[PATCH] Next round of netlogon_cli_creds refactoring
Volker Lendecke
Volker.Lendecke at SerNet.DE
Sun Sep 17 02:07:00 UTC 2017
No functional change intended so far, just preparatory patches.
Review appreciated!
Thanks, Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------
From 3795258eacaba3014f9eb8d7c3f6d69471c4352e Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Wed, 13 Sep 2017 04:10:59 -0700
Subject: [PATCH 01/14] netlogon_creds_cli: Fix talloc_stackframe leaks
Signed-off-by: Volker Lendecke <vl at samba.org>
---
libcli/auth/netlogon_creds_cli.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c
index dc05316ac13..847922c0256 100644
--- a/libcli/auth/netlogon_creds_cli.c
+++ b/libcli/auth/netlogon_creds_cli.c
@@ -272,11 +272,13 @@ NTSTATUS netlogon_creds_cli_context_global(struct loadparm_context *lp_ctx,
*_context = NULL;
if (msg_ctx == NULL) {
+ TALLOC_FREE(frame);
return NT_STATUS_INVALID_PARAMETER_MIX;
}
client_computer = lpcfg_netbios_name(lp_ctx);
if (strlen(client_computer) > 15) {
+ TALLOC_FREE(frame);
return NT_STATUS_INVALID_PARAMETER_MIX;
}
--
2.11.0
From 4f462966e8eb995659efa5ef149934a726fb5329 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 5 Sep 2017 15:35:17 +0200
Subject: [PATCH 02/14] netlogon_creds_cli: Simplify
netlogon_creds_cli_context_global
netlogon_creds_cli_open_global_db() already contains the NULL check. Use that.
Signed-off-by: Volker Lendecke <vl at samba.org>
---
libcli/auth/netlogon_creds_cli.c | 7 -------
1 file changed, 7 deletions(-)
diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c
index 847922c0256..4a79b7c56e1 100644
--- a/libcli/auth/netlogon_creds_cli.c
+++ b/libcli/auth/netlogon_creds_cli.c
@@ -434,13 +434,6 @@ NTSTATUS netlogon_creds_cli_context_global(struct loadparm_context *lp_ctx,
return NT_STATUS_NO_MEMORY;
}
- if (netlogon_creds_cli_global_db != NULL) {
- context->db.ctx = netlogon_creds_cli_global_db;
- *_context = context;
- TALLOC_FREE(frame);
- return NT_STATUS_OK;
- }
-
status = netlogon_creds_cli_open_global_db(lp_ctx);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(context);
--
2.11.0
From 0967f6d430ffddf499ccbd8ce41bac89e3c8a9b7 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 5 Sep 2017 16:17:58 +0200
Subject: [PATCH 03/14] cli_netlogon: Rename "netlogon_creds" to "creds_ctx"
Trying to understand this code it's important for me to name variables
indicating their use: A netlogon_creds_cli_context is a context with access to
credentials, it's not the credentials itself.
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/rpc_client/cli_netlogon.c | 70 +++++++++++++++++++--------------------
source3/rpc_client/cli_netlogon.h | 4 +--
2 files changed, 37 insertions(+), 37 deletions(-)
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index 2c3e205e2f4..4b8beb5f44f 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -132,7 +132,7 @@ NTSTATUS rpccli_create_netlogon_creds_ctx(
const char *server_computer,
struct messaging_context *msg_ctx,
TALLOC_CTX *mem_ctx,
- struct netlogon_creds_cli_context **netlogon_creds)
+ struct netlogon_creds_cli_context **creds_ctx)
{
enum netr_SchannelType sec_chan_type;
const char *server_netbios_domain;
@@ -154,13 +154,13 @@ NTSTATUS rpccli_create_netlogon_creds_ctx(
client_account,
sec_chan_type,
msg_ctx, mem_ctx,
- netlogon_creds);
+ creds_ctx);
}
NTSTATUS rpccli_setup_netlogon_creds(
struct cli_state *cli,
enum dcerpc_transport_t transport,
- struct netlogon_creds_cli_context *netlogon_creds,
+ struct netlogon_creds_cli_context *creds_ctx,
bool force_reauth,
struct cli_credentials *cli_creds)
{
@@ -172,8 +172,7 @@ NTSTATUS rpccli_setup_netlogon_creds(
uint8_t idx_nt_hashes = 0;
NTSTATUS status;
- status = netlogon_creds_cli_get(netlogon_creds,
- frame, &creds);
+ status = netlogon_creds_cli_get(creds_ctx, frame, &creds);
if (NT_STATUS_IS_OK(status)) {
const char *action = "using";
@@ -219,7 +218,7 @@ NTSTATUS rpccli_setup_netlogon_creds(
}
talloc_steal(frame, netlogon_pipe);
- status = netlogon_creds_cli_auth(netlogon_creds,
+ status = netlogon_creds_cli_auth(creds_ctx,
netlogon_pipe->binding_handle,
num_nt_hashes,
nt_hashes,
@@ -229,8 +228,7 @@ NTSTATUS rpccli_setup_netlogon_creds(
return status;
}
- status = netlogon_creds_cli_get(netlogon_creds,
- frame, &creds);
+ status = netlogon_creds_cli_get(creds_ctx, frame, &creds);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(frame);
return NT_STATUS_INTERNAL_ERROR;
@@ -294,18 +292,19 @@ static NTSTATUS map_validation_to_info3(TALLOC_CTX *mem_ctx,
/* Logon domain user */
-NTSTATUS rpccli_netlogon_password_logon(struct netlogon_creds_cli_context *creds,
- struct dcerpc_binding_handle *binding_handle,
- TALLOC_CTX *mem_ctx,
- uint32_t logon_parameters,
- const char *domain,
- const char *username,
- const char *password,
- const char *workstation,
- enum netr_LogonInfoClass logon_type,
- uint8_t *authoritative,
- uint32_t *flags,
- struct netr_SamInfo3 **info3)
+NTSTATUS rpccli_netlogon_password_logon(
+ struct netlogon_creds_cli_context *creds_ctx,
+ struct dcerpc_binding_handle *binding_handle,
+ TALLOC_CTX *mem_ctx,
+ uint32_t logon_parameters,
+ const char *domain,
+ const char *username,
+ const char *password,
+ const char *workstation,
+ enum netr_LogonInfoClass logon_type,
+ uint8_t *authoritative,
+ uint32_t *flags,
+ struct netr_SamInfo3 **info3)
{
TALLOC_CTX *frame = talloc_stackframe();
NTSTATUS status;
@@ -412,7 +411,7 @@ NTSTATUS rpccli_netlogon_password_logon(struct netlogon_creds_cli_context *creds
return NT_STATUS_INVALID_INFO_CLASS;
}
- status = netlogon_creds_cli_LogonSamLogon(creds,
+ status = netlogon_creds_cli_LogonSamLogon(creds_ctx,
binding_handle,
logon_type,
logon,
@@ -445,19 +444,20 @@ NTSTATUS rpccli_netlogon_password_logon(struct netlogon_creds_cli_context *creds
**/
-NTSTATUS rpccli_netlogon_network_logon(struct netlogon_creds_cli_context *creds,
- struct dcerpc_binding_handle *binding_handle,
- TALLOC_CTX *mem_ctx,
- uint32_t logon_parameters,
- const char *username,
- const char *domain,
- const char *workstation,
- const uint8_t chal[8],
- DATA_BLOB lm_response,
- DATA_BLOB nt_response,
- uint8_t *authoritative,
- uint32_t *flags,
- struct netr_SamInfo3 **info3)
+NTSTATUS rpccli_netlogon_network_logon(
+ struct netlogon_creds_cli_context *creds_ctx,
+ struct dcerpc_binding_handle *binding_handle,
+ TALLOC_CTX *mem_ctx,
+ uint32_t logon_parameters,
+ const char *username,
+ const char *domain,
+ const char *workstation,
+ const uint8_t chal[8],
+ DATA_BLOB lm_response,
+ DATA_BLOB nt_response,
+ uint8_t *authoritative,
+ uint32_t *flags,
+ struct netr_SamInfo3 **info3)
{
NTSTATUS status;
const char *workstation_name_slash;
@@ -516,7 +516,7 @@ NTSTATUS rpccli_netlogon_network_logon(struct netlogon_creds_cli_context *creds,
/* Marshall data and send request */
- status = netlogon_creds_cli_LogonSamLogon(creds,
+ status = netlogon_creds_cli_LogonSamLogon(creds_ctx,
binding_handle,
NetlogonNetworkInformation,
logon,
diff --git a/source3/rpc_client/cli_netlogon.h b/source3/rpc_client/cli_netlogon.h
index d66bcd3b55b..04a370fba88 100644
--- a/source3/rpc_client/cli_netlogon.h
+++ b/source3/rpc_client/cli_netlogon.h
@@ -38,11 +38,11 @@ NTSTATUS rpccli_create_netlogon_creds_ctx(
const char *server_computer,
struct messaging_context *msg_ctx,
TALLOC_CTX *mem_ctx,
- struct netlogon_creds_cli_context **netlogon_creds);
+ struct netlogon_creds_cli_context **creds_ctx);
NTSTATUS rpccli_setup_netlogon_creds(
struct cli_state *cli,
enum dcerpc_transport_t transport,
- struct netlogon_creds_cli_context *netlogon_creds,
+ struct netlogon_creds_cli_context *creds_ctx,
bool force_reauth,
struct cli_credentials *cli_creds);
NTSTATUS rpccli_netlogon_password_logon(struct netlogon_creds_cli_context *creds,
--
2.11.0
From 557849ec5dafa65702e4de51ce1d8b95c666f09e Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 5 Sep 2017 16:26:11 +0200
Subject: [PATCH 04/14] cli_netlogon: Remove an unnecessary if-condition
We don't need to check this here. rpccli_create_netlogon_creds_ctx via
netlogon_creds_cli_context_global returns NT_STATUS_INVALID_PARAMETER for an
unknown schannel type. Slightly different error code, but we could change the
one in netlogon_creds_cli_context_global if necessary.
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/rpc_client/cli_netlogon.c | 4 ----
1 file changed, 4 deletions(-)
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index 4b8beb5f44f..752a1574919 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -140,10 +140,6 @@ NTSTATUS rpccli_create_netlogon_creds_ctx(
const char *client_account;
sec_chan_type = cli_credentials_get_secure_channel_type(creds);
- if (sec_chan_type == SEC_CHAN_NULL) {
- return NT_STATUS_INVALID_PARAMETER_MIX;
- }
-
client_account = cli_credentials_get_username(creds);
server_netbios_domain = cli_credentials_get_domain(creds);
server_dns_domain = cli_credentials_get_realm(creds);
--
2.11.0
From f5023cdeebbeedfb6ce2c76c572724da098dad2c Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sun, 10 Sep 2017 14:55:13 +0200
Subject: [PATCH 05/14] netlogon_creds_cli: Simplify netlogon_creds_cli_store
Don't implicitly TALLOC_FREE(creds) in the pure store routine. This
mixes up responsibilities, and there's not enough callers to justify
the TALLOC_FREE to be centralized.
Signed-off-by: Volker Lendecke <vl at samba.org>
---
libcli/auth/netlogon_creds_cli.c | 33 +++++++++++++++++----------------
libcli/auth/netlogon_creds_cli.h | 2 +-
2 files changed, 18 insertions(+), 17 deletions(-)
diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c
index 4a79b7c56e1..a56a348edd2 100644
--- a/libcli/auth/netlogon_creds_cli.c
+++ b/libcli/auth/netlogon_creds_cli.c
@@ -672,21 +672,17 @@ bool netlogon_creds_cli_validate(struct netlogon_creds_cli_context *context,
}
NTSTATUS netlogon_creds_cli_store(struct netlogon_creds_cli_context *context,
- struct netlogon_creds_CredentialState **_creds)
+ struct netlogon_creds_CredentialState *creds)
{
- struct netlogon_creds_CredentialState *creds = *_creds;
NTSTATUS status;
enum ndr_err_code ndr_err;
DATA_BLOB blob;
TDB_DATA data;
- *_creds = NULL;
-
if (context->db.locked_state == NULL) {
/*
* this was not the result of netlogon_creds_cli_lock*()
*/
- TALLOC_FREE(creds);
return NT_STATUS_INVALID_PAGE_PROTECTION;
}
@@ -694,14 +690,12 @@ NTSTATUS netlogon_creds_cli_store(struct netlogon_creds_cli_context *context,
/*
* this was not the result of netlogon_creds_cli_lock*()
*/
- TALLOC_FREE(creds);
return NT_STATUS_INVALID_PAGE_PROTECTION;
}
ndr_err = ndr_push_struct_blob(&blob, creds, creds,
(ndr_push_flags_fn_t)ndr_push_netlogon_creds_CredentialState);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- TALLOC_FREE(creds);
status = ndr_map_error2ntstatus(ndr_err);
return status;
}
@@ -712,7 +706,7 @@ NTSTATUS netlogon_creds_cli_store(struct netlogon_creds_cli_context *context,
status = dbwrap_store(context->db.ctx,
context->db.key_data,
data, TDB_REPLACE);
- TALLOC_FREE(creds);
+ TALLOC_FREE(data.dptr);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -1666,8 +1660,8 @@ static void netlogon_creds_cli_check_caps(struct tevent_req *subreq)
*state->creds = state->tmp_creds;
status = netlogon_creds_cli_store(state->context,
- &state->creds);
- netlogon_creds_cli_check_cleanup(req, status);
+ state->creds);
+ TALLOC_FREE(state->creds);
if (tevent_req_nterror(req, status)) {
return;
}
@@ -2018,7 +2012,8 @@ static void netlogon_creds_cli_ServerPasswordSet_done(struct tevent_req *subreq)
*state->creds = state->tmp_creds;
status = netlogon_creds_cli_store(state->context,
- &state->creds);
+ state->creds);
+ TALLOC_FREE(state->creds);
if (tevent_req_nterror(req, status)) {
netlogon_creds_cli_ServerPasswordSet_cleanup(req, status);
return;
@@ -2514,7 +2509,9 @@ static void netlogon_creds_cli_LogonSamLogon_done(struct tevent_req *subreq)
*state->lk_creds = state->tmp_creds;
status = netlogon_creds_cli_store(state->context,
- &state->lk_creds);
+ state->lk_creds);
+ TALLOC_FREE(state->lk_creds);
+
if (tevent_req_nterror(req, status)) {
netlogon_creds_cli_LogonSamLogon_cleanup(req, status);
return;
@@ -2811,7 +2808,8 @@ static void netlogon_creds_cli_DsrUpdateReadOnlyServerDnsRecords_done(struct tev
*state->creds = state->tmp_creds;
status = netlogon_creds_cli_store(state->context,
- &state->creds);
+ state->creds);
+ TALLOC_FREE(state->creds);
if (tevent_req_nterror(req, status)) {
netlogon_creds_cli_DsrUpdateReadOnlyServerDnsRecords_cleanup(req, status);
@@ -3077,7 +3075,8 @@ static void netlogon_creds_cli_ServerGetTrustInfo_done(struct tevent_req *subreq
*state->creds = state->tmp_creds;
status = netlogon_creds_cli_store(state->context,
- &state->creds);
+ state->creds);
+ TALLOC_FREE(state->creds);
if (tevent_req_nterror(req, status)) {
netlogon_creds_cli_ServerGetTrustInfo_cleanup(req, status);
return;
@@ -3359,7 +3358,8 @@ static void netlogon_creds_cli_GetForestTrustInformation_done(struct tevent_req
*state->creds = state->tmp_creds;
status = netlogon_creds_cli_store(state->context,
- &state->creds);
+ state->creds);
+ TALLOC_FREE(state->creds);
if (tevent_req_nterror(req, status)) {
netlogon_creds_cli_GetForestTrustInformation_cleanup(req, status);
@@ -3638,7 +3638,8 @@ static void netlogon_creds_cli_SendToSam_done(struct tevent_req *subreq)
*state->creds = state->tmp_creds;
status = netlogon_creds_cli_store(state->context,
- &state->creds);
+ state->creds);
+ TALLOC_FREE(state->creds);
if (tevent_req_nterror(req, status)) {
netlogon_creds_cli_SendToSam_cleanup(req, status);
diff --git a/libcli/auth/netlogon_creds_cli.h b/libcli/auth/netlogon_creds_cli.h
index fbc59f6fe57..e42f5f76a0f 100644
--- a/libcli/auth/netlogon_creds_cli.h
+++ b/libcli/auth/netlogon_creds_cli.h
@@ -68,7 +68,7 @@ bool netlogon_creds_cli_validate(struct netlogon_creds_cli_context *context,
const struct netlogon_creds_CredentialState *creds1);
NTSTATUS netlogon_creds_cli_store(struct netlogon_creds_cli_context *context,
- struct netlogon_creds_CredentialState **_creds);
+ struct netlogon_creds_CredentialState *creds);
NTSTATUS netlogon_creds_cli_delete(struct netlogon_creds_cli_context *context,
struct netlogon_creds_CredentialState **_creds);
--
2.11.0
From 72f715d002bbe7f6d75da5b31a81e2eb01b3cb85 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sun, 10 Sep 2017 14:55:13 +0200
Subject: [PATCH 06/14] netlogon_creds_cli: Simplify netlogon_creds_cli_delete
Don't implicitly TALLOC_FREE(creds) in the pure delete routine
Signed-off-by: Volker Lendecke <vl at samba.org>
---
libcli/auth/netlogon_creds_cli.c | 29 +++++++++++++++--------------
libcli/auth/netlogon_creds_cli.h | 2 +-
source3/rpc_client/cli_pipe.c | 3 ++-
3 files changed, 18 insertions(+), 16 deletions(-)
diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c
index a56a348edd2..f95c97bafb7 100644
--- a/libcli/auth/netlogon_creds_cli.c
+++ b/libcli/auth/netlogon_creds_cli.c
@@ -715,18 +715,14 @@ NTSTATUS netlogon_creds_cli_store(struct netlogon_creds_cli_context *context,
}
NTSTATUS netlogon_creds_cli_delete(struct netlogon_creds_cli_context *context,
- struct netlogon_creds_CredentialState **_creds)
+ struct netlogon_creds_CredentialState *creds)
{
- struct netlogon_creds_CredentialState *creds = *_creds;
NTSTATUS status;
- *_creds = NULL;
-
if (context->db.locked_state == NULL) {
/*
* this was not the result of netlogon_creds_cli_lock*()
*/
- TALLOC_FREE(creds);
return NT_STATUS_INVALID_PAGE_PROTECTION;
}
@@ -734,13 +730,11 @@ NTSTATUS netlogon_creds_cli_delete(struct netlogon_creds_cli_context *context,
/*
* this was not the result of netlogon_creds_cli_lock*()
*/
- TALLOC_FREE(creds);
return NT_STATUS_INVALID_PAGE_PROTECTION;
}
status = dbwrap_delete(context->db.ctx,
context->db.key_data);
- TALLOC_FREE(creds);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -1470,7 +1464,8 @@ static void netlogon_creds_cli_check_cleanup(struct tevent_req *req,
return;
}
- netlogon_creds_cli_delete(state->context, &state->creds);
+ netlogon_creds_cli_delete(state->context, state->creds);
+ TALLOC_FREE(state->creds);
}
static void netlogon_creds_cli_check_caps(struct tevent_req *subreq);
@@ -1843,7 +1838,8 @@ static void netlogon_creds_cli_ServerPasswordSet_cleanup(struct tevent_req *req,
return;
}
- netlogon_creds_cli_delete(state->context, &state->creds);
+ netlogon_creds_cli_delete(state->context, state->creds);
+ TALLOC_FREE(state->creds);
}
static void netlogon_creds_cli_ServerPasswordSet_done(struct tevent_req *subreq);
@@ -2225,7 +2221,8 @@ static void netlogon_creds_cli_LogonSamLogon_cleanup(struct tevent_req *req,
return;
}
- netlogon_creds_cli_delete(state->context, &state->lk_creds);
+ netlogon_creds_cli_delete(state->context, state->lk_creds);
+ TALLOC_FREE(state->lk_creds);
}
static void netlogon_creds_cli_LogonSamLogon_done(struct tevent_req *subreq);
@@ -2689,7 +2686,8 @@ static void netlogon_creds_cli_DsrUpdateReadOnlyServerDnsRecords_cleanup(struct
return;
}
- netlogon_creds_cli_delete(state->context, &state->creds);
+ netlogon_creds_cli_delete(state->context, state->creds);
+ TALLOC_FREE(state->creds);
}
static void netlogon_creds_cli_DsrUpdateReadOnlyServerDnsRecords_done(struct tevent_req *subreq);
@@ -2955,7 +2953,8 @@ static void netlogon_creds_cli_ServerGetTrustInfo_cleanup(struct tevent_req *req
return;
}
- netlogon_creds_cli_delete(state->context, &state->creds);
+ netlogon_creds_cli_delete(state->context, state->creds);
+ TALLOC_FREE(state->creds);
}
static void netlogon_creds_cli_ServerGetTrustInfo_done(struct tevent_req *subreq);
@@ -3241,7 +3240,8 @@ static void netlogon_creds_cli_GetForestTrustInformation_cleanup(struct tevent_r
return;
}
- netlogon_creds_cli_delete(state->context, &state->creds);
+ netlogon_creds_cli_delete(state->context, state->creds);
+ TALLOC_FREE(state->creds);
}
static void netlogon_creds_cli_GetForestTrustInformation_done(struct tevent_req *subreq);
@@ -3518,7 +3518,8 @@ static void netlogon_creds_cli_SendToSam_cleanup(struct tevent_req *req,
return;
}
- netlogon_creds_cli_delete(state->context, &state->creds);
+ netlogon_creds_cli_delete(state->context, state->creds);
+ TALLOC_FREE(state->creds);
}
static void netlogon_creds_cli_SendToSam_done(struct tevent_req *subreq);
diff --git a/libcli/auth/netlogon_creds_cli.h b/libcli/auth/netlogon_creds_cli.h
index e42f5f76a0f..8f473372760 100644
--- a/libcli/auth/netlogon_creds_cli.h
+++ b/libcli/auth/netlogon_creds_cli.h
@@ -70,7 +70,7 @@ bool netlogon_creds_cli_validate(struct netlogon_creds_cli_context *context,
NTSTATUS netlogon_creds_cli_store(struct netlogon_creds_cli_context *context,
struct netlogon_creds_CredentialState *creds);
NTSTATUS netlogon_creds_cli_delete(struct netlogon_creds_cli_context *context,
- struct netlogon_creds_CredentialState **_creds);
+ struct netlogon_creds_CredentialState *creds);
struct tevent_req *netlogon_creds_cli_lock_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 6cdb5df0bfd..07476c745fe 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -3322,7 +3322,8 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_creds(struct cli_state *cli,
cli_credentials_set_netlogon_creds(cli_creds, NULL);
if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) {
rpc_pipe_bind_dbglvl = 1;
- netlogon_creds_cli_delete(netlogon_creds, &ncreds);
+ netlogon_creds_cli_delete(netlogon_creds, ncreds);
+ TALLOC_FREE(ncreds);
}
if (!NT_STATUS_IS_OK(status)) {
DEBUG(rpc_pipe_bind_dbglvl,
--
2.11.0
From 0d16112f6948b8ab4c8197be8bb26f7a56a0f7b7 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 5 Sep 2017 13:37:56 +0200
Subject: [PATCH 07/14] netlogon_creds_cli: Remove unused code
According to metze this was meant for test code that never materialized
Signed-off-by: Volker Lendecke <vl at samba.org>
---
libcli/auth/netlogon_creds_cli.c | 41 ----------------------------------------
libcli/auth/netlogon_creds_cli.h | 10 ----------
2 files changed, 51 deletions(-)
diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c
index f95c97bafb7..bfa9fa0c2c4 100644
--- a/libcli/auth/netlogon_creds_cli.c
+++ b/libcli/auth/netlogon_creds_cli.c
@@ -447,47 +447,6 @@ NTSTATUS netlogon_creds_cli_context_global(struct loadparm_context *lp_ctx,
return NT_STATUS_OK;
}
-NTSTATUS netlogon_creds_cli_context_tmp(const char *client_computer,
- const char *client_account,
- enum netr_SchannelType type,
- uint32_t proposed_flags,
- uint32_t required_flags,
- enum dcerpc_AuthLevel auth_level,
- const char *server_computer,
- const char *server_netbios_domain,
- TALLOC_CTX *mem_ctx,
- struct netlogon_creds_cli_context **_context)
-{
- NTSTATUS status;
- struct netlogon_creds_cli_context *context = NULL;
-
- *_context = NULL;
-
- status = netlogon_creds_cli_context_common(client_computer,
- client_account,
- type,
- auth_level,
- proposed_flags,
- required_flags,
- server_computer,
- server_netbios_domain,
- "",
- mem_ctx,
- &context);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- context->db.ctx = db_open_rbt(context);
- if (context->db.ctx == NULL) {
- talloc_free(context);
- return NT_STATUS_NO_MEMORY;
- }
-
- *_context = context;
- return NT_STATUS_OK;
-}
-
char *netlogon_creds_cli_debug_string(
const struct netlogon_creds_cli_context *context,
TALLOC_CTX *mem_ctx)
diff --git a/libcli/auth/netlogon_creds_cli.h b/libcli/auth/netlogon_creds_cli.h
index 8f473372760..1e7df6600cb 100644
--- a/libcli/auth/netlogon_creds_cli.h
+++ b/libcli/auth/netlogon_creds_cli.h
@@ -43,16 +43,6 @@ NTSTATUS netlogon_creds_cli_context_global(struct loadparm_context *lp_ctx,
const char *server_dns_domain,
TALLOC_CTX *mem_ctx,
struct netlogon_creds_cli_context **_context);
-NTSTATUS netlogon_creds_cli_context_tmp(const char *client_computer,
- const char *client_account,
- enum netr_SchannelType type,
- uint32_t proposed_flags,
- uint32_t required_flags,
- enum dcerpc_AuthLevel auth_level,
- const char *server_computer,
- const char *server_netbios_domain,
- TALLOC_CTX *mem_ctx,
- struct netlogon_creds_cli_context **_context);
char *netlogon_creds_cli_debug_string(
const struct netlogon_creds_cli_context *context,
--
2.11.0
From 4802b75f4ea184c8f011504b15ee45874a238fad Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Wed, 13 Sep 2017 08:51:25 -0700
Subject: [PATCH 08/14] netlogon_creds_cli: Remove tevent_req handling from
netlogon_creds_cli_lock_fetch
Disentangle concerns, make netlogon_creds_cli_lock_fetch usable for
other callers
Signed-off-by: Volker Lendecke <vl at samba.org>
---
libcli/auth/netlogon_creds_cli.c | 47 ++++++++++++++++++++++------------------
1 file changed, 26 insertions(+), 21 deletions(-)
diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c
index bfa9fa0c2c4..73d6bb97988 100644
--- a/libcli/auth/netlogon_creds_cli.c
+++ b/libcli/auth/netlogon_creds_cli.c
@@ -707,7 +707,9 @@ struct netlogon_creds_cli_lock_state {
};
static void netlogon_creds_cli_lock_done(struct tevent_req *subreq);
-static void netlogon_creds_cli_lock_fetch(struct tevent_req *req);
+static NTSTATUS netlogon_creds_cli_lock_fetch(
+ struct netlogon_creds_cli_context *context,
+ TALLOC_CTX *mem_ctx, struct netlogon_creds_CredentialState **pcreds);
struct tevent_req *netlogon_creds_cli_lock_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
@@ -741,8 +743,11 @@ struct tevent_req *netlogon_creds_cli_lock_send(TALLOC_CTX *mem_ctx,
state->locked_state = locked_state;
if (context->db.g_ctx == NULL) {
- netlogon_creds_cli_lock_fetch(req);
- if (!tevent_req_is_in_progress(req)) {
+ NTSTATUS status;
+
+ status = netlogon_creds_cli_lock_fetch(
+ context, state, &state->creds);
+ if (tevent_req_nterror(req, status)) {
return tevent_req_post(req, ev);
}
@@ -778,38 +783,39 @@ static void netlogon_creds_cli_lock_done(struct tevent_req *subreq)
}
state->locked_state->is_glocked = true;
- netlogon_creds_cli_lock_fetch(req);
+ status = netlogon_creds_cli_lock_fetch(state->locked_state->context,
+ state, &state->creds);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ tevent_req_done(req);
}
-static void netlogon_creds_cli_lock_fetch(struct tevent_req *req)
+static NTSTATUS netlogon_creds_cli_lock_fetch(
+ struct netlogon_creds_cli_context *context,
+ TALLOC_CTX *mem_ctx, struct netlogon_creds_CredentialState **pcreds)
{
- struct netlogon_creds_cli_lock_state *state =
- tevent_req_data(req,
- struct netlogon_creds_cli_lock_state);
- struct netlogon_creds_cli_context *context = state->locked_state->context;
struct netlogon_creds_cli_fetch_state fstate = {
.status = NT_STATUS_INTERNAL_ERROR,
.required_flags = context->client.required_flags,
};
NTSTATUS status;
- fstate.mem_ctx = state;
+ fstate.mem_ctx = mem_ctx;
status = dbwrap_parse_record(context->db.ctx,
context->db.key_data,
netlogon_creds_cli_fetch_parser,
&fstate);
- if (tevent_req_nterror(req, status)) {
- return;
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
- status = fstate.status;
- if (tevent_req_nterror(req, status)) {
- return;
+ if (!NT_STATUS_IS_OK(fstate.status)) {
+ return fstate.status;
}
if (context->server.cached_flags == fstate.creds->negotiate_flags) {
- state->creds = fstate.creds;
- tevent_req_done(req);
- return;
+ *pcreds = fstate.creds;
+ return NT_STATUS_OK;
}
context->server.cached_flags = fstate.creds->negotiate_flags;
@@ -825,9 +831,8 @@ static void netlogon_creds_cli_lock_fetch(struct tevent_req *req)
context->server.try_validation6 = false;
}
- state->creds = fstate.creds;
- tevent_req_done(req);
- return;
+ *pcreds = fstate.creds;
+ return NT_STATUS_OK;
}
NTSTATUS netlogon_creds_cli_lock_recv(struct tevent_req *req,
--
2.11.0
From ab210b2560a828719afc30a6f6dac3a29341c584 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Wed, 13 Sep 2017 11:37:00 -0700
Subject: [PATCH 09/14] netlogon_creds_cli: Transfer a comment
This part of from netlogon_creds_cli_get will go
Signed-off-by: Volker Lendecke <vl at samba.org>
---
libcli/auth/netlogon_creds_cli.c | 32 ++++++++++++++++++++++++++++++++
1 file changed, 32 insertions(+)
diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c
index 73d6bb97988..656a3786043 100644
--- a/libcli/auth/netlogon_creds_cli.c
+++ b/libcli/auth/netlogon_creds_cli.c
@@ -818,6 +818,38 @@ static NTSTATUS netlogon_creds_cli_lock_fetch(
return NT_STATUS_OK;
}
+ /*
+ * It is really important to try SamLogonEx here,
+ * because multiple processes can talk to the same
+ * domain controller, without using the credential
+ * chain.
+ *
+ * With a normal SamLogon call, we must keep the
+ * credentials chain updated and intact between all
+ * users of the machine account (which would imply
+ * cross-node communication for every NTLM logon).
+ *
+ * The credentials chain is not per NETLOGON pipe
+ * connection, but globally on the server/client pair
+ * by computer name.
+ *
+ * It's also important to use NetlogonValidationSamInfo4 (6),
+ * because it relies on the rpc transport encryption
+ * and avoids using the global netlogon schannel
+ * session key to en/decrypt secret information
+ * like the user_session_key for network logons.
+ *
+ * [MS-APDS] 3.1.5.2 NTLM Network Logon
+ * says NETLOGON_NEG_CROSS_FOREST_TRUSTS and
+ * NETLOGON_NEG_AUTHENTICATED_RPC set together
+ * are the indication that the server supports
+ * NetlogonValidationSamInfo4 (6). And it must only
+ * be used if "SealSecureChannel" is used.
+ *
+ * The "SealSecureChannel" AUTH_TYPE_SCHANNEL/AUTH_LEVEL_PRIVACY
+ * check is done in netlogon_creds_cli_LogonSamLogon*().
+ */
+
context->server.cached_flags = fstate.creds->negotiate_flags;
context->server.try_validation6 = true;
context->server.try_logon_ex = true;
--
2.11.0
From 102dca465fcd3d2afdc0893190ffe0f2e427c095 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Wed, 13 Sep 2017 11:38:11 -0700
Subject: [PATCH 10/14] netlogon_creds_cli: Rename
netlogon_creds_cli_lock_fetch->get_internal
Signed-off-by: Volker Lendecke <vl at samba.org>
---
libcli/auth/netlogon_creds_cli.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c
index 656a3786043..6b044cd0bb9 100644
--- a/libcli/auth/netlogon_creds_cli.c
+++ b/libcli/auth/netlogon_creds_cli.c
@@ -707,7 +707,7 @@ struct netlogon_creds_cli_lock_state {
};
static void netlogon_creds_cli_lock_done(struct tevent_req *subreq);
-static NTSTATUS netlogon_creds_cli_lock_fetch(
+static NTSTATUS netlogon_creds_cli_get_internal(
struct netlogon_creds_cli_context *context,
TALLOC_CTX *mem_ctx, struct netlogon_creds_CredentialState **pcreds);
@@ -745,7 +745,7 @@ struct tevent_req *netlogon_creds_cli_lock_send(TALLOC_CTX *mem_ctx,
if (context->db.g_ctx == NULL) {
NTSTATUS status;
- status = netlogon_creds_cli_lock_fetch(
+ status = netlogon_creds_cli_get_internal(
context, state, &state->creds);
if (tevent_req_nterror(req, status)) {
return tevent_req_post(req, ev);
@@ -783,7 +783,7 @@ static void netlogon_creds_cli_lock_done(struct tevent_req *subreq)
}
state->locked_state->is_glocked = true;
- status = netlogon_creds_cli_lock_fetch(state->locked_state->context,
+ status = netlogon_creds_cli_get_internal(state->locked_state->context,
state, &state->creds);
if (tevent_req_nterror(req, status)) {
return;
@@ -791,7 +791,7 @@ static void netlogon_creds_cli_lock_done(struct tevent_req *subreq)
tevent_req_done(req);
}
-static NTSTATUS netlogon_creds_cli_lock_fetch(
+static NTSTATUS netlogon_creds_cli_get_internal(
struct netlogon_creds_cli_context *context,
TALLOC_CTX *mem_ctx, struct netlogon_creds_CredentialState **pcreds)
{
--
2.11.0
From 788c86a07c9279c20f0c4be80da7e452d865f2d6 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Wed, 13 Sep 2017 11:40:24 -0700
Subject: [PATCH 11/14] netlogon_creds_cli: Simplify netlogon_creds_cli_get
netlogon_creds_cli_get_internal almost does everything needed, only
the invalidating for credential chain use is missing.
Signed-off-by: Volker Lendecke <vl at samba.org>
---
libcli/auth/netlogon_creds_cli.c | 81 ++++++----------------------------------
1 file changed, 11 insertions(+), 70 deletions(-)
diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c
index 6b044cd0bb9..7a6c630b78c 100644
--- a/libcli/auth/netlogon_creds_cli.c
+++ b/libcli/auth/netlogon_creds_cli.c
@@ -506,27 +506,20 @@ static void netlogon_creds_cli_fetch_parser(TDB_DATA key, TDB_DATA data,
state->status = NT_STATUS_OK;
}
+static NTSTATUS netlogon_creds_cli_get_internal(
+ struct netlogon_creds_cli_context *context,
+ TALLOC_CTX *mem_ctx, struct netlogon_creds_CredentialState **pcreds);
+
NTSTATUS netlogon_creds_cli_get(struct netlogon_creds_cli_context *context,
TALLOC_CTX *mem_ctx,
struct netlogon_creds_CredentialState **_creds)
{
NTSTATUS status;
- struct netlogon_creds_cli_fetch_state fstate = {
- .mem_ctx = mem_ctx,
- .status = NT_STATUS_INTERNAL_ERROR,
- .required_flags = context->client.required_flags,
- };
+ struct netlogon_creds_CredentialState *creds;
*_creds = NULL;
- status = dbwrap_parse_record(context->db.ctx,
- context->db.key_data,
- netlogon_creds_cli_fetch_parser,
- &fstate);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
- status = fstate.status;
+ status = netlogon_creds_cli_get_internal(context, mem_ctx, &creds);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -534,61 +527,12 @@ NTSTATUS netlogon_creds_cli_get(struct netlogon_creds_cli_context *context,
/*
* mark it as invalid for step operations.
*/
- fstate.creds->sequence = 0;
- fstate.creds->seed = (struct netr_Credential) {{0}};
- fstate.creds->client = (struct netr_Credential) {{0}};
- fstate.creds->server = (struct netr_Credential) {{0}};
-
- if (context->server.cached_flags == fstate.creds->negotiate_flags) {
- *_creds = fstate.creds;
- return NT_STATUS_OK;
- }
+ creds->sequence = 0;
+ creds->seed = (struct netr_Credential) {{0}};
+ creds->client = (struct netr_Credential) {{0}};
+ creds->server = (struct netr_Credential) {{0}};
- /*
- * It is really important to try SamLogonEx here,
- * because multiple processes can talk to the same
- * domain controller, without using the credential
- * chain.
- *
- * With a normal SamLogon call, we must keep the
- * credentials chain updated and intact between all
- * users of the machine account (which would imply
- * cross-node communication for every NTLM logon).
- *
- * The credentials chain is not per NETLOGON pipe
- * connection, but globally on the server/client pair
- * by computer name.
- *
- * It's also important to use NetlogonValidationSamInfo4 (6),
- * because it relies on the rpc transport encryption
- * and avoids using the global netlogon schannel
- * session key to en/decrypt secret information
- * like the user_session_key for network logons.
- *
- * [MS-APDS] 3.1.5.2 NTLM Network Logon
- * says NETLOGON_NEG_CROSS_FOREST_TRUSTS and
- * NETLOGON_NEG_AUTHENTICATED_RPC set together
- * are the indication that the server supports
- * NetlogonValidationSamInfo4 (6). And it must only
- * be used if "SealSecureChannel" is used.
- *
- * The "SealSecureChannel" AUTH_TYPE_SCHANNEL/AUTH_LEVEL_PRIVACY
- * check is done in netlogon_creds_cli_LogonSamLogon*().
- */
- context->server.cached_flags = fstate.creds->negotiate_flags;
- context->server.try_validation6 = true;
- context->server.try_logon_ex = true;
- context->server.try_logon_with = true;
-
- if (!(context->server.cached_flags & NETLOGON_NEG_AUTHENTICATED_RPC)) {
- context->server.try_validation6 = false;
- context->server.try_logon_ex = false;
- }
- if (!(context->server.cached_flags & NETLOGON_NEG_CROSS_FOREST_TRUSTS)) {
- context->server.try_validation6 = false;
- }
-
- *_creds = fstate.creds;
+ *_creds = creds;
return NT_STATUS_OK;
}
@@ -707,9 +651,6 @@ struct netlogon_creds_cli_lock_state {
};
static void netlogon_creds_cli_lock_done(struct tevent_req *subreq);
-static NTSTATUS netlogon_creds_cli_get_internal(
- struct netlogon_creds_cli_context *context,
- TALLOC_CTX *mem_ctx, struct netlogon_creds_CredentialState **pcreds);
struct tevent_req *netlogon_creds_cli_lock_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
--
2.11.0
From 5fd6fc161deed6830711d1997c07cc483a1fb906 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sun, 10 Sep 2017 19:11:21 +0200
Subject: [PATCH 12/14] netlogon_creds_cli: Print
netlogon_creds_CredentialState
Add some debugging for the tdb records
Signed-off-by: Volker Lendecke <vl at samba.org>
---
libcli/auth/netlogon_creds_cli.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c
index 7a6c630b78c..178d9c88b92 100644
--- a/libcli/auth/netlogon_creds_cli.c
+++ b/libcli/auth/netlogon_creds_cli.c
@@ -495,6 +495,10 @@ static void netlogon_creds_cli_fetch_parser(TDB_DATA key, TDB_DATA data,
return;
}
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_DEBUG(netlogon_creds_CredentialState, state->creds);
+ }
+
tmp_flags = state->creds->negotiate_flags;
tmp_flags &= state->required_flags;
if (tmp_flags != state->required_flags) {
@@ -596,6 +600,10 @@ NTSTATUS netlogon_creds_cli_store(struct netlogon_creds_cli_context *context,
return NT_STATUS_INVALID_PAGE_PROTECTION;
}
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_DEBUG(netlogon_creds_CredentialState, creds);
+ }
+
ndr_err = ndr_push_struct_blob(&blob, creds, creds,
(ndr_push_flags_fn_t)ndr_push_netlogon_creds_CredentialState);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
--
2.11.0
From cd8281dab6458c2217cf66d8f3955f1dbc679197 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Wed, 13 Sep 2017 09:32:36 -0700
Subject: [PATCH 13/14] netlogon_creds_cli: Factor out
netlogon_creds_cli_store_internal
In a future commit we'll need a version that does not check for
context->db.locked_state
Signed-off-by: Volker Lendecke <vl at samba.org>
---
libcli/auth/netlogon_creds_cli.c | 42 +++++++++++++++++++++++++---------------
1 file changed, 26 insertions(+), 16 deletions(-)
diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c
index 178d9c88b92..f1aa8d03ca5 100644
--- a/libcli/auth/netlogon_creds_cli.c
+++ b/libcli/auth/netlogon_creds_cli.c
@@ -578,28 +578,15 @@ bool netlogon_creds_cli_validate(struct netlogon_creds_cli_context *context,
return (cmp == 0);
}
-NTSTATUS netlogon_creds_cli_store(struct netlogon_creds_cli_context *context,
- struct netlogon_creds_CredentialState *creds)
+static NTSTATUS netlogon_creds_cli_store_internal(
+ struct netlogon_creds_cli_context *context,
+ struct netlogon_creds_CredentialState *creds)
{
NTSTATUS status;
enum ndr_err_code ndr_err;
DATA_BLOB blob;
TDB_DATA data;
- if (context->db.locked_state == NULL) {
- /*
- * this was not the result of netlogon_creds_cli_lock*()
- */
- return NT_STATUS_INVALID_PAGE_PROTECTION;
- }
-
- if (context->db.locked_state->creds != creds) {
- /*
- * this was not the result of netlogon_creds_cli_lock*()
- */
- return NT_STATUS_INVALID_PAGE_PROTECTION;
- }
-
if (DEBUGLEVEL >= 10) {
NDR_PRINT_DEBUG(netlogon_creds_CredentialState, creds);
}
@@ -625,6 +612,29 @@ NTSTATUS netlogon_creds_cli_store(struct netlogon_creds_cli_context *context,
return NT_STATUS_OK;
}
+NTSTATUS netlogon_creds_cli_store(struct netlogon_creds_cli_context *context,
+ struct netlogon_creds_CredentialState *creds)
+{
+ NTSTATUS status;
+
+ if (context->db.locked_state == NULL) {
+ /*
+ * this was not the result of netlogon_creds_cli_lock*()
+ */
+ return NT_STATUS_INVALID_PAGE_PROTECTION;
+ }
+
+ if (context->db.locked_state->creds != creds) {
+ /*
+ * this was not the result of netlogon_creds_cli_lock*()
+ */
+ return NT_STATUS_INVALID_PAGE_PROTECTION;
+ }
+
+ status = netlogon_creds_cli_store_internal(context, creds);
+ return status;
+}
+
NTSTATUS netlogon_creds_cli_delete(struct netlogon_creds_cli_context *context,
struct netlogon_creds_CredentialState *creds)
{
--
2.11.0
From 91117541482560d5fb843ea85052c1feb5e2a605 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Wed, 13 Sep 2017 09:33:56 -0700
Subject: [PATCH 14/14] netlogon_creds_cli: Factor out
netlogon_creds_cli_delete_internal
In a future commit we'll need a version that does not check for
context->db.locked_state
Signed-off-by: Volker Lendecke <vl at samba.org>
---
libcli/auth/netlogon_creds_cli.c | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c
index f1aa8d03ca5..c3b302addc4 100644
--- a/libcli/auth/netlogon_creds_cli.c
+++ b/libcli/auth/netlogon_creds_cli.c
@@ -635,6 +635,14 @@ NTSTATUS netlogon_creds_cli_store(struct netlogon_creds_cli_context *context,
return status;
}
+static NTSTATUS netlogon_creds_cli_delete_internal(
+ struct netlogon_creds_cli_context *context)
+{
+ NTSTATUS status;
+ status = dbwrap_delete(context->db.ctx, context->db.key_data);
+ return status;
+}
+
NTSTATUS netlogon_creds_cli_delete(struct netlogon_creds_cli_context *context,
struct netlogon_creds_CredentialState *creds)
{
@@ -654,13 +662,8 @@ NTSTATUS netlogon_creds_cli_delete(struct netlogon_creds_cli_context *context,
return NT_STATUS_INVALID_PAGE_PROTECTION;
}
- status = dbwrap_delete(context->db.ctx,
- context->db.key_data);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- return NT_STATUS_OK;
+ status = netlogon_creds_cli_delete_internal(context);
+ return status;
}
struct netlogon_creds_cli_lock_state {
--
2.11.0
More information about the samba-technical
mailing list