#include "libcli/auth/proto.h"
#include "libcli/auth/msrpc_parse.h"
+#define NTLMSSP_NAME_TYPE_SERVER 0x01
+#define NTLMSSP_NAME_TYPE_DOMAIN 0x02
+#define NTLMSSP_NAME_TYPE_SERVER_DNS 0x03
+#define NTLMSSP_NAME_TYPE_DOMAIN_DNS 0x04
+
#endif /* __LIBCLI_AUTH_H__ */
#include "includes.h"
#include "system/time.h"
-#include "auth/ntlmssp/ntlmssp.h"
-#include "auth/ntlmssp/msrpc_parse.h"
+#include "../libcli/auth/msrpc_parse.h"
#include "../lib/crypto/crypto.h"
-#include "libcli/auth/libcli_auth.h"
+#include "../libcli/auth/libcli_auth.h"
void SMBencrypt_hash(const uint8_t lm_hash[16], const uint8_t *c8, uint8_t p24[24])
{
*/
static NTSTATUS fix_user(TALLOC_CTX *mem_ctx,
- struct creds_CredentialState *creds,
+ struct netlogon_creds_CredentialState *creds,
enum netr_SamDatabaseID database_id,
struct netr_DELTA_ENUM *delta)
{
enum ndr_err_code ndr_err;
data.data = user->user_private_info.SensitiveData;
data.length = user->user_private_info.DataLength;
- creds_arcfour_crypt(creds, data.data, data.length);
+ netlogon_creds_arcfour_crypt(creds, data.data, data.length);
user->user_private_info.SensitiveData = data.data;
user->user_private_info.DataLength = data.length;
* The writes decrypted secrets back into the structure
*/
static NTSTATUS fix_secret(TALLOC_CTX *mem_ctx,
- struct creds_CredentialState *creds,
+ struct netlogon_creds_CredentialState *creds,
enum netr_SamDatabaseID database,
struct netr_DELTA_ENUM *delta)
{
struct netr_DELTA_SECRET *secret = delta->delta_union.secret;
- creds_arcfour_crypt(creds, secret->current_cipher.cipher_data,
+ netlogon_creds_arcfour_crypt(creds, secret->current_cipher.cipher_data,
secret->current_cipher.maxlen);
- creds_arcfour_crypt(creds, secret->old_cipher.cipher_data,
+ netlogon_creds_arcfour_crypt(creds, secret->old_cipher.cipher_data,
secret->old_cipher.maxlen);
return NT_STATUS_OK;
*/
NTSTATUS samsync_fix_delta(TALLOC_CTX *mem_ctx,
- struct creds_CredentialState *creds,
+ struct netlogon_creds_CredentialState *creds,
enum netr_SamDatabaseID database_id,
struct netr_DELTA_ENUM *delta)
{
*/
NTSTATUS samsync_fix_delta(TALLOC_CTX *mem_ctx,
- struct creds_CredentialState *creds,
+ struct netlogon_creds_CredentialState *creds,
enum netr_SamDatabaseID database_id,
struct netr_DELTA_ENUM *delta);
*/
_PUBLIC_ void cli_credentials_set_netlogon_creds(struct cli_credentials *cred,
- struct creds_CredentialState *netlogon_creds)
+ struct netlogon_creds_CredentialState *netlogon_creds)
{
cred->netlogon_creds = talloc_reference(cred, netlogon_creds);
}
* Return attached NETLOGON credentials
*/
-struct creds_CredentialState *cli_credentials_get_netlogon_creds(struct cli_credentials *cred)
+struct netlogon_creds_CredentialState *cli_credentials_get_netlogon_creds(struct cli_credentials *cred)
{
return cred->netlogon_creds;
}
/* Private handle for the callback routines to use */
void *priv_data;
- struct creds_CredentialState *netlogon_creds;
+ struct netlogon_creds_CredentialState *netlogon_creds;
enum netr_SchannelType secure_channel_type;
int kvno;
struct loadparm_context *lp_ctx,
struct keytab_container **_ktc);
const char *cli_credentials_get_domain(struct cli_credentials *cred);
-struct creds_CredentialState *cli_credentials_get_netlogon_creds(struct cli_credentials *cred);
+struct netlogon_creds_CredentialState *cli_credentials_get_netlogon_creds(struct cli_credentials *cred);
void cli_credentials_set_machine_account_pending(struct cli_credentials *cred,
struct loadparm_context *lp_ctx);
void cli_credentials_set_conf(struct cli_credentials *cred,
void cli_credentials_set_secure_channel_type(struct cli_credentials *cred,
enum netr_SchannelType secure_channel_type);
void cli_credentials_set_netlogon_creds(struct cli_credentials *cred,
- struct creds_CredentialState *netlogon_creds);
+ struct netlogon_creds_CredentialState *netlogon_creds);
NTSTATUS cli_credentials_set_krb5_context(struct cli_credentials *cred,
struct smb_krb5_context *smb_krb5_context);
NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred,
NTSTATUS gensec_session_info(struct gensec_security *gensec_security,
struct auth_session_info **session_info);
NTSTATUS auth_nt_status_squash(NTSTATUS nt_status);
-struct creds_CredentialState;
+struct netlogon_creds_CredentialState;
NTSTATUS dcerpc_schannel_creds(struct gensec_security *gensec_security,
TALLOC_CTX *mem_ctx,
- struct creds_CredentialState **creds);
+ struct netlogon_creds_CredentialState **creds);
NTSTATUS gensec_set_peer_addr(struct gensec_security *gensec_security, struct socket_address *peer_addr);
NTSTATUS gensec_set_my_addr(struct gensec_security *gensec_security, struct socket_address *my_addr);
#include "auth/gensec/gensec.h"
#include "auth/gensec/gensec_proto.h"
#include "auth/gensec/schannel.h"
-#include "auth/gensec/schannel_state.h"
-#include "auth/gensec/schannel_proto.h"
#include "librpc/rpc/dcerpc.h"
#include "param/param.h"
#include "auth/session_proto.h"
enum ndr_err_code ndr_err;
struct schannel_bind bind_schannel;
struct schannel_bind_ack bind_schannel_ack;
- struct creds_CredentialState *creds;
-
+ struct netlogon_creds_CredentialState *creds;
+ struct ldb_context *schannel_ldb;
const char *workstation;
const char *domain;
*out = data_blob(NULL, 0);
domain = bind_schannel.u.info3.domain;
}
+ if (strcasecmp_m(domain, lp_workgroup(gensec_security->settings->lp_ctx)) != 0) {
+ DEBUG(3, ("Request for schannel to incorrect domain: %s != our domain %s\n",
+ domain, lp_workgroup(gensec_security->settings->lp_ctx)));
+
+ return NT_STATUS_LOGON_FAILURE;
+ }
+
+ schannel_ldb = schannel_db_connect(out_mem_ctx, gensec_security->event_ctx,
+ gensec_security->settings->lp_ctx);
+ if (!schannel_ldb) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
/* pull the session key for this client */
- status = schannel_fetch_session_key(out_mem_ctx, gensec_security->event_ctx,
- gensec_security->settings->lp_ctx, workstation,
- domain, &creds);
+ status = schannel_fetch_session_key(schannel_ldb,
+ out_mem_ctx, workstation, &creds);
+ talloc_free(schannel_ldb);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(3, ("Could not find session key for attempted schannel connection from %s: %s\n",
workstation, nt_errstr(status)));
*/
/* TODO: make this non-public */
+
_PUBLIC_ NTSTATUS dcerpc_schannel_creds(struct gensec_security *gensec_security,
- TALLOC_CTX *mem_ctx,
- struct creds_CredentialState **creds)
+ TALLOC_CTX *mem_ctx,
+ struct netlogon_creds_CredentialState **creds)
{
struct schannel_state *state = talloc_get_type(gensec_security->private_data, struct schannel_state);
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
-#include "libcli/auth/credentials.h"
+#include "auth/gensec/schannel_proto.h"
+#include "auth/gensec/schannel_state.h"
+#include "libcli/auth/schannel_state.h"
enum schannel_position {
SCHANNEL_STATE_START = 0,
enum schannel_position state;
uint32_t seq_num;
bool initiator;
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
};
#define NTLMSSP_NEGOTIATE_KEY_EXCH 0x40000000
#define NTLMSSP_NEGOTIATE_56 0x80000000
-#define NTLMSSP_NAME_TYPE_SERVER 0x01
-#define NTLMSSP_NAME_TYPE_DOMAIN 0x02
-#define NTLMSSP_NAME_TYPE_SERVER_DNS 0x03
-#define NTLMSSP_NAME_TYPE_DOMAIN_DNS 0x04
-
#define NTLMSSP_SIGN_VERSION 1
#define NTLMSSP_SIG_SIZE 16
[SUBSYSTEM::LIBSAMBA-NET]
-PUBLIC_DEPENDENCIES = CREDENTIALS dcerpc dcerpc_samr RPC_NDR_LSA RPC_NDR_SRVSVC RPC_NDR_DRSUAPI LIBCLI_COMPOSITE LIBCLI_RESOLVE LIBCLI_FINDDCS LIBCLI_CLDAP LIBCLI_FINDDCS gensec_schannel LIBCLI_AUTH LIBNDR SMBPASSWD PROVISION
+PUBLIC_DEPENDENCIES = CREDENTIALS dcerpc dcerpc_samr RPC_NDR_LSA RPC_NDR_SRVSVC RPC_NDR_DRSUAPI LIBCLI_COMPOSITE LIBCLI_RESOLVE LIBCLI_FINDDCS LIBCLI_CLDAP LIBCLI_FINDDCS gensec_schannel LIBCLI_AUTH LIBNDR SMBPASSWD PROVISION LIBCLI_SAMSYNC
LIBSAMBA-NET_OBJ_FILES = $(addprefix $(libnetsrcdir)/, \
libnet.o libnet_passwd.o libnet_time.o libnet_rpc.o \
r2.out.error_string = NULL;
r2.in.binding_string = r->in.binding_string;
- r2.in.rid_crypt = lp_parm_bool(ctx->lp_ctx, NULL, "vampire", "rid decrypt", true);
r2.in.init_fn = NULL;
r2.in.delta_fn = libnet_samdump_fn;
r2.in.fn_ctx = samdump_state;
r2.out.error_string = NULL;
r2.in.binding_string = r->in.binding_string;
- r2.in.rid_crypt = true;
r2.in.init_fn = NULL;
r2.in.delta_fn = libnet_samdump_keytab_fn;
r2.in.fn_ctx = &data;
{
NTSTATUS nt_status, dbsync_nt_status;
TALLOC_CTX *samsync_ctx, *loop_ctx, *delta_ctx;
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
struct netr_DatabaseSync dbsync;
struct netr_Authenticator credential, return_authenticator;
struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
struct libnet_RpcConnect *c;
struct libnet_SamSync_state *state;
const enum netr_SamDatabaseID database_ids[] = {SAM_DATABASE_DOMAIN, SAM_DATABASE_BUILTIN, SAM_DATABASE_PRIVS};
-f int i;
+ int i;
samsync_ctx = talloc_named(mem_ctx, 0, "SamSync top context");
do {
int d;
loop_ctx = talloc_named(samsync_ctx, 0, "DatabaseSync loop context");
- creds_client_authenticator(creds, &credential);
+ netlogon_creds_client_authenticator(creds, &credential);
dbsync.in.credential = &credential;
return nt_status;
}
- if (!creds_client_check(creds, &dbsync.out.return_authenticator->cred)) {
+ if (!netlogon_creds_client_check(creds, &dbsync.out.return_authenticator->cred)) {
r->out.error_string = talloc_strdup(mem_ctx, "Credential chaining on incoming DatabaseSync failed");
talloc_free(samsync_ctx);
return NT_STATUS_ACCESS_DENIED;
delta_ctx = talloc_named(loop_ctx, 0, "DatabaseSync delta context");
/* 'Fix' elements, by decrypting and
* de-obfuscating the data */
- nt_status = fix_delta(delta_ctx,
- creds,
- r->in.rid_crypt,
- dbsync.in.database_id,
- &delta_enum_array->delta_enum[d],
- &error_string);
+ nt_status = samsync_fix_delta(delta_ctx,
+ creds,
+ dbsync.in.database_id,
+ &delta_enum_array->delta_enum[d]);
if (!NT_STATUS_IS_OK(nt_status)) {
r->out.error_string = talloc_steal(mem_ctx, error_string);
talloc_free(samsync_ctx);
struct libnet_SamSync {
struct {
const char *binding_string;
- bool rid_crypt;
NTSTATUS (*init_fn)(TALLOC_CTX *mem_ctx,
void *private_data,
struct libnet_SamSync_state *samsync_state,
r2.out.error_string = NULL;
r2.in.binding_string = r->in.binding_string;
- r2.in.rid_crypt = true;
r2.in.init_fn = libnet_samsync_ldb_init;
r2.in.delta_fn = libnet_samsync_ldb_fn;
r2.in.fn_ctx = state;
struct dcerpc_pipe *pipe2;
struct dcerpc_binding *binding;
struct cli_credentials *credentials;
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
uint32_t negotiate_flags;
struct netr_Credential credentials1;
struct netr_Credential credentials2;
/* prepare credentials for auth2 request */
s->mach_pwd = cli_credentials_get_nt_hash(s->credentials, c);
- creds_client_init(s->creds, &s->credentials1, &s->credentials2,
- s->mach_pwd, &s->credentials3, s->negotiate_flags);
-
/* auth2 request arguments */
s->a.in.server_name = s->r.in.server_name;
s->a.in.account_name = cli_credentials_get_username(s->credentials);
s->a.out.negotiate_flags = &s->negotiate_flags;
s->a.out.return_credentials = &s->credentials3;
+ s->creds = netlogon_creds_client_init(s,
+ s->a.in.account_name,
+ s->a.in.computer_name,
+ &s->credentials1, &s->credentials2,
+ s->mach_pwd, &s->credentials3, s->negotiate_flags);
+ if (composite_nomem(s->creds, c)) {
+ return;
+ }
/*
authenticate on the netlogon pipe - a rpc request over secondary pipe
*/
if (!composite_is_ok(c)) return;
/* verify credentials */
- if (!creds_client_check(s->creds, s->a.out.return_credentials)) {
+ if (!netlogon_creds_client_check(s->creds, s->a.out.return_credentials)) {
composite_error(c, NT_STATUS_UNSUCCESSFUL);
return;
}
s->credentials = credentials;
/* allocate credentials */
- s->creds = talloc(c, struct creds_CredentialState);
- if (composite_nomem(s->creds, c)) return c;
-
/* type of authentication depends on schannel type */
if (s->pipe->conn->flags & DCERPC_SCHANNEL_128) {
s->negotiate_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
#include "rpc_server/samr/proto.h"
#include "../lib/util/util_ldb.h"
#include "libcli/auth/libcli_auth.h"
-#include "auth/gensec/schannel_state.h"
+#include "auth/gensec/schannel.h"
#include "libcli/security/security.h"
#include "param/param.h"
#include "lib/messaging/irpc.h"
#include "librpc/gen_ndr/ndr_irpc.h"
#include "librpc/gen_ndr/ndr_netlogon.h"
-struct server_pipe_state {
+struct netlogon_server_pipe_state {
struct netr_Credential client_challenge;
struct netr_Credential server_challenge;
};
static NTSTATUS dcesrv_netr_ServerReqChallenge(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct netr_ServerReqChallenge *r)
{
- struct server_pipe_state *pipe_state =
- (struct server_pipe_state *)dce_call->context->private_data;
+ struct netlogon_server_pipe_state *pipe_state =
+ talloc_get_type(dce_call->context->private_data, struct netlogon_server_pipe_state);
ZERO_STRUCTP(r->out.return_credentials);
dce_call->context->private_data = NULL;
}
- pipe_state = talloc(dce_call->context, struct server_pipe_state);
+ pipe_state = talloc(dce_call->context, struct netlogon_server_pipe_state);
NT_STATUS_HAVE_NO_MEMORY(pipe_state);
pipe_state->client_challenge = *r->in.credentials;
static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct netr_ServerAuthenticate3 *r)
{
- struct server_pipe_state *pipe_state =
- (struct server_pipe_state *)dce_call->context->private_data;
- struct creds_CredentialState *creds;
- void *sam_ctx;
+ struct netlogon_server_pipe_state *pipe_state =
+ talloc_get_type(dce_call->context->private_data, struct netlogon_server_pipe_state);
+ struct netlogon_creds_CredentialState *creds;
+ struct ldb_context *schannel_ldb;
+ struct ldb_context *sam_ctx;
struct samr_Password *mach_pwd;
uint32_t user_account_control;
int num_records;
return NT_STATUS_ACCESS_DENIED;
}
- creds = talloc(mem_ctx, struct creds_CredentialState);
- NT_STATUS_HAVE_NO_MEMORY(creds);
-
- creds_server_init(creds, &pipe_state->client_challenge,
- &pipe_state->server_challenge, mach_pwd,
- r->out.return_credentials,
- *r->in.negotiate_flags);
+ creds = netlogon_creds_server_init(mem_ctx,
+ r->in.computer_name,
+ r->in.account_name,
+ r->in.secure_channel_type,
+ &pipe_state->client_challenge,
+ &pipe_state->server_challenge,
+ mach_pwd,
+ r->in.credentials,
+ r->out.return_credentials,
+ *r->in.negotiate_flags);
- if (!creds_server_check(creds, r->in.credentials)) {
- talloc_free(creds);
+ if (!creds) {
return NT_STATUS_ACCESS_DENIED;
}
- creds->account_name = talloc_steal(creds, r->in.account_name);
-
- creds->computer_name = talloc_steal(creds, r->in.computer_name);
- creds->domain = talloc_strdup(creds, lp_workgroup(dce_call->conn->dce_ctx->lp_ctx));
-
- creds->secure_channel_type = r->in.secure_channel_type;
-
creds->sid = samdb_result_dom_sid(creds, msgs[0], "objectSid");
+ schannel_ldb = schannel_db_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx);
+ if (!schannel_ldb) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
- /* remember this session key state */
- nt_status = schannel_store_session_key(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, creds);
+ nt_status = schannel_store_session_key(schannel_ldb, mem_ctx, creds);
+ talloc_free(schannel_ldb);
return nt_status;
}
static NTSTATUS dcesrv_netr_ServerAuthenticate(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct netr_ServerAuthenticate *r)
{
- struct netr_ServerAuthenticate3 r3;
- uint32_t rid = 0;
+ struct netr_ServerAuthenticate3 a;
+ uint32_t rid;
/* TODO:
* negotiate_flags is used as an [in] parameter
* so it need to be initialised.
uint32_t negotiate_flags_in = 0;
uint32_t negotiate_flags_out = 0;
- r3.in.server_name = r->in.server_name;
- r3.in.account_name = r->in.account_name;
- r3.in.secure_channel_type = r->in.secure_channel_type;
- r3.in.computer_name = r->in.computer_name;
- r3.in.credentials = r->in.credentials;
- r3.out.return_credentials = r->out.return_credentials;
- r3.in.negotiate_flags = &negotiate_flags_in;
- r3.out.negotiate_flags = &negotiate_flags_out;
- r3.out.rid = &rid;
-
- return dcesrv_netr_ServerAuthenticate3(dce_call, mem_ctx, &r3);
+ a.in.server_name = r->in.server_name;
+ a.in.account_name = r->in.account_name;
+ a.in.secure_channel_type = r->in.secure_channel_type;
+ a.in.computer_name = r->in.computer_name;
+ a.in.credentials = r->in.credentials;
+ a.in.negotiate_flags = &negotiate_flags_in;
+
+ a.out.return_credentials = r->out.return_credentials;
+ a.out.rid = &rid;
+ a.out.negotiate_flags = &negotiate_flags_out;
+
+ return dcesrv_netr_ServerAuthenticate3(dce_call, mem_ctx, &a);
}
static NTSTATUS dcesrv_netr_ServerAuthenticate2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
the caller needs some of that information.
*/
-static NTSTATUS dcesrv_netr_creds_server_step_check(struct tevent_context *event_ctx,
- struct loadparm_context *lp_ctx,
+static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dce_call,
const char *computer_name,
- TALLOC_CTX *mem_ctx,
- struct netr_Authenticator *received_authenticator,
- struct netr_Authenticator *return_authenticator,
- struct creds_CredentialState **creds_out)
+ TALLOC_CTX *mem_ctx,
+ struct netr_Authenticator *received_authenticator,
+ struct netr_Authenticator *return_authenticator,
+ struct netlogon_creds_CredentialState **creds_out)
{
- struct creds_CredentialState *creds;
NTSTATUS nt_status;
struct ldb_context *ldb;
- int ret;
+ bool schannel_in_use = dce_call->conn->auth_state.auth_info->auth_type == DCERPC_AUTH_TYPE_SCHANNEL
+ && (dce_call->conn->auth_state.auth_info->auth_level == DCERPC_AUTH_LEVEL_INTEGRITY
+ || dce_call->conn->auth_state.auth_info->auth_level == DCERPC_AUTH_LEVEL_PRIVACY);
- ldb = schannel_db_connect(mem_ctx, event_ctx, lp_ctx);
+ ldb = schannel_db_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx);
if (!ldb) {
return NT_STATUS_ACCESS_DENIED;
}
-
- ret = ldb_transaction_start(ldb);
- if (ret != 0) {
- talloc_free(ldb);
- return NT_STATUS_INTERNAL_DB_CORRUPTION;
- }
-
- /* Because this is a shared structure (even across
- * disconnects) we must update the database every time we
- * update the structure */
- nt_status = schannel_fetch_session_key_ldb(ldb, ldb, computer_name,
- lp_workgroup(lp_ctx),
- &creds);
- if (NT_STATUS_IS_OK(nt_status)) {
- nt_status = creds_server_step_check(creds,
- received_authenticator,
- return_authenticator);
- }
- if (NT_STATUS_IS_OK(nt_status)) {
- nt_status = schannel_store_session_key_ldb(ldb, ldb, creds);
- }
-
- if (NT_STATUS_IS_OK(nt_status)) {
- ldb_transaction_commit(ldb);
- if (creds_out) {
- *creds_out = creds;
- talloc_steal(mem_ctx, creds);
- }
- } else {
- ldb_transaction_cancel(ldb);
- }
+ nt_status = schannel_creds_server_step_check(ldb, mem_ctx,
+ schannel_in_use,
+ computer_name,
+ received_authenticator,
+ return_authenticator, creds_out);
talloc_free(ldb);
return nt_status;
}
static NTSTATUS dcesrv_netr_ServerPasswordSet(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct netr_ServerPasswordSet *r)
{
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
struct ldb_context *sam_ctx;
NTSTATUS nt_status;
- nt_status = dcesrv_netr_creds_server_step_check(dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx,
+ nt_status = dcesrv_netr_creds_server_step_check(dce_call,
r->in.computer_name, mem_ctx,
- r->in.credential, r->out.return_authenticator,
- &creds);
+ r->in.credential, r->out.return_authenticator,
+ &creds);
NT_STATUS_NOT_OK_RETURN(nt_status);
sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, system_session(mem_ctx, dce_call->conn->dce_ctx->lp_ctx));
return NT_STATUS_INVALID_SYSTEM_SERVICE;
}
- creds_des_decrypt(creds, r->in.new_password);
+ netlogon_creds_des_decrypt(creds, r->in.new_password);
/* Using the sid for the account as the key, set the password */
nt_status = samdb_set_password_sid(sam_ctx, mem_ctx,
static NTSTATUS dcesrv_netr_ServerPasswordSet2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct netr_ServerPasswordSet2 *r)
{
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
struct ldb_context *sam_ctx;
NTSTATUS nt_status;
DATA_BLOB new_password;
struct samr_CryptPassword password_buf;
- nt_status = dcesrv_netr_creds_server_step_check(dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx,
+ nt_status = dcesrv_netr_creds_server_step_check(dce_call,
r->in.computer_name, mem_ctx,
r->in.credential, r->out.return_authenticator,
&creds);
memcpy(password_buf.data, r->in.new_password->data, 512);
SIVAL(password_buf.data, 512, r->in.new_password->length);
- creds_arcfour_crypt(creds, password_buf.data, 516);
+ netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
if (!extract_pw_from_buffer(mem_ctx, password_buf.data, &new_password)) {
DEBUG(3,("samr: failed to decode password buffer\n"));
We can't do the traditional 'wrapping' format completly, as this function must only run under schannel
*/
static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
- struct netr_LogonSamLogonEx *r, struct creds_CredentialState *creds)
+ struct netr_LogonSamLogonEx *r, struct netlogon_creds_CredentialState *creds)
{
struct auth_context *auth_context;
struct auth_usersupplied_info *user_info;
case NetlogonInteractiveTransitiveInformation:
case NetlogonServiceTransitiveInformation:
if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
- creds_arcfour_crypt(creds,
+ netlogon_creds_arcfour_crypt(creds,
r->in.logon->password->lmpassword.hash,
sizeof(r->in.logon->password->lmpassword.hash));
- creds_arcfour_crypt(creds,
+ netlogon_creds_arcfour_crypt(creds,
r->in.logon->password->ntpassword.hash,
sizeof(r->in.logon->password->ntpassword.hash));
} else {
- creds_des_decrypt(creds, &r->in.logon->password->lmpassword);
- creds_des_decrypt(creds, &r->in.logon->password->ntpassword);
+ netlogon_creds_des_decrypt(creds, &r->in.logon->password->lmpassword);
+ netlogon_creds_des_decrypt(creds, &r->in.logon->password->ntpassword);
}
/* TODO: we need to deny anonymous access here */
case NetlogonGenericInformation:
{
if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
- creds_arcfour_crypt(creds,
+ netlogon_creds_arcfour_crypt(creds,
r->in.logon->generic->data, r->in.logon->generic->length);
} else {
/* Using DES to verify kerberos tickets makes no sense */
memcmp(sam->key.key, zeros, sizeof(sam->key.key)) != 0) {
/* This key is sent unencrypted without the ARCFOUR flag set */
if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
- creds_arcfour_crypt(creds,
+ netlogon_creds_arcfour_crypt(creds,
sam->key.key,
sizeof(sam->key.key));
}
if ((r->in.validation_level != 6) &&
memcmp(sam->LMSessKey.key, zeros, sizeof(sam->LMSessKey.key)) != 0) {
if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
- creds_arcfour_crypt(creds,
+ netlogon_creds_arcfour_crypt(creds,
sam->LMSessKey.key,
sizeof(sam->LMSessKey.key));
} else {
- creds_des_encrypt_LMKey(creds,
+ netlogon_creds_des_encrypt_LMKey(creds,
&sam->LMSessKey);
}
}
struct netr_LogonSamLogonEx *r)
{
NTSTATUS nt_status;
- struct creds_CredentialState *creds;
- nt_status = schannel_fetch_session_key(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, r->in.computer_name, lp_workgroup(dce_call->conn->dce_ctx->lp_ctx), &creds);
+ struct netlogon_creds_CredentialState *creds;
+ struct ldb_context *ldb = schannel_db_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx);
+ if (!ldb) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ nt_status = schannel_fetch_session_key(ldb, mem_ctx, r->in.computer_name, &creds);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
if (!dce_call->conn->auth_state.auth_info ||
dce_call->conn->auth_state.auth_info->auth_type != DCERPC_AUTH_TYPE_SCHANNEL) {
- return NT_STATUS_INTERNAL_ERROR;
+ return NT_STATUS_ACCESS_DENIED;
}
return dcesrv_netr_LogonSamLogon_base(dce_call, mem_ctx, r, creds);
}
struct netr_LogonSamLogonWithFlags *r)
{
NTSTATUS nt_status;
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
struct netr_LogonSamLogonEx r2;
struct netr_Authenticator *return_authenticator;
return_authenticator = talloc(mem_ctx, struct netr_Authenticator);
NT_STATUS_HAVE_NO_MEMORY(return_authenticator);
- nt_status = dcesrv_netr_creds_server_step_check(dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx,
+ nt_status = dcesrv_netr_creds_server_step_check(dce_call,
r->in.computer_name, mem_ctx,
- r->in.credential, return_authenticator,
- &creds);
+ r->in.credential, return_authenticator,
+ &creds);
NT_STATUS_NOT_OK_RETURN(nt_status);
ZERO_STRUCT(r2);
const char *local_domain;
- status = dcesrv_netr_creds_server_step_check(dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx,
+ status = dcesrv_netr_creds_server_step_check(dce_call,
r->in.computer_name, mem_ctx,
r->in.credential,
r->out.return_authenticator,
bool test_SetupCredentials(struct dcerpc_pipe *p, struct torture_context *tctx,
struct cli_credentials *credentials,
- struct creds_CredentialState **creds_out)
+ struct netlogon_creds_CredentialState **creds_out)
{
NTSTATUS status;
struct netr_ServerReqChallenge r;
struct netr_ServerAuthenticate a;
struct netr_Credential credentials1, credentials2, credentials3;
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
const struct samr_Password *mach_password;
const char *machine_name;
torture_comment(tctx, "Testing ServerReqChallenge\n");
- creds = talloc(tctx, struct creds_CredentialState);
- torture_assert(tctx, creds != NULL, "memory allocation");
-
r.in.server_name = NULL;
r.in.computer_name = machine_name;
r.in.credentials = &credentials1;
a.in.credentials = &credentials3;
a.out.return_credentials = &credentials3;
- creds_client_init(creds, &credentials1, &credentials2,
- mach_password, &credentials3,
- 0);
+ creds = netlogon_creds_client_init(tctx, a.in.account_name,
+ a.in.computer_name,
+ &credentials1, &credentials2,
+ mach_password, &credentials3,
+ 0);
+ torture_assert(tctx, creds != NULL, "memory allocation");
+
torture_comment(tctx, "Testing ServerAuthenticate\n");
torture_assert_ntstatus_ok(tctx, status, "ServerAuthenticate");
- torture_assert(tctx, creds_client_check(creds, &credentials3),
+ torture_assert(tctx, netlogon_creds_client_check(creds, &credentials3),
"Credential chaining failed");
*creds_out = creds;
uint32_t negotiate_flags,
struct cli_credentials *machine_credentials,
int sec_chan_type,
- struct creds_CredentialState **creds_out)
+ struct netlogon_creds_CredentialState **creds_out)
{
NTSTATUS status;
struct netr_ServerReqChallenge r;
struct netr_ServerAuthenticate2 a;
struct netr_Credential credentials1, credentials2, credentials3;
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
const struct samr_Password *mach_password;
const char *machine_name;
torture_comment(tctx, "Testing ServerReqChallenge\n");
- creds = talloc(tctx, struct creds_CredentialState);
- torture_assert(tctx, creds != NULL, "memory allocation");
r.in.server_name = NULL;
r.in.computer_name = machine_name;
a.in.credentials = &credentials3;
a.out.return_credentials = &credentials3;
- creds_client_init(creds, &credentials1, &credentials2,
- mach_password, &credentials3,
- negotiate_flags);
+ creds = netlogon_creds_client_init(tctx, a.in.account_name,
+ a.in.computer_name,
+ &credentials1, &credentials2,
+ mach_password, &credentials3,
+ negotiate_flags);
+
+ torture_assert(tctx, creds != NULL, "memory allocation");
torture_comment(tctx, "Testing ServerAuthenticate2\n");
status = dcerpc_netr_ServerAuthenticate2(p, tctx, &a);
torture_assert_ntstatus_ok(tctx, status, "ServerAuthenticate2");
- torture_assert(tctx, creds_client_check(creds, &credentials3),
+ torture_assert(tctx, netlogon_creds_client_check(creds, &credentials3),
"Credential chaining failed");
torture_comment(tctx, "negotiate_flags=0x%08x\n", negotiate_flags);
static bool test_SetupCredentials3(struct dcerpc_pipe *p, struct torture_context *tctx,
uint32_t negotiate_flags,
struct cli_credentials *machine_credentials,
- struct creds_CredentialState **creds_out)
+ struct netlogon_creds_CredentialState **creds_out)
{
NTSTATUS status;
struct netr_ServerReqChallenge r;
struct netr_ServerAuthenticate3 a;
struct netr_Credential credentials1, credentials2, credentials3;
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
struct samr_Password mach_password;
uint32_t rid;
const char *machine_name;
torture_comment(tctx, "Testing ServerReqChallenge\n");
- creds = talloc(tctx, struct creds_CredentialState);
- torture_assert(tctx, creds != NULL, "memory allocation");
-
r.in.server_name = NULL;
r.in.computer_name = machine_name;
r.in.credentials = &credentials1;
a.out.negotiate_flags = &negotiate_flags;
a.out.rid = &rid;
- creds_client_init(creds, &credentials1, &credentials2,
- &mach_password, &credentials3,
- negotiate_flags);
+ creds = netlogon_creds_client_init(tctx, a.in.account_name,
+ a.in.computer_name,
+ &credentials1, &credentials2,
+ &mach_password, &credentials3,
+ negotiate_flags);
+
+ torture_assert(tctx, creds != NULL, "memory allocation");
torture_comment(tctx, "Testing ServerAuthenticate3\n");
status = dcerpc_netr_ServerAuthenticate3(p, tctx, &a);
torture_assert_ntstatus_ok(tctx, status, "ServerAuthenticate3");
- torture_assert(tctx, creds_client_check(creds, &credentials3), "Credential chaining failed");
+ torture_assert(tctx, netlogon_creds_client_check(creds, &credentials3), "Credential chaining failed");
torture_comment(tctx, "negotiate_flags=0x%08x\n", negotiate_flags);
NTSTATUS status;
struct netr_ServerPasswordSet r;
const char *password;
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
struct netr_Authenticator credential, return_authenticator;
struct samr_Password new_password;
password = generate_random_str(tctx, 8);
E_md4hash(password, new_password.hash);
- creds_des_encrypt(creds, &new_password);
+ netlogon_creds_des_encrypt(creds, &new_password);
torture_comment(tctx, "Testing ServerPasswordSet on machine account\n");
torture_comment(tctx, "Changing machine account password to '%s'\n",
password);
- creds_client_authenticator(creds, &credential);
+ netlogon_creds_client_authenticator(creds, &credential);
status = dcerpc_netr_ServerPasswordSet(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet");
- if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
+ if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
torture_comment(tctx, "Credential chaining failed\n");
}
torture_comment(tctx,
"Changing machine account password to '%s' (same as previous run)\n", password);
- creds_client_authenticator(creds, &credential);
+ netlogon_creds_client_authenticator(creds, &credential);
status = dcerpc_netr_ServerPasswordSet(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet (2)");
- if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
+ if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
torture_comment(tctx, "Credential chaining failed\n");
}
struct netr_ServerPasswordSet2 r;
const char *password;
DATA_BLOB new_random_pass;
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
struct samr_CryptPassword password_buf;
struct samr_Password nt_hash;
struct netr_Authenticator credential, return_authenticator;
password = generate_random_str(tctx, 8);
encode_pw_buffer(password_buf.data, password, STR_UNICODE);
- creds_arcfour_crypt(creds, password_buf.data, 516);
+ netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
memcpy(new_password.data, password_buf.data, 512);
new_password.length = IVAL(password_buf.data, 512);
torture_comment(tctx, "Testing ServerPasswordSet2 on machine account\n");
torture_comment(tctx, "Changing machine account password to '%s'\n", password);
- creds_client_authenticator(creds, &credential);
+ netlogon_creds_client_authenticator(creds, &credential);
status = dcerpc_netr_ServerPasswordSet2(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet2");
- if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
+ if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
torture_comment(tctx, "Credential chaining failed\n");
}
*/
password = "";
encode_pw_buffer(password_buf.data, password, STR_UNICODE);
- creds_arcfour_crypt(creds, password_buf.data, 516);
+ netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
memcpy(new_password.data, password_buf.data, 512);
new_password.length = IVAL(password_buf.data, 512);
torture_comment(tctx,
"Changing machine account password to '%s'\n", password);
- creds_client_authenticator(creds, &credential);
+ netlogon_creds_client_authenticator(creds, &credential);
status = dcerpc_netr_ServerPasswordSet2(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet2");
- if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
+ if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
torture_comment(tctx, "Credential chaining failed\n");
}
/* now try a random password */
password = generate_random_str(tctx, 8);
encode_pw_buffer(password_buf.data, password, STR_UNICODE);
- creds_arcfour_crypt(creds, password_buf.data, 516);
+ netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
memcpy(new_password.data, password_buf.data, 512);
new_password.length = IVAL(password_buf.data, 512);
torture_comment(tctx, "Testing second ServerPasswordSet2 on machine account\n");
torture_comment(tctx, "Changing machine account password to '%s'\n", password);
- creds_client_authenticator(creds, &credential);
+ netlogon_creds_client_authenticator(creds, &credential);
status = dcerpc_netr_ServerPasswordSet2(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet2 (2)");
- if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
+ if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
torture_comment(tctx, "Credential chaining failed\n");
}
torture_comment(tctx,
"Changing machine account password to '%s' (same as previous run)\n", password);
- creds_client_authenticator(creds, &credential);
+ netlogon_creds_client_authenticator(creds, &credential);
status = dcerpc_netr_ServerPasswordSet2(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet (3)");
- if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
+ if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
torture_comment(tctx, "Credential chaining failed\n");
}
/* now try a random stream of bytes for a password */
set_pw_in_buffer(password_buf.data, &new_random_pass);
- creds_arcfour_crypt(creds, password_buf.data, 516);
+ netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
memcpy(new_password.data, password_buf.data, 512);
new_password.length = IVAL(password_buf.data, 512);
torture_comment(tctx,
"Testing a third ServerPasswordSet2 on machine account, with a compleatly random password\n");
- creds_client_authenticator(creds, &credential);
+ netlogon_creds_client_authenticator(creds, &credential);
status = dcerpc_netr_ServerPasswordSet2(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet (3)");
- if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
+ if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
torture_comment(tctx, "Credential chaining failed\n");
}
struct cli_credentials *machine_credentials)
{
struct netr_ServerPasswordGet r;
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
struct netr_Authenticator credential;
NTSTATUS status;
struct netr_Authenticator return_authenticator;
return false;
}
- creds_client_authenticator(creds, &credential);
+ netlogon_creds_client_authenticator(creds, &credential);
r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
struct cli_credentials *machine_credentials)
{
struct netr_ServerTrustPasswordsGet r;
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
struct netr_Authenticator credential;
NTSTATUS status;
struct netr_Authenticator return_authenticator;
return false;
}
- creds_client_authenticator(creds, &credential);
+ netlogon_creds_client_authenticator(creds, &credential);
r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
*/
bool test_netlogon_ops(struct dcerpc_pipe *p, struct torture_context *tctx,
struct cli_credentials *credentials,
- struct creds_CredentialState *creds)
+ struct netlogon_creds_CredentialState *creds)
{
NTSTATUS status;
struct netr_LogonSamLogon r;
for (i=2;i<3;i++) {
ZERO_STRUCT(auth2);
- creds_client_authenticator(creds, &auth);
+ netlogon_creds_client_authenticator(creds, &auth);
r.in.validation_level = i;
status = dcerpc_netr_LogonSamLogon(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "LogonSamLogon failed");
- torture_assert(tctx, creds_client_check(creds, &r.out.return_authenticator->cred),
+ torture_assert(tctx, netlogon_creds_client_check(creds,
+ &r.out.return_authenticator->cred),
"Credential chaining failed");
}
struct dcerpc_pipe *p,
struct cli_credentials *credentials)
{
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
if (!test_SetupCredentials(p, tctx, credentials, &creds)) {
return false;
{
NTSTATUS status;
struct netr_DatabaseSync r;
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
const uint32_t database_ids[] = {SAM_DATABASE_DOMAIN, SAM_DATABASE_BUILTIN, SAM_DATABASE_PRIVS};
int i;
struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
torture_comment(tctx, "Testing DatabaseSync of id %d\n", r.in.database_id);
do {
- creds_client_authenticator(creds, &credential);
+ netlogon_creds_client_authenticator(creds, &credential);
r.in.credential = &credential;
}
torture_assert_ntstatus_ok(tctx, status, "DatabaseSync");
- if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
+ if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
torture_comment(tctx, "Credential chaining failed\n");
}
{
NTSTATUS status;
struct netr_DatabaseDeltas r;
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
struct netr_Authenticator credential;
struct netr_Authenticator return_authenticator;
struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
r.in.database_id, (unsigned long long)*r.in.sequence_num);
do {
- creds_client_authenticator(creds, &credential);
+ netlogon_creds_client_authenticator(creds, &credential);
status = dcerpc_netr_DatabaseDeltas(p, tctx, &r);
if (NT_STATUS_EQUAL(status,
torture_assert_ntstatus_ok(tctx, status, "DatabaseDeltas");
- if (!creds_client_check(creds, &return_authenticator.cred)) {
+ if (!netlogon_creds_client_check(creds, &return_authenticator.cred)) {
torture_comment(tctx, "Credential chaining failed\n");
}
{
NTSTATUS status;
struct netr_DatabaseRedo r;
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
struct netr_Authenticator credential;
struct netr_Authenticator return_authenticator;
struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
continue;
}
- creds_client_authenticator(creds, &credential);
+ netlogon_creds_client_authenticator(creds, &credential);
r.in.credential = &credential;
}
}
- if (!creds_client_check(creds, &return_authenticator.cred)) {
+ if (!netlogon_creds_client_check(creds, &return_authenticator.cred)) {
torture_comment(tctx, "Credential chaining failed\n");
if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
return false;
{
NTSTATUS status;
struct netr_AccountDeltas r;
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
struct netr_AccountBuffer buffer;
uint32_t count_returned = 0;
r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
r.in.computername = TEST_MACHINE_NAME;
r.in.return_authenticator = &return_authenticator;
- creds_client_authenticator(creds, &r.in.credential);
+ netlogon_creds_client_authenticator(creds, &r.in.credential);
ZERO_STRUCT(r.in.uas);
r.in.count=10;
r.in.level=0;
{
NTSTATUS status;
struct netr_AccountSync r;
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
struct netr_AccountBuffer buffer;
uint32_t count_returned = 0;
r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
r.in.computername = TEST_MACHINE_NAME;
r.in.return_authenticator = &return_authenticator;
- creds_client_authenticator(creds, &r.in.credential);
+ netlogon_creds_client_authenticator(creds, &r.in.credential);
r.in.recordid = &recordid;
r.in.reference=0;
r.in.level=0;
struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
struct netr_Authenticator return_authenticator, credential;
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
const uint32_t database_ids[] = {0, 1, 2};
int i;
torture_comment(tctx, "Testing DatabaseSync2 of id %d\n", r.in.database_id);
do {
- creds_client_authenticator(creds, &credential);
+ netlogon_creds_client_authenticator(creds, &credential);
r.in.credential = &credential;
torture_assert_ntstatus_ok(tctx, status, "DatabaseSync2");
- if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
+ if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
torture_comment(tctx, "Credential chaining failed\n");
}
struct samr_Password old_owf_password;
struct netr_TrustInfo *trust_info;
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
if (!test_SetupCredentials3(p, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS,
machine_credentials, &creds)) {
return false;
}
- creds_client_authenticator(creds, &a);
+ netlogon_creds_client_authenticator(creds, &a);
r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
status = dcerpc_netr_ServerGetTrustInfo(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "failed");
- torture_assert(tctx, creds_client_check(creds, &return_authenticator.cred), "Credential chaining failed");
+ torture_assert(tctx, netlogon_creds_client_check(creds, &return_authenticator.cred), "Credential chaining failed");
return true;
}
struct netr_LogonGetDomainInfo r;
struct netr_DomainQuery1 q1;
struct netr_Authenticator a;
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
union netr_DomainInfo info;
if (!test_SetupCredentials3(p, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS,
ZERO_STRUCT(r);
- creds_client_authenticator(creds, &a);
+ netlogon_creds_client_authenticator(creds, &a);
r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
r.in.computer_name = TEST_MACHINE_NAME;
status = dcerpc_netr_LogonGetDomainInfo(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "netr_LogonGetDomainInfo");
- torture_assert(tctx, creds_client_check(creds, &a.cred), "Credential chaining failed");
+ torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
torture_comment(tctx, "Testing netr_LogonGetDomainInfo 2nd call\n");
- creds_client_authenticator(creds, &a);
+ netlogon_creds_client_authenticator(creds, &a);
status = dcerpc_netr_LogonGetDomainInfo(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "netr_LogonGetDomainInfo");
- torture_assert(tctx, creds_client_check(creds, &a.cred), "Credential chaining failed");
+ torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
return true;
}
struct netr_DomainQuery1 q1;
struct netr_Authenticator a;
#define ASYNC_COUNT 100
- struct creds_CredentialState *creds;
- struct creds_CredentialState *creds_async[ASYNC_COUNT];
+ struct netlogon_creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds_async[ASYNC_COUNT];
struct rpc_request *req[ASYNC_COUNT];
int i;
int *async_counter = talloc(tctx, int);
*async_counter = 0;
for (i=0;i<ASYNC_COUNT;i++) {
- creds_client_authenticator(creds, &a);
+ netlogon_creds_client_authenticator(creds, &a);
- creds_async[i] = (struct creds_CredentialState *)talloc_memdup(creds, creds, sizeof(*creds));
+ creds_async[i] = (struct netlogon_creds_CredentialState *)talloc_memdup(creds, creds, sizeof(*creds));
req[i] = dcerpc_netr_LogonGetDomainInfo_send(p, tctx, &r);
req[i]->async.callback = async_callback;
torture_assert_ntstatus_ok(tctx, status, "netr_LogonGetDomainInfo_async");
torture_assert_ntstatus_ok(tctx, r.out.result, "netr_LogonGetDomainInfo_async");
- torture_assert(tctx, creds_client_check(creds_async[i], &a.cred),
+ torture_assert(tctx, netlogon_creds_client_check(creds_async[i], &a.cred),
"Credential chaining failed at async");
}
uint32_t negotiate_flags,
struct cli_credentials *machine_credentials,
int sec_chan_type,
- struct creds_CredentialState **creds_out);
+ struct netlogon_creds_CredentialState **creds_out);
struct netr_Authenticator auth, auth2;
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
struct gensec_security *gensec_client_context;
struct gensec_security *gensec_server_context;
torture_assert(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), "ndr_push_struct_blob of PACValidate structure failed");
torture_assert(tctx, (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR), "not willing to even try a PACValidate without RC4 encryption");
- creds_arcfour_crypt(creds, pac_wrapped.data, pac_wrapped.length);
+ netlogon_creds_arcfour_crypt(creds, pac_wrapped.data, pac_wrapped.length);
generic.length = pac_wrapped.length;
generic.data = pac_wrapped.data;
logon.generic = &generic;
ZERO_STRUCT(auth2);
- creds_client_authenticator(creds, &auth);
+ netlogon_creds_client_authenticator(creds, &auth);
r.in.credential = &auth;
r.in.return_authenticator = &auth2;
r.in.logon = &logon;
logon.generic = &generic;
ZERO_STRUCT(auth2);
- creds_client_authenticator(creds, &auth);
+ netlogon_creds_client_authenticator(creds, &auth);
r.in.credential = &auth;
r.in.return_authenticator = &auth2;
r.in.logon_level = NetlogonGenericInformation;
torture_assert_ntstatus_equal(tctx, status, NT_STATUS_LOGON_FAILURE, "LogonSamLogon failed");
- torture_assert(tctx, creds_client_check(creds, &r.out.return_authenticator->cred),
+ torture_assert(tctx, netlogon_creds_client_check(creds, &r.out.return_authenticator->cred),
"Credential chaining failed");
/* This will break the parsing nicely (even in the crypto wrapping), check we get INVALID_PARAMETER */
logon.generic = &generic;
ZERO_STRUCT(auth2);
- creds_client_authenticator(creds, &auth);
+ netlogon_creds_client_authenticator(creds, &auth);
r.in.credential = &auth;
r.in.return_authenticator = &auth2;
r.in.logon_level = NetlogonGenericInformation;
torture_assert_ntstatus_equal(tctx, status, NT_STATUS_INVALID_PARAMETER, "LogonSamLogon failed");
- torture_assert(tctx, creds_client_check(creds, &r.out.return_authenticator->cred),
+ torture_assert(tctx, netlogon_creds_client_check(creds,
+ &r.out.return_authenticator->cred),
"Credential chaining failed");
pac_wrapped_struct.ChecksumLength = session_info->server_info->pac_srv_sig.signature.length;
torture_assert(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), "ndr_push_struct_blob of PACValidate structure failed");
torture_assert(tctx, (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR), "not willing to even try a PACValidate without RC4 encryption");
- creds_arcfour_crypt(creds, pac_wrapped.data, pac_wrapped.length);
+ netlogon_creds_arcfour_crypt(creds, pac_wrapped.data, pac_wrapped.length);
generic.length = pac_wrapped.length;
generic.data = pac_wrapped.data;
logon.generic = &generic;
ZERO_STRUCT(auth2);
- creds_client_authenticator(creds, &auth);
+ netlogon_creds_client_authenticator(creds, &auth);
r.in.credential = &auth;
r.in.return_authenticator = &auth2;
r.in.logon_level = NetlogonGenericInformation;
torture_assert_ntstatus_equal(tctx, status, NT_STATUS_LOGON_FAILURE, "LogonSamLogon failed");
- torture_assert(tctx, creds_client_check(creds, &r.out.return_authenticator->cred),
+ torture_assert(tctx, netlogon_creds_client_check(creds, &r.out.return_authenticator->cred),
"Credential chaining failed");
pac_wrapped_struct.ChecksumLength = session_info->server_info->pac_srv_sig.signature.length;
torture_assert(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), "ndr_push_struct_blob of PACValidate structure failed");
torture_assert(tctx, (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR), "not willing to even try a PACValidate without RC4 encryption");
- creds_arcfour_crypt(creds, pac_wrapped.data, pac_wrapped.length);
+ netlogon_creds_arcfour_crypt(creds, pac_wrapped.data, pac_wrapped.length);
generic.length = pac_wrapped.length;
generic.data = pac_wrapped.data;
logon.generic = &generic;
ZERO_STRUCT(auth2);
- creds_client_authenticator(creds, &auth);
+ netlogon_creds_client_authenticator(creds, &auth);
r.in.credential = &auth;
r.in.return_authenticator = &auth2;
r.in.logon_level = NetlogonGenericInformation;
torture_assert_ntstatus_equal(tctx, status, NT_STATUS_INVALID_PARAMETER, "LogonSamLogon failed");
- torture_assert(tctx, creds_client_check(creds, &r.out.return_authenticator->cred),
+ torture_assert(tctx, netlogon_creds_client_check(creds, &r.out.return_authenticator->cred),
"Credential chaining failed");
return true;
}
struct netr_Credential netr_srv_creds;
uint32_t negotiate_flags;
struct netr_ServerAuthenticate2 a;
- struct creds_CredentialState *creds_state;
+ struct netlogon_creds_CredentialState *creds_state;
struct netr_Credential netr_cred;
struct samr_Password mach_pw;
negotiate_flags = NETLOGON_NEG_AUTH2_FLAGS;
E_md4hash(cli_credentials_get_password(wks_cred), mach_pw.hash);
- creds_state = talloc(mem_ctx, struct creds_CredentialState);
- creds_client_init(creds_state, r.in.credentials,
- r.out.return_credentials, &mach_pw,
- &netr_cred, negotiate_flags);
-
a.in.server_name = talloc_asprintf(
mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe));
a.in.account_name = talloc_asprintf(
a.in.credentials = &netr_cred;
a.out.return_credentials = &netr_cred;
+ creds_state = netlogon_creds_client_init(mem_ctx,
+ a.in.account_name,
+ a.in.computer_name,
+ r.in.credentials,
+ r.out.return_credentials, &mach_pw,
+ &netr_cred, negotiate_flags);
+
status = dcerpc_netr_ServerAuthenticate2(net_pipe, mem_ctx, &a);
if (!NT_STATUS_IS_OK(status)) {
d_printf("netr_ServerServerAuthenticate2 failed: %s\n",
goto done;
}
- if (!creds_client_check(creds_state, a.out.return_credentials)) {
+ if (!netlogon_creds_client_check(creds_state, a.out.return_credentials)) {
d_printf("creds_client_check failed\n");
goto done;
}
for (i=2; i<4; i++) {
int flags;
DATA_BLOB chal, nt_resp, lm_resp, names_blob, session_key;
- struct creds_CredentialState *creds_state;
+ struct netlogon_creds_CredentialState *creds_state;
struct netr_Authenticator netr_auth, netr_auth2;
struct netr_NetworkInfo ninfo;
struct netr_PasswordInfo pinfo;
}
creds_state = cli_credentials_get_netlogon_creds(wks_creds);
- creds_client_authenticator(creds_state, &netr_auth);
+ netlogon_creds_client_authenticator(creds_state, &netr_auth);
ninfo.identity_info.account_name.string =
cli_credentials_get_username(user_creds);
}
if ((r.out.return_authenticator == NULL) ||
- (!creds_client_check(creds_state,
+ (!netlogon_creds_client_check(creds_state,
&r.out.return_authenticator->cred))) {
d_printf("Credentials check failed!\n");
goto done;
}
- creds_client_authenticator(creds_state, &netr_auth);
+ netlogon_creds_client_authenticator(creds_state, &netr_auth);
pinfo.identity_info = ninfo.identity_info;
ZERO_STRUCT(pinfo.lmpassword.hash);
}
if ((r.out.return_authenticator == NULL) ||
- (!creds_client_check(creds_state,
+ (!netlogon_creds_client_check(creds_state,
&r.out.return_authenticator->cred))) {
d_printf("Credentials check failed!\n");
goto done;
{
struct netr_ServerPasswordSet s;
char *password = generate_random_str(wks_creds, 8);
- struct creds_CredentialState *creds_state;
+ struct netlogon_creds_CredentialState *creds_state;
struct netr_Authenticator credential, return_authenticator;
struct samr_Password new_password;
E_md4hash(password, new_password.hash);
creds_state = cli_credentials_get_netlogon_creds(wks_creds);
- creds_des_encrypt(creds_state, &new_password);
- creds_client_authenticator(creds_state, &credential);
+ netlogon_creds_des_encrypt(creds_state, &new_password);
+ netlogon_creds_client_authenticator(creds_state, &credential);
status = dcerpc_netr_ServerPasswordSet(net_pipe, mem_ctx, &s);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
- if (!creds_client_check(creds_state,
- &s.out.return_authenticator->cred)) {
+ if (!netlogon_creds_client_check(creds_state,
+ &s.out.return_authenticator->cred)) {
printf("Credential chaining failed\n");
}
struct netr_Credential netr_srv_creds;
uint32_t negotiate_flags;
struct netr_ServerAuthenticate2 a;
- struct creds_CredentialState *creds_state;
+ struct netlogon_creds_CredentialState *creds_state;
struct netr_Credential netr_cred;
struct samr_Password mach_pw;
struct smbcli_state *cli;
negotiate_flags = NETLOGON_NEG_AUTH2_FLAGS;
E_md4hash("foobar", mach_pw.hash);
- creds_state = talloc(mem_ctx, struct creds_CredentialState);
- creds_client_init(creds_state, r.in.credentials,
- r.out.return_credentials, &mach_pw,
- &netr_cred, negotiate_flags);
-
a.in.server_name = talloc_asprintf(
mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe));
a.in.account_name = talloc_asprintf(
a.in.credentials = &netr_cred;
a.out.return_credentials = &netr_cred;
+ creds_state = netlogon_creds_client_init(mem_ctx,
+ a.in.account_name,
+ a.in.computer_name,
+ r.in.credentials,
+ r.out.return_credentials, &mach_pw,
+ &netr_cred, negotiate_flags);
+
+
status = dcerpc_netr_ServerAuthenticate2(net_pipe, mem_ctx, &a);
if (!NT_STATUS_EQUAL(status, NT_STATUS_NO_TRUST_SAM_ACCOUNT)) {
struct netr_LogonSamLogonEx r_ex;
struct netr_LogonSamLogonWithFlags r_flags;
struct netr_Authenticator auth, auth2;
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
NTSTATUS expected_error;
bool old_password; /* Allow an old password to be accepted or rejected without error, as well as session key bugs */
DATA_BLOB chall;
switch (samlogon_state->function_level) {
case NDR_NETR_LOGONSAMLOGON:
ZERO_STRUCT(samlogon_state->auth2);
- creds_client_authenticator(samlogon_state->creds, &samlogon_state->auth);
+ netlogon_creds_client_authenticator(samlogon_state->creds, &samlogon_state->auth);
r->out.return_authenticator = NULL;
status = dcerpc_netr_LogonSamLogon(samlogon_state->p, samlogon_state->mem_ctx, r);
if (!r->out.return_authenticator ||
- !creds_client_check(samlogon_state->creds, &r->out.return_authenticator->cred)) {
+ !netlogon_creds_client_check(samlogon_state->creds, &r->out.return_authenticator->cred)) {
d_printf("Credential chaining failed\n");
}
if (!NT_STATUS_IS_OK(status)) {
validation_level = r->in.validation_level;
- creds_decrypt_samlogon(samlogon_state->creds, validation_level, r->out.validation);
+ netlogon_creds_decrypt_samlogon(samlogon_state->creds, validation_level, r->out.validation);
switch (validation_level) {
case 2:
validation_level = r_ex->in.validation_level;
- creds_decrypt_samlogon(samlogon_state->creds, validation_level, r_ex->out.validation);
+ netlogon_creds_decrypt_samlogon(samlogon_state->creds, validation_level, r_ex->out.validation);
switch (validation_level) {
case 2:
break;
case NDR_NETR_LOGONSAMLOGONWITHFLAGS:
ZERO_STRUCT(samlogon_state->auth2);
- creds_client_authenticator(samlogon_state->creds, &samlogon_state->auth);
+ netlogon_creds_client_authenticator(samlogon_state->creds, &samlogon_state->auth);
r_flags->out.return_authenticator = NULL;
status = dcerpc_netr_LogonSamLogonWithFlags(samlogon_state->p, samlogon_state->mem_ctx, r_flags);
if (!r_flags->out.return_authenticator ||
- !creds_client_check(samlogon_state->creds, &r_flags->out.return_authenticator->cred)) {
+ !netlogon_creds_client_check(samlogon_state->creds, &r_flags->out.return_authenticator->cred)) {
d_printf("Credential chaining failed\n");
}
if (!NT_STATUS_IS_OK(status)) {
validation_level = r_flags->in.validation_level;
- creds_decrypt_samlogon(samlogon_state->creds, validation_level, r_flags->out.validation);
+ netlogon_creds_decrypt_samlogon(samlogon_state->creds, validation_level, r_flags->out.validation);
switch (validation_level) {
case 2:
*/
static bool test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct torture_context *tctx,
- struct creds_CredentialState *creds,
+ struct netlogon_creds_CredentialState *creds,
const char *comment,
const char *account_domain, const char *account_name,
const char *plain_pass, uint32_t parameter_control,
test an ADS style interactive domain logon
*/
bool test_InteractiveLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
- struct creds_CredentialState *creds,
+ struct netlogon_creds_CredentialState *creds,
const char *comment,
const char *workstation_name,
const char *account_domain, const char *account_name,
ZERO_STRUCT(logon);
ZERO_STRUCT(validation);
- creds_client_authenticator(creds, &a);
+ netlogon_creds_client_authenticator(creds, &a);
logon.password = &pinfo;
E_md4hash(plain_pass, pinfo.ntpassword.hash);
if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
- creds_arcfour_crypt(creds, pinfo.lmpassword.hash, 16);
- creds_arcfour_crypt(creds, pinfo.ntpassword.hash, 16);
+ netlogon_creds_arcfour_crypt(creds, pinfo.lmpassword.hash, 16);
+ netlogon_creds_arcfour_crypt(creds, pinfo.ntpassword.hash, 16);
} else {
- creds_des_encrypt(creds, &pinfo.lmpassword);
- creds_des_encrypt(creds, &pinfo.ntpassword);
+ netlogon_creds_des_encrypt(creds, &pinfo.lmpassword);
+ netlogon_creds_des_encrypt(creds, &pinfo.ntpassword);
}
d_printf("Testing netr_LogonSamLogonWithFlags '%s' (Interactive Logon)\n", comment);
status = dcerpc_netr_LogonSamLogonWithFlags(p, fn_ctx, &r);
if (!r.out.return_authenticator
- || !creds_client_check(creds, &r.out.return_authenticator->cred)) {
+ || !netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
d_printf("Credential chaining failed\n");
talloc_free(fn_ctx);
return false;
0 /* yes, this is a valid flag, causes the use of DES */
};
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
test_machine_account = talloc_asprintf(mem_ctx, "%s$", TEST_MACHINE_NAME);
/* We only need to join as a workstation here, and in future,
static bool test_SamLogon_Creds(struct dcerpc_pipe *p, struct torture_context *tctx,
struct cli_credentials *machine_credentials,
struct cli_credentials *test_credentials,
- struct creds_CredentialState *creds,
+ struct netlogon_creds_CredentialState *creds,
NTSTATUS expected_result)
{
NTSTATUS status;
d_printf("Testing LogonSamLogon with name %s\n", ninfo.identity_info.account_name.string);
ZERO_STRUCT(auth2);
- creds_client_authenticator(creds, &auth);
+ netlogon_creds_client_authenticator(creds, &auth);
r.in.validation_level = 2;
torture_assert_ntstatus_ok(tctx, status, "LogonSamLogon failed");
}
- torture_assert(tctx, creds_client_check(creds, &r.out.return_authenticator->cred),
+ torture_assert(tctx, netlogon_creds_client_check(creds, &r.out.return_authenticator->cred),
"Credential chaining failed");
return true;
struct cli_credentials *test_credentials,
NTSTATUS expected_result)
{
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
return false;
try a netlogon SamLogon
*/
static NTSTATUS test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
- struct creds_CredentialState *creds,
+ struct netlogon_creds_CredentialState *creds,
const char *domain, const char *account_name,
const char *workstation,
struct samr_Password *lm_hash,
r.out.authoritative = &authoritative;
ZERO_STRUCT(auth2);
- creds_client_authenticator(creds, &auth);
+ netlogon_creds_client_authenticator(creds, &auth);
r.in.validation_level = 3;
status = dcerpc_netr_LogonSamLogon(p, mem_ctx, &r);
- if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
+ if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
printf("Credential chaining failed\n");
}
const char *domain_name[2];
struct samsync_secret *secrets;
struct samsync_trusted_domain *trusted_domains;
- struct creds_CredentialState *creds;
- struct creds_CredentialState *creds_netlogon_wksta;
+ struct netlogon_creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds_netlogon_wksta;
struct policy_handle *connect_handle;
struct policy_handle *domain_handle[2];
struct dom_sid *sid[2];
enum ndr_err_code ndr_err;
data.data = user->user_private_info.SensitiveData;
data.length = user->user_private_info.DataLength;
- creds_arcfour_crypt(samsync_state->creds, data.data, data.length);
+ netlogon_creds_arcfour_crypt(samsync_state->creds, data.data, data.length);
ndr_err = ndr_pull_struct_blob(&data, mem_ctx, lp_iconv_convenience(tctx->lp_ctx), &keys, (ndr_pull_flags_fn_t)ndr_pull_netr_USER_KEYS);
if (NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
if (keys.keys.keys2.lmpassword.length == 16) {
DATA_BLOB lsa_blob1, lsa_blob_out, session_key;
NTSTATUS status;
- creds_arcfour_crypt(samsync_state->creds, secret->current_cipher.cipher_data,
+ netlogon_creds_arcfour_crypt(samsync_state->creds, secret->current_cipher.cipher_data,
secret->current_cipher.maxlen);
- creds_arcfour_crypt(samsync_state->creds, secret->old_cipher.cipher_data,
+ netlogon_creds_arcfour_crypt(samsync_state->creds, secret->old_cipher.cipher_data,
secret->old_cipher.maxlen);
nsec->name = talloc_reference(nsec, name);
do {
loop_ctx = talloc_named(mem_ctx, 0, "DatabaseSync loop context");
- creds_client_authenticator(samsync_state->creds, &credential);
+ netlogon_creds_client_authenticator(samsync_state->creds, &credential);
r.in.credential = &credential;
break;
}
- if (!creds_client_check(samsync_state->creds, &r.out.return_authenticator->cred)) {
+ if (!netlogon_creds_client_check(samsync_state->creds, &r.out.return_authenticator->cred)) {
printf("Credential chaining failed\n");
}
do {
loop_ctx = talloc_named(mem_ctx, 0, "test_DatabaseDeltas loop context");
- creds_client_authenticator(samsync_state->creds, &credential);
+ netlogon_creds_client_authenticator(samsync_state->creds, &credential);
status = dcerpc_netr_DatabaseDeltas(samsync_state->p, loop_ctx, &r);
if (!NT_STATUS_IS_OK(status) &&
ret = false;
}
- if (!creds_client_check(samsync_state->creds, &return_authenticator.cred)) {
+ if (!netlogon_creds_client_check(samsync_state->creds, &return_authenticator.cred)) {
printf("Credential chaining failed\n");
}
try a netlogon DatabaseSync2
*/
static bool test_DatabaseSync2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
- struct creds_CredentialState *creds)
+ struct netlogon_creds_CredentialState *creds)
{
NTSTATUS status;
TALLOC_CTX *loop_ctx;
do {
loop_ctx = talloc_named(mem_ctx, 0, "test_DatabaseSync2 loop context");
- creds_client_authenticator(creds, &credential);
+ netlogon_creds_client_authenticator(creds, &credential);
r.in.credential = &credential;
ret = false;
}
- if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
+ if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
printf("Credential chaining failed\n");
}
*/
bool test_netlogon_ex_ops(struct dcerpc_pipe *p, struct torture_context *tctx,
struct cli_credentials *credentials,
- struct creds_CredentialState *creds)
+ struct netlogon_creds_CredentialState *creds)
{
NTSTATUS status;
struct netr_LogonSamLogonEx r;
struct dcerpc_pipe *p_netlogon3 = NULL;
struct dcerpc_pipe *p_samr2 = NULL;
struct dcerpc_pipe *p_lsa = NULL;
- struct creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds;
struct cli_credentials *credentials;
join_ctx = torture_join_domain(tctx,
{
struct netr_ServerPasswordSet pwset;
char *password = generate_random_str(s->join_ctx1, 8);
- struct creds_CredentialState *creds_state;
+ struct netlogon_creds_CredentialState *creds_state;
struct dcerpc_pipe *net_pipe;
struct netr_Authenticator credential, return_authenticator;
struct samr_Password new_password;
creds_state = cli_credentials_get_netlogon_creds(
s->wks_creds1);
- creds_des_encrypt(creds_state, &new_password);
- creds_client_authenticator(creds_state, &credential);
+ netlogon_creds_des_encrypt(creds_state, &new_password);
+ netlogon_creds_client_authenticator(creds_state, &credential);
status = dcerpc_netr_ServerPasswordSet(net_pipe, torture, &pwset);
torture_assert_ntstatus_ok(torture, status,
"ServerPasswordSet failed");
- if (!creds_client_check(creds_state,
+ if (!netlogon_creds_client_check(creds_state,
&pwset.out.return_authenticator->cred)) {
printf("Credential chaining failed\n");
}
struct winbind_SamLogon *req;
- struct creds_CredentialState *creds_state;
+ struct netlogon_creds_CredentialState *creds_state;
struct netr_Authenticator auth1, auth2;
TALLOC_CTX *r_mem_ctx;
if (!composite_is_ok(s->ctx)) return;
s->creds_state = cli_credentials_get_netlogon_creds(domain->libnet_ctx->cred);
- creds_client_authenticator(s->creds_state, &s->auth1);
+ netlogon_creds_client_authenticator(s->creds_state, &s->auth1);
s->r.in.server_name = talloc_asprintf(s, "\\\\%s",
dcerpc_server_name(domain->netlogon_pipe));
if (!composite_is_ok(s->ctx)) return;
if ((s->r.out.return_authenticator == NULL) ||
- (!creds_client_check(s->creds_state,
- &s->r.out.return_authenticator->cred))) {
+ (!netlogon_creds_client_check(s->creds_state,
+ &s->r.out.return_authenticator->cred))) {
DEBUG(0, ("Credentials check failed!\n"));
composite_error(s->ctx, NT_STATUS_ACCESS_DENIED);
return;
/* Decrypt the session keys before we reform the info3, so the
* person on the other end of winbindd pipe doesn't have to.
* They won't have the encryption key anyway */
- creds_decrypt_samlogon(s->creds_state,
- s->r.in.validation_level,
- s->r.out.validation);
+ netlogon_creds_decrypt_samlogon(s->creds_state,
+ s->r.in.validation_level,
+ s->r.out.validation);
composite_done(s->ctx);
}