
libcli/auth/netlogon_creds_cli.c | 19 ++++++++-----------
1 file changed, 8 insertions(+), 11 deletions(-)
diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c
index 751c09f4bdd..b85a7e03b60 100644
--- a/libcli/auth/netlogon_creds_cli.c
+++ b/libcli/auth/netlogon_creds_cli.c
@@ -113,7 +113,7 @@ static NTSTATUS netlogon_creds_cli_context_common(
struct netlogon_creds_cli_context *context = NULL;
TALLOC_CTX *frame = talloc_stackframe();
char *_key_name = NULL;
- char *server_netbios_name = NULL;
+ size_t server_netbios_name_len;
char *p = NULL;
*_context = NULL;
@@ -172,22 +172,19 @@ static NTSTATUS netlogon_creds_cli_context_common(
* For now we have to deal with
* "HOSTNAME" vs. "hostname.example.com".
*/
- server_netbios_name = talloc_strdup(frame, server_computer);
- if (server_netbios_name == NULL) {
- TALLOC_FREE(context);
- TALLOC_FREE(frame);
- return NT_STATUS_NO_MEMORY;
- }
- p = strchr(server_netbios_name, '.');
+ p = strchr(server_computer, '.');
if (p != NULL) {
- p[0] = '\0';
+ server_netbios_name_len = p-server_computer;
+ } else {
+ server_netbios_name_len = strlen(server_computer);
}
- _key_name = talloc_asprintf(frame, "CLI[%s/%s]/SRV[%s/%s]",
+ _key_name = talloc_asprintf(frame, "CLI[%s/%s]/SRV[%.*s/%s]",
client_computer,
client_account,
- server_netbios_name,
+ (int)server_netbios_name_len,
+ server_computer,
server_netbios_domain);
if (_key_name == NULL) {
TALLOC_FREE(context);
--
2.11.0
From 58926d14ecebb8c5fa4eb6a4e66f9ab4a190f122 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Mon, 21 Aug 2017 11:34:45 +0200
Subject: [PATCH 19/21] netlogon_creds_cli: Simplify
netlogon_creds_cli_context_common
IMHO a full talloc_stackframe is overkill for the one allocation that is left
here.
Signed-off-by: Volker Lendecke <vl at samba.org>
---
libcli/auth/netlogon_creds_cli.c | 13 ++-----------
1 file changed, 2 insertions(+), 11 deletions(-)
diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c
index b85a7e03b60..d6e20889b3a 100644
--- a/libcli/auth/netlogon_creds_cli.c
+++ b/libcli/auth/netlogon_creds_cli.c
@@ -111,7 +111,6 @@ static NTSTATUS netlogon_creds_cli_context_common(
struct netlogon_creds_cli_context **_context)
{
struct netlogon_creds_cli_context *context = NULL;
- TALLOC_CTX *frame = talloc_stackframe();
char *_key_name = NULL;
size_t server_netbios_name_len;
char *p = NULL;
@@ -120,21 +119,18 @@ static NTSTATUS netlogon_creds_cli_context_common(
context = talloc_zero(mem_ctx, struct netlogon_creds_cli_context);
if (context == NULL) {
- TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
context->client.computer = talloc_strdup(context, client_computer);
if (context->client.computer == NULL) {
TALLOC_FREE(context);
- TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
context->client.account = talloc_strdup(context, client_account);
if (context->client.account == NULL) {
TALLOC_FREE(context);
- TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
@@ -146,21 +142,18 @@ static NTSTATUS netlogon_creds_cli_context_common(
context->server.computer = talloc_strdup(context, server_computer);
if (context->server.computer == NULL) {
TALLOC_FREE(context);
- TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
context->server.netbios_domain = talloc_strdup(context, server_netbios_domain);
if (context->server.netbios_domain == NULL) {
TALLOC_FREE(context);
- TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
context->server.dns_domain = talloc_strdup(context, server_dns_domain);
if (context->server.dns_domain == NULL) {
TALLOC_FREE(context);
- TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
@@ -180,7 +173,7 @@ static NTSTATUS netlogon_creds_cli_context_common(
server_netbios_name_len = strlen(server_computer);
}
- _key_name = talloc_asprintf(frame, "CLI[%s/%s]/SRV[%.*s/%s]",
+ _key_name = talloc_asprintf(context, "CLI[%s/%s]/SRV[%.*s/%s]",
client_computer,
client_account,
(int)server_netbios_name_len,
@@ -188,21 +181,19 @@ static NTSTATUS netlogon_creds_cli_context_common(
server_netbios_domain);
if (_key_name == NULL) {
TALLOC_FREE(context);
- TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
context->db.key_name = talloc_strdup_upper(context, _key_name);
+ TALLOC_FREE(_key_name);
if (context->db.key_name == NULL) {
TALLOC_FREE(context);
- TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
context->db.key_data = string_term_tdb_data(context->db.key_name);
*_context = context;
- TALLOC_FREE(frame);
return NT_STATUS_OK;
}
--
2.11.0
From 1c7b876a73b704bac8d9fdf6a9773b24011f697e Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Mon, 21 Aug 2017 11:54:29 +0200
Subject: [PATCH 20/21] netlogon_creds_cli: Simplify
netlogon_creds_cli_context_global
(require_sign_or_seal == false) looks odd :-)
Signed-off-by: Volker Lendecke <vl at samba.org>
---
libcli/auth/netlogon_creds_cli.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c
index d6e20889b3a..a124a1c03da 100644
--- a/libcli/auth/netlogon_creds_cli.c
+++ b/libcli/auth/netlogon_creds_cli.c
@@ -381,11 +381,11 @@ NTSTATUS netlogon_creds_cli_context_global(struct loadparm_context *lp_ctx,
proposed_flags |= NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION;
}
- if (require_sign_or_seal == false) {
- proposed_flags &= ~NETLOGON_NEG_AUTHENTICATED_RPC;
- } else {
+ if (require_sign_or_seal) {
required_flags |= NETLOGON_NEG_ARCFOUR;
required_flags |= NETLOGON_NEG_AUTHENTICATED_RPC;
+ } else {
+ proposed_flags &= ~NETLOGON_NEG_AUTHENTICATED_RPC;
}
if (reject_md5_servers) {
--
2.11.0
From 6371980b46f767168fa34012849fe1d125530760 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Mon, 21 Aug 2017 12:00:23 +0200
Subject: [PATCH 21/21] netlogon_creds_cli: Use data_blob_cmp in
netlogon_creds_cli_validate
Signed-off-by: Volker Lendecke <vl at samba.org>
---
libcli/auth/netlogon_creds_cli.c | 14 +++-----------
1 file changed, 3 insertions(+), 11 deletions(-)
diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c
index a124a1c03da..dc05316ac13 100644
--- a/libcli/auth/netlogon_creds_cli.c
+++ b/libcli/auth/netlogon_creds_cli.c
@@ -669,19 +669,11 @@ bool netlogon_creds_cli_validate(struct netlogon_creds_cli_context *context,
return false;
}
- if (blob1.length != blob2.length) {
- TALLOC_FREE(frame);
- return false;
- }
-
- cmp = memcmp(blob1.data, blob2.data, blob1.length);
- if (cmp != 0) {
- TALLOC_FREE(frame);
- return false;
- }
+ cmp = data_blob_cmp(&blob1, &blob2);
TALLOC_FREE(frame);
- return true;
+
+ return (cmp == 0);
}
NTSTATUS netlogon_creds_cli_store(struct netlogon_creds_cli_context *context,
--
2.11.0
More information about the samba-technical
mailing list