diff options
31 files changed, 186 insertions, 278 deletions
diff --git a/source4/client/client.c b/source4/client/client.c index fd5be73607..cd580dc756 100644 --- a/source4/client/client.c +++ b/source4/client/client.c @@ -2555,10 +2555,7 @@ static BOOL browse_host(const char *query_host) status = dcerpc_pipe_connect(&p, binding, DCERPC_SRVSVC_UUID, DCERPC_SRVSVC_VERSION, - lp_netbios_name(), - cli_credentials_get_domain(cmdline_credentials), - cli_credentials_get_username(cmdline_credentials), - cli_credentials_get_password(cmdline_credentials)); + cmdline_credentials); if (!NT_STATUS_IS_OK(status)) { d_printf("Failed to connect to %s - %s\n", binding, nt_errstr(status)); diff --git a/source4/gtk/common/gtk-smb.c b/source4/gtk/common/gtk-smb.c index f42516c854..06bca9bf86 100644 --- a/source4/gtk/common/gtk-smb.c +++ b/source4/gtk/common/gtk-smb.c @@ -297,19 +297,14 @@ GtkWidget *gtk_rpc_binding_dialog_new (BOOL nocredentials, struct sam_pipe *sam_ return GTK_WIDGET(d); } -const char *gtk_rpc_binding_dialog_get_username(GtkRpcBindingDialog *d) +struct cli_credentials *gtk_rpc_binding_dialog_get_credentials(GtkRpcBindingDialog *d) { - return gtk_entry_get_text(GTK_ENTRY(d->entry_username)); -} - -const char *gtk_rpc_binding_dialog_get_userdomain(GtkRpcBindingDialog *d) -{ - return gtk_entry_get_text(GTK_ENTRY(d->entry_userdomain)); -} - -const char *gtk_rpc_binding_dialog_get_password(GtkRpcBindingDialog *d) -{ - return gtk_entry_get_text(GTK_ENTRY(d->entry_password)); + struct cli_credentials *ret = talloc(d->mem_ctx, struct cli_credentials); + cli_credentials_set_username(ret, gtk_entry_get_text(GTK_ENTRY(d->entry_username)), CRED_SPECIFIED); + cli_credentials_set_password(ret, gtk_entry_get_text(GTK_ENTRY(d->entry_password)), CRED_SPECIFIED); + cli_credentials_set_domain(ret, gtk_entry_get_text(GTK_ENTRY(d->entry_userdomain)), CRED_SPECIFIED); + + return ret; } const char *gtk_rpc_binding_dialog_get_host(GtkRpcBindingDialog *d) diff --git a/source4/gtk/common/gtk-smb.h b/source4/gtk/common/gtk-smb.h index e85eb5be85..e78e8541f8 100644 --- a/source4/gtk/common/gtk-smb.h +++ b/source4/gtk/common/gtk-smb.h @@ -71,9 +71,7 @@ const char *gtk_select_host_dialog_get_host (GtkSelectHostDialog *d); GType gtk_select_host_dialog_get_type (void); void gtk_show_werror(GtkWidget *win, WERROR err); const char *gtk_rpc_binding_dialog_get_binding_string(GtkRpcBindingDialog *d, TALLOC_CTX *mem_ctx); -const char *gtk_rpc_binding_dialog_get_username(GtkRpcBindingDialog *d); -const char *gtk_rpc_binding_dialog_get_userdomain(GtkRpcBindingDialog *d); -const char *gtk_rpc_binding_dialog_get_password(GtkRpcBindingDialog *d); +struct cli_credentials *gtk_rpc_binding_dialog_get_credentials(GtkRpcBindingDialog *d); const char *gtk_rpc_binding_dialog_get_host(GtkRpcBindingDialog *d); GtkWidget *gtk_select_domain_dialog_new (struct dcerpc_pipe *sam_pipe); GType gtk_select_domain_dialog_get_type (void); diff --git a/source4/gtk/tools/gepdump.c b/source4/gtk/tools/gepdump.c index eeb927e43f..9a7d363a5e 100644 --- a/source4/gtk/tools/gepdump.c +++ b/source4/gtk/tools/gepdump.c @@ -25,6 +25,7 @@ #include "librpc/gen_ndr/ndr_mgmt.h" #include "gtk/common/select.h" #include "gtk/common/gtk-smb.h" +#include "lib/cmdline/popt_common.h" /* * Show: @@ -189,7 +190,7 @@ static void on_connect_clicked(GtkButton *btn, gpointer user_data) status = dcerpc_pipe_connect(&epmapper_pipe, bs, DCERPC_EPMAPPER_UUID, DCERPC_EPMAPPER_VERSION, - lp_netbios_name(), lp_workgroup(), "", ""); + cmdline_credentials); if (NT_STATUS_IS_ERR(status)) { gtk_show_ntstatus(mainwin, status); diff --git a/source4/gtk/tools/gregedit.c b/source4/gtk/tools/gregedit.c index 5c3f94cdba..ec4be2f57c 100644 --- a/source4/gtk/tools/gregedit.c +++ b/source4/gtk/tools/gregedit.c @@ -405,8 +405,7 @@ static void on_open_remote_activate(GtkMenuItem *menuitem, gpointer user_data) } error = reg_open_remote(®istry, - gtk_rpc_binding_dialog_get_username(GTK_RPC_BINDING_DIALOG(rpcwin)), - gtk_rpc_binding_dialog_get_password(GTK_RPC_BINDING_DIALOG(rpcwin)), + gtk_rpc_binding_dialog_get_credentials(GTK_RPC_BINDING_DIALOG(rpcwin)), gtk_rpc_binding_dialog_get_binding_string(GTK_RPC_BINDING_DIALOG(rpcwin), mem_ctx)); if(!W_ERROR_IS_OK(error)) { diff --git a/source4/gtk/tools/gwcrontab.c b/source4/gtk/tools/gwcrontab.c index 3212821c18..ad3c58ca83 100644 --- a/source4/gtk/tools/gwcrontab.c +++ b/source4/gtk/tools/gwcrontab.c @@ -107,10 +107,7 @@ on_connect_activate (GtkMenuItem *menuitem, gtk_rpc_binding_dialog_get_binding(d, mem_ctx), DCERPC_ATSVC_UUID, DCERPC_ATSVC_VERSION, - lp_netbios_name(), - gtk_rpc_binding_dialog_get_userdomain(d), - gtk_rpc_binding_dialog_get_username(d), - gtk_rpc_binding_dialog_get_password(d)); + gtk_rpc_binding_dialog_get_credentials(d)); if(!NT_STATUS_IS_OK(status)) { gtk_show_ntstatus(mainwin, status); diff --git a/source4/gtk/tools/gwsam.c b/source4/gtk/tools/gwsam.c index 1a6bc37f2f..0d435b278c 100644 --- a/source4/gtk/tools/gwsam.c +++ b/source4/gtk/tools/gwsam.c @@ -131,10 +131,8 @@ static void connect_sam(void) status = dcerpc_pipe_connect_b(&sam_pipe, gtk_rpc_binding_dialog_get_binding(d, mem_ctx), DCERPC_SAMR_UUID, DCERPC_SAMR_VERSION, - lp_netbios_name(), - gtk_rpc_binding_dialog_get_userdomain(d), - gtk_rpc_binding_dialog_get_username(d), - gtk_rpc_binding_dialog_get_password(d)); + gtk_rpc_binding_dialog_get_credentials(d) + ); if(!NT_STATUS_IS_OK(status)) { gtk_show_ntstatus(mainwin, status); diff --git a/source4/include/credentials.h b/source4/include/credentials.h index 7b223dad5a..a97bcfa333 100644 --- a/source4/include/credentials.h +++ b/source4/include/credentials.h @@ -51,3 +51,5 @@ struct cli_credentials { void *priv_data; }; + +#define cli_credentials_is_anonymous(c) (!(c) || !(c)->username || !(c)->username[0]) diff --git a/source4/lib/com/dcom/dcom.h b/source4/lib/com/dcom/dcom.h index 668d952124..1e15daf830 100644 --- a/source4/lib/com/dcom/dcom.h +++ b/source4/lib/com/dcom/dcom.h @@ -22,9 +22,7 @@ #define _DCOM_H struct dcom_client_context { - const char *domain; - const char *user; - const char *password; + struct cli_credentials *credentials; struct dcom_object_exporter { uint64_t oxid; struct DUALSTRINGARRAY bindings; diff --git a/source4/lib/com/dcom/main.c b/source4/lib/com/dcom/main.c index d3d44edc71..be350c32f5 100644 --- a/source4/lib/com/dcom/main.c +++ b/source4/lib/com/dcom/main.c @@ -30,12 +30,10 @@ #define DCOM_NEGOTIATED_PROTOCOLS { EPM_PROTOCOL_TCP, EPM_PROTOCOL_SMB, EPM_PROTOCOL_NCALRPC } -struct dcom_client_context *dcom_client_init(struct com_context *ctx, const char *domain, const char *user, const char *password) +struct dcom_client_context *dcom_client_init(struct com_context *ctx, struct cli_credentials *credentials) { ctx->dcom = talloc(ctx, struct dcom_client_context); - ctx->dcom->domain = domain; - ctx->dcom->user = user; - ctx->dcom->password = password; + ctx->dcom->credentials = credentials; return ctx->dcom; } @@ -86,8 +84,7 @@ static NTSTATUS dcom_connect_host(struct com_context *ctx, struct dcerpc_pipe ** return dcerpc_pipe_connect(p, "ncalrpc", DCERPC_IREMOTEACTIVATION_UUID, DCERPC_IREMOTEACTIVATION_VERSION, - lp_netbios_name(), - ctx->dcom->domain, ctx->dcom->user, ctx->dcom->password); + ctx->dcom->credentials); } /* Allow server name to contain a binding string */ @@ -95,8 +92,7 @@ static NTSTATUS dcom_connect_host(struct com_context *ctx, struct dcerpc_pipe ** status = dcerpc_pipe_connect_b(p, bd, DCERPC_IREMOTEACTIVATION_UUID, DCERPC_IREMOTEACTIVATION_VERSION, - lp_netbios_name(), - ctx->dcom->domain, ctx->dcom->user, ctx->dcom->password); + ctx->dcom->credentials); talloc_free(mem_ctx); return status; @@ -113,8 +109,7 @@ static NTSTATUS dcom_connect_host(struct com_context *ctx, struct dcerpc_pipe ** status = dcerpc_pipe_connect(p, binding, DCERPC_IREMOTEACTIVATION_UUID, DCERPC_IREMOTEACTIVATION_VERSION, - lp_netbios_name(), - ctx->dcom->domain, ctx->dcom->user, ctx->dcom->password); + ctx->dcom->credentials); if (NT_STATUS_IS_OK(status)) { talloc_free(mem_ctx); @@ -308,10 +303,7 @@ NTSTATUS dcom_get_pipe (struct IUnknown *iface, struct dcerpc_pipe **pp) } else { status = dcerpc_pipe_connect_b(&p, binding, uuid, 0.0, - lp_netbios_name(), - iface->ctx->dcom->domain, - iface->ctx->dcom->user, - iface->ctx->dcom->password); + iface->ctx->dcom->credentials); } talloc_free(binding); i++; diff --git a/source4/lib/credentials.c b/source4/lib/credentials.c index 5c78d2b2e6..1c65bd2aff 100644 --- a/source4/lib/credentials.c +++ b/source4/lib/credentials.c @@ -24,6 +24,10 @@ const char *cli_credentials_get_username(struct cli_credentials *cred) { + if (cred == NULL) { + return NULL; + } + if (cred->username_obtained == CRED_CALLBACK) { cred->username = cred->username_cb(cred); cred->username_obtained = CRED_SPECIFIED; @@ -45,6 +49,10 @@ BOOL cli_credentials_set_username(struct cli_credentials *cred, const char *val, const char *cli_credentials_get_password(struct cli_credentials *cred) { + if (cred == NULL) { + return NULL; + } + if (cred->password_obtained == CRED_CALLBACK) { cred->password = cred->password_cb(cred); cred->password_obtained = CRED_SPECIFIED; @@ -66,6 +74,10 @@ BOOL cli_credentials_set_password(struct cli_credentials *cred, const char *val, const char *cli_credentials_get_domain(struct cli_credentials *cred) { + if (cred == NULL) { + return NULL; + } + if (cred->domain_obtained == CRED_CALLBACK) { cred->domain = cred->domain_cb(cred); cred->domain_obtained = CRED_SPECIFIED; @@ -87,7 +99,11 @@ BOOL cli_credentials_set_domain(struct cli_credentials *cred, const char *val, e } const char *cli_credentials_get_realm(struct cli_credentials *cred) -{ +{ + if (cred == NULL) { + return NULL; + } + if (cred->realm_obtained == CRED_CALLBACK) { cred->realm = cred->realm_cb(cred); cred->realm_obtained = CRED_SPECIFIED; @@ -109,6 +125,10 @@ BOOL cli_credentials_set_realm(struct cli_credentials *cred, const char *val, en const char *cli_credentials_get_workstation(struct cli_credentials *cred) { + if (cred == NULL) { + return NULL; + } + if (cred->workstation_obtained == CRED_CALLBACK) { cred->workstation = cred->workstation_cb(cred); cred->workstation_obtained = CRED_SPECIFIED; @@ -246,7 +266,7 @@ void cli_credentials_parse_string(struct cli_credentials *credentials, const cha uname = talloc_strdup(credentials, data); cli_credentials_set_username(credentials, uname, obtained); - if ((p = strchr_m(uname,'\\'))) { + if ((p = strchr_m(uname,'\\')) || (p = strchr_m(uname, '/'))) { *p = 0; cli_credentials_set_domain(credentials, uname, obtained); credentials->username = uname = p+1; diff --git a/source4/lib/registry/reg_backend_rpc.c b/source4/lib/registry/reg_backend_rpc.c index 4a285262c6..a72d104521 100644 --- a/source4/lib/registry/reg_backend_rpc.c +++ b/source4/lib/registry/reg_backend_rpc.c @@ -369,7 +369,7 @@ static struct hive_operations reg_backend_rpc = { .num_values = rpc_num_values, }; -WERROR reg_open_remote (struct registry_context **ctx, const char *user, const char *pass, const char *location) +WERROR reg_open_remote (struct registry_context **ctx, struct cli_credentials *credentials, const char *location) { NTSTATUS status; struct dcerpc_pipe *p; @@ -384,9 +384,7 @@ WERROR reg_open_remote (struct registry_context **ctx, const char *user, const c status = dcerpc_pipe_connect(&p, location, DCERPC_WINREG_UUID, DCERPC_WINREG_VERSION, - lp_netbios_name(), - lp_workgroup(), - user, pass); + credentials); (*ctx)->backend_data = p; if(NT_STATUS_IS_ERR(status)) { diff --git a/source4/lib/registry/tools/regdiff.c b/source4/lib/registry/tools/regdiff.c index 7206e1e44d..dfc8be13ca 100644 --- a/source4/lib/registry/tools/regdiff.c +++ b/source4/lib/registry/tools/regdiff.c @@ -146,8 +146,9 @@ static void writediff(struct registry_key *oldkey, struct registry_key *newkey, else if (!h2) error = reg_open_local(&h2); break; case 'R': - if (!h1 && !from_null) error = reg_open_remote(&h1, cli_credentials_get_username(cmdline_credentials), cli_credentials_get_password(cmdline_credentials), poptGetOptArg(pc)); - else if (!h2) error = reg_open_remote(&h2, cli_credentials_get_username(cmdline_credentials), cli_credentials_get_password(cmdline_credentials), poptGetOptArg(pc)); + if (!h1 && !from_null) + error = reg_open_remote(&h1, cmdline_credentials, poptGetOptArg(pc)); + else if (!h2) error = reg_open_remote(&h2, cmdline_credentials, poptGetOptArg(pc)); break; } diff --git a/source4/lib/registry/tools/regpatch.c b/source4/lib/registry/tools/regpatch.c index ce3d9a7e1b..2462fd8241 100644 --- a/source4/lib/registry/tools/regpatch.c +++ b/source4/lib/registry/tools/regpatch.c @@ -769,7 +769,7 @@ static int nt_apply_reg_command_file(struct registry_context *r, const char *cmd setup_logging(argv[0], True); if (remote) { - error = reg_open_remote (&h, cli_credentials_get_username(cmdline_credentials), cli_credentials_get_password(cmdline_credentials), remote); + error = reg_open_remote (&h, cmdline_credentials, remote); } else { error = reg_open_local (&h); } diff --git a/source4/lib/registry/tools/regshell.c b/source4/lib/registry/tools/regshell.c index cab2c5e34b..bb7533e55e 100644 --- a/source4/lib/registry/tools/regshell.c +++ b/source4/lib/registry/tools/regshell.c @@ -395,7 +395,7 @@ static char **reg_completion(const char *text, int start, int end) setup_logging("regtree", True); if (remote) { - error = reg_open_remote (&h, cli_credentials_get_username(cmdline_credentials), cli_credentials_get_password(cmdline_credentials), remote); + error = reg_open_remote (&h, cmdline_credentials, remote); } else if (backend) { error = reg_open_hive(NULL, backend, poptGetArg(pc), NULL, &curkey); } else { diff --git a/source4/lib/registry/tools/regtree.c b/source4/lib/registry/tools/regtree.c index 81a7fb7f99..72cb0670de 100644 --- a/source4/lib/registry/tools/regtree.c +++ b/source4/lib/registry/tools/regtree.c @@ -105,7 +105,7 @@ static void print_tree(int l, struct registry_key *p, int fullpath, int novals) setup_logging("regtree", True); if (remote) { - error = reg_open_remote(&h, cli_credentials_get_username(cmdline_credentials), cli_credentials_get_password(cmdline_credentials), remote); + error = reg_open_remote(&h, cmdline_credentials, remote); } else if (backend) { error = reg_open_hive(NULL, backend, poptGetArg(pc), NULL, &root); } else { diff --git a/source4/libcli/auth/gensec.c b/source4/libcli/auth/gensec.c index d3fa7daae3..69de016156 100644 --- a/source4/libcli/auth/gensec.c +++ b/source4/libcli/auth/gensec.c @@ -511,65 +511,10 @@ BOOL gensec_have_feature(struct gensec_security *gensec_security, * */ -NTSTATUS gensec_set_unparsed_username(struct gensec_security *gensec_security, const char *user) -{ - char *p; - char *u = talloc_strdup(gensec_security, user); - if (!u) { - return NT_STATUS_NO_MEMORY; - } - - p = strchr_m(user, '@'); - - if (p) { - *p = '\0'; - gensec_security->user.name = talloc_strdup(gensec_security, u); - if (!gensec_security->user.name) { - return NT_STATUS_NO_MEMORY; - } - - gensec_security->user.realm = talloc_strdup(gensec_security, p+1); - if (!gensec_security->user.realm) { - return NT_STATUS_NO_MEMORY; - } - return NT_STATUS_OK; - } - - p = strchr_m(user, '\\'); - if (!p) { - p = strchr_m(user, '/'); - } - - if (p) { - *p = '\0'; - gensec_security->user.domain = talloc_strdup(gensec_security, u); - if (!gensec_security->user.domain) { - return NT_STATUS_NO_MEMORY; - } - gensec_security->user.name = talloc_strdup(gensec_security, p+1); - if (!gensec_security->user.name) { - return NT_STATUS_NO_MEMORY; - } - - return NT_STATUS_OK; - } - - gensec_security->user.name = u; - if (!gensec_security->user.name) { - return NT_STATUS_NO_MEMORY; - } - return NT_STATUS_OK; -} - -/** - * Set a username on a GENSEC context - ensures it is talloc()ed - * - */ - NTSTATUS gensec_set_username(struct gensec_security *gensec_security, const char *user) { gensec_security->user.name = talloc_strdup(gensec_security, user); - if (!gensec_security->user.name) { + if (user && !gensec_security->user.name) { return NT_STATUS_NO_MEMORY; } return NT_STATUS_OK; @@ -596,7 +541,7 @@ const char *gensec_get_username(struct gensec_security *gensec_security) NTSTATUS gensec_set_domain(struct gensec_security *gensec_security, const char *domain) { gensec_security->user.domain = talloc_strdup(gensec_security, domain); - if (!gensec_security->user.domain) { + if (domain && !gensec_security->user.domain) { return NT_STATUS_NO_MEMORY; } return NT_STATUS_OK; @@ -625,7 +570,7 @@ const char *gensec_get_domain(struct gensec_security *gensec_security) NTSTATUS gensec_set_workstation(struct gensec_security *gensec_security, const char *workstation) { gensec_security->user.workstation = talloc_strdup(gensec_security, workstation); - if (!gensec_security->user.workstation) { + if (workstation && !gensec_security->user.workstation) { return NT_STATUS_NO_MEMORY; } return NT_STATUS_OK; @@ -653,7 +598,7 @@ const char *gensec_get_workstation(struct gensec_security *gensec_security) NTSTATUS gensec_set_realm(struct gensec_security *gensec_security, const char *realm) { gensec_security->user.realm = talloc_strdup(gensec_security, realm); - if (!gensec_security->user.realm) { + if (realm && !gensec_security->user.realm) { return NT_STATUS_NO_MEMORY; } return NT_STATUS_OK; diff --git a/source4/libnet/libnet_rpc.c b/source4/libnet/libnet_rpc.c index 221ccf77ea..7e941aac76 100644 --- a/source4/libnet/libnet_rpc.c +++ b/source4/libnet/libnet_rpc.c @@ -101,10 +101,7 @@ static NTSTATUS libnet_rpc_connect_standard(struct libnet_context *ctx, TALLOC_C binding, r->standard.in.dcerpc_iface_uuid, r->standard.in.dcerpc_iface_version, - lp_netbios_name(), - cli_credentials_get_domain(ctx->credentials), - cli_credentials_get_username(ctx->credentials), - cli_credentials_get_password(ctx->credentials)); + ctx->credentials); if (!NT_STATUS_IS_OK(status)) { r->standard.out.error_string = talloc_asprintf(mem_ctx, "dcerpc_pipe_connect to pipe %s failed with %s\n", diff --git a/source4/librpc/rpc/dcerpc_auth.c b/source4/librpc/rpc/dcerpc_auth.c index ac74788ba6..c5bfe150bd 100644 --- a/source4/librpc/rpc/dcerpc_auth.c +++ b/source4/librpc/rpc/dcerpc_auth.c @@ -143,10 +143,7 @@ done: */ NTSTATUS dcerpc_bind_auth_password(struct dcerpc_pipe *p, const char *uuid, uint_t version, - const char *workstation, - const char *domain, - const char *username, - const char *password, + struct cli_credentials *credentials, uint8_t auth_type, const char *service) { @@ -162,28 +159,32 @@ NTSTATUS dcerpc_bind_auth_password(struct dcerpc_pipe *p, return status; } - status = gensec_set_workstation(p->conn->security_state.generic_state, workstation); + status = gensec_set_workstation(p->conn->security_state.generic_state, + cli_credentials_get_workstation(credentials)); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to start set GENSEC client workstation name to %s: %s\n", - workstation, nt_errstr(status))); + cli_credentials_get_workstation(credentials), nt_errstr(status))); return status; } - status = gensec_set_domain(p->conn->security_state.generic_state, domain); + status = gensec_set_domain(p->conn->security_state.generic_state, + cli_credentials_get_domain(credentials)); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to start set GENSEC client domain to %s: %s\n", - domain, nt_errstr(status))); + cli_credentials_get_domain(credentials), nt_errstr(status))); return status; } - status = gensec_set_username(p->conn->security_state.generic_state, username); + status = gensec_set_username(p->conn->security_state.generic_state, + cli_credentials_get_username(credentials)); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to start set GENSEC client username to %s: %s\n", - username, nt_errstr(status))); + cli_credentials_get_username(credentials), nt_errstr(status))); return status; } - status = gensec_set_password(p->conn->security_state.generic_state, password); + status = gensec_set_password(p->conn->security_state.generic_state, + cli_credentials_get_password(credentials)); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to start set GENSEC client password: %s\n", nt_errstr(status))); diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c index 170ddee1f3..bcdd1a923c 100644 --- a/source4/librpc/rpc/dcerpc_schannel.c +++ b/source4/librpc/rpc/dcerpc_schannel.c @@ -295,10 +295,7 @@ static NTSTATUS dcerpc_schannel_client_start(struct gensec_security *gensec_secu get a schannel key using a netlogon challenge on a secondary pipe */ static NTSTATUS dcerpc_schannel_key(struct dcerpc_pipe *p, - const char *workstation, - const char *domain, - const char *username, - const char *password, + struct cli_credentials *credentials, int chan_type, struct creds_CredentialState *creds) { @@ -319,7 +316,7 @@ static NTSTATUS dcerpc_schannel_key(struct dcerpc_pipe *p, negotiate_flags = NETLOGON_NEG_AUTH2_FLAGS; } - workgroup = domain; + workgroup = cli_credentials_get_domain(credentials); tmp_ctx = talloc_new(NULL); @@ -363,7 +360,7 @@ static NTSTATUS dcerpc_schannel_key(struct dcerpc_pipe *p, step 2 - request a netlogon challenge */ r.in.server_name = talloc_asprintf(p, "\\\\%s", dcerpc_server_name(p)); - r.in.computer_name = workstation; + r.in.computer_name = cli_credentials_get_workstation(credentials); r.in.credentials = &credentials1; r.out.credentials = &credentials2; @@ -377,16 +374,18 @@ static NTSTATUS dcerpc_schannel_key(struct dcerpc_pipe *p, /* step 3 - authenticate on the netlogon pipe */ - E_md4hash(password, mach_pwd.hash); + E_md4hash(cli_credentials_get_password(credentials), mach_pwd.hash); creds_client_init(creds, &credentials1, &credentials2, - workstation, domain, username, + cli_credentials_get_workstation(credentials), + cli_credentials_get_domain(credentials), + cli_credentials_get_username(credentials), &mach_pwd, &credentials3, negotiate_flags); a.in.server_name = r.in.server_name; - a.in.account_name = username; + a.in.account_name = cli_credentials_get_username(credentials); a.in.secure_channel_type = chan_type; - a.in.computer_name = workstation; + a.in.computer_name = cli_credentials_get_workstation(credentials); a.in.negotiate_flags = &negotiate_flags; a.out.negotiate_flags = &negotiate_flags; a.in.credentials = &credentials3; @@ -483,10 +482,7 @@ NTSTATUS dcerpc_bind_auth_schannel_withkey(struct dcerpc_pipe *p, NTSTATUS dcerpc_bind_auth_schannel(struct dcerpc_pipe *p, const char *uuid, uint_t version, - const char *workstation, - const char *domain, - const char *username, - const char *password) + struct cli_credentials *credentials) { NTSTATUS status; int chan_type = 0; @@ -504,10 +500,7 @@ NTSTATUS dcerpc_bind_auth_schannel(struct dcerpc_pipe *p, chan_type = SEC_CHAN_DOMAIN; } - status = dcerpc_schannel_key(p, domain, - workstation, - username, - password, + status = dcerpc_schannel_key(p, credentials, chan_type, creds); diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c index 91e6ea9397..4b245fd24d 100644 --- a/source4/librpc/rpc/dcerpc_util.c +++ b/source4/librpc/rpc/dcerpc_util.c @@ -796,6 +796,7 @@ NTSTATUS dcerpc_epm_map_binding(TALLOC_CTX *mem_ctx, struct dcerpc_binding *bind struct epm_twr_t twr, *twr_r; struct dcerpc_binding *epmapper_binding; const struct dcerpc_interface_table *table = idl_iface_by_uuid(uuid); + struct cli_credentials *credentials; int i; /* First, check if there is a default endpoint specified in the IDL */ @@ -834,11 +835,13 @@ NTSTATUS dcerpc_epm_map_binding(TALLOC_CTX *mem_ctx, struct dcerpc_binding *bind epmapper_binding->endpoint = NULL; epmapper_binding->authservice = NULL; + credentials = talloc_zero(mem_ctx, struct cli_credentials); + cli_credentials_guess(credentials); status = dcerpc_pipe_connect_b(&p, epmapper_binding, DCERPC_EPMAPPER_UUID, DCERPC_EPMAPPER_VERSION, - NULL, NULL, NULL, NULL); + credentials); if (!NT_STATUS_IS_OK(status)) { return status; @@ -903,10 +906,7 @@ NTSTATUS dcerpc_pipe_auth(struct dcerpc_pipe *p, struct dcerpc_binding *binding, const char *pipe_uuid, uint32_t pipe_version, - const char *workstation, - const char *domain, - const char *username, - const char *password) + struct cli_credentials *credentials) { NTSTATUS status; p->conn->flags = binding->flags; @@ -914,11 +914,11 @@ NTSTATUS dcerpc_pipe_auth(struct dcerpc_pipe *p, /* remember the binding string for possible secondary connections */ p->conn->binding_string = dcerpc_binding_string(p, binding); - if (username && username[0] && (binding->flags & DCERPC_SCHANNEL_ANY)) { + if (cli_credentials_is_anonymous(credentials) && + (binding->flags & DCERPC_SCHANNEL_ANY)) { status = dcerpc_bind_auth_schannel(p, pipe_uuid, pipe_version, - domain, workstation, - username, password); - } else if (username && username[0]) { + credentials); + } else if (cli_credentials_is_anonymous(credentials)) { uint8_t auth_type; if (binding->flags & DCERPC_AUTH_SPNEGO) { auth_type = DCERPC_AUTH_TYPE_SPNEGO; @@ -929,10 +929,8 @@ NTSTATUS dcerpc_pipe_auth(struct dcerpc_pipe *p, } status = dcerpc_bind_auth_password(p, pipe_uuid, pipe_version, - workstation, - domain, username, password, - auth_type, - binding->authservice); + credentials, auth_type, + binding->authservice); } else { status = dcerpc_bind_auth_none(p, pipe_uuid, pipe_version); } @@ -950,10 +948,7 @@ static NTSTATUS dcerpc_pipe_connect_ncacn_np(struct dcerpc_pipe **pp, struct dcerpc_binding *binding, const char *pipe_uuid, uint32_t pipe_version, - const char *workstation, - const char *domain, - const char *username, - const char *password) + struct cli_credentials *credentials) { struct dcerpc_pipe *p; NTSTATUS status; @@ -983,18 +978,21 @@ static NTSTATUS dcerpc_pipe_connect_ncacn_np(struct dcerpc_pipe **pp, pipe_name = binding->endpoint; - if (!username || !username[0] || + if (cli_credentials_is_anonymous(credentials) || (binding->flags & DCERPC_SCHANNEL_ANY)) { - status = smbcli_full_connection(p->conn, &cli, workstation, + status = smbcli_full_connection(p->conn, &cli, + cli_credentials_get_workstation(credentials), binding->host, "ipc$", NULL, "", "", NULL); } else { - status = smbcli_full_connection(p->conn, &cli, workstation, + status = smbcli_full_connection(p->conn, &cli, + cli_credentials_get_workstation(credentials), binding->host, "ipc$", NULL, - username, domain, - password); + cli_credentials_get_username(credentials), + cli_credentials_get_domain(credentials), + cli_credentials_get_password(credentials)); } if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("Failed to connect to %s - %s\n", binding->host, nt_errstr(status))); @@ -1009,10 +1007,6 @@ static NTSTATUS dcerpc_pipe_connect_ncacn_np(struct dcerpc_pipe **pp, return status; } - if (!(binding->flags & DCERPC_AUTH_OPTIONS)) { - username = NULL; - } - (*pp) = p; talloc_free(tmp_ctx); @@ -1156,17 +1150,13 @@ NTSTATUS dcerpc_pipe_connect_b(struct dcerpc_pipe **pp, struct dcerpc_binding *binding, const char *pipe_uuid, uint32_t pipe_version, - const char *workstation, - const char *domain, - const char *username, - const char *password) + struct cli_credentials *credentials) { NTSTATUS status = NT_STATUS_INVALID_PARAMETER; switch (binding->transport) { case NCACN_NP: - status = dcerpc_pipe_connect_ncacn_np(pp, binding, pipe_uuid, pipe_version, - workstation, domain, username, password); + status = dcerpc_pipe_connect_ncacn_np(pp, binding, pipe_uuid, pipe_version, credentials); break; case NCACN_IP_TCP: status = dcerpc_pipe_connect_ncacn_ip_tcp(pp, binding, pipe_uuid, pipe_version); @@ -1185,7 +1175,7 @@ NTSTATUS dcerpc_pipe_connect_b(struct dcerpc_pipe **pp, return status; } - status = dcerpc_pipe_auth(*pp, binding, pipe_uuid, pipe_version, workstation, domain, username, password); + status = dcerpc_pipe_auth(*pp, binding, pipe_uuid, pipe_version, credentials); if (!NT_STATUS_IS_OK(status)) { talloc_free(*pp); *pp = NULL; @@ -1202,10 +1192,7 @@ NTSTATUS dcerpc_pipe_connect(struct dcerpc_pipe **pp, const char *binding, const char *pipe_uuid, uint32_t pipe_version, - const char *workstation, - const char *domain, - const char *username, - const char *password) + struct cli_credentials *credentials) { struct dcerpc_binding *b; NTSTATUS status; @@ -1225,8 +1212,7 @@ NTSTATUS dcerpc_pipe_connect(struct dcerpc_pipe **pp, DEBUG(3,("Using binding %s\n", dcerpc_binding_string(tmp_ctx, b))); - status = dcerpc_pipe_connect_b(pp, b, pipe_uuid, pipe_version, workstation, - domain, username, password); + status = dcerpc_pipe_connect_b(pp, b, pipe_uuid, pipe_version, credentials); talloc_free(tmp_ctx); diff --git a/source4/rpc_server/remote/dcesrv_remote.c b/source4/rpc_server/remote/dcesrv_remote.c index 9ed6b5a1bd..4c25ace71e 100644 --- a/source4/rpc_server/remote/dcesrv_remote.c +++ b/source4/rpc_server/remote/dcesrv_remote.c @@ -31,6 +31,7 @@ static NTSTATUS remote_op_bind(struct dcesrv_call_state *dce_call, const struct NTSTATUS status; struct dcesrv_remote_private *private; const char *binding = lp_parm_string(-1, "dcerpc_remote", "binding"); + struct cli_credentials credentials; if (!binding) { DEBUG(0,("You must specify a ncacn binding string\n")); @@ -42,11 +43,12 @@ static NTSTATUS remote_op_bind(struct dcesrv_call_state *dce_call, const struct return NT_STATUS_NO_MEMORY; } - status = dcerpc_pipe_connect(&(private->c_pipe), binding, iface->uuid, iface->if_version, - lp_netbios_name(), - lp_workgroup(), - lp_parm_string(-1, "dcerpc_remote", "username"), - lp_parm_string(-1, "dcerpc_remote", "password")); + cli_credentials_set_username(&credentials, lp_parm_string(-1, "dcerpc_remote", "username"), CRED_SPECIFIED); + cli_credentials_set_workstation(&credentials, lp_netbios_name(), CRED_SPECIFIED); + cli_credentials_set_domain(&credentials, lp_workgroup(), CRED_SPECIFIED); + cli_credentials_set_password(&credentials, lp_parm_string(-1, "dcerpc_remote", "password"), CRED_SPECIFIED); + + status = dcerpc_pipe_connect(&(private->c_pipe), binding, iface->uuid, iface->if_version, &credentials); if (!NT_STATUS_IS_OK(status)) { return status; } diff --git a/source4/torture/com/simple.c b/source4/torture/com/simple.c index dfc3beff4e..128d84d1c7 100644 --- a/source4/torture/com/simple.c +++ b/source4/torture/com/simple.c @@ -22,6 +22,7 @@ #include "includes.h" #include "lib/com/com.h" #include "librpc/gen_ndr/com_dcom.h" +#include "lib/cmdline/popt_common.h" #define DEFAULT_TRANS 4096 @@ -39,7 +40,7 @@ static BOOL test_readwrite(TALLOC_CTX *mem_ctx, const char *host) int i; com_init(&ctx); - dcom_client_init(ctx, lp_parm_string(-1, "torture", "userdomain"), lp_parm_string(-1, "torture", "username"), lp_parm_string(-1, "torture", "password")); + dcom_client_init(ctx, cmdline_credentials); GUID_from_string(COM_ISTREAM_UUID, &IID[0]); GUID_from_string(COM_IUNKNOWN_UUID, &IID[1]); diff --git a/source4/torture/ldap/basic.c b/source4/torture/ldap/basic.c index 936a8dbe51..d0255abe01 100644 --- a/source4/torture/ldap/basic.c +++ b/source4/torture/ldap/basic.c @@ -23,6 +23,7 @@ #include "includes.h" #include "libcli/ldap/ldap.h" +#include "lib/cmdline/popt_common.h" BOOL test_bind_simple(struct ldap_connection *conn, const char *userdn, const char *password) { @@ -188,9 +189,9 @@ BOOL torture_ldap_basic(void) TALLOC_CTX *mem_ctx; BOOL ret = True; const char *host = lp_parm_string(-1, "torture", "host"); - const char *username = lp_parm_string(-1, "torture", "username"); - const char *domain = lp_parm_string(-1, "torture", "userdomain"); - const char *password = lp_parm_string(-1, "torture", "password"); + const char *username = cli_credentials_get_username(cmdline_credentials); + const char *domain = cli_credentials_get_domain(cmdline_credentials); + const char *password = cli_credentials_get_password(cmdline_credentials); const char *userdn = lp_parm_string(-1, "torture", "ldap_userdn"); /*const char *basedn = lp_parm_string(-1, "torture", "ldap_basedn");*/ const char *secret = lp_parm_string(-1, "torture", "ldap_secret"); diff --git a/source4/torture/raw/composite.c b/source4/torture/raw/composite.c index 9a0f924bfc..b9c7609b5f 100644 --- a/source4/torture/raw/composite.c +++ b/source4/torture/raw/composite.c @@ -24,6 +24,7 @@ #include "lib/events/events.h" #include "libcli/raw/libcliraw.h" #include "libcli/composite/composite.h" +#include "lib/cmdline/popt_common.h" #define BASEDIR "\\composite" @@ -149,9 +150,10 @@ static BOOL test_fetchfile(struct smbcli_state *cli, TALLOC_CTX *mem_ctx) io2.in.calling_name = lp_netbios_name(); io2.in.service = lp_parm_string(-1, "torture", "share"); io2.in.service_type = "A:"; - io2.in.user = lp_parm_string(-1, "torture", "username"); - io2.in.domain = lp_parm_string(-1, "torture", "userdomain"); - io2.in.password = lp_parm_string(-1, "torture", "password"); + + io2.in.user = cli_credentials_get_username(cmdline_credentials); + io2.in.domain = cli_credentials_get_domain(cmdline_credentials); + io2.in.password = cli_credentials_get_password(cmdline_credentials); io2.in.filename = fname; printf("testing parallel fetchfile with %d ops\n", torture_numops); diff --git a/source4/torture/raw/context.c b/source4/torture/raw/context.c index cdf8388e93..3eb848eebd 100644 --- a/source4/torture/raw/context.c +++ b/source4/torture/raw/context.c @@ -22,6 +22,7 @@ #include "libcli/raw/libcliraw.h" #include "librpc/gen_ndr/ndr_security.h" #include "libcli/composite/composite.h" +#include "lib/cmdline/popt_common.h" #define BASEDIR "\\rawcontext" @@ -57,7 +58,6 @@ static BOOL test_session(struct smbcli_state *cli, TALLOC_CTX *mem_ctx) { NTSTATUS status; BOOL ret = True; - const char *username, *domain, *password; struct smbcli_session *session; struct smbcli_session *session2; struct smbcli_session *session3; @@ -76,18 +76,14 @@ static BOOL test_session(struct smbcli_state *cli, TALLOC_CTX *mem_ctx) return False; } - username = lp_parm_string(-1, "torture", "username"); - password = lp_parm_string(-1, "torture", "password"); - domain = lp_parm_string(-1, "torture", "userdomain"); - printf("create a second security context on the same transport\n"); session = smbcli_session_init(cli->transport, mem_ctx, False); setup.in.sesskey = cli->transport->negotiate.sesskey; setup.in.capabilities = cli->transport->negotiate.capabilities; /* ignored in secondary session setup, except by our libs, which care about the extended security bit */ - setup.in.password = password; - setup.in.user = username; - setup.in.domain = domain; + setup.in.password = cli_credentials_get_password(cmdline_credentials); + setup.in.user = cli_credentials_get_username(cmdline_credentials); + setup.in.domain = cli_credentials_get_domain(cmdline_credentials); status = smb_composite_sesssetup(session, &setup); CHECK_STATUS(status, NT_STATUS_OK); @@ -100,9 +96,10 @@ static BOOL test_session(struct smbcli_state *cli, TALLOC_CTX *mem_ctx) session2->vuid = session->vuid; setup.in.sesskey = cli->transport->negotiate.sesskey; setup.in.capabilities = cli->transport->negotiate.capabilities; /* ignored in secondary session setup, except by our libs, which care about the extended security bit */ - setup.in.password = password; - setup.in.user = username; - setup.in.domain = domain; + + setup.in.password = cli_credentials_get_password(cmdline_credentials); + setup.in.user = cli_credentials_get_username(cmdline_credentials); + setup.in.domain = cli_credentials_get_domain(cmdline_credentials); status = smb_composite_sesssetup(session2, &setup); CHECK_STATUS(status, NT_STATUS_OK); @@ -120,9 +117,11 @@ static BOOL test_session(struct smbcli_state *cli, TALLOC_CTX *mem_ctx) session3->vuid = session->vuid; setup.in.sesskey = cli->transport->negotiate.sesskey; setup.in.capabilities = 0; /* force a non extended security login (should fail) */ - setup.in.password = password; - setup.in.user = username; - setup.in.domain = domain; + + + setup.in.password = cli_credentials_get_password(cmdline_credentials); + setup.in.user = cli_credentials_get_username(cmdline_credentials); + setup.in.domain = cli_credentials_get_domain(cmdline_credentials); status = smb_composite_sesssetup(session3, &setup); CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED); diff --git a/source4/torture/rpc/bind.c b/source4/torture/rpc/bind.c index 3eb02c31eb..71eaec4f92 100644 --- a/source4/torture/rpc/bind.c +++ b/source4/torture/rpc/bind.c @@ -23,6 +23,7 @@ #include "includes.h" #include "librpc/gen_ndr/ndr_lsa.h" +#include "lib/cmdline/popt_common.h" /* This test is 'bogus' in that it doesn't actually perform to the @@ -37,10 +38,6 @@ BOOL torture_multi_bind(void) { struct dcerpc_pipe *p; - const char *workstation = lp_netbios_name(); - const char *domain = lp_parm_string(-1, "torture", "userdomain"); - const char *username = lp_parm_string(-1, "torture", "username"); - const char *password = lp_parm_string(-1, "torture", "password"); const char *pipe_uuid = DCERPC_LSARPC_UUID; uint32_t pipe_version = DCERPC_LSARPC_VERSION; struct dcerpc_binding *binding; @@ -68,7 +65,7 @@ BOOL torture_multi_bind(void) } status = dcerpc_pipe_auth(p, binding, pipe_uuid, pipe_version, - workstation, domain, username, password); + cmdline_credentials); if (NT_STATUS_IS_OK(status)) { printf("(incorrectly) allowed re-bind to uuid %s - %s\n", diff --git a/source4/torture/rpc/samlogon.c b/source4/torture/rpc/samlogon.c index e08eaca22e..1ee8f36b8e 100644 --- a/source4/torture/rpc/samlogon.c +++ b/source4/torture/rpc/samlogon.c @@ -26,6 +26,7 @@ #include "librpc/gen_ndr/ndr_netlogon.h" #include "auth/auth.h" #include "lib/crypto/crypto.h" +#include "lib/cmdline/popt_common.h" #define TEST_MACHINE_NAME "samlogontest" #define TEST_USER_NAME "samlogontestuser" @@ -1215,6 +1216,7 @@ BOOL torture_rpc_samlogon(void) NTSTATUS status; struct dcerpc_pipe *p; struct dcerpc_binding *b; + struct cli_credentials credentials; TALLOC_CTX *mem_ctx = talloc_init("torture_rpc_netlogon"); BOOL ret = True; struct test_join *join_ctx; @@ -1245,27 +1247,29 @@ BOOL torture_rpc_samlogon(void) BOOL network_login; } usercreds[] = { { - lp_parm_string(-1, "torture", "userdomain"), - lp_parm_string(-1, "torture", "username"), - lp_parm_string(-1, "torture", "password"), + cli_credentials_get_domain(cmdline_credentials), + cli_credentials_get_username(cmdline_credentials), + cli_credentials_get_password(cmdline_credentials), True }, { NULL, talloc_asprintf(mem_ctx, "%s@%s", - lp_parm_string(-1, "torture", "username"), - lp_parm_string(-1, "torture", "userdomain")), - lp_parm_string(-1, "torture", "password"), + cli_credentials_get_domain(cmdline_credentials), + cli_credentials_get_username(cmdline_credentials) + ), + cli_credentials_get_password(cmdline_credentials), False }, { NULL, talloc_asprintf(mem_ctx, "%s@%s", - lp_parm_string(-1, "torture", "username"), - lp_realm()), - lp_parm_string(-1, "torture", "password"), + cli_credentials_get_username(cmdline_credentials), + cli_credentials_get_realm(cmdline_credentials) + ), + cli_credentials_get_password(cmdline_credentials), True }, #if 0 @@ -1334,13 +1338,15 @@ BOOL torture_rpc_samlogon(void) b->flags &= ~DCERPC_AUTH_OPTIONS; b->flags |= DCERPC_SCHANNEL_WORKSTATION | DCERPC_SIGN | DCERPC_SCHANNEL_128; + cli_credentials_set_workstation(&credentials, TEST_MACHINE_NAME, CRED_SPECIFIED); + cli_credentials_set_domain(&credentials, lp_workgroup(), CRED_SPECIFIED); + cli_credentials_set_username(&credentials, test_machine_account, CRED_SPECIFIED); + cli_credentials_set_password(&credentials, machine_password, CRED_SPECIFIED); + status = dcerpc_pipe_connect_b(&p, b, DCERPC_NETLOGON_UUID, DCERPC_NETLOGON_VERSION, - TEST_MACHINE_NAME, - lp_workgroup(), - test_machine_account, - machine_password); + &credentials); if (!NT_STATUS_IS_OK(status)) { ret = False; diff --git a/source4/torture/rpc/samsync.c b/source4/torture/rpc/samsync.c index 505e331d19..b92752227c 100644 --- a/source4/torture/rpc/samsync.c +++ b/source4/torture/rpc/samsync.c @@ -1295,6 +1295,7 @@ BOOL torture_rpc_samsync(void) struct lsa_ObjectAttribute attr; struct lsa_QosInfo qos; struct lsa_OpenPolicy2 r; + struct cli_credentials credentials; struct samsync_state *samsync_state; @@ -1418,13 +1419,15 @@ BOOL torture_rpc_samsync(void) b->flags &= ~DCERPC_AUTH_OPTIONS; b->flags |= DCERPC_SCHANNEL_BDC | DCERPC_SIGN; + cli_credentials_set_workstation(&credentials, TEST_MACHINE_NAME, CRED_SPECIFIED); + cli_credentials_set_domain(&credentials, lp_workgroup(), CRED_SPECIFIED); + cli_credentials_set_username(&credentials, test_machine_account, CRED_SPECIFIED); + cli_credentials_set_password(&credentials, machine_password, CRED_SPECIFIED); + status = dcerpc_pipe_connect_b(&samsync_state->p, b, DCERPC_NETLOGON_UUID, DCERPC_NETLOGON_VERSION, - TEST_MACHINE_NAME, - lp_workgroup(), - test_machine_account, - machine_password); + &credentials); if (!NT_STATUS_IS_OK(status)) { printf("Failed to connect to server as a BDC: %s\n", nt_errstr(status)); @@ -1449,14 +1452,15 @@ BOOL torture_rpc_samsync(void) b_netlogon_wksta->flags &= ~DCERPC_AUTH_OPTIONS; b_netlogon_wksta->flags |= DCERPC_SCHANNEL_WORKSTATION | DCERPC_SIGN; + cli_credentials_set_workstation(&credentials, TEST_WKSTA_MACHINE_NAME, CRED_SPECIFIED); + cli_credentials_set_username(&credentials, test_wksta_machine_account, CRED_SPECIFIED); + cli_credentials_set_password(&credentials, wksta_machine_password, CRED_SPECIFIED); + status = dcerpc_pipe_connect_b(&samsync_state->p_netlogon_wksta, b_netlogon_wksta, DCERPC_NETLOGON_UUID, DCERPC_NETLOGON_VERSION, - TEST_WKSTA_MACHINE_NAME, - lp_workgroup(), - test_wksta_machine_account, - wksta_machine_password); + &credentials); if (!NT_STATUS_IS_OK(status)) { printf("Failed to connect to server as a Workstation: %s\n", nt_errstr(status)); diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c index 1b10e2a4f2..f572933bf5 100644 --- a/source4/torture/rpc/schannel.c +++ b/source4/torture/rpc/schannel.c @@ -127,6 +127,7 @@ static BOOL test_schannel(TALLOC_CTX *mem_ctx, struct dcerpc_pipe *p = NULL; struct dcerpc_pipe *p_netlogon = NULL; struct creds_CredentialState *creds; + struct cli_credentials credentials; char *test_machine_account = talloc_asprintf(NULL, "%s$", TEST_MACHINE_NAME); join_ctx = torture_create_testuser(test_machine_account, lp_workgroup(), @@ -145,13 +146,14 @@ static BOOL test_schannel(TALLOC_CTX *mem_ctx, b->flags &= ~DCERPC_AUTH_OPTIONS; b->flags |= dcerpc_flags; + cli_credentials_set_domain(&credentials, lp_workgroup(), CRED_SPECIFIED); + cli_credentials_set_workstation(&credentials, TEST_MACHINE_NAME, CRED_SPECIFIED); + cli_credentials_set_username(&credentials, test_machine_account, CRED_SPECIFIED); + cli_credentials_set_password(&credentials, machine_password, CRED_SPECIFIED); status = dcerpc_pipe_connect_b(&p, b, DCERPC_SAMR_UUID, DCERPC_SAMR_VERSION, - TEST_MACHINE_NAME, - lp_workgroup(), - test_machine_account, - machine_password); + &credentials); if (!NT_STATUS_IS_OK(status)) { printf("Failed to connect with schannel: %s\n", nt_errstr(status)); goto failed; diff --git a/source4/torture/torture.c b/source4/torture/torture.c index c7762f1b8a..dce91452f1 100644 --- a/source4/torture/torture.c +++ b/source4/torture/torture.c @@ -80,9 +80,9 @@ BOOL torture_open_connection_share(struct smbcli_state **c, const char *sharename) { NTSTATUS status; - const char *username = lp_parm_string(-1, "torture", "username"); - const char *userdomain = lp_parm_string(-1, "torture", "userdomain"); - const char *password = lp_parm_string(-1, "torture", "password"); + const char *username = cli_credentials_get_username(cmdline_credentials); + const char *userdomain = cli_credentials_get_domain(cmdline_credentials); + const char *password = cli_credentials_get_password(cmdline_credentials); status = smbcli_full_connection(NULL, c, lp_netbios_name(), @@ -138,10 +138,7 @@ NTSTATUS torture_rpc_connection(struct dcerpc_pipe **p, } status = dcerpc_pipe_connect(p, binding, pipe_uuid, pipe_version, - lp_netbios_name(), - lp_parm_string(-1, "torture", "userdomain"), - lp_parm_string(-1, "torture", "username"), - lp_parm_string(-1, "torture", "password")); + cmdline_credentials); return status; } @@ -173,10 +170,8 @@ NTSTATUS torture_rpc_connection_transport(struct dcerpc_pipe **p, b->transport = transport; status = dcerpc_pipe_connect_b(p, b, pipe_uuid, pipe_version, - lp_netbios_name(), - lp_parm_string(-1, "torture", "userdomain"), - lp_parm_string(-1, "torture", "username"), - lp_parm_string(-1, "torture", "password")); + cmdline_credentials); + return status; } @@ -731,9 +726,9 @@ static BOOL run_tcon_devtype_test(void) BOOL ret = True; const char *host = lp_parm_string(-1, "torture", "host"); const char *share = lp_parm_string(-1, "torture", "share"); - const char *username = lp_parm_string(-1, "torture", "username"); - const char *userdomain = lp_parm_string(-1, "torture", "userdomain"); - const char *password = lp_parm_string(-1, "torture", "password"); + const char *username = cli_credentials_get_username(cmdline_credentials); + const char *userdomain = cli_credentials_get_domain(cmdline_credentials); + const char *password = cli_credentials_get_password(cmdline_credentials); status = smbcli_full_connection(NULL, &cli1, lp_netbios_name(), @@ -2728,25 +2723,6 @@ static BOOL is_binding_string(const char *binding_string) lp_set_cmdline("torture:binding", binding); } - if (!lp_parm_string(-1,"torture","username")) { - lp_set_cmdline("torture:username", cli_credentials_get_username(cmdline_credentials)); - } - if (!lp_parm_string(-1,"torture","userdomain")) { - /* - * backward compatibility - * maybe we should remove this to make this consistent - * for all cmdline tools - * --metze - */ - if (strequal(lp_netbios_name(),cli_credentials_get_domain(cmdline_credentials))) { - cli_credentials_set_domain(cmdline_credentials, lp_workgroup(), CRED_SPECIFIED); - } - lp_set_cmdline("torture:userdomain", cli_credentials_get_domain(cmdline_credentials)); - } - if (!lp_parm_string(-1,"torture","password")) { - lp_set_cmdline("torture:password", cli_credentials_get_password(cmdline_credentials)); - } - if (argc_new == 0) { printf("You must specify a test to run, or 'ALL'\n"); } else { |