From: Stefan Metzmacher Date: Wed, 16 Oct 2024 15:47:22 +0000 (+0200) Subject: libcli/auth: split out netlogon_creds_alloc() X-Git-Tag: ldb-2.9.2~36 X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=c3b5697dd2e64c07852d2f2864d04d538f5024c1;p=thirdparty%2Fsamba.git libcli/auth: split out netlogon_creds_alloc() Review with: git show --patience BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425 Signed-off-by: Stefan Metzmacher Reviewed-by: Douglas Bagnall (cherry picked from commit e9767315cf06bcb257b40014441dd4cd9aad0fb0) --- diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c index 75ac4ddb0f2..c9c8ddb5394 100644 --- a/libcli/auth/credentials.c +++ b/libcli/auth/credentials.c @@ -473,37 +473,27 @@ NTSTATUS netlogon_creds_aes_decrypt(struct netlogon_creds_CredentialState *creds return NT_STATUS_OK; } -/***************************************************************** -The above functions are common to the client and server interface -next comes the client specific functions -******************************************************************/ - -/* - initialise the credentials chain and return the first client - credentials -*/ - -struct netlogon_creds_CredentialState *netlogon_creds_client_init(TALLOC_CTX *mem_ctx, - const char *client_account, - const char *client_computer_name, - uint16_t secure_channel_type, - const struct netr_Credential *client_challenge, - const struct netr_Credential *server_challenge, - const struct samr_Password *machine_password, - struct netr_Credential *initial_credential, - uint32_t client_requested_flags, - uint32_t negotiate_flags) +static struct netlogon_creds_CredentialState * +netlogon_creds_alloc(TALLOC_CTX *mem_ctx, + const char *client_account, + const char *client_computer_name, + uint16_t secure_channel_type, + uint32_t client_requested_flags, + const struct dom_sid *client_sid, + uint32_t negotiate_flags) { - struct netlogon_creds_CredentialState *creds = talloc_zero(mem_ctx, struct netlogon_creds_CredentialState); + struct netlogon_creds_CredentialState *creds = NULL; struct timeval tv = timeval_current(); NTTIME now = timeval_to_nttime(&tv); - NTSTATUS status; - if (!creds) { + creds = talloc_zero(mem_ctx, struct netlogon_creds_CredentialState); + if (creds == NULL) { return NULL; } - creds->sequence = tv.tv_sec; + if (client_sid == NULL) { + creds->sequence = tv.tv_sec; + } creds->negotiate_flags = negotiate_flags; creds->secure_channel_type = secure_channel_type; @@ -526,7 +516,49 @@ struct netlogon_creds_CredentialState *netlogon_creds_client_init(TALLOC_CTX *me } creds->ex->client_requested_flags = client_requested_flags; creds->ex->auth_time = now; - creds->ex->client_sid = global_sid_NULL; + if (client_sid != NULL) { + creds->ex->client_sid = *client_sid; + } else { + creds->ex->client_sid = global_sid_NULL; + } + + return creds; +} + +/***************************************************************** +The above functions are common to the client and server interface +next comes the client specific functions +******************************************************************/ + +/* + initialise the credentials chain and return the first client + credentials +*/ + +struct netlogon_creds_CredentialState *netlogon_creds_client_init(TALLOC_CTX *mem_ctx, + const char *client_account, + const char *client_computer_name, + uint16_t secure_channel_type, + const struct netr_Credential *client_challenge, + const struct netr_Credential *server_challenge, + const struct samr_Password *machine_password, + struct netr_Credential *initial_credential, + uint32_t client_requested_flags, + uint32_t negotiate_flags) +{ + struct netlogon_creds_CredentialState *creds = NULL; + NTSTATUS status; + + creds = netlogon_creds_alloc(mem_ctx, + client_account, + client_computer_name, + secure_channel_type, + client_requested_flags, + NULL, /* client_sid */ + negotiate_flags); + if (!creds) { + return NULL; + } dump_data_pw("Client chall", client_challenge->data, sizeof(client_challenge->data)); dump_data_pw("Server chall", server_challenge->data, sizeof(server_challenge->data)); @@ -674,20 +706,21 @@ struct netlogon_creds_CredentialState *netlogon_creds_server_init(TALLOC_CTX *me const struct dom_sid *client_sid, uint32_t negotiate_flags) { - - struct netlogon_creds_CredentialState *creds = talloc_zero(mem_ctx, struct netlogon_creds_CredentialState); - struct timeval tv = timeval_current(); - NTTIME now = timeval_to_nttime(&tv); + struct netlogon_creds_CredentialState *creds = NULL; NTSTATUS status; bool ok; + creds = netlogon_creds_alloc(mem_ctx, + client_account, + client_computer_name, + secure_channel_type, + client_requested_flags, + client_sid, + negotiate_flags); if (!creds) { return NULL; } - creds->negotiate_flags = negotiate_flags; - creds->secure_channel_type = secure_channel_type; - dump_data_pw("Client chall", client_challenge->data, sizeof(client_challenge->data)); dump_data_pw("Server chall", server_challenge->data, sizeof(server_challenge->data)); dump_data_pw("Machine Pass", machine_password->hash, sizeof(machine_password->hash)); @@ -706,27 +739,6 @@ struct netlogon_creds_CredentialState *netlogon_creds_server_init(TALLOC_CTX *me return NULL; } - creds->computer_name = talloc_strdup(creds, client_computer_name); - if (!creds->computer_name) { - talloc_free(creds); - return NULL; - } - creds->account_name = talloc_strdup(creds, client_account); - if (!creds->account_name) { - talloc_free(creds); - return NULL; - } - - creds->ex = talloc_zero(creds, - struct netlogon_creds_CredentialState_extra_info); - if (creds->ex == NULL) { - talloc_free(creds); - return NULL; - } - creds->ex->client_requested_flags = client_requested_flags; - creds->ex->auth_time = now; - creds->ex->client_sid = *client_sid; - if (negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { status = netlogon_creds_init_hmac_sha256(creds, client_challenge,