1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

r5928: Use cli_credentials in:

- gtk+ (returned by GtkHostBindingDialog as well now)
 - torture/
 - librpc/
 - lib/com/dcom/
This commit is contained in:
Jelmer Vernooij 2005-03-21 21:22:07 +00:00 committed by Gerald (Jerry) Carter
parent e5bc6f4f17
commit ccefd78233
31 changed files with 186 additions and 278 deletions

View File

@ -2555,10 +2555,7 @@ static BOOL browse_host(const char *query_host)
status = dcerpc_pipe_connect(&p, binding,
DCERPC_SRVSVC_UUID,
DCERPC_SRVSVC_VERSION,
lp_netbios_name(),
cli_credentials_get_domain(cmdline_credentials),
cli_credentials_get_username(cmdline_credentials),
cli_credentials_get_password(cmdline_credentials));
cmdline_credentials);
if (!NT_STATUS_IS_OK(status)) {
d_printf("Failed to connect to %s - %s\n",
binding, nt_errstr(status));

View File

@ -297,19 +297,14 @@ GtkWidget *gtk_rpc_binding_dialog_new (BOOL nocredentials, struct sam_pipe *sam_
return GTK_WIDGET(d);
}
const char *gtk_rpc_binding_dialog_get_username(GtkRpcBindingDialog *d)
struct cli_credentials *gtk_rpc_binding_dialog_get_credentials(GtkRpcBindingDialog *d)
{
return gtk_entry_get_text(GTK_ENTRY(d->entry_username));
}
const char *gtk_rpc_binding_dialog_get_userdomain(GtkRpcBindingDialog *d)
{
return gtk_entry_get_text(GTK_ENTRY(d->entry_userdomain));
}
const char *gtk_rpc_binding_dialog_get_password(GtkRpcBindingDialog *d)
{
return gtk_entry_get_text(GTK_ENTRY(d->entry_password));
struct cli_credentials *ret = talloc(d->mem_ctx, struct cli_credentials);
cli_credentials_set_username(ret, gtk_entry_get_text(GTK_ENTRY(d->entry_username)), CRED_SPECIFIED);
cli_credentials_set_password(ret, gtk_entry_get_text(GTK_ENTRY(d->entry_password)), CRED_SPECIFIED);
cli_credentials_set_domain(ret, gtk_entry_get_text(GTK_ENTRY(d->entry_userdomain)), CRED_SPECIFIED);
return ret;
}
const char *gtk_rpc_binding_dialog_get_host(GtkRpcBindingDialog *d)

View File

@ -71,9 +71,7 @@ const char *gtk_select_host_dialog_get_host (GtkSelectHostDialog *d);
GType gtk_select_host_dialog_get_type (void);
void gtk_show_werror(GtkWidget *win, WERROR err);
const char *gtk_rpc_binding_dialog_get_binding_string(GtkRpcBindingDialog *d, TALLOC_CTX *mem_ctx);
const char *gtk_rpc_binding_dialog_get_username(GtkRpcBindingDialog *d);
const char *gtk_rpc_binding_dialog_get_userdomain(GtkRpcBindingDialog *d);
const char *gtk_rpc_binding_dialog_get_password(GtkRpcBindingDialog *d);
struct cli_credentials *gtk_rpc_binding_dialog_get_credentials(GtkRpcBindingDialog *d);
const char *gtk_rpc_binding_dialog_get_host(GtkRpcBindingDialog *d);
GtkWidget *gtk_select_domain_dialog_new (struct dcerpc_pipe *sam_pipe);
GType gtk_select_domain_dialog_get_type (void);

View File

@ -25,6 +25,7 @@
#include "librpc/gen_ndr/ndr_mgmt.h"
#include "gtk/common/select.h"
#include "gtk/common/gtk-smb.h"
#include "lib/cmdline/popt_common.h"
/*
* Show:
@ -189,7 +190,7 @@ static void on_connect_clicked(GtkButton *btn, gpointer user_data)
status = dcerpc_pipe_connect(&epmapper_pipe, bs,
DCERPC_EPMAPPER_UUID, DCERPC_EPMAPPER_VERSION,
lp_netbios_name(), lp_workgroup(), "", "");
cmdline_credentials);
if (NT_STATUS_IS_ERR(status)) {
gtk_show_ntstatus(mainwin, status);

View File

@ -405,8 +405,7 @@ static void on_open_remote_activate(GtkMenuItem *menuitem, gpointer user_data)
}
error = reg_open_remote(&registry,
gtk_rpc_binding_dialog_get_username(GTK_RPC_BINDING_DIALOG(rpcwin)),
gtk_rpc_binding_dialog_get_password(GTK_RPC_BINDING_DIALOG(rpcwin)),
gtk_rpc_binding_dialog_get_credentials(GTK_RPC_BINDING_DIALOG(rpcwin)),
gtk_rpc_binding_dialog_get_binding_string(GTK_RPC_BINDING_DIALOG(rpcwin), mem_ctx));
if(!W_ERROR_IS_OK(error)) {

View File

@ -107,10 +107,7 @@ on_connect_activate (GtkMenuItem *menuitem,
gtk_rpc_binding_dialog_get_binding(d, mem_ctx),
DCERPC_ATSVC_UUID,
DCERPC_ATSVC_VERSION,
lp_netbios_name(),
gtk_rpc_binding_dialog_get_userdomain(d),
gtk_rpc_binding_dialog_get_username(d),
gtk_rpc_binding_dialog_get_password(d));
gtk_rpc_binding_dialog_get_credentials(d));
if(!NT_STATUS_IS_OK(status)) {
gtk_show_ntstatus(mainwin, status);

View File

@ -131,10 +131,8 @@ static void connect_sam(void)
status = dcerpc_pipe_connect_b(&sam_pipe,
gtk_rpc_binding_dialog_get_binding(d, mem_ctx),
DCERPC_SAMR_UUID, DCERPC_SAMR_VERSION,
lp_netbios_name(),
gtk_rpc_binding_dialog_get_userdomain(d),
gtk_rpc_binding_dialog_get_username(d),
gtk_rpc_binding_dialog_get_password(d));
gtk_rpc_binding_dialog_get_credentials(d)
);
if(!NT_STATUS_IS_OK(status)) {
gtk_show_ntstatus(mainwin, status);

View File

@ -51,3 +51,5 @@ struct cli_credentials {
void *priv_data;
};
#define cli_credentials_is_anonymous(c) (!(c) || !(c)->username || !(c)->username[0])

View File

@ -22,9 +22,7 @@
#define _DCOM_H
struct dcom_client_context {
const char *domain;
const char *user;
const char *password;
struct cli_credentials *credentials;
struct dcom_object_exporter {
uint64_t oxid;
struct DUALSTRINGARRAY bindings;

View File

@ -30,12 +30,10 @@
#define DCOM_NEGOTIATED_PROTOCOLS { EPM_PROTOCOL_TCP, EPM_PROTOCOL_SMB, EPM_PROTOCOL_NCALRPC }
struct dcom_client_context *dcom_client_init(struct com_context *ctx, const char *domain, const char *user, const char *password)
struct dcom_client_context *dcom_client_init(struct com_context *ctx, struct cli_credentials *credentials)
{
ctx->dcom = talloc(ctx, struct dcom_client_context);
ctx->dcom->domain = domain;
ctx->dcom->user = user;
ctx->dcom->password = password;
ctx->dcom->credentials = credentials;
return ctx->dcom;
}
@ -86,8 +84,7 @@ static NTSTATUS dcom_connect_host(struct com_context *ctx, struct dcerpc_pipe **
return dcerpc_pipe_connect(p, "ncalrpc",
DCERPC_IREMOTEACTIVATION_UUID,
DCERPC_IREMOTEACTIVATION_VERSION,
lp_netbios_name(),
ctx->dcom->domain, ctx->dcom->user, ctx->dcom->password);
ctx->dcom->credentials);
}
/* Allow server name to contain a binding string */
@ -95,8 +92,7 @@ static NTSTATUS dcom_connect_host(struct com_context *ctx, struct dcerpc_pipe **
status = dcerpc_pipe_connect_b(p, bd,
DCERPC_IREMOTEACTIVATION_UUID,
DCERPC_IREMOTEACTIVATION_VERSION,
lp_netbios_name(),
ctx->dcom->domain, ctx->dcom->user, ctx->dcom->password);
ctx->dcom->credentials);
talloc_free(mem_ctx);
return status;
@ -113,8 +109,7 @@ static NTSTATUS dcom_connect_host(struct com_context *ctx, struct dcerpc_pipe **
status = dcerpc_pipe_connect(p, binding,
DCERPC_IREMOTEACTIVATION_UUID,
DCERPC_IREMOTEACTIVATION_VERSION,
lp_netbios_name(),
ctx->dcom->domain, ctx->dcom->user, ctx->dcom->password);
ctx->dcom->credentials);
if (NT_STATUS_IS_OK(status)) {
talloc_free(mem_ctx);
@ -308,10 +303,7 @@ NTSTATUS dcom_get_pipe (struct IUnknown *iface, struct dcerpc_pipe **pp)
} else {
status = dcerpc_pipe_connect_b(&p, binding,
uuid, 0.0,
lp_netbios_name(),
iface->ctx->dcom->domain,
iface->ctx->dcom->user,
iface->ctx->dcom->password);
iface->ctx->dcom->credentials);
}
talloc_free(binding);
i++;

View File

@ -24,6 +24,10 @@
const char *cli_credentials_get_username(struct cli_credentials *cred)
{
if (cred == NULL) {
return NULL;
}
if (cred->username_obtained == CRED_CALLBACK) {
cred->username = cred->username_cb(cred);
cred->username_obtained = CRED_SPECIFIED;
@ -45,6 +49,10 @@ BOOL cli_credentials_set_username(struct cli_credentials *cred, const char *val,
const char *cli_credentials_get_password(struct cli_credentials *cred)
{
if (cred == NULL) {
return NULL;
}
if (cred->password_obtained == CRED_CALLBACK) {
cred->password = cred->password_cb(cred);
cred->password_obtained = CRED_SPECIFIED;
@ -66,6 +74,10 @@ BOOL cli_credentials_set_password(struct cli_credentials *cred, const char *val,
const char *cli_credentials_get_domain(struct cli_credentials *cred)
{
if (cred == NULL) {
return NULL;
}
if (cred->domain_obtained == CRED_CALLBACK) {
cred->domain = cred->domain_cb(cred);
cred->domain_obtained = CRED_SPECIFIED;
@ -87,7 +99,11 @@ BOOL cli_credentials_set_domain(struct cli_credentials *cred, const char *val, e
}
const char *cli_credentials_get_realm(struct cli_credentials *cred)
{
{
if (cred == NULL) {
return NULL;
}
if (cred->realm_obtained == CRED_CALLBACK) {
cred->realm = cred->realm_cb(cred);
cred->realm_obtained = CRED_SPECIFIED;
@ -109,6 +125,10 @@ BOOL cli_credentials_set_realm(struct cli_credentials *cred, const char *val, en
const char *cli_credentials_get_workstation(struct cli_credentials *cred)
{
if (cred == NULL) {
return NULL;
}
if (cred->workstation_obtained == CRED_CALLBACK) {
cred->workstation = cred->workstation_cb(cred);
cred->workstation_obtained = CRED_SPECIFIED;
@ -246,7 +266,7 @@ void cli_credentials_parse_string(struct cli_credentials *credentials, const cha
uname = talloc_strdup(credentials, data);
cli_credentials_set_username(credentials, uname, obtained);
if ((p = strchr_m(uname,'\\'))) {
if ((p = strchr_m(uname,'\\')) || (p = strchr_m(uname, '/'))) {
*p = 0;
cli_credentials_set_domain(credentials, uname, obtained);
credentials->username = uname = p+1;

View File

@ -369,7 +369,7 @@ static struct hive_operations reg_backend_rpc = {
.num_values = rpc_num_values,
};
WERROR reg_open_remote (struct registry_context **ctx, const char *user, const char *pass, const char *location)
WERROR reg_open_remote (struct registry_context **ctx, struct cli_credentials *credentials, const char *location)
{
NTSTATUS status;
struct dcerpc_pipe *p;
@ -384,9 +384,7 @@ WERROR reg_open_remote (struct registry_context **ctx, const char *user, const c
status = dcerpc_pipe_connect(&p, location,
DCERPC_WINREG_UUID,
DCERPC_WINREG_VERSION,
lp_netbios_name(),
lp_workgroup(),
user, pass);
credentials);
(*ctx)->backend_data = p;
if(NT_STATUS_IS_ERR(status)) {

View File

@ -146,8 +146,9 @@ static void writediff(struct registry_key *oldkey, struct registry_key *newkey,
else if (!h2) error = reg_open_local(&h2);
break;
case 'R':
if (!h1 && !from_null) error = reg_open_remote(&h1, cli_credentials_get_username(cmdline_credentials), cli_credentials_get_password(cmdline_credentials), poptGetOptArg(pc));
else if (!h2) error = reg_open_remote(&h2, cli_credentials_get_username(cmdline_credentials), cli_credentials_get_password(cmdline_credentials), poptGetOptArg(pc));
if (!h1 && !from_null)
error = reg_open_remote(&h1, cmdline_credentials, poptGetOptArg(pc));
else if (!h2) error = reg_open_remote(&h2, cmdline_credentials, poptGetOptArg(pc));
break;
}

View File

@ -769,7 +769,7 @@ static int nt_apply_reg_command_file(struct registry_context *r, const char *cmd
setup_logging(argv[0], True);
if (remote) {
error = reg_open_remote (&h, cli_credentials_get_username(cmdline_credentials), cli_credentials_get_password(cmdline_credentials), remote);
error = reg_open_remote (&h, cmdline_credentials, remote);
} else {
error = reg_open_local (&h);
}

View File

@ -395,7 +395,7 @@ static char **reg_completion(const char *text, int start, int end)
setup_logging("regtree", True);
if (remote) {
error = reg_open_remote (&h, cli_credentials_get_username(cmdline_credentials), cli_credentials_get_password(cmdline_credentials), remote);
error = reg_open_remote (&h, cmdline_credentials, remote);
} else if (backend) {
error = reg_open_hive(NULL, backend, poptGetArg(pc), NULL, &curkey);
} else {

View File

@ -105,7 +105,7 @@ static void print_tree(int l, struct registry_key *p, int fullpath, int novals)
setup_logging("regtree", True);
if (remote) {
error = reg_open_remote(&h, cli_credentials_get_username(cmdline_credentials), cli_credentials_get_password(cmdline_credentials), remote);
error = reg_open_remote(&h, cmdline_credentials, remote);
} else if (backend) {
error = reg_open_hive(NULL, backend, poptGetArg(pc), NULL, &root);
} else {

View File

@ -506,61 +506,6 @@ BOOL gensec_have_feature(struct gensec_security *gensec_security,
return gensec_security->ops->have_feature(gensec_security, feature);
}
/**
* Set a username on a GENSEC context - ensures it is talloc()ed
*
*/
NTSTATUS gensec_set_unparsed_username(struct gensec_security *gensec_security, const char *user)
{
char *p;
char *u = talloc_strdup(gensec_security, user);
if (!u) {
return NT_STATUS_NO_MEMORY;
}
p = strchr_m(user, '@');
if (p) {
*p = '\0';
gensec_security->user.name = talloc_strdup(gensec_security, u);
if (!gensec_security->user.name) {
return NT_STATUS_NO_MEMORY;
}
gensec_security->user.realm = talloc_strdup(gensec_security, p+1);
if (!gensec_security->user.realm) {
return NT_STATUS_NO_MEMORY;
}
return NT_STATUS_OK;
}
p = strchr_m(user, '\\');
if (!p) {
p = strchr_m(user, '/');
}
if (p) {
*p = '\0';
gensec_security->user.domain = talloc_strdup(gensec_security, u);
if (!gensec_security->user.domain) {
return NT_STATUS_NO_MEMORY;
}
gensec_security->user.name = talloc_strdup(gensec_security, p+1);
if (!gensec_security->user.name) {
return NT_STATUS_NO_MEMORY;
}
return NT_STATUS_OK;
}
gensec_security->user.name = u;
if (!gensec_security->user.name) {
return NT_STATUS_NO_MEMORY;
}
return NT_STATUS_OK;
}
/**
* Set a username on a GENSEC context - ensures it is talloc()ed
*
@ -569,7 +514,7 @@ NTSTATUS gensec_set_unparsed_username(struct gensec_security *gensec_security, c
NTSTATUS gensec_set_username(struct gensec_security *gensec_security, const char *user)
{
gensec_security->user.name = talloc_strdup(gensec_security, user);
if (!gensec_security->user.name) {
if (user && !gensec_security->user.name) {
return NT_STATUS_NO_MEMORY;
}
return NT_STATUS_OK;
@ -596,7 +541,7 @@ const char *gensec_get_username(struct gensec_security *gensec_security)
NTSTATUS gensec_set_domain(struct gensec_security *gensec_security, const char *domain)
{
gensec_security->user.domain = talloc_strdup(gensec_security, domain);
if (!gensec_security->user.domain) {
if (domain && !gensec_security->user.domain) {
return NT_STATUS_NO_MEMORY;
}
return NT_STATUS_OK;
@ -625,7 +570,7 @@ const char *gensec_get_domain(struct gensec_security *gensec_security)
NTSTATUS gensec_set_workstation(struct gensec_security *gensec_security, const char *workstation)
{
gensec_security->user.workstation = talloc_strdup(gensec_security, workstation);
if (!gensec_security->user.workstation) {
if (workstation && !gensec_security->user.workstation) {
return NT_STATUS_NO_MEMORY;
}
return NT_STATUS_OK;
@ -653,7 +598,7 @@ const char *gensec_get_workstation(struct gensec_security *gensec_security)
NTSTATUS gensec_set_realm(struct gensec_security *gensec_security, const char *realm)
{
gensec_security->user.realm = talloc_strdup(gensec_security, realm);
if (!gensec_security->user.realm) {
if (realm && !gensec_security->user.realm) {
return NT_STATUS_NO_MEMORY;
}
return NT_STATUS_OK;

View File

@ -101,10 +101,7 @@ static NTSTATUS libnet_rpc_connect_standard(struct libnet_context *ctx, TALLOC_C
binding,
r->standard.in.dcerpc_iface_uuid,
r->standard.in.dcerpc_iface_version,
lp_netbios_name(),
cli_credentials_get_domain(ctx->credentials),
cli_credentials_get_username(ctx->credentials),
cli_credentials_get_password(ctx->credentials));
ctx->credentials);
if (!NT_STATUS_IS_OK(status)) {
r->standard.out.error_string = talloc_asprintf(mem_ctx,
"dcerpc_pipe_connect to pipe %s failed with %s\n",

View File

@ -143,10 +143,7 @@ done:
*/
NTSTATUS dcerpc_bind_auth_password(struct dcerpc_pipe *p,
const char *uuid, uint_t version,
const char *workstation,
const char *domain,
const char *username,
const char *password,
struct cli_credentials *credentials,
uint8_t auth_type,
const char *service)
{
@ -162,28 +159,32 @@ NTSTATUS dcerpc_bind_auth_password(struct dcerpc_pipe *p,
return status;
}
status = gensec_set_workstation(p->conn->security_state.generic_state, workstation);
status = gensec_set_workstation(p->conn->security_state.generic_state,
cli_credentials_get_workstation(credentials));
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to start set GENSEC client workstation name to %s: %s\n",
workstation, nt_errstr(status)));
cli_credentials_get_workstation(credentials), nt_errstr(status)));
return status;
}
status = gensec_set_domain(p->conn->security_state.generic_state, domain);
status = gensec_set_domain(p->conn->security_state.generic_state,
cli_credentials_get_domain(credentials));
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to start set GENSEC client domain to %s: %s\n",
domain, nt_errstr(status)));
cli_credentials_get_domain(credentials), nt_errstr(status)));
return status;
}
status = gensec_set_username(p->conn->security_state.generic_state, username);
status = gensec_set_username(p->conn->security_state.generic_state,
cli_credentials_get_username(credentials));
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to start set GENSEC client username to %s: %s\n",
username, nt_errstr(status)));
cli_credentials_get_username(credentials), nt_errstr(status)));
return status;
}
status = gensec_set_password(p->conn->security_state.generic_state, password);
status = gensec_set_password(p->conn->security_state.generic_state,
cli_credentials_get_password(credentials));
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to start set GENSEC client password: %s\n",
nt_errstr(status)));

View File

@ -295,10 +295,7 @@ static NTSTATUS dcerpc_schannel_client_start(struct gensec_security *gensec_secu
get a schannel key using a netlogon challenge on a secondary pipe
*/
static NTSTATUS dcerpc_schannel_key(struct dcerpc_pipe *p,
const char *workstation,
const char *domain,
const char *username,
const char *password,
struct cli_credentials *credentials,
int chan_type,
struct creds_CredentialState *creds)
{
@ -319,7 +316,7 @@ static NTSTATUS dcerpc_schannel_key(struct dcerpc_pipe *p,
negotiate_flags = NETLOGON_NEG_AUTH2_FLAGS;
}
workgroup = domain;
workgroup = cli_credentials_get_domain(credentials);
tmp_ctx = talloc_new(NULL);
@ -363,7 +360,7 @@ static NTSTATUS dcerpc_schannel_key(struct dcerpc_pipe *p,
step 2 - request a netlogon challenge
*/
r.in.server_name = talloc_asprintf(p, "\\\\%s", dcerpc_server_name(p));
r.in.computer_name = workstation;
r.in.computer_name = cli_credentials_get_workstation(credentials);
r.in.credentials = &credentials1;
r.out.credentials = &credentials2;
@ -377,16 +374,18 @@ static NTSTATUS dcerpc_schannel_key(struct dcerpc_pipe *p,
/*
step 3 - authenticate on the netlogon pipe
*/
E_md4hash(password, mach_pwd.hash);
E_md4hash(cli_credentials_get_password(credentials), mach_pwd.hash);
creds_client_init(creds, &credentials1, &credentials2,
workstation, domain, username,
cli_credentials_get_workstation(credentials),
cli_credentials_get_domain(credentials),
cli_credentials_get_username(credentials),
&mach_pwd, &credentials3,
negotiate_flags);
a.in.server_name = r.in.server_name;
a.in.account_name = username;
a.in.account_name = cli_credentials_get_username(credentials);
a.in.secure_channel_type = chan_type;
a.in.computer_name = workstation;
a.in.computer_name = cli_credentials_get_workstation(credentials);
a.in.negotiate_flags = &negotiate_flags;
a.out.negotiate_flags = &negotiate_flags;
a.in.credentials = &credentials3;
@ -483,10 +482,7 @@ NTSTATUS dcerpc_bind_auth_schannel_withkey(struct dcerpc_pipe *p,
NTSTATUS dcerpc_bind_auth_schannel(struct dcerpc_pipe *p,
const char *uuid, uint_t version,
const char *workstation,
const char *domain,
const char *username,
const char *password)
struct cli_credentials *credentials)
{
NTSTATUS status;
int chan_type = 0;
@ -504,10 +500,7 @@ NTSTATUS dcerpc_bind_auth_schannel(struct dcerpc_pipe *p,
chan_type = SEC_CHAN_DOMAIN;
}
status = dcerpc_schannel_key(p, domain,
workstation,
username,
password,
status = dcerpc_schannel_key(p, credentials,
chan_type,
creds);

View File

@ -796,6 +796,7 @@ NTSTATUS dcerpc_epm_map_binding(TALLOC_CTX *mem_ctx, struct dcerpc_binding *bind
struct epm_twr_t twr, *twr_r;
struct dcerpc_binding *epmapper_binding;
const struct dcerpc_interface_table *table = idl_iface_by_uuid(uuid);
struct cli_credentials *credentials;
int i;
/* First, check if there is a default endpoint specified in the IDL */
@ -834,11 +835,13 @@ NTSTATUS dcerpc_epm_map_binding(TALLOC_CTX *mem_ctx, struct dcerpc_binding *bind
epmapper_binding->endpoint = NULL;
epmapper_binding->authservice = NULL;
credentials = talloc_zero(mem_ctx, struct cli_credentials);
cli_credentials_guess(credentials);
status = dcerpc_pipe_connect_b(&p,
epmapper_binding,
DCERPC_EPMAPPER_UUID,
DCERPC_EPMAPPER_VERSION,
NULL, NULL, NULL, NULL);
credentials);
if (!NT_STATUS_IS_OK(status)) {
return status;
@ -903,10 +906,7 @@ NTSTATUS dcerpc_pipe_auth(struct dcerpc_pipe *p,
struct dcerpc_binding *binding,
const char *pipe_uuid,
uint32_t pipe_version,
const char *workstation,
const char *domain,
const char *username,
const char *password)
struct cli_credentials *credentials)
{
NTSTATUS status;
p->conn->flags = binding->flags;
@ -914,11 +914,11 @@ NTSTATUS dcerpc_pipe_auth(struct dcerpc_pipe *p,
/* remember the binding string for possible secondary connections */
p->conn->binding_string = dcerpc_binding_string(p, binding);
if (username && username[0] && (binding->flags & DCERPC_SCHANNEL_ANY)) {
if (cli_credentials_is_anonymous(credentials) &&
(binding->flags & DCERPC_SCHANNEL_ANY)) {
status = dcerpc_bind_auth_schannel(p, pipe_uuid, pipe_version,
domain, workstation,
username, password);
} else if (username && username[0]) {
credentials);
} else if (cli_credentials_is_anonymous(credentials)) {
uint8_t auth_type;
if (binding->flags & DCERPC_AUTH_SPNEGO) {
auth_type = DCERPC_AUTH_TYPE_SPNEGO;
@ -929,10 +929,8 @@ NTSTATUS dcerpc_pipe_auth(struct dcerpc_pipe *p,
}
status = dcerpc_bind_auth_password(p, pipe_uuid, pipe_version,
workstation,
domain, username, password,
auth_type,
binding->authservice);
credentials, auth_type,
binding->authservice);
} else {
status = dcerpc_bind_auth_none(p, pipe_uuid, pipe_version);
}
@ -950,10 +948,7 @@ static NTSTATUS dcerpc_pipe_connect_ncacn_np(struct dcerpc_pipe **pp,
struct dcerpc_binding *binding,
const char *pipe_uuid,
uint32_t pipe_version,
const char *workstation,
const char *domain,
const char *username,
const char *password)
struct cli_credentials *credentials)
{
struct dcerpc_pipe *p;
NTSTATUS status;
@ -983,18 +978,21 @@ static NTSTATUS dcerpc_pipe_connect_ncacn_np(struct dcerpc_pipe **pp,
pipe_name = binding->endpoint;
if (!username || !username[0] ||
if (cli_credentials_is_anonymous(credentials) ||
(binding->flags & DCERPC_SCHANNEL_ANY)) {
status = smbcli_full_connection(p->conn, &cli, workstation,
status = smbcli_full_connection(p->conn, &cli,
cli_credentials_get_workstation(credentials),
binding->host,
"ipc$", NULL,
"", "", NULL);
} else {
status = smbcli_full_connection(p->conn, &cli, workstation,
status = smbcli_full_connection(p->conn, &cli,
cli_credentials_get_workstation(credentials),
binding->host,
"ipc$", NULL,
username, domain,
password);
cli_credentials_get_username(credentials),
cli_credentials_get_domain(credentials),
cli_credentials_get_password(credentials));
}
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("Failed to connect to %s - %s\n", binding->host, nt_errstr(status)));
@ -1009,10 +1007,6 @@ static NTSTATUS dcerpc_pipe_connect_ncacn_np(struct dcerpc_pipe **pp,
return status;
}
if (!(binding->flags & DCERPC_AUTH_OPTIONS)) {
username = NULL;
}
(*pp) = p;
talloc_free(tmp_ctx);
@ -1156,17 +1150,13 @@ NTSTATUS dcerpc_pipe_connect_b(struct dcerpc_pipe **pp,
struct dcerpc_binding *binding,
const char *pipe_uuid,
uint32_t pipe_version,
const char *workstation,
const char *domain,
const char *username,
const char *password)
struct cli_credentials *credentials)
{
NTSTATUS status = NT_STATUS_INVALID_PARAMETER;
switch (binding->transport) {
case NCACN_NP:
status = dcerpc_pipe_connect_ncacn_np(pp, binding, pipe_uuid, pipe_version,
workstation, domain, username, password);
status = dcerpc_pipe_connect_ncacn_np(pp, binding, pipe_uuid, pipe_version, credentials);
break;
case NCACN_IP_TCP:
status = dcerpc_pipe_connect_ncacn_ip_tcp(pp, binding, pipe_uuid, pipe_version);
@ -1185,7 +1175,7 @@ NTSTATUS dcerpc_pipe_connect_b(struct dcerpc_pipe **pp,
return status;
}
status = dcerpc_pipe_auth(*pp, binding, pipe_uuid, pipe_version, workstation, domain, username, password);
status = dcerpc_pipe_auth(*pp, binding, pipe_uuid, pipe_version, credentials);
if (!NT_STATUS_IS_OK(status)) {
talloc_free(*pp);
*pp = NULL;
@ -1202,10 +1192,7 @@ NTSTATUS dcerpc_pipe_connect(struct dcerpc_pipe **pp,
const char *binding,
const char *pipe_uuid,
uint32_t pipe_version,
const char *workstation,
const char *domain,
const char *username,
const char *password)
struct cli_credentials *credentials)
{
struct dcerpc_binding *b;
NTSTATUS status;
@ -1225,8 +1212,7 @@ NTSTATUS dcerpc_pipe_connect(struct dcerpc_pipe **pp,
DEBUG(3,("Using binding %s\n", dcerpc_binding_string(tmp_ctx, b)));
status = dcerpc_pipe_connect_b(pp, b, pipe_uuid, pipe_version, workstation,
domain, username, password);
status = dcerpc_pipe_connect_b(pp, b, pipe_uuid, pipe_version, credentials);
talloc_free(tmp_ctx);

View File

@ -31,6 +31,7 @@ static NTSTATUS remote_op_bind(struct dcesrv_call_state *dce_call, const struct
NTSTATUS status;
struct dcesrv_remote_private *private;
const char *binding = lp_parm_string(-1, "dcerpc_remote", "binding");
struct cli_credentials credentials;
if (!binding) {
DEBUG(0,("You must specify a ncacn binding string\n"));
@ -42,11 +43,12 @@ static NTSTATUS remote_op_bind(struct dcesrv_call_state *dce_call, const struct
return NT_STATUS_NO_MEMORY;
}
status = dcerpc_pipe_connect(&(private->c_pipe), binding, iface->uuid, iface->if_version,
lp_netbios_name(),
lp_workgroup(),
lp_parm_string(-1, "dcerpc_remote", "username"),
lp_parm_string(-1, "dcerpc_remote", "password"));
cli_credentials_set_username(&credentials, lp_parm_string(-1, "dcerpc_remote", "username"), CRED_SPECIFIED);
cli_credentials_set_workstation(&credentials, lp_netbios_name(), CRED_SPECIFIED);
cli_credentials_set_domain(&credentials, lp_workgroup(), CRED_SPECIFIED);
cli_credentials_set_password(&credentials, lp_parm_string(-1, "dcerpc_remote", "password"), CRED_SPECIFIED);
status = dcerpc_pipe_connect(&(private->c_pipe), binding, iface->uuid, iface->if_version, &credentials);
if (!NT_STATUS_IS_OK(status)) {
return status;
}

View File

@ -22,6 +22,7 @@
#include "includes.h"
#include "lib/com/com.h"
#include "librpc/gen_ndr/com_dcom.h"
#include "lib/cmdline/popt_common.h"
#define DEFAULT_TRANS 4096
@ -39,7 +40,7 @@ static BOOL test_readwrite(TALLOC_CTX *mem_ctx, const char *host)
int i;
com_init(&ctx);
dcom_client_init(ctx, lp_parm_string(-1, "torture", "userdomain"), lp_parm_string(-1, "torture", "username"), lp_parm_string(-1, "torture", "password"));
dcom_client_init(ctx, cmdline_credentials);
GUID_from_string(COM_ISTREAM_UUID, &IID[0]);
GUID_from_string(COM_IUNKNOWN_UUID, &IID[1]);

View File

@ -23,6 +23,7 @@
#include "includes.h"
#include "libcli/ldap/ldap.h"
#include "lib/cmdline/popt_common.h"
BOOL test_bind_simple(struct ldap_connection *conn, const char *userdn, const char *password)
{
@ -188,9 +189,9 @@ BOOL torture_ldap_basic(void)
TALLOC_CTX *mem_ctx;
BOOL ret = True;
const char *host = lp_parm_string(-1, "torture", "host");
const char *username = lp_parm_string(-1, "torture", "username");
const char *domain = lp_parm_string(-1, "torture", "userdomain");
const char *password = lp_parm_string(-1, "torture", "password");
const char *username = cli_credentials_get_username(cmdline_credentials);
const char *domain = cli_credentials_get_domain(cmdline_credentials);
const char *password = cli_credentials_get_password(cmdline_credentials);
const char *userdn = lp_parm_string(-1, "torture", "ldap_userdn");
/*const char *basedn = lp_parm_string(-1, "torture", "ldap_basedn");*/
const char *secret = lp_parm_string(-1, "torture", "ldap_secret");

View File

@ -24,6 +24,7 @@
#include "lib/events/events.h"
#include "libcli/raw/libcliraw.h"
#include "libcli/composite/composite.h"
#include "lib/cmdline/popt_common.h"
#define BASEDIR "\\composite"
@ -149,9 +150,10 @@ static BOOL test_fetchfile(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
io2.in.calling_name = lp_netbios_name();
io2.in.service = lp_parm_string(-1, "torture", "share");
io2.in.service_type = "A:";
io2.in.user = lp_parm_string(-1, "torture", "username");
io2.in.domain = lp_parm_string(-1, "torture", "userdomain");
io2.in.password = lp_parm_string(-1, "torture", "password");
io2.in.user = cli_credentials_get_username(cmdline_credentials);
io2.in.domain = cli_credentials_get_domain(cmdline_credentials);
io2.in.password = cli_credentials_get_password(cmdline_credentials);
io2.in.filename = fname;
printf("testing parallel fetchfile with %d ops\n", torture_numops);

View File

@ -22,6 +22,7 @@
#include "libcli/raw/libcliraw.h"
#include "librpc/gen_ndr/ndr_security.h"
#include "libcli/composite/composite.h"
#include "lib/cmdline/popt_common.h"
#define BASEDIR "\\rawcontext"
@ -57,7 +58,6 @@ static BOOL test_session(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
{
NTSTATUS status;
BOOL ret = True;
const char *username, *domain, *password;
struct smbcli_session *session;
struct smbcli_session *session2;
struct smbcli_session *session3;
@ -76,18 +76,14 @@ static BOOL test_session(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
return False;
}
username = lp_parm_string(-1, "torture", "username");
password = lp_parm_string(-1, "torture", "password");
domain = lp_parm_string(-1, "torture", "userdomain");
printf("create a second security context on the same transport\n");
session = smbcli_session_init(cli->transport, mem_ctx, False);
setup.in.sesskey = cli->transport->negotiate.sesskey;
setup.in.capabilities = cli->transport->negotiate.capabilities; /* ignored in secondary session setup, except by our libs, which care about the extended security bit */
setup.in.password = password;
setup.in.user = username;
setup.in.domain = domain;
setup.in.password = cli_credentials_get_password(cmdline_credentials);
setup.in.user = cli_credentials_get_username(cmdline_credentials);
setup.in.domain = cli_credentials_get_domain(cmdline_credentials);
status = smb_composite_sesssetup(session, &setup);
CHECK_STATUS(status, NT_STATUS_OK);
@ -100,9 +96,10 @@ static BOOL test_session(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
session2->vuid = session->vuid;
setup.in.sesskey = cli->transport->negotiate.sesskey;
setup.in.capabilities = cli->transport->negotiate.capabilities; /* ignored in secondary session setup, except by our libs, which care about the extended security bit */
setup.in.password = password;
setup.in.user = username;
setup.in.domain = domain;
setup.in.password = cli_credentials_get_password(cmdline_credentials);
setup.in.user = cli_credentials_get_username(cmdline_credentials);
setup.in.domain = cli_credentials_get_domain(cmdline_credentials);
status = smb_composite_sesssetup(session2, &setup);
CHECK_STATUS(status, NT_STATUS_OK);
@ -120,9 +117,11 @@ static BOOL test_session(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
session3->vuid = session->vuid;
setup.in.sesskey = cli->transport->negotiate.sesskey;
setup.in.capabilities = 0; /* force a non extended security login (should fail) */
setup.in.password = password;
setup.in.user = username;
setup.in.domain = domain;
setup.in.password = cli_credentials_get_password(cmdline_credentials);
setup.in.user = cli_credentials_get_username(cmdline_credentials);
setup.in.domain = cli_credentials_get_domain(cmdline_credentials);
status = smb_composite_sesssetup(session3, &setup);
CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);

View File

@ -23,6 +23,7 @@
#include "includes.h"
#include "librpc/gen_ndr/ndr_lsa.h"
#include "lib/cmdline/popt_common.h"
/*
This test is 'bogus' in that it doesn't actually perform to the
@ -37,10 +38,6 @@
BOOL torture_multi_bind(void)
{
struct dcerpc_pipe *p;
const char *workstation = lp_netbios_name();
const char *domain = lp_parm_string(-1, "torture", "userdomain");
const char *username = lp_parm_string(-1, "torture", "username");
const char *password = lp_parm_string(-1, "torture", "password");
const char *pipe_uuid = DCERPC_LSARPC_UUID;
uint32_t pipe_version = DCERPC_LSARPC_VERSION;
struct dcerpc_binding *binding;
@ -68,7 +65,7 @@ BOOL torture_multi_bind(void)
}
status = dcerpc_pipe_auth(p, binding, pipe_uuid, pipe_version,
workstation, domain, username, password);
cmdline_credentials);
if (NT_STATUS_IS_OK(status)) {
printf("(incorrectly) allowed re-bind to uuid %s - %s\n",

View File

@ -26,6 +26,7 @@
#include "librpc/gen_ndr/ndr_netlogon.h"
#include "auth/auth.h"
#include "lib/crypto/crypto.h"
#include "lib/cmdline/popt_common.h"
#define TEST_MACHINE_NAME "samlogontest"
#define TEST_USER_NAME "samlogontestuser"
@ -1215,6 +1216,7 @@ BOOL torture_rpc_samlogon(void)
NTSTATUS status;
struct dcerpc_pipe *p;
struct dcerpc_binding *b;
struct cli_credentials credentials;
TALLOC_CTX *mem_ctx = talloc_init("torture_rpc_netlogon");
BOOL ret = True;
struct test_join *join_ctx;
@ -1245,27 +1247,29 @@ BOOL torture_rpc_samlogon(void)
BOOL network_login;
} usercreds[] = {
{
lp_parm_string(-1, "torture", "userdomain"),
lp_parm_string(-1, "torture", "username"),
lp_parm_string(-1, "torture", "password"),
cli_credentials_get_domain(cmdline_credentials),
cli_credentials_get_username(cmdline_credentials),
cli_credentials_get_password(cmdline_credentials),
True
},
{
NULL,
talloc_asprintf(mem_ctx,
"%s@%s",
lp_parm_string(-1, "torture", "username"),
lp_parm_string(-1, "torture", "userdomain")),
lp_parm_string(-1, "torture", "password"),
cli_credentials_get_domain(cmdline_credentials),
cli_credentials_get_username(cmdline_credentials)
),
cli_credentials_get_password(cmdline_credentials),
False
},
{
NULL,
talloc_asprintf(mem_ctx,
"%s@%s",
lp_parm_string(-1, "torture", "username"),
lp_realm()),
lp_parm_string(-1, "torture", "password"),
cli_credentials_get_username(cmdline_credentials),
cli_credentials_get_realm(cmdline_credentials)
),
cli_credentials_get_password(cmdline_credentials),
True
},
#if 0
@ -1334,13 +1338,15 @@ BOOL torture_rpc_samlogon(void)
b->flags &= ~DCERPC_AUTH_OPTIONS;
b->flags |= DCERPC_SCHANNEL_WORKSTATION | DCERPC_SIGN | DCERPC_SCHANNEL_128;
cli_credentials_set_workstation(&credentials, TEST_MACHINE_NAME, CRED_SPECIFIED);
cli_credentials_set_domain(&credentials, lp_workgroup(), CRED_SPECIFIED);
cli_credentials_set_username(&credentials, test_machine_account, CRED_SPECIFIED);
cli_credentials_set_password(&credentials, machine_password, CRED_SPECIFIED);
status = dcerpc_pipe_connect_b(&p, b,
DCERPC_NETLOGON_UUID,
DCERPC_NETLOGON_VERSION,
TEST_MACHINE_NAME,
lp_workgroup(),
test_machine_account,
machine_password);
&credentials);
if (!NT_STATUS_IS_OK(status)) {
ret = False;

View File

@ -1295,6 +1295,7 @@ BOOL torture_rpc_samsync(void)
struct lsa_ObjectAttribute attr;
struct lsa_QosInfo qos;
struct lsa_OpenPolicy2 r;
struct cli_credentials credentials;
struct samsync_state *samsync_state;
@ -1418,13 +1419,15 @@ BOOL torture_rpc_samsync(void)
b->flags &= ~DCERPC_AUTH_OPTIONS;
b->flags |= DCERPC_SCHANNEL_BDC | DCERPC_SIGN;
cli_credentials_set_workstation(&credentials, TEST_MACHINE_NAME, CRED_SPECIFIED);
cli_credentials_set_domain(&credentials, lp_workgroup(), CRED_SPECIFIED);
cli_credentials_set_username(&credentials, test_machine_account, CRED_SPECIFIED);
cli_credentials_set_password(&credentials, machine_password, CRED_SPECIFIED);
status = dcerpc_pipe_connect_b(&samsync_state->p, b,
DCERPC_NETLOGON_UUID,
DCERPC_NETLOGON_VERSION,
TEST_MACHINE_NAME,
lp_workgroup(),
test_machine_account,
machine_password);
&credentials);
if (!NT_STATUS_IS_OK(status)) {
printf("Failed to connect to server as a BDC: %s\n", nt_errstr(status));
@ -1449,14 +1452,15 @@ BOOL torture_rpc_samsync(void)
b_netlogon_wksta->flags &= ~DCERPC_AUTH_OPTIONS;
b_netlogon_wksta->flags |= DCERPC_SCHANNEL_WORKSTATION | DCERPC_SIGN;
cli_credentials_set_workstation(&credentials, TEST_WKSTA_MACHINE_NAME, CRED_SPECIFIED);
cli_credentials_set_username(&credentials, test_wksta_machine_account, CRED_SPECIFIED);
cli_credentials_set_password(&credentials, wksta_machine_password, CRED_SPECIFIED);
status = dcerpc_pipe_connect_b(&samsync_state->p_netlogon_wksta,
b_netlogon_wksta,
DCERPC_NETLOGON_UUID,
DCERPC_NETLOGON_VERSION,
TEST_WKSTA_MACHINE_NAME,
lp_workgroup(),
test_wksta_machine_account,
wksta_machine_password);
&credentials);
if (!NT_STATUS_IS_OK(status)) {
printf("Failed to connect to server as a Workstation: %s\n", nt_errstr(status));

View File

@ -127,6 +127,7 @@ static BOOL test_schannel(TALLOC_CTX *mem_ctx,
struct dcerpc_pipe *p = NULL;
struct dcerpc_pipe *p_netlogon = NULL;
struct creds_CredentialState *creds;
struct cli_credentials credentials;
char *test_machine_account = talloc_asprintf(NULL, "%s$", TEST_MACHINE_NAME);
join_ctx = torture_create_testuser(test_machine_account, lp_workgroup(),
@ -145,13 +146,14 @@ static BOOL test_schannel(TALLOC_CTX *mem_ctx,
b->flags &= ~DCERPC_AUTH_OPTIONS;
b->flags |= dcerpc_flags;
cli_credentials_set_domain(&credentials, lp_workgroup(), CRED_SPECIFIED);
cli_credentials_set_workstation(&credentials, TEST_MACHINE_NAME, CRED_SPECIFIED);
cli_credentials_set_username(&credentials, test_machine_account, CRED_SPECIFIED);
cli_credentials_set_password(&credentials, machine_password, CRED_SPECIFIED);
status = dcerpc_pipe_connect_b(&p, b,
DCERPC_SAMR_UUID,
DCERPC_SAMR_VERSION,
TEST_MACHINE_NAME,
lp_workgroup(),
test_machine_account,
machine_password);
&credentials);
if (!NT_STATUS_IS_OK(status)) {
printf("Failed to connect with schannel: %s\n", nt_errstr(status));
goto failed;

View File

@ -80,9 +80,9 @@ BOOL torture_open_connection_share(struct smbcli_state **c,
const char *sharename)
{
NTSTATUS status;
const char *username = lp_parm_string(-1, "torture", "username");
const char *userdomain = lp_parm_string(-1, "torture", "userdomain");
const char *password = lp_parm_string(-1, "torture", "password");
const char *username = cli_credentials_get_username(cmdline_credentials);
const char *userdomain = cli_credentials_get_domain(cmdline_credentials);
const char *password = cli_credentials_get_password(cmdline_credentials);
status = smbcli_full_connection(NULL,
c, lp_netbios_name(),
@ -138,10 +138,7 @@ NTSTATUS torture_rpc_connection(struct dcerpc_pipe **p,
}
status = dcerpc_pipe_connect(p, binding, pipe_uuid, pipe_version,
lp_netbios_name(),
lp_parm_string(-1, "torture", "userdomain"),
lp_parm_string(-1, "torture", "username"),
lp_parm_string(-1, "torture", "password"));
cmdline_credentials);
return status;
}
@ -173,10 +170,8 @@ NTSTATUS torture_rpc_connection_transport(struct dcerpc_pipe **p,
b->transport = transport;
status = dcerpc_pipe_connect_b(p, b, pipe_uuid, pipe_version,
lp_netbios_name(),
lp_parm_string(-1, "torture", "userdomain"),
lp_parm_string(-1, "torture", "username"),
lp_parm_string(-1, "torture", "password"));
cmdline_credentials);
return status;
}
@ -731,9 +726,9 @@ static BOOL run_tcon_devtype_test(void)
BOOL ret = True;
const char *host = lp_parm_string(-1, "torture", "host");
const char *share = lp_parm_string(-1, "torture", "share");
const char *username = lp_parm_string(-1, "torture", "username");
const char *userdomain = lp_parm_string(-1, "torture", "userdomain");
const char *password = lp_parm_string(-1, "torture", "password");
const char *username = cli_credentials_get_username(cmdline_credentials);
const char *userdomain = cli_credentials_get_domain(cmdline_credentials);
const char *password = cli_credentials_get_password(cmdline_credentials);
status = smbcli_full_connection(NULL,
&cli1, lp_netbios_name(),
@ -2728,25 +2723,6 @@ static BOOL is_binding_string(const char *binding_string)
lp_set_cmdline("torture:binding", binding);
}
if (!lp_parm_string(-1,"torture","username")) {
lp_set_cmdline("torture:username", cli_credentials_get_username(cmdline_credentials));
}
if (!lp_parm_string(-1,"torture","userdomain")) {
/*
* backward compatibility
* maybe we should remove this to make this consistent
* for all cmdline tools
* --metze
*/
if (strequal(lp_netbios_name(),cli_credentials_get_domain(cmdline_credentials))) {
cli_credentials_set_domain(cmdline_credentials, lp_workgroup(), CRED_SPECIFIED);
}
lp_set_cmdline("torture:userdomain", cli_credentials_get_domain(cmdline_credentials));
}
if (!lp_parm_string(-1,"torture","password")) {
lp_set_cmdline("torture:password", cli_credentials_get_password(cmdline_credentials));
}
if (argc_new == 0) {
printf("You must specify a test to run, or 'ALL'\n");
} else {