2 Unix SMB/CIFS implementation.
4 code to manipulate domain credentials
6 Copyright (C) Andrew Tridgell 1997-2003
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "system/time.h"
25 #include "../lib/crypto/crypto.h"
26 #include "libcli/auth/libcli_auth.h"
27 #include "../libcli/security/dom_sid.h"
29 #include "libcli/util/gnutls_error.h"
30 #include <gnutls/gnutls.h>
31 #include <gnutls/crypto.h>
33 static void netlogon_creds_step_crypt(struct netlogon_creds_CredentialState *creds,
34 const struct netr_Credential *in,
35 struct netr_Credential *out)
37 if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
39 uint8_t iv[AES_BLOCK_SIZE] = {0};
41 AES_set_encrypt_key(creds->session_key, 128, &key);
43 aes_cfb8_encrypt(in->data, out->data, 8, &key, iv, AES_ENCRYPT);
45 des_crypt112(out->data, in->data, creds->session_key, 1);
50 initialise the credentials state for old-style 64 bit session keys
52 this call is made after the netr_ServerReqChallenge call
54 static void netlogon_creds_init_64bit(struct netlogon_creds_CredentialState *creds,
55 const struct netr_Credential *client_challenge,
56 const struct netr_Credential *server_challenge,
57 const struct samr_Password *machine_password)
62 sum[0] = IVAL(client_challenge->data, 0) + IVAL(server_challenge->data, 0);
63 sum[1] = IVAL(client_challenge->data, 4) + IVAL(server_challenge->data, 4);
68 ZERO_ARRAY(creds->session_key);
70 des_crypt128(creds->session_key, sum2, machine_password->hash);
74 initialise the credentials state for ADS-style 128 bit session keys
76 this call is made after the netr_ServerReqChallenge call
78 static NTSTATUS netlogon_creds_init_128bit(struct netlogon_creds_CredentialState *creds,
79 const struct netr_Credential *client_challenge,
80 const struct netr_Credential *server_challenge,
81 const struct samr_Password *machine_password)
83 uint8_t zero[4] = {0};
84 uint8_t tmp[gnutls_hash_get_len(GNUTLS_MAC_MD5)];
85 gnutls_hash_hd_t hash_hnd = NULL;
88 ZERO_ARRAY(creds->session_key);
90 rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
92 return gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
95 rc = gnutls_hash(hash_hnd, zero, sizeof(zero));
97 gnutls_hash_deinit(hash_hnd, NULL);
98 return gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
100 rc = gnutls_hash(hash_hnd, client_challenge->data, 8);
102 gnutls_hash_deinit(hash_hnd, NULL);
103 return gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
105 rc = gnutls_hash(hash_hnd, server_challenge->data, 8);
107 gnutls_hash_deinit(hash_hnd, NULL);
108 return gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
111 gnutls_hash_deinit(hash_hnd, tmp);
113 /* This doesn't require HMAC MD5 RFC2104 as the hash is only 16 bytes */
114 rc = gnutls_hmac_fast(GNUTLS_MAC_MD5,
115 machine_password->hash,
116 sizeof(machine_password->hash),
123 return gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
130 initialise the credentials state for AES/HMAC-SHA256-style 128 bit session keys
132 this call is made after the netr_ServerReqChallenge call
134 static NTSTATUS netlogon_creds_init_hmac_sha256(struct netlogon_creds_CredentialState *creds,
135 const struct netr_Credential *client_challenge,
136 const struct netr_Credential *server_challenge,
137 const struct samr_Password *machine_password)
139 gnutls_hmac_hd_t hmac_hnd = NULL;
140 uint8_t digest[gnutls_hash_get_len(GNUTLS_MAC_SHA256)];
143 ZERO_ARRAY(creds->session_key);
145 rc = gnutls_hmac_init(&hmac_hnd,
147 machine_password->hash,
148 sizeof(machine_password->hash));
150 return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
152 rc = gnutls_hmac(hmac_hnd,
153 client_challenge->data,
156 gnutls_hmac_deinit(hmac_hnd, NULL);
157 return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
159 rc = gnutls_hmac(hmac_hnd,
160 server_challenge->data,
163 gnutls_hmac_deinit(hmac_hnd, NULL);
164 return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
166 gnutls_hmac_deinit(hmac_hnd, digest);
168 memcpy(creds->session_key, digest, sizeof(creds->session_key));
175 static void netlogon_creds_first_step(struct netlogon_creds_CredentialState *creds,
176 const struct netr_Credential *client_challenge,
177 const struct netr_Credential *server_challenge)
179 netlogon_creds_step_crypt(creds, client_challenge, &creds->client);
181 netlogon_creds_step_crypt(creds, server_challenge, &creds->server);
183 creds->seed = creds->client;
187 step the credentials to the next element in the chain, updating the
188 current client and server credentials and the seed
190 static void netlogon_creds_step(struct netlogon_creds_CredentialState *creds)
192 struct netr_Credential time_cred;
194 DEBUG(5,("\tseed %08x:%08x\n",
195 IVAL(creds->seed.data, 0), IVAL(creds->seed.data, 4)));
197 SIVAL(time_cred.data, 0, IVAL(creds->seed.data, 0) + creds->sequence);
198 SIVAL(time_cred.data, 4, IVAL(creds->seed.data, 4));
200 DEBUG(5,("\tseed+time %08x:%08x\n", IVAL(time_cred.data, 0), IVAL(time_cred.data, 4)));
202 netlogon_creds_step_crypt(creds, &time_cred, &creds->client);
204 DEBUG(5,("\tCLIENT %08x:%08x\n",
205 IVAL(creds->client.data, 0), IVAL(creds->client.data, 4)));
207 SIVAL(time_cred.data, 0, IVAL(creds->seed.data, 0) + creds->sequence + 1);
208 SIVAL(time_cred.data, 4, IVAL(creds->seed.data, 4));
210 DEBUG(5,("\tseed+time+1 %08x:%08x\n",
211 IVAL(time_cred.data, 0), IVAL(time_cred.data, 4)));
213 netlogon_creds_step_crypt(creds, &time_cred, &creds->server);
215 DEBUG(5,("\tSERVER %08x:%08x\n",
216 IVAL(creds->server.data, 0), IVAL(creds->server.data, 4)));
218 creds->seed = time_cred;
223 DES encrypt a 8 byte LMSessionKey buffer using the Netlogon session key
225 void netlogon_creds_des_encrypt_LMKey(struct netlogon_creds_CredentialState *creds, struct netr_LMSessionKey *key)
227 struct netr_LMSessionKey tmp;
228 des_crypt56(tmp.key, key->key, creds->session_key, 1);
233 DES decrypt a 8 byte LMSessionKey buffer using the Netlogon session key
235 void netlogon_creds_des_decrypt_LMKey(struct netlogon_creds_CredentialState *creds, struct netr_LMSessionKey *key)
237 struct netr_LMSessionKey tmp;
238 des_crypt56(tmp.key, key->key, creds->session_key, 0);
243 DES encrypt a 16 byte password buffer using the session key
245 void netlogon_creds_des_encrypt(struct netlogon_creds_CredentialState *creds, struct samr_Password *pass)
247 struct samr_Password tmp;
248 des_crypt112_16(tmp.hash, pass->hash, creds->session_key, 1);
253 DES decrypt a 16 byte password buffer using the session key
255 void netlogon_creds_des_decrypt(struct netlogon_creds_CredentialState *creds, struct samr_Password *pass)
257 struct samr_Password tmp;
258 des_crypt112_16(tmp.hash, pass->hash, creds->session_key, 0);
263 ARCFOUR encrypt/decrypt a password buffer using the session key
265 void netlogon_creds_arcfour_crypt(struct netlogon_creds_CredentialState *creds, uint8_t *data, size_t len)
267 DATA_BLOB session_key = data_blob(creds->session_key, 16);
269 arcfour_crypt_blob(data, len, &session_key);
271 data_blob_free(&session_key);
275 AES encrypt a password buffer using the session key
277 void netlogon_creds_aes_encrypt(struct netlogon_creds_CredentialState *creds, uint8_t *data, size_t len)
280 uint8_t iv[AES_BLOCK_SIZE] = {0};
282 AES_set_encrypt_key(creds->session_key, 128, &key);
284 aes_cfb8_encrypt(data, data, len, &key, iv, AES_ENCRYPT);
288 AES decrypt a password buffer using the session key
290 void netlogon_creds_aes_decrypt(struct netlogon_creds_CredentialState *creds, uint8_t *data, size_t len)
293 uint8_t iv[AES_BLOCK_SIZE] = {0};
295 AES_set_encrypt_key(creds->session_key, 128, &key);
297 aes_cfb8_encrypt(data, data, len, &key, iv, AES_DECRYPT);
300 /*****************************************************************
301 The above functions are common to the client and server interface
302 next comes the client specific functions
303 ******************************************************************/
306 initialise the credentials chain and return the first client
310 struct netlogon_creds_CredentialState *netlogon_creds_client_init(TALLOC_CTX *mem_ctx,
311 const char *client_account,
312 const char *client_computer_name,
313 uint16_t secure_channel_type,
314 const struct netr_Credential *client_challenge,
315 const struct netr_Credential *server_challenge,
316 const struct samr_Password *machine_password,
317 struct netr_Credential *initial_credential,
318 uint32_t negotiate_flags)
320 struct netlogon_creds_CredentialState *creds = talloc_zero(mem_ctx, struct netlogon_creds_CredentialState);
327 creds->sequence = time(NULL);
328 creds->negotiate_flags = negotiate_flags;
329 creds->secure_channel_type = secure_channel_type;
331 creds->computer_name = talloc_strdup(creds, client_computer_name);
332 if (!creds->computer_name) {
336 creds->account_name = talloc_strdup(creds, client_account);
337 if (!creds->account_name) {
342 dump_data_pw("Client chall", client_challenge->data, sizeof(client_challenge->data));
343 dump_data_pw("Server chall", server_challenge->data, sizeof(server_challenge->data));
344 dump_data_pw("Machine Pass", machine_password->hash, sizeof(machine_password->hash));
346 if (negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
347 status = netlogon_creds_init_hmac_sha256(creds,
351 if (!NT_STATUS_IS_OK(status)) {
355 } else if (negotiate_flags & NETLOGON_NEG_STRONG_KEYS) {
356 status = netlogon_creds_init_128bit(creds,
360 if (!NT_STATUS_IS_OK(status)) {
365 netlogon_creds_init_64bit(creds, client_challenge, server_challenge, machine_password);
368 netlogon_creds_first_step(creds, client_challenge, server_challenge);
370 dump_data_pw("Session key", creds->session_key, 16);
371 dump_data_pw("Credential ", creds->client.data, 8);
373 *initial_credential = creds->client;
378 initialise the credentials structure with only a session key. The caller better know what they are doing!
381 struct netlogon_creds_CredentialState *netlogon_creds_client_init_session_key(TALLOC_CTX *mem_ctx,
382 const uint8_t session_key[16])
384 struct netlogon_creds_CredentialState *creds;
386 creds = talloc_zero(mem_ctx, struct netlogon_creds_CredentialState);
391 memcpy(creds->session_key, session_key, 16);
397 step the credentials to the next element in the chain, updating the
398 current client and server credentials and the seed
400 produce the next authenticator in the sequence ready to send to
403 void netlogon_creds_client_authenticator(struct netlogon_creds_CredentialState *creds,
404 struct netr_Authenticator *next)
406 uint32_t t32n = (uint32_t)time(NULL);
409 * we always increment and ignore an overflow here
411 creds->sequence += 2;
413 if (t32n > creds->sequence) {
415 * we may increment more
417 creds->sequence = t32n;
419 uint32_t d = creds->sequence - t32n;
421 if (d >= INT32_MAX) {
423 * got an overflow of time_t vs. uint32_t
425 creds->sequence = t32n;
429 netlogon_creds_step(creds);
431 next->cred = creds->client;
432 next->timestamp = creds->sequence;
436 check that a credentials reply from a server is correct
438 bool netlogon_creds_client_check(struct netlogon_creds_CredentialState *creds,
439 const struct netr_Credential *received_credentials)
441 if (!received_credentials ||
442 memcmp(received_credentials->data, creds->server.data, 8) != 0) {
443 DEBUG(2,("credentials check failed\n"));
450 /*****************************************************************
451 The above functions are common to the client and server interface
452 next comes the server specific functions
453 ******************************************************************/
456 check that a credentials reply from a server is correct
458 static bool netlogon_creds_server_check_internal(const struct netlogon_creds_CredentialState *creds,
459 const struct netr_Credential *received_credentials)
461 if (memcmp(received_credentials->data, creds->client.data, 8) != 0) {
462 DEBUG(2,("credentials check failed\n"));
463 dump_data_pw("client creds", creds->client.data, 8);
464 dump_data_pw("calc creds", received_credentials->data, 8);
471 initialise the credentials chain and return the first server
474 struct netlogon_creds_CredentialState *netlogon_creds_server_init(TALLOC_CTX *mem_ctx,
475 const char *client_account,
476 const char *client_computer_name,
477 uint16_t secure_channel_type,
478 const struct netr_Credential *client_challenge,
479 const struct netr_Credential *server_challenge,
480 const struct samr_Password *machine_password,
481 const struct netr_Credential *credentials_in,
482 struct netr_Credential *credentials_out,
483 uint32_t negotiate_flags)
486 struct netlogon_creds_CredentialState *creds = talloc_zero(mem_ctx, struct netlogon_creds_CredentialState);
492 creds->negotiate_flags = negotiate_flags;
493 creds->secure_channel_type = secure_channel_type;
495 dump_data_pw("Client chall", client_challenge->data, sizeof(client_challenge->data));
496 dump_data_pw("Server chall", server_challenge->data, sizeof(server_challenge->data));
497 dump_data_pw("Machine Pass", machine_password->hash, sizeof(machine_password->hash));
499 creds->computer_name = talloc_strdup(creds, client_computer_name);
500 if (!creds->computer_name) {
504 creds->account_name = talloc_strdup(creds, client_account);
505 if (!creds->account_name) {
510 if (negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
513 status = netlogon_creds_init_hmac_sha256(creds,
517 if (!NT_STATUS_IS_OK(status)) {
521 } else if (negotiate_flags & NETLOGON_NEG_STRONG_KEYS) {
522 netlogon_creds_init_128bit(creds, client_challenge, server_challenge,
525 netlogon_creds_init_64bit(creds, client_challenge, server_challenge,
529 netlogon_creds_first_step(creds, client_challenge, server_challenge);
531 dump_data_pw("Session key", creds->session_key, 16);
532 dump_data_pw("Client Credential ", creds->client.data, 8);
533 dump_data_pw("Server Credential ", creds->server.data, 8);
535 dump_data_pw("Credentials in", credentials_in->data, sizeof(credentials_in->data));
537 /* And before we leak information about the machine account
538 * password, check that they got the first go right */
539 if (!netlogon_creds_server_check_internal(creds, credentials_in)) {
544 *credentials_out = creds->server;
546 dump_data_pw("Credentials out", credentials_out->data, sizeof(credentials_out->data));
551 NTSTATUS netlogon_creds_server_step_check(struct netlogon_creds_CredentialState *creds,
552 const struct netr_Authenticator *received_authenticator,
553 struct netr_Authenticator *return_authenticator)
555 if (!received_authenticator || !return_authenticator) {
556 return NT_STATUS_INVALID_PARAMETER;
560 return NT_STATUS_ACCESS_DENIED;
563 creds->sequence = received_authenticator->timestamp;
564 netlogon_creds_step(creds);
565 if (netlogon_creds_server_check_internal(creds, &received_authenticator->cred)) {
566 return_authenticator->cred = creds->server;
567 return_authenticator->timestamp = 0;
570 ZERO_STRUCTP(return_authenticator);
571 return NT_STATUS_ACCESS_DENIED;
575 static void netlogon_creds_crypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
576 uint16_t validation_level,
577 union netr_Validation *validation,
580 struct netr_SamBaseInfo *base = NULL;
582 if (validation == NULL) {
586 switch (validation_level) {
588 if (validation->sam2) {
589 base = &validation->sam2->base;
593 if (validation->sam3) {
594 base = &validation->sam3->base;
598 if (validation->sam6) {
599 base = &validation->sam6->base;
603 /* If we can't find it, we can't very well decrypt it */
611 /* find and decyrpt the session keys, return in parameters above */
612 if (validation_level == 6) {
613 /* they aren't encrypted! */
614 } else if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
615 /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
616 if (!all_zero(base->key.key, sizeof(base->key.key))) {
618 netlogon_creds_aes_encrypt(creds,
620 sizeof(base->key.key));
622 netlogon_creds_aes_decrypt(creds,
624 sizeof(base->key.key));
628 if (!all_zero(base->LMSessKey.key,
629 sizeof(base->LMSessKey.key))) {
631 netlogon_creds_aes_encrypt(creds,
633 sizeof(base->LMSessKey.key));
636 netlogon_creds_aes_decrypt(creds,
638 sizeof(base->LMSessKey.key));
641 } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
642 /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
643 if (!all_zero(base->key.key, sizeof(base->key.key))) {
644 netlogon_creds_arcfour_crypt(creds,
646 sizeof(base->key.key));
649 if (!all_zero(base->LMSessKey.key,
650 sizeof(base->LMSessKey.key))) {
651 netlogon_creds_arcfour_crypt(creds,
653 sizeof(base->LMSessKey.key));
656 /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
657 if (!all_zero(base->LMSessKey.key,
658 sizeof(base->LMSessKey.key))) {
660 netlogon_creds_des_encrypt_LMKey(creds,
663 netlogon_creds_des_decrypt_LMKey(creds,
670 void netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
671 uint16_t validation_level,
672 union netr_Validation *validation)
674 netlogon_creds_crypt_samlogon_validation(creds, validation_level,
678 void netlogon_creds_encrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
679 uint16_t validation_level,
680 union netr_Validation *validation)
682 netlogon_creds_crypt_samlogon_validation(creds, validation_level,
686 static void netlogon_creds_crypt_samlogon_logon(struct netlogon_creds_CredentialState *creds,
687 enum netr_LogonInfoClass level,
688 union netr_LogonLevel *logon,
696 case NetlogonInteractiveInformation:
697 case NetlogonInteractiveTransitiveInformation:
698 case NetlogonServiceInformation:
699 case NetlogonServiceTransitiveInformation:
700 if (logon->password == NULL) {
704 if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
707 h = logon->password->lmpassword.hash;
708 if (!all_zero(h, 16)) {
710 netlogon_creds_aes_encrypt(creds, h, 16);
712 netlogon_creds_aes_decrypt(creds, h, 16);
716 h = logon->password->ntpassword.hash;
717 if (!all_zero(h, 16)) {
719 netlogon_creds_aes_encrypt(creds, h, 16);
721 netlogon_creds_aes_decrypt(creds, h, 16);
724 } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
727 h = logon->password->lmpassword.hash;
728 if (!all_zero(h, 16)) {
729 netlogon_creds_arcfour_crypt(creds, h, 16);
732 h = logon->password->ntpassword.hash;
733 if (!all_zero(h, 16)) {
734 netlogon_creds_arcfour_crypt(creds, h, 16);
737 struct samr_Password *p;
739 p = &logon->password->lmpassword;
740 if (!all_zero(p->hash, 16)) {
742 netlogon_creds_des_encrypt(creds, p);
744 netlogon_creds_des_decrypt(creds, p);
747 p = &logon->password->ntpassword;
748 if (!all_zero(p->hash, 16)) {
750 netlogon_creds_des_encrypt(creds, p);
752 netlogon_creds_des_decrypt(creds, p);
758 case NetlogonNetworkInformation:
759 case NetlogonNetworkTransitiveInformation:
762 case NetlogonGenericInformation:
763 if (logon->generic == NULL) {
767 if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
769 netlogon_creds_aes_encrypt(creds,
770 logon->generic->data,
771 logon->generic->length);
773 netlogon_creds_aes_decrypt(creds,
774 logon->generic->data,
775 logon->generic->length);
777 } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
778 netlogon_creds_arcfour_crypt(creds,
779 logon->generic->data,
780 logon->generic->length);
782 /* Using DES to verify kerberos tickets makes no sense */
788 void netlogon_creds_decrypt_samlogon_logon(struct netlogon_creds_CredentialState *creds,
789 enum netr_LogonInfoClass level,
790 union netr_LogonLevel *logon)
792 netlogon_creds_crypt_samlogon_logon(creds, level, logon, false);
795 void netlogon_creds_encrypt_samlogon_logon(struct netlogon_creds_CredentialState *creds,
796 enum netr_LogonInfoClass level,
797 union netr_LogonLevel *logon)
799 netlogon_creds_crypt_samlogon_logon(creds, level, logon, true);
802 union netr_LogonLevel *netlogon_creds_shallow_copy_logon(TALLOC_CTX *mem_ctx,
803 enum netr_LogonInfoClass level,
804 const union netr_LogonLevel *in)
806 union netr_LogonLevel *out;
812 out = talloc(mem_ctx, union netr_LogonLevel);
820 case NetlogonInteractiveInformation:
821 case NetlogonInteractiveTransitiveInformation:
822 case NetlogonServiceInformation:
823 case NetlogonServiceTransitiveInformation:
824 if (in->password == NULL) {
828 out->password = talloc(out, struct netr_PasswordInfo);
829 if (out->password == NULL) {
833 *out->password = *in->password;
837 case NetlogonNetworkInformation:
838 case NetlogonNetworkTransitiveInformation:
841 case NetlogonGenericInformation:
842 if (in->generic == NULL) {
846 out->generic = talloc(out, struct netr_GenericInfo);
847 if (out->generic == NULL) {
851 *out->generic = *in->generic;
853 if (in->generic->data == NULL) {
857 if (in->generic->length == 0) {
861 out->generic->data = talloc_memdup(out->generic,
863 in->generic->length);
864 if (out->generic->data == NULL) {
876 copy a netlogon_creds_CredentialState struct
879 struct netlogon_creds_CredentialState *netlogon_creds_copy(
881 const struct netlogon_creds_CredentialState *creds_in)
883 struct netlogon_creds_CredentialState *creds = talloc_zero(mem_ctx, struct netlogon_creds_CredentialState);
889 creds->sequence = creds_in->sequence;
890 creds->negotiate_flags = creds_in->negotiate_flags;
891 creds->secure_channel_type = creds_in->secure_channel_type;
893 creds->computer_name = talloc_strdup(creds, creds_in->computer_name);
894 if (!creds->computer_name) {
898 creds->account_name = talloc_strdup(creds, creds_in->account_name);
899 if (!creds->account_name) {
905 creds->sid = dom_sid_dup(creds, creds_in->sid);
912 memcpy(creds->session_key, creds_in->session_key, sizeof(creds->session_key));
913 memcpy(creds->seed.data, creds_in->seed.data, sizeof(creds->seed.data));
914 memcpy(creds->client.data, creds_in->client.data, sizeof(creds->client.data));
915 memcpy(creds->server.data, creds_in->server.data, sizeof(creds->server.data));