summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2009-04-06 22:54:44 +1000
committerAndrew Bartlett <abartlet@samba.org>2009-04-14 16:23:44 +1000
commit5095d7b1c84e7e37f553867d699a1983f74d4314 (patch)
tree5c15a82c9519554c13f37de5f69da5d608572337 /source4
parenteed0c4f6c9aac5a260f65c05cc809bf5f72cf210 (diff)
downloadsamba-5095d7b1c84e7e37f553867d699a1983f74d4314.tar.gz
samba-5095d7b1c84e7e37f553867d699a1983f74d4314.tar.bz2
samba-5095d7b1c84e7e37f553867d699a1983f74d4314.zip
Rework Samba4 to use the new common libcli/auth code
In particular, this is the rename from creds_ to netlogon_creds_, as well as other links to use the new common crypto. Andrew Bartlett
Diffstat (limited to 'source4')
-rw-r--r--source4/auth/credentials/credentials.c4
-rw-r--r--source4/auth/credentials/credentials.h6
-rw-r--r--source4/auth/gensec/gensec.h4
-rw-r--r--source4/auth/gensec/schannel.c29
-rw-r--r--source4/auth/gensec/schannel.h6
-rw-r--r--source4/auth/ntlmssp/ntlmssp.h5
-rw-r--r--source4/libnet/config.mk2
-rw-r--r--source4/libnet/libnet_samdump.c1
-rw-r--r--source4/libnet/libnet_samdump_keytab.c1
-rw-r--r--source4/libnet/libnet_samsync.c18
-rw-r--r--source4/libnet/libnet_samsync.h1
-rw-r--r--source4/libnet/libnet_samsync_ldb.c1
-rw-r--r--source4/librpc/rpc/dcerpc_schannel.c18
-rw-r--r--source4/rpc_server/netlogon/dcerpc_netlogon.c190
-rw-r--r--source4/torture/rpc/netlogon.c173
-rw-r--r--source4/torture/rpc/netlogon.h2
-rw-r--r--source4/torture/rpc/remote_pac.c27
-rw-r--r--source4/torture/rpc/samba3rpc.c51
-rw-r--r--source4/torture/rpc/samlogon.c34
-rw-r--r--source4/torture/rpc/samr.c8
-rw-r--r--source4/torture/rpc/samsync.c30
-rw-r--r--source4/torture/rpc/schannel.c12
-rw-r--r--source4/winbind/wb_sam_logon.c14
23 files changed, 316 insertions, 321 deletions
diff --git a/source4/auth/credentials/credentials.c b/source4/auth/credentials/credentials.c
index 5fb180d7b1..83901db6a5 100644
--- a/source4/auth/credentials/credentials.c
+++ b/source4/auth/credentials/credentials.c
@@ -668,7 +668,7 @@ _PUBLIC_ void cli_credentials_guess(struct cli_credentials *cred,
*/
_PUBLIC_ void cli_credentials_set_netlogon_creds(struct cli_credentials *cred,
- struct creds_CredentialState *netlogon_creds)
+ struct netlogon_creds_CredentialState *netlogon_creds)
{
cred->netlogon_creds = talloc_reference(cred, netlogon_creds);
}
@@ -677,7 +677,7 @@ _PUBLIC_ void cli_credentials_set_netlogon_creds(struct cli_credentials *cred,
* Return attached NETLOGON credentials
*/
-struct creds_CredentialState *cli_credentials_get_netlogon_creds(struct cli_credentials *cred)
+struct netlogon_creds_CredentialState *cli_credentials_get_netlogon_creds(struct cli_credentials *cred)
{
return cred->netlogon_creds;
}
diff --git a/source4/auth/credentials/credentials.h b/source4/auth/credentials/credentials.h
index 3c2fb8f2e6..311cdc2450 100644
--- a/source4/auth/credentials/credentials.h
+++ b/source4/auth/credentials/credentials.h
@@ -102,7 +102,7 @@ struct cli_credentials {
/* Private handle for the callback routines to use */
void *priv_data;
- struct creds_CredentialState *netlogon_creds;
+ struct netlogon_creds_CredentialState *netlogon_creds;
enum netr_SchannelType secure_channel_type;
int kvno;
@@ -167,7 +167,7 @@ int cli_credentials_get_keytab(struct cli_credentials *cred,
struct loadparm_context *lp_ctx,
struct keytab_container **_ktc);
const char *cli_credentials_get_domain(struct cli_credentials *cred);
-struct creds_CredentialState *cli_credentials_get_netlogon_creds(struct cli_credentials *cred);
+struct netlogon_creds_CredentialState *cli_credentials_get_netlogon_creds(struct cli_credentials *cred);
void cli_credentials_set_machine_account_pending(struct cli_credentials *cred,
struct loadparm_context *lp_ctx);
void cli_credentials_set_conf(struct cli_credentials *cred,
@@ -210,7 +210,7 @@ bool cli_credentials_set_realm(struct cli_credentials *cred,
void cli_credentials_set_secure_channel_type(struct cli_credentials *cred,
enum netr_SchannelType secure_channel_type);
void cli_credentials_set_netlogon_creds(struct cli_credentials *cred,
- struct creds_CredentialState *netlogon_creds);
+ struct netlogon_creds_CredentialState *netlogon_creds);
NTSTATUS cli_credentials_set_krb5_context(struct cli_credentials *cred,
struct smb_krb5_context *smb_krb5_context);
NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred,
diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h
index c4e93ee97b..3b27e0f733 100644
--- a/source4/auth/gensec/gensec.h
+++ b/source4/auth/gensec/gensec.h
@@ -284,10 +284,10 @@ NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx,
NTSTATUS gensec_session_info(struct gensec_security *gensec_security,
struct auth_session_info **session_info);
NTSTATUS auth_nt_status_squash(NTSTATUS nt_status);
-struct creds_CredentialState;
+struct netlogon_creds_CredentialState;
NTSTATUS dcerpc_schannel_creds(struct gensec_security *gensec_security,
TALLOC_CTX *mem_ctx,
- struct creds_CredentialState **creds);
+ struct netlogon_creds_CredentialState **creds);
NTSTATUS gensec_set_peer_addr(struct gensec_security *gensec_security, struct socket_address *peer_addr);
NTSTATUS gensec_set_my_addr(struct gensec_security *gensec_security, struct socket_address *my_addr);
diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c
index e6d38c14a3..b71748943b 100644
--- a/source4/auth/gensec/schannel.c
+++ b/source4/auth/gensec/schannel.c
@@ -27,8 +27,6 @@
#include "auth/gensec/gensec.h"
#include "auth/gensec/gensec_proto.h"
#include "auth/gensec/schannel.h"
-#include "auth/gensec/schannel_state.h"
-#include "auth/gensec/schannel_proto.h"
#include "librpc/rpc/dcerpc.h"
#include "param/param.h"
#include "auth/session_proto.h"
@@ -52,8 +50,8 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
enum ndr_err_code ndr_err;
struct schannel_bind bind_schannel;
struct schannel_bind_ack bind_schannel_ack;
- struct creds_CredentialState *creds;
-
+ struct netlogon_creds_CredentialState *creds;
+ struct ldb_context *schannel_ldb;
const char *workstation;
const char *domain;
*out = data_blob(NULL, 0);
@@ -124,10 +122,22 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
domain = bind_schannel.u.info3.domain;
}
+ if (strcasecmp_m(domain, lp_workgroup(gensec_security->settings->lp_ctx)) != 0) {
+ DEBUG(3, ("Request for schannel to incorrect domain: %s != our domain %s\n",
+ domain, lp_workgroup(gensec_security->settings->lp_ctx)));
+
+ return NT_STATUS_LOGON_FAILURE;
+ }
+
+ schannel_ldb = schannel_db_connect(out_mem_ctx, gensec_security->event_ctx,
+ gensec_security->settings->lp_ctx);
+ if (!schannel_ldb) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
/* pull the session key for this client */
- status = schannel_fetch_session_key(out_mem_ctx, gensec_security->event_ctx,
- gensec_security->settings->lp_ctx, workstation,
- domain, &creds);
+ status = schannel_fetch_session_key(schannel_ldb,
+ out_mem_ctx, workstation, &creds);
+ talloc_free(schannel_ldb);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(3, ("Could not find session key for attempted schannel connection from %s: %s\n",
workstation, nt_errstr(status)));
@@ -167,9 +177,10 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
*/
/* TODO: make this non-public */
+
_PUBLIC_ NTSTATUS dcerpc_schannel_creds(struct gensec_security *gensec_security,
- TALLOC_CTX *mem_ctx,
- struct creds_CredentialState **creds)
+ TALLOC_CTX *mem_ctx,
+ struct netlogon_creds_CredentialState **creds)
{
struct schannel_state *state = talloc_get_type(gensec_security->private_data, struct schannel_state);
diff --git a/source4/auth/gensec/schannel.h b/source4/auth/gensec/schannel.h
index 2ddea29006..ee841ef639 100644
--- a/source4/auth/gensec/schannel.h
+++ b/source4/auth/gensec/schannel.h
@@ -20,7 +20,9 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
-#include "libcli/auth/credentials.h"
+#include "auth/gensec/schannel_proto.h"
+#include "auth/gensec/schannel_state.h"
+#include "libcli/auth/schannel_state.h"
enum schannel_position {
SCHANNEL_STATE_START = 0,
@@ -31,6 +33,6 @@ struct schannel_state {
enum schannel_position state;
uint32_t seq_num;
bool initiator;
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
};
diff --git a/source4/auth/ntlmssp/ntlmssp.h b/source4/auth/ntlmssp/ntlmssp.h
index df950e4756..ff7225bb3c 100644
--- a/source4/auth/ntlmssp/ntlmssp.h
+++ b/source4/auth/ntlmssp/ntlmssp.h
@@ -66,11 +66,6 @@ enum ntlmssp_message_type
#define NTLMSSP_NEGOTIATE_KEY_EXCH 0x40000000
#define NTLMSSP_NEGOTIATE_56 0x80000000
-#define NTLMSSP_NAME_TYPE_SERVER 0x01
-#define NTLMSSP_NAME_TYPE_DOMAIN 0x02
-#define NTLMSSP_NAME_TYPE_SERVER_DNS 0x03
-#define NTLMSSP_NAME_TYPE_DOMAIN_DNS 0x04
-
#define NTLMSSP_SIGN_VERSION 1
#define NTLMSSP_SIG_SIZE 16
diff --git a/source4/libnet/config.mk b/source4/libnet/config.mk
index fac8af18b7..07d5434ebf 100644
--- a/source4/libnet/config.mk
+++ b/source4/libnet/config.mk
@@ -1,5 +1,5 @@
[SUBSYSTEM::LIBSAMBA-NET]
-PUBLIC_DEPENDENCIES = CREDENTIALS dcerpc dcerpc_samr RPC_NDR_LSA RPC_NDR_SRVSVC RPC_NDR_DRSUAPI LIBCLI_COMPOSITE LIBCLI_RESOLVE LIBCLI_FINDDCS LIBCLI_CLDAP LIBCLI_FINDDCS gensec_schannel LIBCLI_AUTH LIBNDR SMBPASSWD PROVISION
+PUBLIC_DEPENDENCIES = CREDENTIALS dcerpc dcerpc_samr RPC_NDR_LSA RPC_NDR_SRVSVC RPC_NDR_DRSUAPI LIBCLI_COMPOSITE LIBCLI_RESOLVE LIBCLI_FINDDCS LIBCLI_CLDAP LIBCLI_FINDDCS gensec_schannel LIBCLI_AUTH LIBNDR SMBPASSWD PROVISION LIBCLI_SAMSYNC
LIBSAMBA-NET_OBJ_FILES = $(addprefix $(libnetsrcdir)/, \
libnet.o libnet_passwd.o libnet_time.o libnet_rpc.o \
diff --git a/source4/libnet/libnet_samdump.c b/source4/libnet/libnet_samdump.c
index 10a14655f3..08a2295169 100644
--- a/source4/libnet/libnet_samdump.c
+++ b/source4/libnet/libnet_samdump.c
@@ -163,7 +163,6 @@ NTSTATUS libnet_SamDump(struct libnet_context *ctx, TALLOC_CTX *mem_ctx,
r2.out.error_string = NULL;
r2.in.binding_string = r->in.binding_string;
- r2.in.rid_crypt = lp_parm_bool(ctx->lp_ctx, NULL, "vampire", "rid decrypt", true);
r2.in.init_fn = NULL;
r2.in.delta_fn = libnet_samdump_fn;
r2.in.fn_ctx = samdump_state;
diff --git a/source4/libnet/libnet_samdump_keytab.c b/source4/libnet/libnet_samdump_keytab.c
index a1846b81da..7749aa996c 100644
--- a/source4/libnet/libnet_samdump_keytab.c
+++ b/source4/libnet/libnet_samdump_keytab.c
@@ -115,7 +115,6 @@ NTSTATUS libnet_SamDump_keytab(struct libnet_context *ctx, TALLOC_CTX *mem_ctx,
r2.out.error_string = NULL;
r2.in.binding_string = r->in.binding_string;
- r2.in.rid_crypt = true;
r2.in.init_fn = NULL;
r2.in.delta_fn = libnet_samdump_keytab_fn;
r2.in.fn_ctx = &data;
diff --git a/source4/libnet/libnet_samsync.c b/source4/libnet/libnet_samsync.c
index 80111fe757..4d512d6034 100644
--- a/source4/libnet/libnet_samsync.c
+++ b/source4/libnet/libnet_samsync.c
@@ -35,7 +35,7 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx
{
NTSTATUS nt_status, dbsync_nt_status;
TALLOC_CTX *samsync_ctx, *loop_ctx, *delta_ctx;
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
struct netr_DatabaseSync dbsync;
struct netr_Authenticator credential, return_authenticator;
struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
@@ -45,7 +45,7 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx
struct libnet_RpcConnect *c;
struct libnet_SamSync_state *state;
const enum netr_SamDatabaseID database_ids[] = {SAM_DATABASE_DOMAIN, SAM_DATABASE_BUILTIN, SAM_DATABASE_PRIVS};
-f int i;
+ int i;
samsync_ctx = talloc_named(mem_ctx, 0, "SamSync top context");
@@ -211,7 +211,7 @@ f int i;
do {
int d;
loop_ctx = talloc_named(samsync_ctx, 0, "DatabaseSync loop context");
- creds_client_authenticator(creds, &credential);
+ netlogon_creds_client_authenticator(creds, &credential);
dbsync.in.credential = &credential;
@@ -223,7 +223,7 @@ f int i;
return nt_status;
}
- if (!creds_client_check(creds, &dbsync.out.return_authenticator->cred)) {
+ if (!netlogon_creds_client_check(creds, &dbsync.out.return_authenticator->cred)) {
r->out.error_string = talloc_strdup(mem_ctx, "Credential chaining on incoming DatabaseSync failed");
talloc_free(samsync_ctx);
return NT_STATUS_ACCESS_DENIED;
@@ -237,12 +237,10 @@ f int i;
delta_ctx = talloc_named(loop_ctx, 0, "DatabaseSync delta context");
/* 'Fix' elements, by decrypting and
* de-obfuscating the data */
- nt_status = fix_delta(delta_ctx,
- creds,
- r->in.rid_crypt,
- dbsync.in.database_id,
- &delta_enum_array->delta_enum[d],
- &error_string);
+ nt_status = samsync_fix_delta(delta_ctx,
+ creds,
+ dbsync.in.database_id,
+ &delta_enum_array->delta_enum[d]);
if (!NT_STATUS_IS_OK(nt_status)) {
r->out.error_string = talloc_steal(mem_ctx, error_string);
talloc_free(samsync_ctx);
diff --git a/source4/libnet/libnet_samsync.h b/source4/libnet/libnet_samsync.h
index c2295f3957..439c3ba162 100644
--- a/source4/libnet/libnet_samsync.h
+++ b/source4/libnet/libnet_samsync.h
@@ -32,7 +32,6 @@ struct libnet_SamSync_state {
struct libnet_SamSync {
struct {
const char *binding_string;
- bool rid_crypt;
NTSTATUS (*init_fn)(TALLOC_CTX *mem_ctx,
void *private_data,
struct libnet_SamSync_state *samsync_state,
diff --git a/source4/libnet/libnet_samsync_ldb.c b/source4/libnet/libnet_samsync_ldb.c
index e24c54a8c2..5bb75ca30d 100644
--- a/source4/libnet/libnet_samsync_ldb.c
+++ b/source4/libnet/libnet_samsync_ldb.c
@@ -1233,7 +1233,6 @@ NTSTATUS libnet_samsync_ldb(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, str
r2.out.error_string = NULL;
r2.in.binding_string = r->in.binding_string;
- r2.in.rid_crypt = true;
r2.in.init_fn = libnet_samsync_ldb_init;
r2.in.delta_fn = libnet_samsync_ldb_fn;
r2.in.fn_ctx = state;
diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c
index e3add82bf2..c678a674c1 100644
--- a/source4/librpc/rpc/dcerpc_schannel.c
+++ b/source4/librpc/rpc/dcerpc_schannel.c
@@ -36,7 +36,7 @@ struct schannel_key_state {
struct dcerpc_pipe *pipe2;
struct dcerpc_binding *binding;
struct cli_credentials *credentials;
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
uint32_t negotiate_flags;
struct netr_Credential credentials1;
struct netr_Credential credentials2;
@@ -167,9 +167,6 @@ static void continue_srv_challenge(struct rpc_request *req)
/* prepare credentials for auth2 request */
s->mach_pwd = cli_credentials_get_nt_hash(s->credentials, c);
- creds_client_init(s->creds, &s->credentials1, &s->credentials2,
- s->mach_pwd, &s->credentials3, s->negotiate_flags);
-
/* auth2 request arguments */
s->a.in.server_name = s->r.in.server_name;
s->a.in.account_name = cli_credentials_get_username(s->credentials);
@@ -181,6 +178,14 @@ static void continue_srv_challenge(struct rpc_request *req)
s->a.out.negotiate_flags = &s->negotiate_flags;
s->a.out.return_credentials = &s->credentials3;
+ s->creds = netlogon_creds_client_init(s,
+ s->a.in.account_name,
+ s->a.in.computer_name,
+ &s->credentials1, &s->credentials2,
+ s->mach_pwd, &s->credentials3, s->negotiate_flags);
+ if (composite_nomem(s->creds, c)) {
+ return;
+ }
/*
authenticate on the netlogon pipe - a rpc request over secondary pipe
*/
@@ -208,7 +213,7 @@ static void continue_srv_auth2(struct rpc_request *req)
if (!composite_is_ok(c)) return;
/* verify credentials */
- if (!creds_client_check(s->creds, s->a.out.return_credentials)) {
+ if (!netlogon_creds_client_check(s->creds, s->a.out.return_credentials)) {
composite_error(c, NT_STATUS_UNSUCCESSFUL);
return;
}
@@ -246,9 +251,6 @@ struct composite_context *dcerpc_schannel_key_send(TALLOC_CTX *mem_ctx,
s->credentials = credentials;
/* allocate credentials */
- s->creds = talloc(c, struct creds_CredentialState);
- if (composite_nomem(s->creds, c)) return c;
-
/* type of authentication depends on schannel type */
if (s->pipe->conn->flags & DCERPC_SCHANNEL_128) {
s->negotiate_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 2efddc74fc..05f39f7817 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -31,14 +31,14 @@
#include "rpc_server/samr/proto.h"
#include "../lib/util/util_ldb.h"
#include "libcli/auth/libcli_auth.h"
-#include "auth/gensec/schannel_state.h"
+#include "auth/gensec/schannel.h"
#include "libcli/security/security.h"
#include "param/param.h"
#include "lib/messaging/irpc.h"
#include "librpc/gen_ndr/ndr_irpc.h"
#include "librpc/gen_ndr/ndr_netlogon.h"
-struct server_pipe_state {
+struct netlogon_server_pipe_state {
struct netr_Credential client_challenge;
struct netr_Credential server_challenge;
};
@@ -47,8 +47,8 @@ struct server_pipe_state {
static NTSTATUS dcesrv_netr_ServerReqChallenge(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct netr_ServerReqChallenge *r)
{
- struct server_pipe_state *pipe_state =
- (struct server_pipe_state *)dce_call->context->private_data;
+ struct netlogon_server_pipe_state *pipe_state =
+ talloc_get_type(dce_call->context->private_data, struct netlogon_server_pipe_state);
ZERO_STRUCTP(r->out.return_credentials);
@@ -59,7 +59,7 @@ static NTSTATUS dcesrv_netr_ServerReqChallenge(struct dcesrv_call_state *dce_cal
dce_call->context->private_data = NULL;
}
- pipe_state = talloc(dce_call->context, struct server_pipe_state);
+ pipe_state = talloc(dce_call->context, struct netlogon_server_pipe_state);
NT_STATUS_HAVE_NO_MEMORY(pipe_state);
pipe_state->client_challenge = *r->in.credentials;
@@ -77,10 +77,11 @@ static NTSTATUS dcesrv_netr_ServerReqChallenge(struct dcesrv_call_state *dce_cal
static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct netr_ServerAuthenticate3 *r)
{
- struct server_pipe_state *pipe_state =
- (struct server_pipe_state *)dce_call->context->private_data;
- struct creds_CredentialState *creds;
- void *sam_ctx;
+ struct netlogon_server_pipe_state *pipe_state =
+ talloc_get_type(dce_call->context->private_data, struct netlogon_server_pipe_state);
+ struct netlogon_creds_CredentialState *creds;
+ struct ldb_context *schannel_ldb;
+ struct ldb_context *sam_ctx;
struct samr_Password *mach_pwd;
uint32_t user_account_control;
int num_records;
@@ -238,31 +239,30 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca
return NT_STATUS_ACCESS_DENIED;
}
- creds = talloc(mem_ctx, struct creds_CredentialState);
- NT_STATUS_HAVE_NO_MEMORY(creds);
-
- creds_server_init(creds, &pipe_state->client_challenge,
- &pipe_state->server_challenge, mach_pwd,
- r->out.return_credentials,
- *r->in.negotiate_flags);
+ creds = netlogon_creds_server_init(mem_ctx,
+ r->in.computer_name,
+ r->in.account_name,
+ r->in.secure_channel_type,
+ &pipe_state->client_challenge,
+ &pipe_state->server_challenge,
+ mach_pwd,
+ r->in.credentials,
+ r->out.return_credentials,
+ *r->in.negotiate_flags);
- if (!creds_server_check(creds, r->in.credentials)) {
- talloc_free(creds);
+ if (!creds) {
return NT_STATUS_ACCESS_DENIED;
}
- creds->account_name = talloc_steal(creds, r->in.account_name);
-
- creds->computer_name = talloc_steal(creds, r->in.computer_name);
- creds->domain = talloc_strdup(creds, lp_workgroup(dce_call->conn->dce_ctx->lp_ctx));
-
- creds->secure_channel_type = r->in.secure_channel_type;
-
creds->sid = samdb_result_dom_sid(creds, msgs[0], "objectSid");
+ schannel_ldb = schannel_db_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx);
+ if (!schannel_ldb) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
- /* remember this session key state */
- nt_status = schannel_store_session_key(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, creds);
+ nt_status = schannel_store_session_key(schannel_ldb, mem_ctx, creds);
+ talloc_free(schannel_ldb);
return nt_status;
}
@@ -270,8 +270,8 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca
static NTSTATUS dcesrv_netr_ServerAuthenticate(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct netr_ServerAuthenticate *r)
{
- struct netr_ServerAuthenticate3 r3;
- uint32_t rid = 0;
+ struct netr_ServerAuthenticate3 a;
+ uint32_t rid;
/* TODO:
* negotiate_flags is used as an [in] parameter
* so it need to be initialised.
@@ -281,17 +281,18 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate(struct dcesrv_call_state *dce_cal
uint32_t negotiate_flags_in = 0;
uint32_t negotiate_flags_out = 0;
- r3.in.server_name = r->in.server_name;
- r3.in.account_name = r->in.account_name;
- r3.in.secure_channel_type = r->in.secure_channel_type;
- r3.in.computer_name = r->in.computer_name;
- r3.in.credentials = r->in.credentials;
- r3.out.return_credentials = r->out.return_credentials;
- r3.in.negotiate_flags = &negotiate_flags_in;
- r3.out.negotiate_flags = &negotiate_flags_out;
- r3.out.rid = &rid;
-
- return dcesrv_netr_ServerAuthenticate3(dce_call, mem_ctx, &r3);
+ a.in.server_name = r->in.server_name;
+ a.in.account_name = r->in.account_name;
+ a.in.secure_channel_type = r->in.secure_channel_type;
+ a.in.computer_name = r->in.computer_name;
+ a.in.credentials = r->in.credentials;
+ a.in.negotiate_flags = &negotiate_flags_in;
+
+ a.out.return_credentials = r->out.return_credentials;
+ a.out.rid = &rid;
+ a.out.negotiate_flags = &negotiate_flags_out;
+
+ return dcesrv_netr_ServerAuthenticate3(dce_call, mem_ctx, &a);
}
static NTSTATUS dcesrv_netr_ServerAuthenticate2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
@@ -323,55 +324,29 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate2(struct dcesrv_call_state *dce_ca
the caller needs some of that information.
*/
-static NTSTATUS dcesrv_netr_creds_server_step_check(struct tevent_context *event_ctx,
- struct loadparm_context *lp_ctx,
+static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dce_call,
const char *computer_name,
- TALLOC_CTX *mem_ctx,
- struct netr_Authenticator *received_authenticator,
- struct netr_Authenticator *return_authenticator,
- struct creds_CredentialState **creds_out)
+ TALLOC_CTX *mem_ctx,
+ struct netr_Authenticator *received_authenticator,
+ struct netr_Authenticator *return_authenticator,
+ struct netlogon_creds_CredentialState **creds_out)
{
- struct creds_CredentialState *creds;
NTSTATUS nt_status;
struct ldb_context *ldb;
- int ret;
+ bool schannel_in_use = dce_call->conn->auth_state.auth_info->auth_type == DCERPC_AUTH_TYPE_SCHANNEL
+ && (dce_call->conn->auth_state.auth_info->auth_level == DCERPC_AUTH_LEVEL_INTEGRITY
+ || dce_call->conn->auth_state.auth_info->auth_level == DCERPC_AUTH_LEVEL_PRIVACY);
- ldb = schannel_db_connect(mem_ctx, event_ctx, lp_ctx);
+ ldb = schannel_db_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx);
if (!ldb) {
return NT_STATUS_ACCESS_DENIED;
}
-
- ret = ldb_transaction_start(ldb);
- if (ret != 0) {
- talloc_free(ldb);
- return NT_STATUS_INTERNAL_DB_CORRUPTION;
- }
-
- /* Because this is a shared structure (even across
- * disconnects) we must update the database every time we
- * update the structure */
- nt_status = schannel_fetch_session_key_ldb(ldb, ldb, computer_name,
- lp_workgroup(lp_ctx),
- &creds);
- if (NT_STATUS_IS_OK(nt_status)) {
- nt_status = creds_server_step_check(creds,
- received_authenticator,
- return_authenticator);
- }
- if (NT_STATUS_IS_OK(nt_status)) {
- nt_status = schannel_store_session_key_ldb(ldb, ldb, creds);
- }
-
- if (NT_STATUS_IS_OK(nt_status)) {
- ldb_transaction_commit(ldb);
- if (creds_out) {
- *creds_out = creds;
- talloc_steal(mem_ctx, creds);
- }
- } else {
- ldb_transaction_cancel(ldb);
- }
+ nt_status = schannel_creds_server_step_check(ldb, mem_ctx,
+ schannel_in_use,
+ computer_name,
+ received_authenticator,
+ return_authenticator, creds_out);
talloc_free(ldb);
return nt_status;
}
@@ -384,14 +359,14 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct tevent_context *event
static NTSTATUS dcesrv_netr_ServerPasswordSet(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct netr_ServerPasswordSet *r)
{
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
struct ldb_context *sam_ctx;
NTSTATUS nt_status;
- nt_status = dcesrv_netr_creds_server_step_check(dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx,
+ nt_status = dcesrv_netr_creds_server_step_check(dce_call,
r->in.computer_name, mem_ctx,
- r->in.credential, r->out.return_authenticator,
- &creds);
+ r->in.credential, r->out.return_authenticator,
+ &creds);
NT_STATUS_NOT_OK_RETURN(nt_status);
sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, system_session(mem_ctx, dce_call->conn->dce_ctx->lp_ctx));
@@ -399,7 +374,7 @@ static NTSTATUS dcesrv_netr_ServerPasswordSet(struct dcesrv_call_state *dce_call
return NT_STATUS_INVALID_SYSTEM_SERVICE;
}
- creds_des_decrypt(creds, r->in.new_password);
+ netlogon_creds_des_decrypt(creds, r->in.new_password);
/* Using the sid for the account as the key, set the password */
nt_status = samdb_set_password_sid(sam_ctx, mem_ctx,
@@ -418,14 +393,14 @@ static NTSTATUS dcesrv_netr_ServerPasswordSet(struct dcesrv_call_state *dce_call
static NTSTATUS dcesrv_netr_ServerPasswordSet2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct netr_ServerPasswordSet2 *r)
{
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
struct ldb_context *sam_ctx;
NTSTATUS nt_status;
DATA_BLOB new_password;
struct samr_CryptPassword password_buf;
- nt_status = dcesrv_netr_creds_server_step_check(dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx,
+ nt_status = dcesrv_netr_creds_server_step_check(dce_call,
r->in.computer_name, mem_ctx,
r->in.credential, r->out.return_authenticator,
&creds);
@@ -438,7 +413,7 @@ static NTSTATUS dcesrv_netr_ServerPasswordSet2(struct dcesrv_call_state *dce_cal
memcpy(password_buf.data, r->in.new_password->data, 512);
SIVAL(password_buf.data, 512, r->in.new_password->length);
- creds_arcfour_crypt(creds, password_buf.data, 516);
+ netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
if (!extract_pw_from_buffer(mem_ctx, password_buf.data, &new_password)) {
DEBUG(3,("samr: failed to decode password buffer\n"));
@@ -484,7 +459,7 @@ static WERROR dcesrv_netr_LogonUasLogoff(struct dcesrv_call_state *dce_call, TAL
We can't do the traditional 'wrapping' format completly, as this function must only run under schannel
*/
static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
- struct netr_LogonSamLogonEx *r, struct creds_CredentialState *creds)
+ struct netr_LogonSamLogonEx *r, struct netlogon_creds_CredentialState *creds)
{
struct auth_context *auth_context;
struct auth_usersupplied_info *user_info;
@@ -509,15 +484,15 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
case NetlogonInteractiveTransitiveInformation:
case NetlogonServiceTransitiveInformation:
if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
- creds_arcfour_crypt(creds,
+ netlogon_creds_arcfour_crypt(creds,
r->in.logon->password->lmpassword.hash,
sizeof(r->in.logon->password->lmpassword.hash));
- creds_arcfour_crypt(creds,
+ netlogon_creds_arcfour_crypt(creds,
r->in.logon->password->ntpassword.hash,
sizeof(r->in.logon->password->ntpassword.hash));
} else {
- creds_des_decrypt(creds, &r->in.logon->password->lmpassword);
- creds_des_decrypt(creds, &r->in.logon->password->ntpassword);
+ netlogon_creds_des_decrypt(creds, &r->in.logon->password->lmpassword);
+ netlogon_creds_des_decrypt(creds, &r->in.logon->password->ntpassword);
}
/* TODO: we need to deny anonymous access here */
@@ -572,7 +547,7 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
case NetlogonGenericInformation:
{
if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
- creds_arcfour_crypt(creds,
+ netlogon_creds_arcfour_crypt(creds,
r->in.logon->generic->data, r->in.logon->generic->length);
} else {
/* Using DES to verify kerberos tickets makes no sense */
@@ -631,7 +606,7 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
memcmp(sam->key.key, zeros, sizeof(sam->key.key)) != 0) {
/* This key is sent unencrypted without the ARCFOUR flag set */
if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
- creds_arcfour_crypt(creds,
+ netlogon_creds_arcfour_crypt(creds,
sam->key.key,
sizeof(sam->key.key));
}
@@ -642,11 +617,11 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
if ((r->in.validation_level != 6) &&
memcmp(sam->LMSessKey.key, zeros, sizeof(sam->LMSessKey.key)) != 0) {
if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
- creds_arcfour_crypt(creds,
+ netlogon_creds_arcfour_crypt(creds,
sam->LMSessKey.key,
sizeof(sam->LMSessKey.key));
} else {
- creds_des_encrypt_LMKey(creds,
+ netlogon_creds_des_encrypt_LMKey(creds,
&sam->LMSessKey);
}
}
@@ -693,15 +668,20 @@ static NTSTATUS dcesrv_netr_LogonSamLogonEx(struct dcesrv_call_state *dce_call,
struct netr_LogonSamLogonEx *r)
{
NTSTATUS nt_status;
- struct creds_CredentialState *creds;
- nt_status = schannel_fetch_session_key(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, r->in.computer_name, lp_workgroup(dce_call->conn->dce_ctx->lp_ctx), &creds);
+ struct netlogon_creds_CredentialState *creds;
+ struct ldb_context *ldb = schannel_db_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx);
+ if (!ldb) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ nt_status = schannel_fetch_session_key(ldb, mem_ctx, r->in.computer_name, &creds);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
if (!dce_call->conn->auth_state.auth_info ||
dce_call->conn->auth_state.auth_info->auth_type != DCERPC_AUTH_TYPE_SCHANNEL) {
- return NT_STATUS_INTERNAL_ERROR;
+ return NT_STATUS_ACCESS_DENIED;
}
return dcesrv_netr_LogonSamLogon_base(dce_call, mem_ctx, r, creds);
}
@@ -714,7 +694,7 @@ static NTSTATUS dcesrv_netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce
struct netr_LogonSamLogonWithFlags *r)
{
NTSTATUS nt_status;
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
struct netr_LogonSamLogonEx r2;
struct netr_Authenticator *return_authenticator;
@@ -722,10 +702,10 @@ static NTSTATUS dcesrv_netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce
return_authenticator = talloc(mem_ctx, struct netr_Authenticator);
NT_STATUS_HAVE_NO_MEMORY(return_authenticator);
- nt_status = dcesrv_netr_creds_server_step_check(dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx,
+ nt_status = dcesrv_netr_creds_server_step_check(dce_call,
r->in.computer_name, mem_ctx,
- r->in.credential, return_authenticator,
- &creds);
+ r->in.credential, return_authenticator,
+ &creds);
NT_STATUS_NOT_OK_RETURN(nt_status);
ZERO_STRUCT(r2);
@@ -1089,7 +1069,7 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal
const char *local_domain;
- status = dcesrv_netr_creds_server_step_check(dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx,
+ status = dcesrv_netr_creds_server_step_check(dce_call,
r->in.computer_name, mem_ctx,
r->in.credential,
r->out.return_authenticator,
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index ad94add071..23443cc9d1 100644
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -77,13 +77,13 @@ static bool test_LogonUasLogoff(struct torture_context *tctx,
bool test_SetupCredentials(struct dcerpc_pipe *p, struct torture_context *tctx,
struct cli_credentials *credentials,
- struct creds_CredentialState **creds_out)
+ struct netlogon_creds_CredentialState **creds_out)
{
NTSTATUS status;
struct netr_ServerReqChallenge r;
struct netr_ServerAuthenticate a;
struct netr_Credential credentials1, credentials2, credentials3;
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
const struct samr_Password *mach_password;
const char *machine_name;
@@ -92,9 +92,6 @@ bool test_SetupCredentials(struct dcerpc_pipe *p, struct torture_context *tctx,
torture_comment(tctx, "Testing ServerReqChallenge\n");
- creds = talloc(tctx, struct creds_CredentialState);
- torture_assert(tctx, creds != NULL, "memory allocation");
-
r.in.server_name = NULL;
r.in.computer_name = machine_name;
r.in.credentials = &credentials1;
@@ -112,9 +109,13 @@ bool test_SetupCredentials(struct dcerpc_pipe *p, struct torture_context *tctx,
a.in.credentials = &credentials3;
a.out.return_credentials = &credentials3;
- creds_client_init(creds, &credentials1, &credentials2,
- mach_password, &credentials3,
- 0);
+ creds = netlogon_creds_client_init(tctx, a.in.account_name,
+ a.in.computer_name,
+ &credentials1, &credentials2,
+ mach_password, &credentials3,
+ 0);
+ torture_assert(tctx, creds != NULL, "memory allocation");
+
torture_comment(tctx, "Testing ServerAuthenticate\n");
@@ -128,7 +129,7 @@ bool test_SetupCredentials(struct dcerpc_pipe *p, struct torture_context *tctx,
torture_assert_ntstatus_ok(tctx, status, "ServerAuthenticate");
- torture_assert(tctx, creds_client_check(creds, &credentials3),
+ torture_assert(tctx, netlogon_creds_client_check(creds, &credentials3),
"Credential chaining failed");
*creds_out = creds;
@@ -139,13 +140,13 @@ bool test_SetupCredentials2(struct dcerpc_pipe *p, struct torture_context *tctx,
uint32_t negotiate_flags,
struct cli_credentials *machine_credentials,
int sec_chan_type,
- struct creds_CredentialState **creds_out)
+ struct netlogon_creds_CredentialState **creds_out)
{
NTSTATUS status;
struct netr_ServerReqChallenge r;
struct netr_ServerAuthenticate2 a;
struct netr_Credential credentials1, credentials2, credentials3;
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
const struct samr_Password *mach_password;
const char *machine_name;
@@ -154,8 +155,6 @@ bool test_SetupCredentials2(struct dcerpc_pipe *p, struct torture_context *tctx,
torture_comment(tctx, "Testing ServerReqChallenge\n");
- creds = talloc(tctx, struct creds_CredentialState);
- torture_assert(tctx, creds != NULL, "memory allocation");
r.in.server_name = NULL;
r.in.computer_name = machine_name;
@@ -176,16 +175,20 @@ bool test_SetupCredentials2(struct dcerpc_pipe *p, struct torture_context *tctx,
a.in.credentials = &credentials3;
a.out.return_credentials = &credentials3;
- creds_client_init(creds, &credentials1, &credentials2,
- mach_password, &credentials3,
- negotiate_flags);
+ creds = netlogon_creds_client_init(tctx, a.in.account_name,
+ a.in.computer_name,
+ &credentials1, &credentials2,
+ mach_password, &credentials3,
+ negotiate_flags);
+
+ torture_assert(tctx, creds != NULL, "memory allocation");
torture_comment(tctx, "Testing ServerAuthenticate2\n");
status = dcerpc_netr_ServerAuthenticate2(p, tctx, &a);
torture_assert_ntstatus_ok(tctx, status, "ServerAuthenticate2");
- torture_assert(tctx, creds_client_check(creds, &credentials3),
+ torture_assert(tctx, netlogon_creds_client_check(creds, &credentials3),
"Credential chaining failed");
torture_comment(tctx, "negotiate_flags=0x%08x\n", negotiate_flags);
@@ -198,13 +201,13 @@ bool test_SetupCredentials2(struct dcerpc_pipe *p, struct torture_context *tctx,
static bool test_SetupCredentials3(struct dcerpc_pipe *p, struct torture_context *tctx,
uint32_t negotiate_flags,
struct cli_credentials *machine_credentials,
- struct creds_CredentialState **creds_out)
+ struct netlogon_creds_CredentialState **creds_out)
{
NTSTATUS status;
struct netr_ServerReqChallenge r;
struct netr_ServerAuthenticate3 a;
struct netr_Credential credentials1, credentials2, credentials3;
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
struct samr_Password mach_password;
uint32_t rid;
const char *machine_name;
@@ -215,9 +218,6 @@ static bool test_SetupCredentials3(struct dcerpc_pipe *p, struct torture_context
torture_comment(tctx, "Testing ServerReqChallenge\n");
- creds = talloc(tctx, struct creds_CredentialState);
- torture_assert(tctx, creds != NULL, "memory allocation");
-
r.in.server_name = NULL;
r.in.computer_name = machine_name;
r.in.credentials = &credentials1;
@@ -240,15 +240,19 @@ static bool test_SetupCredentials3(struct dcerpc_pipe *p, struct torture_context
a.out.negotiate_flags = &negotiate_flags;
a.out.rid = &rid;
- creds_client_init(creds, &credentials1, &credentials2,
- &mach_password, &credentials3,
- negotiate_flags);
+ creds = netlogon_creds_client_init(tctx, a.in.account_name,
+ a.in.computer_name,
+ &credentials1, &credentials2,
+ &mach_password, &credentials3,
+ negotiate_flags);
+
+ torture_assert(tctx, creds != NULL, "memory allocation");
torture_comment(tctx, "Testing ServerAuthenticate3\n");
status = dcerpc_netr_ServerAuthenticate3(p, tctx, &a);
torture_assert_ntstatus_ok(tctx, status, "ServerAuthenticate3");
- torture_assert(tctx, creds_client_check(creds, &credentials3), "Credential chaining failed");
+ torture_assert(tctx, netlogon_creds_client_check(creds, &credentials3), "Credential chaining failed");
torture_comment(tctx, "negotiate_flags=0x%08x\n", negotiate_flags);
@@ -270,7 +274,7 @@ static bool test_SetPassword(struct torture_context *tctx,
NTSTATUS status;
struct netr_ServerPasswordSet r;
const char *password;
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
struct netr_Authenticator credential, return_authenticator;
struct samr_Password new_password;
@@ -289,18 +293,18 @@ static bool test_SetPassword(struct torture_context *tctx,
password = generate_random_str(tctx, 8);
E_md4hash(password, new_password.hash);
- creds_des_encrypt(creds, &new_password);
+ netlogon_creds_des_encrypt(creds, &new_password);
torture_comment(tctx, "Testing ServerPasswordSet on machine account\n");
torture_comment(tctx, "Changing machine account password to '%s'\n",
password);
- creds_client_authenticator(creds, &credential);
+ netlogon_creds_client_authenticator(creds, &credential);
status = dcerpc_netr_ServerPasswordSet(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet");
- if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
+ if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
torture_comment(tctx, "Credential chaining failed\n");
}
@@ -313,12 +317,12 @@ static bool test_SetPassword(struct torture_context *tctx,
torture_comment(tctx,
"Changing machine account password to '%s' (same as previous run)\n", password);
- creds_client_authenticator(creds, &credential);
+ netlogon_creds_client_authenticator(creds, &credential);
status = dcerpc_netr_ServerPasswordSet(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet (2)");
- if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
+ if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
torture_comment(tctx, "Credential chaining failed\n");
}
@@ -360,7 +364,7 @@ static bool test_SetPassword2(struct torture_context *tctx,
struct netr_ServerPasswordSet2 r;
const char *password;
DATA_BLOB new_random_pass;
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
struct samr_CryptPassword password_buf;
struct samr_Password nt_hash;
struct netr_Authenticator credential, return_authenticator;
@@ -380,7 +384,7 @@ static bool test_SetPassword2(struct torture_context *tctx,
password = generate_random_str(tctx, 8);
encode_pw_buffer(password_buf.data, password, STR_UNICODE);
- creds_arcfour_crypt(creds, password_buf.data, 516);
+ netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
memcpy(new_password.data, password_buf.data, 512);
new_password.length = IVAL(password_buf.data, 512);
@@ -388,12 +392,12 @@ static bool test_SetPassword2(struct torture_context *tctx,
torture_comment(tctx, "Testing ServerPasswordSet2 on machine account\n");
torture_comment(tctx, "Changing machine account password to '%s'\n", password);
- creds_client_authenticator(creds, &credential);
+ netlogon_creds_client_authenticator(creds, &credential);
status = dcerpc_netr_ServerPasswordSet2(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet2");
- if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
+ if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
torture_comment(tctx, "Credential chaining failed\n");
}
@@ -410,7 +414,7 @@ static bool test_SetPassword2(struct torture_context *tctx,
*/
password = "";
encode_pw_buffer(password_buf.data, password, STR_UNICODE);
- creds_arcfour_crypt(creds, password_buf.data, 516);
+ netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
memcpy(new_password.data, password_buf.data, 512);
new_password.length = IVAL(password_buf.data, 512);
@@ -420,12 +424,12 @@ static bool test_SetPassword2(struct torture_context *tctx,
torture_comment(tctx,
"Changing machine account password to '%s'\n", password);
- creds_client_authenticator(creds, &credential);
+ netlogon_creds_client_authenticator(creds, &credential);
status = dcerpc_netr_ServerPasswordSet2(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet2");
- if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
+ if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
torture_comment(tctx, "Credential chaining failed\n");
}
@@ -438,7 +442,7 @@ static bool test_SetPassword2(struct torture_context *tctx,
/* now try a random password */
password = generate_random_str(tctx, 8);
encode_pw_buffer(password_buf.data, password, STR_UNICODE);
- creds_arcfour_crypt(creds, password_buf.data, 516);
+ netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
memcpy(new_password.data, password_buf.data, 512);
new_password.length = IVAL(password_buf.data, 512);
@@ -446,12 +450,12 @@ static bool test_SetPassword2(struct torture_context *tctx,
torture_comment(tctx, "Testing second ServerPasswordSet2 on machine account\n");
torture_comment(tctx, "Changing machine account password to '%s'\n", password);
- creds_client_authenticator(creds, &credential);
+ netlogon_creds_client_authenticator(creds, &credential);
status = dcerpc_netr_ServerPasswordSet2(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet2 (2)");
- if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
+ if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
torture_comment(tctx, "Credential chaining failed\n");
}
@@ -464,12 +468,12 @@ static bool test_SetPassword2(struct torture_context *tctx,
torture_comment(tctx,
"Changing machine account password to '%s' (same as previous run)\n", password);
- creds_client_authenticator(creds, &credential);
+ netlogon_creds_client_authenticator(creds, &credential);
status = dcerpc_netr_ServerPasswordSet2(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet (3)");
- if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
+ if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
torture_comment(tctx, "Credential chaining failed\n");
}
@@ -484,7 +488,7 @@ static bool test_SetPassword2(struct torture_context *tctx,
/* now try a random stream of bytes for a password */
set_pw_in_buffer(password_buf.data, &new_random_pass);
- creds_arcfour_crypt(creds, password_buf.data, 516);
+ netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
memcpy(new_password.data, password_buf.data, 512);
new_password.length = IVAL(password_buf.data, 512);
@@ -492,12 +496,12 @@ static bool test_SetPassword2(struct torture_context *tctx,
torture_comment(tctx,
"Testing a third ServerPasswordSet2 on machine account, with a compleatly random password\n");
- creds_client_authenticator(creds, &credential);
+ netlogon_creds_client_authenticator(creds, &credential);
status = dcerpc_netr_ServerPasswordSet2(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet (3)");
- if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
+ if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
torture_comment(tctx, "Credential chaining failed\n");
}
@@ -518,7 +522,7 @@ static bool test_GetPassword(struct torture_context *tctx,
struct cli_credentials *machine_credentials)
{
struct netr_ServerPasswordGet r;
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
struct netr_Authenticator credential;
NTSTATUS status;
struct netr_Authenticator return_authenticator;
@@ -528,7 +532,7 @@ static bool test_GetPassword(struct torture_context *tctx,
return false;
}
- creds_client_authenticator(creds, &credential);
+ netlogon_creds_client_authenticator(creds, &credential);
r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
@@ -549,7 +553,7 @@ static bool test_GetTrustPasswords(struct torture_context *tctx,
struct cli_credentials *machine_credentials)
{
struct netr_ServerTrustPasswordsGet r;
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
struct netr_Authenticator credential;
NTSTATUS status;
struct netr_Authenticator return_authenticator;
@@ -559,7 +563,7 @@ static bool test_GetTrustPasswords(struct torture_context *tctx,
return false;
}
- creds_client_authenticator(creds, &credential);
+ netlogon_creds_client_authenticator(creds, &credential);
r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
@@ -581,7 +585,7 @@ static bool test_GetTrustPasswords(struct torture_context *tctx,
*/
bool test_netlogon_ops(struct dcerpc_pipe *p, struct torture_context *tctx,
struct cli_credentials *credentials,
- struct creds_CredentialState *creds)
+ struct netlogon_creds_CredentialState *creds)
{
NTSTATUS status;
struct netr_LogonSamLogon r;
@@ -647,14 +651,15 @@ bool test_netlogon_ops(struct dcerpc_pipe *p, struct torture_context *tctx,
for (i=2;i<3;i++) {
ZERO_STRUCT(auth2);
- creds_client_authenticator(creds, &auth);
+ netlogon_creds_client_authenticator(creds, &auth);
r.in.validation_level = i;
status = dcerpc_netr_LogonSamLogon(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "LogonSamLogon failed");
- torture_assert(tctx, creds_client_check(creds, &r.out.return_authenticator->cred),
+ torture_assert(tctx, netlogon_creds_client_check(creds,
+ &r.out.return_authenticator->cred),
"Credential chaining failed");
}
@@ -682,7 +687,7 @@ static bool test_SamLogon(struct torture_context *tctx,
struct dcerpc_pipe *p,
struct cli_credentials *credentials)
{
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
if (!test_SetupCredentials(p, tctx, credentials, &creds)) {
return false;
@@ -703,7 +708,7 @@ static bool test_DatabaseSync(struct torture_context *tctx,
{
NTSTATUS status;
struct netr_DatabaseSync r;
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
const uint32_t database_ids[] = {SAM_DATABASE_DOMAIN, SAM_DATABASE_BUILTIN, SAM_DATABASE_PRIVS};
int i;
struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
@@ -733,7 +738,7 @@ static bool test_DatabaseSync(struct torture_context *tctx,
torture_comment(tctx, "Testing DatabaseSync of id %d\n", r.in.database_id);
do {
- creds_client_authenticator(creds, &credential);
+ netlogon_creds_client_authenticator(creds, &credential);
r.in.credential = &credential;
@@ -747,7 +752,7 @@ static bool test_DatabaseSync(struct torture_context *tctx,
}
torture_assert_ntstatus_ok(tctx, status, "DatabaseSync");
- if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
+ if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
torture_comment(tctx, "Credential chaining failed\n");
}
@@ -777,7 +782,7 @@ static bool test_DatabaseDeltas(struct torture_context *tctx,
{
NTSTATUS status;
struct netr_DatabaseDeltas r;
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
struct netr_Authenticator credential;
struct netr_Authenticator return_authenticator;
struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
@@ -807,7 +812,7 @@ static bool test_DatabaseDeltas(struct torture_context *tctx,
r.in.database_id, (unsigned long long)*r.in.sequence_num);
do {
- creds_client_authenticator(creds, &credential);
+ netlogon_creds_client_authenticator(creds, &credential);
status = dcerpc_netr_DatabaseDeltas(p, tctx, &r);
if (NT_STATUS_EQUAL(status,
@@ -821,7 +826,7 @@ static bool test_DatabaseDeltas(struct torture_context *tctx,
torture_assert_ntstatus_ok(tctx, status, "DatabaseDeltas");
- if (!creds_client_check(creds, &return_authenticator.cred)) {
+ if (!netlogon_creds_client_check(creds, &return_authenticator.cred)) {
torture_comment(tctx, "Credential chaining failed\n");
}
@@ -838,7 +843,7 @@ static bool test_DatabaseRedo(struct torture_context *tctx,
{
NTSTATUS status;
struct netr_DatabaseRedo r;
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
struct netr_Authenticator credential;
struct netr_Authenticator return_authenticator;
struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
@@ -1300,7 +1305,7 @@ static bool test_DatabaseRedo(struct torture_context *tctx,
continue;
}
- creds_client_authenticator(creds, &credential);
+ netlogon_creds_client_authenticator(creds, &credential);
r.in.credential = &credential;
@@ -1352,7 +1357,7 @@ static bool test_DatabaseRedo(struct torture_context *tctx,
}
}
- if (!creds_client_check(creds, &return_authenticator.cred)) {
+ if (!netlogon_creds_client_check(creds, &return_authenticator.cred)) {
torture_comment(tctx, "Credential chaining failed\n");
if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
return false;
@@ -1374,7 +1379,7 @@ static bool test_AccountDeltas(struct torture_context *tctx,
{
NTSTATUS status;
struct netr_AccountDeltas r;
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
struct netr_AccountBuffer buffer;
uint32_t count_returned = 0;
@@ -1391,7 +1396,7 @@ static bool test_AccountDeltas(struct torture_context *tctx,
r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
r.in.computername = TEST_MACHINE_NAME;
r.in.return_authenticator = &return_authenticator;
- creds_client_authenticator(creds, &r.in.credential);
+ netlogon_creds_client_authenticator(creds, &r.in.credential);
ZERO_STRUCT(r.in.uas);
r.in.count=10;
r.in.level=0;
@@ -1417,7 +1422,7 @@ static bool test_AccountSync(struct torture_context *tctx, struct dcerpc_pipe *p
{
NTSTATUS status;
struct netr_AccountSync r;
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
struct netr_AccountBuffer buffer;
uint32_t count_returned = 0;
@@ -1436,7 +1441,7 @@ static bool test_AccountSync(struct torture_context *tctx, struct dcerpc_pipe *p
r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
r.in.computername = TEST_MACHINE_NAME;
r.in.return_authenticator = &return_authenticator;
- creds_client_authenticator(creds, &r.in.credential);
+ netlogon_creds_client_authenticator(creds, &r.in.credential);
r.in.recordid = &recordid;
r.in.reference=0;
r.in.level=0;
@@ -1622,7 +1627,7 @@ static bool test_DatabaseSync2(struct torture_context *tctx,
struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
struct netr_Authenticator return_authenticator, credential;
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
const uint32_t database_ids[] = {0, 1, 2};
int i;
@@ -1653,7 +1658,7 @@ static bool test_DatabaseSync2(struct torture_context *tctx,
torture_comment(tctx, "Testing DatabaseSync2 of id %d\n", r.in.database_id);
do {
- creds_client_authenticator(creds, &credential);
+ netlogon_creds_client_authenticator(creds, &credential);
r.in.credential = &credential;
@@ -1668,7 +1673,7 @@ static bool test_DatabaseSync2(struct torture_context *tctx,
torture_assert_ntstatus_ok(tctx, status, "DatabaseSync2");
- if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
+ if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
torture_comment(tctx, "Credential chaining failed\n");
}
@@ -2072,14 +2077,14 @@ static bool test_netr_ServerGetTrustInfo(struct torture_context *tctx,
struct samr_Password old_owf_password;
struct netr_TrustInfo *trust_info;
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
if (!test_SetupCredentials3(p, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS,
machine_credentials, &creds)) {
return false;
}
- creds_client_authenticator(creds, &a);
+ netlogon_creds_client_authenticator(creds, &a);
r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
@@ -2094,7 +2099,7 @@ static bool test_netr_ServerGetTrustInfo(struct torture_context *tctx,
status = dcerpc_netr_ServerGetTrustInfo(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "failed");
- torture_assert(tctx, creds_client_check(creds, &return_authenticator.cred), "Credential chaining failed");
+ torture_assert(tctx, netlogon_creds_client_check(creds, &return_authenticator.cred), "Credential chaining failed");
return true;
}
@@ -2108,7 +2113,7 @@ static bool test_GetDomainInfo(struct torture_context *tctx,
struct netr_LogonGetDomainInfo r;
struct netr_DomainQuery1 q1;
struct netr_Authenticator a;
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
union netr_DomainInfo info;
if (!test_SetupCredentials3(p, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS,
@@ -2118,7 +2123,7 @@ static bool test_GetDomainInfo(struct torture_context *tctx,
ZERO_STRUCT(r);
- creds_client_authenticator(creds, &a);
+ netlogon_creds_client_authenticator(creds, &a);
r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
r.in.computer_name = TEST_MACHINE_NAME;
@@ -2143,14 +2148,14 @@ static bool test_GetDomainInfo(struct torture_context *tctx,
status = dcerpc_netr_LogonGetDomainInfo(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "netr_LogonGetDomainInfo");
- torture_assert(tctx, creds_client_check(creds, &a.cred), "Credential chaining failed");
+ torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
torture_comment(tctx, "Testing netr_LogonGetDomainInfo 2nd call\n");
- creds_client_authenticator(creds, &a);
+ netlogon_creds_client_authenticator(creds, &a);
status = dcerpc_netr_LogonGetDomainInfo(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "netr_LogonGetDomainInfo");
- torture_assert(tctx, creds_client_check(creds, &a.cred), "Credential chaining failed");
+ torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
return true;
}
@@ -2173,8 +2178,8 @@ static bool test_GetDomainInfo_async(struct torture_context *tctx,
struct netr_DomainQuery1 q1;
struct netr_Authenticator a;
#define ASYNC_COUNT 100
- struct creds_CredentialState *creds;
- struct creds_CredentialState *creds_async[ASYNC_COUNT];
+ struct netlogon_creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds_async[ASYNC_COUNT];
struct rpc_request *req[ASYNC_COUNT];
int i;
int *async_counter = talloc(tctx, int);
@@ -2210,9 +2215,9 @@ static bool test_GetDomainInfo_async(struct torture_context *tctx,
*async_counter = 0;
for (i=0;i<ASYNC_COUNT;i++) {
- creds_client_authenticator(creds, &a);
+ netlogon_creds_client_authenticator(creds, &a);
- creds_async[i] = (struct creds_CredentialState *)talloc_memdup(creds, creds, sizeof(*creds));
+ creds_async[i] = (struct netlogon_creds_CredentialState *)talloc_memdup(creds, creds, sizeof(*creds));
req[i] = dcerpc_netr_LogonGetDomainInfo_send(p, tctx, &r);
req[i]->async.callback = async_callback;
@@ -2230,7 +2235,7 @@ static bool test_GetDomainInfo_async(struct torture_context *tctx,
torture_assert_ntstatus_ok(tctx, status, "netr_LogonGetDomainInfo_async");
torture_assert_ntstatus_ok(tctx, r.out.result, "netr_LogonGetDomainInfo_async");
- torture_assert(tctx, creds_client_check(creds_async[i], &a.cred),
+ torture_assert(tctx, netlogon_creds_client_check(creds_async[i], &a.cred),
"Credential chaining failed at async");
}
diff --git a/source4/torture/rpc/netlogon.h b/source4/torture/rpc/netlogon.h
index 92d366b46a..9038286ded 100644
--- a/source4/torture/rpc/netlogon.h
+++ b/source4/torture/rpc/netlogon.h
@@ -3,4 +3,4 @@ bool test_SetupCredentials2(struct dcerpc_pipe *p, struct torture_context *tctx,
uint32_t negotiate_flags,
struct cli_credentials *machine_credentials,
int sec_chan_type,
- struct creds_CredentialState **creds_out);
+ struct netlogon_creds_CredentialState **creds_out);
diff --git a/source4/torture/rpc/remote_pac.c b/source4/torture/rpc/remote_pac.c
index 53754e02af..6d638d1868 100644
--- a/source4/torture/rpc/remote_pac.c
+++ b/source4/torture/rpc/remote_pac.c
@@ -57,7 +57,7 @@ static bool test_PACVerify(struct torture_context *tctx,
struct netr_Authenticator auth, auth2;
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
struct gensec_security *gensec_client_context;
struct gensec_security *gensec_server_context;
@@ -149,7 +149,7 @@ static bool test_PACVerify(struct torture_context *tctx,
torture_assert(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), "ndr_push_struct_blob of PACValidate structure failed");
torture_assert(tctx, (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR), "not willing to even try a PACValidate without RC4 encryption");
- creds_arcfour_crypt(creds, pac_wrapped.data, pac_wrapped.length);
+ netlogon_creds_arcfour_crypt(creds, pac_wrapped.data, pac_wrapped.length);
generic.length = pac_wrapped.length;
generic.data = pac_wrapped.data;
@@ -168,7 +168,7 @@ static bool test_PACVerify(struct torture_context *tctx,
logon.generic = &generic;
ZERO_STRUCT(auth2);
- creds_client_authenticator(creds, &auth);
+ netlogon_creds_client_authenticator(creds, &auth);
r.in.credential = &auth;
r.in.return_authenticator = &auth2;
r.in.logon = &logon;
@@ -190,7 +190,7 @@ static bool test_PACVerify(struct torture_context *tctx,
logon.generic = &generic;
ZERO_STRUCT(auth2);
- creds_client_authenticator(creds, &auth);
+ netlogon_creds_client_authenticator(creds, &auth);
r.in.credential = &auth;
r.in.return_authenticator = &auth2;
r.in.logon_level = NetlogonGenericInformation;
@@ -203,7 +203,7 @@ static bool test_PACVerify(struct torture_context *tctx,
torture_assert_ntstatus_equal(tctx, status, NT_STATUS_LOGON_FAILURE, "LogonSamLogon failed");
- torture_assert(tctx, creds_client_check(creds, &r.out.return_authenticator->cred),
+ torture_assert(tctx, netlogon_creds_client_check(creds, &r.out.return_authenticator->cred),
"Credential chaining failed");
/* This will break the parsing nicely (even in the crypto wrapping), check we get INVALID_PARAMETER */
@@ -212,7 +212,7 @@ static bool test_PACVerify(struct torture_context *tctx,
logon.generic = &generic;
ZERO_STRUCT(auth2);
- creds_client_authenticator(creds, &auth);
+ netlogon_creds_client_authenticator(creds, &auth);
r.in.credential = &auth;
r.in.return_authenticator = &auth2;
r.in.logon_level = NetlogonGenericInformation;
@@ -225,7 +225,8 @@ static bool test_PACVerify(struct torture_context *tctx,
torture_assert_ntstatus_equal(tctx, status, NT_STATUS_INVALID_PARAMETER, "LogonSamLogon failed");
- torture_assert(tctx, creds_client_check(creds, &r.out.return_authenticator->cred),
+ torture_assert(tctx, netlogon_creds_client_check(creds,
+ &r.out.return_authenticator->cred),
"Credential chaining failed");
pac_wrapped_struct.ChecksumLength = session_info->server_info->pac_srv_sig.signature.length;
@@ -251,7 +252,7 @@ static bool test_PACVerify(struct torture_context *tctx,
torture_assert(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), "ndr_push_struct_blob of PACValidate structure failed");
torture_assert(tctx, (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR), "not willing to even try a PACValidate without RC4 encryption");
- creds_arcfour_crypt(creds, pac_wrapped.data, pac_wrapped.length);
+ netlogon_creds_arcfour_crypt(creds, pac_wrapped.data, pac_wrapped.length);
generic.length = pac_wrapped.length;
generic.data = pac_wrapped.data;
@@ -259,7 +260,7 @@ static bool test_PACVerify(struct torture_context *tctx,
logon.generic = &generic;
ZERO_STRUCT(auth2);
- creds_client_authenticator(creds, &auth);
+ netlogon_creds_client_authenticator(creds, &auth);
r.in.credential = &auth;
r.in.return_authenticator = &auth2;
r.in.logon_level = NetlogonGenericInformation;
@@ -272,7 +273,7 @@ static bool test_PACVerify(struct torture_context *tctx,
torture_assert_ntstatus_equal(tctx, status, NT_STATUS_LOGON_FAILURE, "LogonSamLogon failed");
- torture_assert(tctx, creds_client_check(creds, &r.out.return_authenticator->cred),
+ torture_assert(tctx, netlogon_creds_client_check(creds, &r.out.return_authenticator->cred),
"Credential chaining failed");
pac_wrapped_struct.ChecksumLength = session_info->server_info->pac_srv_sig.signature.length;
@@ -298,7 +299,7 @@ static bool test_PACVerify(struct torture_context *tctx,
torture_assert(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), "ndr_push_struct_blob of PACValidate structure failed");
torture_assert(tctx, (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR), "not willing to even try a PACValidate without RC4 encryption");
- creds_arcfour_crypt(creds, pac_wrapped.data, pac_wrapped.length);
+ netlogon_creds_arcfour_crypt(creds, pac_wrapped.data, pac_wrapped.length);
generic.length = pac_wrapped.length;
generic.data = pac_wrapped.data;
@@ -306,7 +307,7 @@ static bool test_PACVerify(struct torture_context *tctx,
logon.generic = &generic;
ZERO_STRUCT(auth2);
- creds_client_authenticator(creds, &auth);
+ netlogon_creds_client_authenticator(creds, &auth);
r.in.credential = &auth;
r.in.return_authenticator = &auth2;
r.in.logon_level = NetlogonGenericInformation;
@@ -319,7 +320,7 @@ static bool test_PACVerify(struct torture_context *tctx,
torture_assert_ntstatus_equal(tctx, status, NT_STATUS_INVALID_PARAMETER, "LogonSamLogon failed");
- torture_assert(tctx, creds_client_check(creds, &r.out.return_authenticator->cred),
+ torture_assert(tctx, netlogon_creds_client_check(creds, &r.out.return_authenticator->cred),
"Credential chaining failed");
return true;
}
diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c
index fe128fea52..e31135c0de 100644
--- a/source4/torture/rpc/samba3rpc.c
+++ b/source4/torture/rpc/samba3rpc.c
@@ -904,7 +904,7 @@ static bool auth2(struct smbcli_state *cli,
struct netr_Credential netr_srv_creds;
uint32_t negotiate_flags;
struct netr_ServerAuthenticate2 a;
- struct creds_CredentialState *creds_state;
+ struct netlogon_creds_CredentialState *creds_state;
struct netr_Credential netr_cred;
struct samr_Password mach_pw;
@@ -958,11 +958,6 @@ static bool auth2(struct smbcli_state *cli,
negotiate_flags = NETLOGON_NEG_AUTH2_FLAGS;
E_md4hash(cli_credentials_get_password(wks_cred), mach_pw.hash);
- creds_state = talloc(mem_ctx, struct creds_CredentialState);
- creds_client_init(creds_state, r.in.credentials,
- r.out.return_credentials, &mach_pw,
- &netr_cred, negotiate_flags);
-
a.in.server_name = talloc_asprintf(
mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe));
a.in.account_name = talloc_asprintf(
@@ -974,6 +969,13 @@ static bool auth2(struct smbcli_state *cli,
a.in.credentials = &netr_cred;
a.out.return_credentials = &netr_cred;
+ creds_state = netlogon_creds_client_init(mem_ctx,
+ a.in.account_name,
+ a.in.computer_name,
+ r.in.credentials,
+ r.out.return_credentials, &mach_pw,
+ &netr_cred, negotiate_flags);
+
status = dcerpc_netr_ServerAuthenticate2(net_pipe, mem_ctx, &a);
if (!NT_STATUS_IS_OK(status)) {
d_printf("netr_ServerServerAuthenticate2 failed: %s\n",
@@ -981,7 +983,7 @@ static bool auth2(struct smbcli_state *cli,
goto done;
}
- if (!creds_client_check(creds_state, a.out.return_credentials)) {
+ if (!netlogon_creds_client_check(creds_state, a.out.return_credentials)) {
d_printf("creds_client_check failed\n");
goto done;
}
@@ -1054,7 +1056,7 @@ static bool schan(struct smbcli_state *cli,
for (i=2; i<4; i++) {
int flags;
DATA_BLOB chal, nt_resp, lm_resp, names_blob, session_key;
- struct creds_CredentialState *creds_state;
+ struct netlogon_creds_CredentialState *creds_state;
struct netr_Authenticator netr_auth, netr_auth2;
struct netr_NetworkInfo ninfo;
struct netr_PasswordInfo pinfo;
@@ -1088,7 +1090,7 @@ static bool schan(struct smbcli_state *cli,
}
creds_state = cli_credentials_get_netlogon_creds(wks_creds);
- creds_client_authenticator(creds_state, &netr_auth);
+ netlogon_creds_client_authenticator(creds_state, &netr_auth);
ninfo.identity_info.account_name.string =
cli_credentials_get_username(user_creds);
@@ -1129,13 +1131,13 @@ static bool schan(struct smbcli_state *cli,
}
if ((r.out.return_authenticator == NULL) ||
- (!creds_client_check(creds_state,
+ (!netlogon_creds_client_check(creds_state,
&r.out.return_authenticator->cred))) {
d_printf("Credentials check failed!\n");
goto done;
}
- creds_client_authenticator(creds_state, &netr_auth);
+ netlogon_creds_client_authenticator(creds_state, &netr_auth);
pinfo.identity_info = ninfo.identity_info;
ZERO_STRUCT(pinfo.lmpassword.hash);
@@ -1161,7 +1163,7 @@ static bool schan(struct smbcli_state *cli,
}
if ((r.out.return_authenticator == NULL) ||
- (!creds_client_check(creds_state,
+ (!netlogon_creds_client_check(creds_state,
&r.out.return_authenticator->cred))) {
d_printf("Credentials check failed!\n");
goto done;
@@ -1171,7 +1173,7 @@ static bool schan(struct smbcli_state *cli,
{
struct netr_ServerPasswordSet s;
char *password = generate_random_str(wks_creds, 8);
- struct creds_CredentialState *creds_state;
+ struct netlogon_creds_CredentialState *creds_state;
struct netr_Authenticator credential, return_authenticator;
struct samr_Password new_password;
@@ -1188,8 +1190,8 @@ static bool schan(struct smbcli_state *cli,
E_md4hash(password, new_password.hash);
creds_state = cli_credentials_get_netlogon_creds(wks_creds);
- creds_des_encrypt(creds_state, &new_password);
- creds_client_authenticator(creds_state, &credential);
+ netlogon_creds_des_encrypt(creds_state, &new_password);
+ netlogon_creds_client_authenticator(creds_state, &credential);
status = dcerpc_netr_ServerPasswordSet(net_pipe, mem_ctx, &s);
if (!NT_STATUS_IS_OK(status)) {
@@ -1197,8 +1199,8 @@ static bool schan(struct smbcli_state *cli,
goto done;
}
- if (!creds_client_check(creds_state,
- &s.out.return_authenticator->cred)) {
+ if (!netlogon_creds_client_check(creds_state,
+ &s.out.return_authenticator->cred)) {
printf("Credential chaining failed\n");
}
@@ -2088,7 +2090,7 @@ bool torture_samba3_rpc_randomauth2(struct torture_context *torture)
struct netr_Credential netr_srv_creds;
uint32_t negotiate_flags;
struct netr_ServerAuthenticate2 a;
- struct creds_CredentialState *creds_state;
+ struct netlogon_creds_CredentialState *creds_state;
struct netr_Credential netr_cred;
struct samr_Password mach_pw;
struct smbcli_state *cli;
@@ -2155,11 +2157,6 @@ bool torture_samba3_rpc_randomauth2(struct torture_context *torture)
negotiate_flags = NETLOGON_NEG_AUTH2_FLAGS;
E_md4hash("foobar", mach_pw.hash);
- creds_state = talloc(mem_ctx, struct creds_CredentialState);
- creds_client_init(creds_state, r.in.credentials,
- r.out.return_credentials, &mach_pw,
- &netr_cred, negotiate_flags);
-
a.in.server_name = talloc_asprintf(
mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe));
a.in.account_name = talloc_asprintf(
@@ -2171,6 +2168,14 @@ bool torture_samba3_rpc_randomauth2(struct torture_context *torture)
a.in.credentials = &netr_cred;
a.out.return_credentials = &netr_cred;
+ creds_state = netlogon_creds_client_init(mem_ctx,
+ a.in.account_name,
+ a.in.computer_name,
+ r.in.credentials,
+ r.out.return_credentials, &mach_pw,
+ &netr_cred, negotiate_flags);
+
+
status = dcerpc_netr_ServerAuthenticate2(net_pipe, mem_ctx, &a);
if (!NT_STATUS_EQUAL(status, NT_STATUS_NO_TRUST_SAM_ACCOUNT)) {
diff --git a/source4/torture/rpc/samlogon.c b/source4/torture/rpc/samlogon.c
index ce9bf5ea6e..8318930989 100644
--- a/source4/torture/rpc/samlogon.c
+++ b/source4/torture/rpc/samlogon.c
@@ -63,7 +63,7 @@ struct samlogon_state {
struct netr_LogonSamLogonEx r_ex;
struct netr_LogonSamLogonWithFlags r_flags;
struct netr_Authenticator auth, auth2;
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
NTSTATUS expected_error;
bool old_password; /* Allow an old password to be accepted or rejected without error, as well as session key bugs */
DATA_BLOB chall;
@@ -153,12 +153,12 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state,
switch (samlogon_state->function_level) {
case NDR_NETR_LOGONSAMLOGON:
ZERO_STRUCT(samlogon_state->auth2);
- creds_client_authenticator(samlogon_state->creds, &samlogon_state->auth);
+ netlogon_creds_client_authenticator(samlogon_state->creds, &samlogon_state->auth);
r->out.return_authenticator = NULL;
status = dcerpc_netr_LogonSamLogon(samlogon_state->p, samlogon_state->mem_ctx, r);
if (!r->out.return_authenticator ||
- !creds_client_check(samlogon_state->creds, &r->out.return_authenticator->cred)) {
+ !netlogon_creds_client_check(samlogon_state->creds, &r->out.return_authenticator->cred)) {
d_printf("Credential chaining failed\n");
}
if (!NT_STATUS_IS_OK(status)) {
@@ -170,7 +170,7 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state,
validation_level = r->in.validation_level;
- creds_decrypt_samlogon(samlogon_state->creds, validation_level, r->out.validation);
+ netlogon_creds_decrypt_samlogon(samlogon_state->creds, validation_level, r->out.validation);
switch (validation_level) {
case 2:
@@ -195,7 +195,7 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state,
validation_level = r_ex->in.validation_level;
- creds_decrypt_samlogon(samlogon_state->creds, validation_level, r_ex->out.validation);
+ netlogon_creds_decrypt_samlogon(samlogon_state->creds, validation_level, r_ex->out.validation);
switch (validation_level) {
case 2:
@@ -211,12 +211,12 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state,
break;
case NDR_NETR_LOGONSAMLOGONWITHFLAGS:
ZERO_STRUCT(samlogon_state->auth2);
- creds_client_authenticator(samlogon_state->creds, &samlogon_state->auth);
+ netlogon_creds_client_authenticator(samlogon_state->creds, &samlogon_state->auth);
r_flags->out.return_authenticator = NULL;
status = dcerpc_netr_LogonSamLogonWithFlags(samlogon_state->p, samlogon_state->mem_ctx, r_flags);
if (!r_flags->out.return_authenticator ||
- !creds_client_check(samlogon_state->creds, &r_flags->out.return_authenticator->cred)) {
+ !netlogon_creds_client_check(samlogon_state->creds, &r_flags->out.return_authenticator->cred)) {
d_printf("Credential chaining failed\n");
}
if (!NT_STATUS_IS_OK(status)) {
@@ -228,7 +228,7 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state,
validation_level = r_flags->in.validation_level;
- creds_decrypt_samlogon(samlogon_state->creds, validation_level, r_flags->out.validation);
+ netlogon_creds_decrypt_samlogon(samlogon_state->creds, validation_level, r_flags->out.validation);
switch (validation_level) {
case 2:
@@ -1314,7 +1314,7 @@ static const struct ntlm_tests {
*/
static bool test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct torture_context *tctx,
- struct creds_CredentialState *creds,
+ struct netlogon_creds_CredentialState *creds,
const char *comment,
const char *account_domain, const char *account_name,
const char *plain_pass, uint32_t parameter_control,
@@ -1429,7 +1429,7 @@ static bool test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
test an ADS style interactive domain logon
*/
bool test_InteractiveLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
- struct creds_CredentialState *creds,
+ struct netlogon_creds_CredentialState *creds,
const char *comment,
const char *workstation_name,
const char *account_domain, const char *account_name,
@@ -1454,7 +1454,7 @@ bool test_InteractiveLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
ZERO_STRUCT(logon);
ZERO_STRUCT(validation);
- creds_client_authenticator(creds, &a);
+ netlogon_creds_client_authenticator(creds, &a);
logon.password = &pinfo;
@@ -1483,18 +1483,18 @@ bool test_InteractiveLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
E_md4hash(plain_pass, pinfo.ntpassword.hash);
if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
- creds_arcfour_crypt(creds, pinfo.lmpassword.hash, 16);
- creds_arcfour_crypt(creds, pinfo.ntpassword.hash, 16);
+ netlogon_creds_arcfour_crypt(creds, pinfo.lmpassword.hash, 16);
+ netlogon_creds_arcfour_crypt(creds, pinfo.ntpassword.hash, 16);
} else {
- creds_des_encrypt(creds, &pinfo.lmpassword);
- creds_des_encrypt(creds, &pinfo.ntpassword);
+ netlogon_creds_des_encrypt(creds, &pinfo.lmpassword);
+ netlogon_creds_des_encrypt(creds, &pinfo.ntpassword);
}
d_printf("Testing netr_LogonSamLogonWithFlags '%s' (Interactive Logon)\n", comment);
status = dcerpc_netr_LogonSamLogonWithFlags(p, fn_ctx, &r);
if (!r.out.return_authenticator
- || !creds_client_check(creds, &r.out.return_authenticator->cred)) {
+ || !netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
d_printf("Credential chaining failed\n");
talloc_free(fn_ctx);
return false;
@@ -1540,7 +1540,7 @@ bool torture_rpc_samlogon(struct torture_context *torture)
0 /* yes, this is a valid flag, causes the use of DES */
};
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
test_machine_account = talloc_asprintf(mem_ctx, "%s$", TEST_MACHINE_NAME);
/* We only need to join as a workstation here, and in future,
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
index 8af9867528..7b4e85195b 100644
--- a/source4/torture/rpc/samr.c
+++ b/source4/torture/rpc/samr.c
@@ -2632,7 +2632,7 @@ static bool test_QueryUserInfo_pwdlastset(struct dcerpc_pipe *p,
static bool test_SamLogon_Creds(struct dcerpc_pipe *p, struct torture_context *tctx,
struct cli_credentials *machine_credentials,
struct cli_credentials *test_credentials,
- struct creds_CredentialState *creds,
+ struct netlogon_creds_CredentialState *creds,
NTSTATUS expected_result)
{
NTSTATUS status;
@@ -2700,7 +2700,7 @@ static bool test_SamLogon_Creds(struct dcerpc_pipe *p, struct torture_context *t
d_printf("Testing LogonSamLogon with name %s\n", ninfo.identity_info.account_name.string);
ZERO_STRUCT(auth2);
- creds_client_authenticator(creds, &auth);
+ netlogon_creds_client_authenticator(creds, &auth);
r.in.validation_level = 2;
@@ -2712,7 +2712,7 @@ static bool test_SamLogon_Creds(struct dcerpc_pipe *p, struct torture_context *t
torture_assert_ntstatus_ok(tctx, status, "LogonSamLogon failed");
}
- torture_assert(tctx, creds_client_check(creds, &r.out.return_authenticator->cred),
+ torture_assert(tctx, netlogon_creds_client_check(creds, &r.out.return_authenticator->cred),
"Credential chaining failed");
return true;
@@ -2724,7 +2724,7 @@ static bool test_SamLogon(struct torture_context *tctx,
struct cli_credentials *test_credentials,
NTSTATUS expected_result)
{
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
return false;
diff --git a/source4/torture/rpc/samsync.c b/source4/torture/rpc/samsync.c
index 00798214f3..ee11ede83f 100644
--- a/source4/torture/rpc/samsync.c
+++ b/source4/torture/rpc/samsync.c
@@ -47,7 +47,7 @@
try a netlogon SamLogon
*/
static NTSTATUS test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
- struct creds_CredentialState *creds,
+ struct netlogon_creds_CredentialState *creds,
const char *domain, const char *account_name,
const char *workstation,
struct samr_Password *lm_hash,
@@ -100,13 +100,13 @@ static NTSTATUS test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
r.out.authoritative = &authoritative;
ZERO_STRUCT(auth2);
- creds_client_authenticator(creds, &auth);
+ netlogon_creds_client_authenticator(creds, &auth);
r.in.validation_level = 3;
status = dcerpc_netr_LogonSamLogon(p, mem_ctx, &r);
- if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
+ if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
printf("Credential chaining failed\n");
}
@@ -123,8 +123,8 @@ struct samsync_state {
const char *domain_name[2];
struct samsync_secret *secrets;
struct samsync_trusted_domain *trusted_domains;
- struct creds_CredentialState *creds;
- struct creds_CredentialState *creds_netlogon_wksta;
+ struct netlogon_creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds_netlogon_wksta;
struct policy_handle *connect_handle;
struct policy_handle *domain_handle[2];
struct dom_sid *sid[2];
@@ -578,7 +578,7 @@ static bool samsync_handle_user(struct torture_context *tctx, TALLOC_CTX *mem_ct
enum ndr_err_code ndr_err;
data.data = user->user_private_info.SensitiveData;
data.length = user->user_private_info.DataLength;
- creds_arcfour_crypt(samsync_state->creds, data.data, data.length);
+ netlogon_creds_arcfour_crypt(samsync_state->creds, data.data, data.length);
ndr_err = ndr_pull_struct_blob(&data, mem_ctx, lp_iconv_convenience(tctx->lp_ctx), &keys, (ndr_pull_flags_fn_t)ndr_pull_netr_USER_KEYS);
if (NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
if (keys.keys.keys2.lmpassword.length == 16) {
@@ -843,10 +843,10 @@ static bool samsync_handle_secret(TALLOC_CTX *mem_ctx, struct samsync_state *sam
DATA_BLOB lsa_blob1, lsa_blob_out, session_key;
NTSTATUS status;
- creds_arcfour_crypt(samsync_state->creds, secret->current_cipher.cipher_data,
+ netlogon_creds_arcfour_crypt(samsync_state->creds, secret->current_cipher.cipher_data,
secret->current_cipher.maxlen);
- creds_arcfour_crypt(samsync_state->creds, secret->old_cipher.cipher_data,
+ netlogon_creds_arcfour_crypt(samsync_state->creds, secret->old_cipher.cipher_data,
secret->old_cipher.maxlen);
nsec->name = talloc_reference(nsec, name);
@@ -1182,7 +1182,7 @@ static bool test_DatabaseSync(struct torture_context *tctx,
do {
loop_ctx = talloc_named(mem_ctx, 0, "DatabaseSync loop context");
- creds_client_authenticator(samsync_state->creds, &credential);
+ netlogon_creds_client_authenticator(samsync_state->creds, &credential);
r.in.credential = &credential;
@@ -1194,7 +1194,7 @@ static bool test_DatabaseSync(struct torture_context *tctx,
break;
}
- if (!creds_client_check(samsync_state->creds, &r.out.return_authenticator->cred)) {
+ if (!netlogon_creds_client_check(samsync_state->creds, &r.out.return_authenticator->cred)) {
printf("Credential chaining failed\n");
}
@@ -1395,7 +1395,7 @@ static bool test_DatabaseDeltas(struct samsync_state *samsync_state, TALLOC_CTX
do {
loop_ctx = talloc_named(mem_ctx, 0, "test_DatabaseDeltas loop context");
- creds_client_authenticator(samsync_state->creds, &credential);
+ netlogon_creds_client_authenticator(samsync_state->creds, &credential);
status = dcerpc_netr_DatabaseDeltas(samsync_state->p, loop_ctx, &r);
if (!NT_STATUS_IS_OK(status) &&
@@ -1405,7 +1405,7 @@ static bool test_DatabaseDeltas(struct samsync_state *samsync_state, TALLOC_CTX
ret = false;
}
- if (!creds_client_check(samsync_state->creds, &return_authenticator.cred)) {
+ if (!netlogon_creds_client_check(samsync_state->creds, &return_authenticator.cred)) {
printf("Credential chaining failed\n");
}
@@ -1422,7 +1422,7 @@ static bool test_DatabaseDeltas(struct samsync_state *samsync_state, TALLOC_CTX
try a netlogon DatabaseSync2
*/
static bool test_DatabaseSync2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
- struct creds_CredentialState *creds)
+ struct netlogon_creds_CredentialState *creds)
{
NTSTATUS status;
TALLOC_CTX *loop_ctx;
@@ -1455,7 +1455,7 @@ static bool test_DatabaseSync2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
do {
loop_ctx = talloc_named(mem_ctx, 0, "test_DatabaseSync2 loop context");
- creds_client_authenticator(creds, &credential);
+ netlogon_creds_client_authenticator(creds, &credential);
r.in.credential = &credential;
@@ -1466,7 +1466,7 @@ static bool test_DatabaseSync2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
ret = false;
}
- if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
+ if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
printf("Credential chaining failed\n");
}
diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c
index bc3cbeac3b..fc0087e4d3 100644
--- a/source4/torture/rpc/schannel.c
+++ b/source4/torture/rpc/schannel.c
@@ -43,7 +43,7 @@
*/
bool test_netlogon_ex_ops(struct dcerpc_pipe *p, struct torture_context *tctx,
struct cli_credentials *credentials,
- struct creds_CredentialState *creds)
+ struct netlogon_creds_CredentialState *creds)
{
NTSTATUS status;
struct netr_LogonSamLogonEx r;
@@ -259,7 +259,7 @@ static bool test_schannel(struct torture_context *tctx,
struct dcerpc_pipe *p_netlogon3 = NULL;
struct dcerpc_pipe *p_samr2 = NULL;
struct dcerpc_pipe *p_lsa = NULL;
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
struct cli_credentials *credentials;
join_ctx = torture_join_domain(tctx,
@@ -765,7 +765,7 @@ bool torture_rpc_schannel_bench1(struct torture_context *torture)
{
struct netr_ServerPasswordSet pwset;
char *password = generate_random_str(s->join_ctx1, 8);
- struct creds_CredentialState *creds_state;
+ struct netlogon_creds_CredentialState *creds_state;
struct dcerpc_pipe *net_pipe;
struct netr_Authenticator credential, return_authenticator;
struct samr_Password new_password;
@@ -793,14 +793,14 @@ bool torture_rpc_schannel_bench1(struct torture_context *torture)
creds_state = cli_credentials_get_netlogon_creds(
s->wks_creds1);
- creds_des_encrypt(creds_state, &new_password);
- creds_client_authenticator(creds_state, &credential);
+ netlogon_creds_des_encrypt(creds_state, &new_password);
+ netlogon_creds_client_authenticator(creds_state, &credential);
status = dcerpc_netr_ServerPasswordSet(net_pipe, torture, &pwset);
torture_assert_ntstatus_ok(torture, status,
"ServerPasswordSet failed");
- if (!creds_client_check(creds_state,
+ if (!netlogon_creds_client_check(creds_state,
&pwset.out.return_authenticator->cred)) {
printf("Credential chaining failed\n");
}
diff --git a/source4/winbind/wb_sam_logon.c b/source4/winbind/wb_sam_logon.c
index 5ceb6e4af0..fa3d6032c8 100644
--- a/source4/winbind/wb_sam_logon.c
+++ b/source4/winbind/wb_sam_logon.c
@@ -36,7 +36,7 @@ struct wb_sam_logon_state {
struct winbind_SamLogon *req;
- struct creds_CredentialState *creds_state;
+ struct netlogon_creds_CredentialState *creds_state;
struct netr_Authenticator auth1, auth2;
TALLOC_CTX *r_mem_ctx;
@@ -86,7 +86,7 @@ static void wb_sam_logon_recv_domain(struct composite_context *creq)
if (!composite_is_ok(s->ctx)) return;
s->creds_state = cli_credentials_get_netlogon_creds(domain->libnet_ctx->cred);
- creds_client_authenticator(s->creds_state, &s->auth1);
+ netlogon_creds_client_authenticator(s->creds_state, &s->auth1);
s->r.in.server_name = talloc_asprintf(s, "\\\\%s",
dcerpc_server_name(domain->netlogon_pipe));
@@ -135,8 +135,8 @@ static void wb_sam_logon_recv_samlogon(struct rpc_request *req)
if (!composite_is_ok(s->ctx)) return;
if ((s->r.out.return_authenticator == NULL) ||
- (!creds_client_check(s->creds_state,
- &s->r.out.return_authenticator->cred))) {
+ (!netlogon_creds_client_check(s->creds_state,
+ &s->r.out.return_authenticator->cred))) {
DEBUG(0, ("Credentials check failed!\n"));
composite_error(s->ctx, NT_STATUS_ACCESS_DENIED);
return;
@@ -145,9 +145,9 @@ static void wb_sam_logon_recv_samlogon(struct rpc_request *req)
/* Decrypt the session keys before we reform the info3, so the
* person on the other end of winbindd pipe doesn't have to.
* They won't have the encryption key anyway */
- creds_decrypt_samlogon(s->creds_state,
- s->r.in.validation_level,
- s->r.out.validation);
+ netlogon_creds_decrypt_samlogon(s->creds_state,
+ s->r.in.validation_level,
+ s->r.out.validation);
composite_done(s->ctx);
}