The branch, v4-21-test has been updated
via 193dc02471b libcli/auth: make use of
netlogon_creds_cli_check_transport() in more places
via f444707208c libcli/auth: split out
netlogon_creds_cli_check_transport()
via 97c1456157a libcli/auth: let netlogon_creds_copy() copy all scalar
elements
via 10e8e230e7b s4:librpc/rpc: make use of
netlogon_creds_client_verify()
via 4fb7226f776 libcli/auth: make use of netlogon_creds_client_verify()
via bd5058538cc libcli/auth: split out netlogon_creds_client_verify()
that takes auth_{type,level}
via 1edb984810b libcli/auth: pass auth_{type,level} to
netlogon_creds_server_step_check()
via 15fad537ca5 libcli/auth: pass auth_{type,level} to
schannel_check_creds_state()
via 57b897276ca libcli/auth: return INVALID_PARAMETER for DES in
netlogon_creds_{de,en}crypt_samlogon_logon
via f93fc1e65cb s4:rpc_server/netlogon: make use of
netlogon_creds_decrypt_SendToSam
via 9f36351814a s4:rpc_server/netlogon: make use of
netlogon_creds_decrypt_samr_CryptPassword
via 51dca749dd5 s4:rpc_server/netlogon: make use of
netlogon_creds_{de,en}crypt_samr_Password()
via 9b2c2de4bf9 s3:rpc_server/netlogon: make use of
netlogon_creds_decrypt_samr_CryptPassword()
via cedcfa310b9 s3:rpc_server/netlogon: make use of
netlogon_creds_{de,en}crypt_samr_Password
via fea3d0c5810 s4:torture/rpc: make use of
netlogon_creds_{de,en}crypt_samr_Password
via a8e5bbb2689 s4:torture/rpc: make use of
netlogon_creds_encrypt_samr_CryptPassword()
via c944d1fc372 s4:torture/rpc: make use of
netlogon_creds_decrypt_samlogon_validation()
via 7664466f8be s4:torture/rpc: make use of
netlogon_creds_encrypt_samlogon_logon()
via 423ee427b2d libcli/auth: make use of
netlogon_creds_{de,en}crypt_samr_Password
via c39ab113afd libcli/auth: make use of
netlogon_creds_encrypt_SendToSam
via 44803568fce libcli/auth: make use of
netlogon_creds_encrypt_samr_CryptPassword
via 104dd940b80 libcli/auth: make
netlogon_creds_des_{de,en}crypt_LMKey() static
via 986e85311b1 python/tests: use encrypt_netr_PasswordInfo in
KDCBaseTest._test_samlogon()
via 16486fc89e9 pycredentials: add py_creds_encrypt_netr_PasswordInfo
helper
via 63cd352ce46 pycredentials: make use of
netlogon_creds_encrypt_samr_CryptPassword in
py_creds_encrypt_netr_crypt_password
via 1942021a04b libcli/auth: add netlogon_creds_{de,en}crypt_SendToSam()
via a67f23403d5 libcli/auth: add
netlogon_creds_{de,en}crypt_samr_CryptPassword()
via ee30900ecef libcli/auth: add
netlogon_creds_{de,en}crypt_samr_Password()
via 4da8ed66be9 libcli/auth: pass auth_{type,level} to
netlogon_creds_{de,en}crypt_samlogon_logon()
via 44109378880 libcli/auth: pass auth_{type,level} to
netlogon_creds_{de,en}crypt_samlogon_validation()
via 553db707b57 netlogon.idl: add netr_ServerAuthenticateKerberos() and
related stuff
via 2a210ec5c40 s3:rpc_server: add DCESRV_COMPAT_NOT_USED_ON_WIRE()
helper macro
via c7166d2d612 dcesrv_core: add DCESRV_NOT_USED_ON_WIRE() helper macro
via 30d744d0a6a s4:rpc_server/netlogon: split out
dcesrv_netr_ServerAuthenticateGeneric()
via 769588b25a7 s4:dsdb/common: dsdb_trust_get_incoming_passwords only
needs a const ldb_message
via d7b7db05fd2 libcli/auth: split out netlogon_creds_alloc()
via 57c1fb9048c libcli/auth: let netlogon_creds_cli_store_internal
check netlogon_creds_CredentialState_legacy
via dcd3c2b9d2b libcli/auth: let netlogon_creds_cli_store_internal()
use talloc_stackframe()
via 46b7eb7737b libcli/auth: also use
netlogon_creds_CredentialState_extra_info for the client
via ef69f555566 s4:torture/rpc: let test_netlogon_capabilities() fail
on legacy servers
via 1fecabddeb6 s4:rpc_server/netlogon: implement
netr_LogonGetCapabilities query_level=2
via 47e5aa1e36e s3:rpc_server/netlogon: implement
netr_LogonGetCapabilities query_level=2
via c6bfa4dbb25 libcli/auth: remember client_requested_flags and
auth_time in netlogon_creds_server_init()
via a0ad07e82f0 libcli/auth: remove unused creds->sid
via 72be93b62f3 s4:rpc_server/netlogon: make use of
creds->ex->client_sid
via 39399a49d36 s3:rpc_server/netlogon: make use of
creds->ex->client_sid
via 114e369122c librpc/rpc: make use of creds->ex->client_sid in
dcesrv_netr_check_schannel_get_state()
via 58f657baf09 libcli/auth: split out
netlogon_creds_CredentialState_extra_info
via 1a6928892a9 libcli/auth: pass client_sid to
netlogon_creds_server_init()
via e03e2f7639f s4:rpc_server/netlogon: add client_sid helper variables
via d197dd522f3 s3:rpc_server/netlogon: add client_sid helper variables
via f4edcf3d0ea s4:dsdb/common: samdb_confirm_rodc_allowed_to_repl_to()
only needs a const sid
via b5bf7bc3810 s3:cli_netlogon: let rpccli_connect_netlogon() use
force_reauth = true on retry
via c2796abfdc2 s4:torture/rpc/netlogon: adjust
test_netlogon_capabilities query_level=2 to request_flags
via 83e9f281ca4 s4:librpc/rpc: use netr_LogonGetCapabilities
query_level=2 to verify the proposed capabilities
via 5c7301f799f s4:librpc/rpc: define required schannel flags and
enforce them
via 41be718d655 s4:librpc/rpc: don't allow any unexpected upgrades of
negotiate_flags
via 59d8a8715de s4:librpc/rpc: do LogonControl after
LogonGetCapabilities downgrade
via 9265852ec70 libcli/auth: use netr_LogonGetCapabilities
query_level=2 to verify the proposed capabilities
via ea1bb195859 libcli/auth: use a LogonControl after a
LogonGetCapabilities downgrade
via d73e6c7ab08 libcli/auth: if we require aes we don't need to require
arcfour nor strong key
via 48acce5da8f libcli/auth: don't allow any unexpected upgrades of
negotiate_flags
via 6f1d556b407 libcli/auth: make use of
netlogon_creds_cli_store_internal() in netlogon_creds_cli_auth_srvauth_done()
via ced6cbfa6b1 libcli/auth: remove unused
netlogon_creds_client_init_session_key()
via 8cf7bf9f615 netlogon.idl: the capabilities in query_level=2 are the
ones send by the client
via 349f3144883 s4:rpc_server/netlogon: if we require AES there's no
need to remove the ARCFOUR flag
via 6916bf43d3f s3:rpc_server/netlogon: if we require AES there's no
need to remove the ARCFOUR flag
via a442241004e s3:rpc_server/netlogon: correctly negotiate flags in
ServerAuthenticate2/3
via 0267772cdf2 s4:torture/rpc: without weak crypto we should require
AES
via a65ca95d4d2 s4:torture/rpc: check that DOWNGRADE_DETECTED has no
bits negotiated
from d41a1dbc0bf s3:winbindd: call process_set_title() for locator child
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-21-test
- Log -----------------------------------------------------------------
commit 193dc02471b623d757a7a3de4178c0d7b31c4496
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Nov 6 17:18:58 2024 +0100
libcli/auth: make use of netlogon_creds_cli_check_transport() in more places
This was somehow missing in commit
7a5ad9f64a905f5744430c6e0796c646baf9432e
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
Autobuild-User(master): Stefan Metzmacher <me...@samba.org>
Autobuild-Date(master): Thu Nov 7 09:14:33 UTC 2024 on atb-devel-224
(cherry picked from commit f340dce6546a22d857cad440f8afaee9815dbdb1)
Autobuild-User(v4-21-test): Jule Anger <jan...@samba.org>
Autobuild-Date(v4-21-test): Wed Nov 13 10:05:15 UTC 2024 on atb-devel-224
commit f444707208ca8ea4abed75054a4aaddc619d89e3
Author: Stefan Metzmacher <me...@samba.org>
Date: Tue Oct 29 13:42:06 2024 +0100
libcli/auth: split out netlogon_creds_cli_check_transport()
This will make it easier to implement netr_ServerAuthenticateKerberos()
later...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit 7a5ad9f64a905f5744430c6e0796c646baf9432e)
commit 97c1456157ac6c5cd796721a1527c02ff8874448
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Jul 19 21:02:23 2023 +0200
libcli/auth: let netlogon_creds_copy() copy all scalar elements
This version is good for now, as we want it to be backportable.
For master we'll add a ndr_deepcopy_struct() helper in order
to avoid future problems.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit 8edbdd65ef78e3f26357d0254b58db3120a32880)
commit 10e8e230e7be01b30c25bf3c38275951c7bb8853
Author: Stefan Metzmacher <me...@samba.org>
Date: Tue Oct 29 10:31:52 2024 +0100
s4:librpc/rpc: make use of netlogon_creds_client_verify()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit 132629ee3a9b73d0888d1110e4d0a45ded778e5a)
commit 4fb7226f7769eeba95c41ea76466fbfabae1efbf
Author: Stefan Metzmacher <me...@samba.org>
Date: Tue Oct 29 10:02:40 2024 +0100
libcli/auth: make use of netlogon_creds_client_verify()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit 1a5984ac6312b204b51590057b8327cf4698383b)
commit bd5058538ccceb8d25e7712fd1afcee4e46f3d75
Author: Stefan Metzmacher <me...@samba.org>
Date: Tue Oct 29 09:54:42 2024 +0100
libcli/auth: split out netlogon_creds_client_verify() that takes
auth_{type,level}
This will make it easier to implement netr_ServerAuthenticateKerberos()
later...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit 45faf6c35a033ec46a546dfb9d5d6aeb2fb2b83c)
commit 1edb984810b3c0f80c7050bd2c34e49895b3dc4d
Author: Stefan Metzmacher <me...@samba.org>
Date: Tue Oct 29 09:46:07 2024 +0100
libcli/auth: pass auth_{type,level} to netlogon_creds_server_step_check()
This will make it easier to implement netr_ServerAuthenticateKerberos()
later...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit 2956c7eb3c9fc2161fd2748e5aac1fc94478e8c7)
commit 15fad537ca56cd444d7c5054b417a8b093ae7a6b
Author: Stefan Metzmacher <me...@samba.org>
Date: Tue Oct 29 09:44:52 2024 +0100
libcli/auth: pass auth_{type,level} to schannel_check_creds_state()
This will make it easier to implement netr_ServerAuthenticateKerberos()
later...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit 7b02fb50143ba5044605ec67ed41180391835dcb)
commit 57b897276ca6818afb161c54723fae3e4b5e2851
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Oct 28 16:54:48 2024 +0100
libcli/auth: return INVALID_PARAMETER for DES in
netlogon_creds_{de,en}crypt_samlogon_logon
For the NetlogonGenericInformation case we want an error instead of no
encryption if only DES was negotiated...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit 131f5c0b251e456c466eaca744525504e1d69492)
commit f93fc1e65cbea0cf4cb750a2e9ed325fa1a7f0d1
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Oct 28 16:30:19 2024 +0100
s4:rpc_server/netlogon: make use of netlogon_creds_decrypt_SendToSam
This will make it easier to implement netr_ServerAuthenticateKerberos()
later...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit 834197dafef0f3779ba69c8e350cbd7bb9333284)
commit 9f36351814a7fb34c019cd54baa364c4beb63036
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Oct 28 16:30:19 2024 +0100
s4:rpc_server/netlogon: make use of
netlogon_creds_decrypt_samr_CryptPassword
This will make it easier to implement netr_ServerAuthenticateKerberos()
later...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit f1c1b8661a9121e1ff02784955c98d9f33bca8bd)
commit 51dca749dd5b3d1c25ac24444a2558d58a65a18a
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Oct 28 16:28:47 2024 +0100
s4:rpc_server/netlogon: make use of
netlogon_creds_{de,en}crypt_samr_Password()
This will make it easier to implement netr_ServerAuthenticateKerberos()
later...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit 7a7cb0d0426a891185f5acf825573d98360e98e1)
commit 9b2c2de4bf90872f544c336274e5bfb9b2c8b78c
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Oct 28 16:25:11 2024 +0100
s3:rpc_server/netlogon: make use of
netlogon_creds_decrypt_samr_CryptPassword()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit a359b4139c8043ee3c3277b7559cb6d4f58f4044)
commit cedcfa310b9aecc327b3911478a61b5a31179590
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Oct 28 17:12:16 2024 +0100
s3:rpc_server/netlogon: make use of
netlogon_creds_{de,en}crypt_samr_Password
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit 550d20fd3dd04397b3a38f8b9e0cfa574453eea1)
commit fea3d0c58104fc82640ff26bd3d4440a7291859c
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Oct 28 17:43:40 2024 +0100
s4:torture/rpc: make use of netlogon_creds_{de,en}crypt_samr_Password
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit 172ce406d48916c57f0742b6a0e064ac170ec8ff)
commit a8e5bbb268993beb9429a2a483c703776160371c
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Oct 28 16:22:36 2024 +0100
s4:torture/rpc: make use of netlogon_creds_encrypt_samr_CryptPassword()
This will make it easier to implement netr_ServerAuthenticateKerberos()
later...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit 2d7a47a175337729f4c671d7a6223f6e0ea23ebe)
commit c944d1fc372aa8324183cbcdc1c5217ed623e20b
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Oct 28 16:57:53 2024 +0100
s4:torture/rpc: make use of netlogon_creds_decrypt_samlogon_validation()
This will make it easier to implement netr_ServerAuthenticateKerberos()
later...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit a177d15c875030dfc6c11ead3ec3a3ec851261cb)
commit 7664466f8be58200ad780d86781d4c39ef1275e5
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Oct 28 12:58:11 2024 +0100
s4:torture/rpc: make use of netlogon_creds_encrypt_samlogon_logon()
This will make it easier to catch all places where we need to
implement the logic for netr_ServerAuthenticateKerberos...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit 1666d1d74dec3978837ab49f8749d59c0abcf595)
commit 423ee427b2d2814349c1c46fe970dfb932a7c54b
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Oct 28 17:19:09 2024 +0100
libcli/auth: make use of netlogon_creds_{de,en}crypt_samr_Password
This will make it easier to implement netr_ServerAuthenticateKerberos()
later...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit e92d0509d6b4d7f86e8626ba8c5efc5b786823f1)
commit c39ab113afd402439d21f775983fd097653f0dd4
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Oct 28 16:00:52 2024 +0100
libcli/auth: make use of netlogon_creds_encrypt_SendToSam
This will help when implementing netr_ServerAuthenticateKerberos()...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit 2bd77ff7314932dc4116773731a810fe0f7ce4b7)
commit 44803568fceace50c2a65590739808c430c90630
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Oct 28 15:56:09 2024 +0100
libcli/auth: make use of netlogon_creds_encrypt_samr_CryptPassword
This will help when implementing netr_ServerAuthenticateKerberos()...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit 285ec9ecde712e40e6f0981bcb379ee911bfe9d8)
commit 104dd940b80ef79d9c251c4e1c27c90529bddfa8
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Oct 28 15:52:13 2024 +0100
libcli/auth: make netlogon_creds_des_{de,en}crypt_LMKey() static
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit 1edcd5df80bdbc4d4da5bdd5e534d7a17ec61f77)
commit 986e85311b1ca77972022a53c67236d3ab394296
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Oct 28 15:39:57 2024 +0100
python/tests: use encrypt_netr_PasswordInfo in KDCBaseTest._test_samlogon()
This will make it easier to implement netr_ServerAuthenticateKerberos()
later...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit e7d57fc6e992ca212b834d5dd4d381244bca55c6)
commit 16486fc89e98e8ef4f0c4b8c9fe9ce72b99e8359
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Oct 28 15:22:47 2024 +0100
pycredentials: add py_creds_encrypt_netr_PasswordInfo helper
This will replace py_creds_encrypt_samr_password in the next steps
and prepares the introduction of netr_ServerAuthenticateKerberos().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit fac378485f5f15ac0a11c3d82207c4bc780bfb80)
commit 63cd352ce46596613b9829f11a2b453b7efbb35d
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Oct 28 14:06:28 2024 +0100
pycredentials: make use of netlogon_creds_encrypt_samr_CryptPassword in
py_creds_encrypt_netr_crypt_password
These will simplify adding the logic for netr_ServerAuthenticateKerberos...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit ea792fa342deebefa75b77832c9057924cdcb6f6)
commit 1942021a04bf2dfa6a2a7c6dd11419f5f761d217
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Oct 28 13:13:50 2024 +0100
libcli/auth: add netlogon_creds_{de,en}crypt_SendToSam()
These will simplify adding the logic for netr_ServerAuthenticateKerberos...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit b8681c165731666bb5eed073ab862490c33ea095)
commit a67f23403d5c29c45f468c8a2417de190844ec42
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Oct 28 13:12:24 2024 +0100
libcli/auth: add netlogon_creds_{de,en}crypt_samr_CryptPassword()
These will simplify adding the logic for netr_ServerAuthenticateKerberos...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit 8eb95a155de396981375c7f11221695fd3c7f9d5)
commit ee30900ecef094029683464b61d54fcf232fb0fd
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Oct 28 13:03:37 2024 +0100
libcli/auth: add netlogon_creds_{de,en}crypt_samr_Password()
These will simplify adding the logic for netr_ServerAuthenticateKerberos...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit 851a9b18eccece64c3ae0cedd7c7b26a44f0eec6)
commit 4da8ed66be98c4d7af2ebc0f82dbde2ab67da4d8
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Oct 28 12:55:12 2024 +0100
libcli/auth: pass auth_{type,level} to
netlogon_creds_{de,en}crypt_samlogon_logon()
This will be needed when we implement netr_ServerAuthenticateKerberos...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit 3d4ea276bdf44202250246cd6edae2bc17e92c74)
commit 44109378880578f16c09b75bdb10fce57f84d8c6
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Oct 28 12:43:44 2024 +0100
libcli/auth: pass auth_{type,level} to
netlogon_creds_{de,en}crypt_samlogon_validation()
This will be needed when we implement netr_ServerAuthenticateKerberos...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit a56356e399339d5bce2e699431cd3e6186229170)
commit 553db707b5710687c3cf3383a0fa6ce1fdf1dfa8
Author: Stefan Metzmacher <me...@samba.org>
Date: Tue Apr 30 15:14:47 2024 +0200
netlogon.idl: add netr_ServerAuthenticateKerberos() and related stuff
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit de8de55a5fee573d0718fa8dd13168a4f0a14614)
commit 2a210ec5c400f790464f5efce174a84cb33804f8
Author: Stefan Metzmacher <me...@samba.org>
Date: Tue Sep 10 13:56:38 2024 +0200
s3:rpc_server: add DCESRV_COMPAT_NOT_USED_ON_WIRE() helper macro
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit 62afadb3ebac49a684fb0e5a1beb6d7db6f5e515)
commit c7166d2d612ce971a50f08ac49d8c276fc12da4d
Author: Stefan Metzmacher <me...@samba.org>
Date: Tue Sep 10 13:56:38 2024 +0200
dcesrv_core: add DCESRV_NOT_USED_ON_WIRE() helper macro
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit 01577b93cbb0a26aba3209cde69475be2e1c5fb8)
commit 30d744d0a6a44cf70a95fb60dc5f52b46260dc26
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Oct 16 17:55:41 2024 +0200
s4:rpc_server/netlogon: split out dcesrv_netr_ServerAuthenticateGeneric()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit e4132c492ded7cadc60371b524e72e41f71f75e9)
commit 769588b25a71c560f753fbe5058a8b3ba077b7ca
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Oct 16 17:49:26 2024 +0200
s4:dsdb/common: dsdb_trust_get_incoming_passwords only needs a const
ldb_message
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit f92def2f943917d8946b03f71fcf676998701815)
commit d7b7db05fd2b43ca157adc16bb8b1ad16d296f76
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Oct 16 17:47:22 2024 +0200
libcli/auth: split out netlogon_creds_alloc()
Review with: git show --patience
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit e9767315cf06bcb257b40014441dd4cd9aad0fb0)
commit 57c1fb9048c761810f7ddbe3bd62f71e94141dd6
Author: Stefan Metzmacher <me...@samba.org>
Date: Thu Oct 10 13:39:38 2024 +0200
libcli/auth: let netlogon_creds_cli_store_internal check
netlogon_creds_CredentialState_legacy
Before storing the structure into a ctdb managed volatile database
we check against netlogon_creds_CredentialState_legacy (the structure
used before recent changes). This makes sure unpatched cluster nodes
would not get a parsing error.
We'll remove this again in master when we try to implement
netr_ServerAuthenticateKerberos() and the related changes
to netlogon_creds_CredentialState, which will break the compat...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit 3792fe372884aad6ea2893f2e62629dd1cddc129)
commit dcd3c2b9d2b15d6b6711c5a82db76e2facdbe9ef
Author: Stefan Metzmacher <me...@samba.org>
Date: Thu Oct 10 13:24:37 2024 +0200
libcli/auth: let netlogon_creds_cli_store_internal() use talloc_stackframe()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit 17394ed7bbf8fa50570a5732f1ce84ccd5e69393)
commit 46b7eb7737b5ce7e0f6b9d03a502baf051a7f3cf
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Oct 2 19:06:59 2024 +0200
libcli/auth: also use netlogon_creds_CredentialState_extra_info for the
client
In order to allow backports and cluster updates we simulate a
dom_sid, so that the old code is able to parse the blob.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit 8b972fea0978101575f847eac33b09d2fd8d02e7)
commit ef69f5555668c8ece1b608d015cabe947719bca5
Author: Stefan Metzmacher <me...@samba.org>
Date: Tue Oct 29 09:27:30 2024 +0100
s4:torture/rpc: let test_netlogon_capabilities() fail on legacy servers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit 498fc88c155b57a0de6150c3b1e3cfcac181d45b)
commit 1fecabddeb658e441fb93794770120a8769ab9e6
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Jul 19 18:00:31 2023 +0200
s4:rpc_server/netlogon: implement netr_LogonGetCapabilities query_level=2
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit fd4b027511b18615e215b66183f95b54bcab683e)
commit 47e5aa1e36e3ee1bfd3e0fdecdbb0656d4b552bb
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Jul 19 18:03:09 2023 +0200
s3:rpc_server/netlogon: implement netr_LogonGetCapabilities query_level=2
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit 484a046d8e179a3b21ead8b5bc3660095314e816)
commit c6bfa4dbb257ab261acad6f5d0c811378701ac73
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Oct 2 19:06:59 2024 +0200
libcli/auth: remember client_requested_flags and auth_time in
netlogon_creds_server_init()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit dfbc5e5a19420311eac3db5ede1c665a9198395d)
commit a0ad07e82f08d6362cc6de1a0ec48285d76f391f
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Oct 2 19:04:02 2024 +0200
libcli/auth: remove unused creds->sid
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit a9308c490cb5ec8908a3e4c13e2ce8a08b9027e9)
commit 72be93b62f3f7e25df210dcaf59b0402647e5c54
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Oct 2 19:01:39 2024 +0200
s4:rpc_server/netlogon: make use of creds->ex->client_sid
creds->sid will be removed soon...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit 4533afc9e12c4dbbc7d11c13e775888c113d497c)
commit 39399a49d3620f5d0570a558beaa24d540f3530a
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Oct 2 19:01:39 2024 +0200
s3:rpc_server/netlogon: make use of creds->ex->client_sid
creds->sid will be removed soon...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit 88a84d9330d2bb03176f888a0d8e5066e1e21bf6)
commit 114e369122c20cbf5ba5bd6451e4f827960b0619
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Oct 2 19:00:45 2024 +0200
librpc/rpc: make use of creds->ex->client_sid in
dcesrv_netr_check_schannel_get_state()
creds->sid will be removed soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit 453587fbc1ef74a3b997235e84040553261fa13e)
commit 58f657baf0989ed7057a983feaa240d3eeddfd69
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Oct 2 18:54:05 2024 +0200
libcli/auth: split out netlogon_creds_CredentialState_extra_info
As server we are free to change the netlogon_creds_CredentialState
database record format at will as it uses CLEAR_IF_FIRST.
For now that format doesn't really changes, because we
only move dom_sid into a wrapper structure.
In order to avoid changing all callers in this commit,
we maintain creds->sid as in memory pointer.
In the following patches we'll also use it in order
to store client related information...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit 518f57b93bdb84900d3b58cd94bdf1046f82a5a6)
commit 1a6928892a96521fbba35bc4194f298d5672b85b
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Oct 2 18:46:43 2024 +0200
libcli/auth: pass client_sid to netlogon_creds_server_init()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit c2ef866fca296c8f3eb1620fdd2bb9bf289d96fc)
commit e03e2f7639f1459f96d3e82efa9711329d3f7ab2
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Oct 2 18:06:44 2024 +0200
s4:rpc_server/netlogon: add client_sid helper variables
This will make the following changes simpler...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit 2e8949495f601d3fd117cceccd1b464a6ae43251)
commit d197dd522f38c2206c97049713409e0a3b0f201e
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Oct 2 18:06:44 2024 +0200
s3:rpc_server/netlogon: add client_sid helper variables
This will make the following changes simpler...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit eda3728a4079c5399f693b1d68e64e5660647c72)
commit f4edcf3d0ea8fa745d8b2859cea4598c110a5fa4
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Oct 2 18:04:27 2024 +0200
s4:dsdb/common: samdb_confirm_rodc_allowed_to_repl_to() only needs a const
sid
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit c9eaf5e22de730f1e7575f6697f32dbb377eae06)
commit b5bf7bc38101c84488fa2f2c80ad1b2618f24895
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Oct 30 12:10:49 2024 +0100
s3:cli_netlogon: let rpccli_connect_netlogon() use force_reauth = true on
retry
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit 7f478656dcf08619bc3a7ad390c7db3bfdef924e)
commit c2796abfdc2e3539c0d67a4ffe8ebafe389fde08
Author: Stefan Metzmacher <me...@samba.org>
Date: Thu Jul 20 13:29:12 2023 +0200
s4:torture/rpc/netlogon: adjust test_netlogon_capabilities query_level=2 to
request_flags
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit d174b6595a962230bf71cc5c2f512a2c93a4cc1b)
commit 83e9f281ca4dc7befa97b35e6db33a4e4e7933ea
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Oct 2 16:38:53 2024 +0200
s4:librpc/rpc: use netr_LogonGetCapabilities query_level=2 to verify the
proposed capabilities
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit 0b6ac4b082ddec5dae1392537727f3a7123ec279)
commit 5c7301f799fb40c0e74ef5449fd4557f3d9c6ed3
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Oct 2 16:38:53 2024 +0200
s4:librpc/rpc: define required schannel flags and enforce them
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit 25294685b1c2c8652f0ca0220e8f3729e0b347e2)
commit 41be718d655e53f7f7a1219f434d47063b6e7239
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Oct 2 16:44:26 2024 +0200
s4:librpc/rpc: don't allow any unexpected upgrades of negotiate_flags
Only remove the unsupported flags from local_negotiate_flags for
the next try...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit 69b0cbd13d06fa640a900acab6757425b5b77cac)
commit 59d8a8715de4d4547f97eab6b1809f03adb80cdb
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Oct 2 16:15:46 2024 +0200
s4:librpc/rpc: do LogonControl after LogonGetCapabilities downgrade
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit 24de5d1cbd25fabae6b01565907b53f5e51ea06d)
commit 9265852ec701fb67119220c418b2703f99f87496
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Oct 2 13:43:36 2024 +0200
libcli/auth: use netr_LogonGetCapabilities query_level=2 to verify the
proposed capabilities
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit 25a2105ca7816c47a9c4a7fded88a922e4ccf88b)
commit ea1bb195859d30e1b183fcbf6a52bf8602c422ae
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Oct 2 14:25:19 2024 +0200
libcli/auth: use a LogonControl after a LogonGetCapabilities downgrade
If LogonGetCapabilities was downgraded by an DCERPC Fault, we
rely on the schannel message ordering to detect failures.
Instead of letting any real winbindd request trigger this,
we do it directly in netlogon_creds_cli_check() with
a LogonControl that is also used for 'wbinfo --ping-dc'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit 276137e950696fbf36450dceebd6c0250c6242d0)
commit d73e6c7ab087b93436d1419f804e865dbbe6bc34
Author: Stefan Metzmacher <me...@samba.org>
Date: Thu Oct 10 12:31:18 2024 +0200
libcli/auth: if we require aes we don't need to require arcfour nor strong
key
But we can send arcfour and strong key on the wire and don't need to
remove them from the proposed flags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit 3da40f1c6818550eb08a6d7d680c213c3f1d0649)
commit 48acce5da8ff6b945a0bc3b00fe3775b4e155131
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Oct 2 15:03:21 2024 +0200
libcli/auth: don't allow any unexpected upgrades of negotiate_flags
Only remove the unsupported flags from state->current_flags for
the next try...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit a9040c8ce76cb9911c4c0c5d623cc479e49f460d)
commit 6f1d556b40773e7bc541eb23e37d620f28269d03
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Jul 19 17:43:00 2023 +0200
libcli/auth: make use of netlogon_creds_cli_store_internal() in
netlogon_creds_cli_auth_srvauth_done()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit 69cb9aea67de0613f467f7ce2d460364ff2be241)
commit ced6cbfa6b10e36f19a9c42266bf13d0a134773e
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Oct 2 19:06:59 2024 +0200
libcli/auth: remove unused netlogon_creds_client_init_session_key()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit cf0e07a3d2a085d31f7d682633af9ec57c155e57)
commit 8cf7bf9f615e0bbd63bdecd7674d3c849d2593ae
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Jul 19 09:27:48 2023 +0200
netlogon.idl: the capabilities in query_level=2 are the ones send by the
client
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit 86176598eee4c83dc63a9dac163f32c886477129)
commit 349f31448831467e47140f0a01ff8385cb3ebda5
Author: Stefan Metzmacher <me...@samba.org>
Date: Thu Oct 10 12:34:33 2024 +0200
s4:rpc_server/netlogon: if we require AES there's no need to remove the
ARCFOUR flag
With SAMBA_WEAK_CRYPTO_DISALLOWED
dcesrv_netr_ServerAuthenticate3_check_downgrade()
will return DOWNGRADE_DETECTED with negotiate_flags = 0, if AES was not
negotiated...
And if AES was negotiated there's no harm in returning the ARCFOUR
flag...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit a0bc372dee68ad255da005d2e2078da754bbef2a)
commit 6916bf43d3f3e37f875f828002bcf443bc9f2fae
Author: Stefan Metzmacher <me...@samba.org>
Date: Thu Oct 10 12:34:33 2024 +0200
s3:rpc_server/netlogon: if we require AES there's no need to remove the
ARCFOUR flag
With SAMBA_WEAK_CRYPTO_DISALLOWED we will return DOWNGRADE_DETECTED with
negotiate_flags = 0,
if AES was not negotiated...
And if AES was negotiated there's no harm in returning the ARCFOUR
flag...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit e5bc5ee3e04138b10c0630640469a08fad847e56)
commit a442241004eb88c3cbe9089430b2bba580cd829f
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Jul 19 12:55:33 2023 +0200
s3:rpc_server/netlogon: correctly negotiate flags in ServerAuthenticate2/3
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit b27661f832cc4c56cc582cf7041d90f178736ef7)
commit 0267772cdf222541950b5d66924ecf24976c0bf3
Author: Stefan Metzmacher <me...@samba.org>
Date: Thu Oct 10 15:02:16 2024 +0200
s4:torture/rpc: without weak crypto we should require AES
We should check that we can actually negotiated the strong AES
crypto instead of just checking that NETLOGON_NEG_ARCFOUR is not
there...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit 3dcbc8eea5bc53a8332b3ad93ea4c3df99af7830)
commit a65ca95d4d27c31a3610da237618f30dc7567922
Author: Stefan Metzmacher <me...@samba.org>
Date: Thu Oct 10 15:08:01 2024 +0200
s4:torture/rpc: check that DOWNGRADE_DETECTED has no bits negotiated
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit 36310650ee7a64603128139f512d3a4e039f8822)
-----------------------------------------------------------------------
Summary of changes:
auth/credentials/pycredentials.c | 92 +++-
libcli/auth/credentials.c | 358 ++++++++++---
libcli/auth/libcli_auth.h | 1 +
libcli/auth/netlogon_creds_cli.c | 744 ++++++++++++++++----------
libcli/auth/proto.h | 59 +-
libcli/auth/schannel_state.h | 2 +
libcli/auth/schannel_state_tdb.c | 15 +-
librpc/idl/netlogon.idl | 33 +-
librpc/idl/schannel.idl | 73 ++-
librpc/rpc/dcesrv_core.h | 8 +
librpc/rpc/server/netlogon/schannel_util.c | 6 +-
python/samba/tests/krb5/kdc_base_test.py | 10 +-
source3/rpc_client/cli_netlogon.c | 1 +
source3/rpc_server/netlogon/srv_netlog_nt.c | 169 ++++--
source3/rpc_server/rpc_pipes.h | 6 +
source4/dsdb/common/rodc_helper.c | 2 +-
source4/dsdb/common/util_trusts.c | 2 +-
source4/librpc/rpc/dcerpc_schannel.c | 333 +++++++++++-
source4/rpc_server/netlogon/dcerpc_netlogon.c | 343 ++++++++----
source4/torture/ntp/ntp_signd.c | 1 +
source4/torture/rpc/forest_trust.c | 17 +-
source4/torture/rpc/lsa.c | 21 +-
source4/torture/rpc/netlogon.c | 194 +++++--
source4/torture/rpc/netlogon_crypto.c | 7 +-
source4/torture/rpc/remote_pac.c | 42 +-
source4/torture/rpc/samba3rpc.c | 19 +-
source4/torture/rpc/samlogon.c | 38 +-
source4/torture/rpc/samr.c | 21 +-
source4/torture/rpc/schannel.c | 85 ++-
29 files changed, 2013 insertions(+), 689 deletions(-)
Changeset truncated at 500 lines:
diff --git a/auth/credentials/pycredentials.c b/auth/credentials/pycredentials.c
index 8008bd0418d..b123c2e986a 100644
--- a/auth/credentials/pycredentials.c
+++ b/auth/credentials/pycredentials.c
@@ -1074,9 +1074,11 @@ static PyObject *py_creds_get_old_kerberos_key(PyObject
*self, PyObject *args)
static PyObject *py_creds_encrypt_netr_crypt_password(PyObject *self,
PyObject *args)
{
- DATA_BLOB data = data_blob_null;
struct cli_credentials *creds = NULL;
struct netr_CryptPassword *pwd = NULL;
+ struct samr_CryptPassword spwd;
+ enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE;
+ enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
NTSTATUS status;
PyObject *py_cp = Py_None;
@@ -1100,9 +1102,18 @@ static PyObject
*py_creds_encrypt_netr_crypt_password(PyObject *self,
/* pytalloc_get_type sets TypeError */
return NULL;
}
- data.length = sizeof(struct netr_CryptPassword);
- data.data = (uint8_t *)pwd;
- status = netlogon_creds_session_encrypt(creds->netlogon_creds, data);
+
+ memcpy(spwd.data, pwd->data, 512);
+ PUSH_LE_U32(spwd.data, 512, pwd->length);
+
+ status =
netlogon_creds_encrypt_samr_CryptPassword(creds->netlogon_creds,
+ &spwd,
+ auth_type,
+ auth_level);
+
+ memcpy(pwd->data, spwd.data, 512);
+ pwd->length = PULL_LE_U32(spwd.data, 512);
+ ZERO_STRUCT(spwd);
PyErr_NTSTATUS_IS_ERR_RAISE(status);
@@ -1151,6 +1162,68 @@ static PyObject *py_creds_encrypt_samr_password(PyObject
*self,
Py_RETURN_NONE;
}
+static PyObject *py_creds_encrypt_netr_PasswordInfo(PyObject *self,
+ PyObject *args,
+ PyObject *kwargs)
+{
+ const char * const kwnames[] = {
+ "info",
+ "auth_type",
+ "auth_level",
+ NULL
+ };
+ struct cli_credentials *creds = NULL;
+ PyObject *py_info = Py_None;
+ enum netr_LogonInfoClass level = NetlogonInteractiveInformation;
+ union netr_LogonLevel logon = { .password = NULL, };
+ uint8_t auth_type = DCERPC_AUTH_TYPE_NONE;
+ uint8_t auth_level = DCERPC_AUTH_LEVEL_NONE;
+ NTSTATUS status;
+ bool ok;
+
+ creds = PyCredentials_AsCliCredentials(self);
+ if (creds == NULL) {
+ PyErr_Format(PyExc_TypeError, "Credentials expected");
+ return NULL;
+ }
+
+ if (creds->netlogon_creds == NULL) {
+ PyErr_Format(PyExc_ValueError, "NetLogon credentials not set");
+ return NULL;
+ }
+
+ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "Obb",
+ discard_const_p(char *, kwnames),
+ &py_info, &auth_type, &auth_level))
+ {
+ return NULL;
+ }
+
+ ok = py_check_dcerpc_type(py_info,
+ "samba.dcerpc.netlogon",
+ "netr_PasswordInfo");
+ if (!ok) {
+ /* py_check_dcerpc_type sets TypeError */
+ return NULL;
+ }
+
+ logon.password = pytalloc_get_type(py_info, struct netr_PasswordInfo);
+ if (logon.password == NULL) {
+ /* pytalloc_get_type sets TypeError */
+ return NULL;
+ }
+
+ status = netlogon_creds_encrypt_samlogon_logon(creds->netlogon_creds,
+ level,
+ &logon,
+ auth_type,
+ auth_level);
+
+ PyErr_NTSTATUS_IS_ERR_RAISE(status);
+
+ Py_RETURN_NONE;
+}
+
static PyObject *py_creds_get_smb_signing(PyObject *self, PyObject *unused)
{
enum smb_signing_setting signing_state;
@@ -1684,6 +1757,17 @@ static PyMethodDef py_creds_methods[] = {
"the negotiated encryption algorithm in place\n"
"i.e. it overwrites the original data"
},
+ {
+ .ml_name = "encrypt_netr_PasswordInfo",
+ .ml_meth = PY_DISCARD_FUNC_SIG(PyCFunction,
+ py_creds_encrypt_netr_PasswordInfo),
+ .ml_flags = METH_VARARGS | METH_KEYWORDS,
+ .ml_doc = "S.encrypt_netr_PasswordInfo(info, "
+ "auth_type, auth_level) -> None\n"
+ "Encrypt the supplied password info using the
session key and\n"
+ "the negotiated encryption algorithm in place\n"
+ "i.e. it overwrites the original data"
+ },
{
.ml_name = "get_smb_signing",
.ml_meth = py_creds_get_smb_signing,
diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
index 84838be6e73..12f4b1fbb8c 100644
--- a/libcli/auth/credentials.c
+++ b/libcli/auth/credentials.c
@@ -290,7 +290,7 @@ static NTSTATUS netlogon_creds_step(struct
netlogon_creds_CredentialState *creds
/*
DES encrypt a 8 byte LMSessionKey buffer using the Netlogon session key
*/
-NTSTATUS netlogon_creds_des_encrypt_LMKey(struct
netlogon_creds_CredentialState *creds,
+static NTSTATUS netlogon_creds_des_encrypt_LMKey(struct
netlogon_creds_CredentialState *creds,
struct netr_LMSessionKey *key)
{
int rc;
@@ -308,7 +308,7 @@ NTSTATUS netlogon_creds_des_encrypt_LMKey(struct
netlogon_creds_CredentialState
/*
DES decrypt a 8 byte LMSessionKey buffer using the Netlogon session key
*/
-NTSTATUS netlogon_creds_des_decrypt_LMKey(struct
netlogon_creds_CredentialState *creds,
+static NTSTATUS netlogon_creds_des_decrypt_LMKey(struct
netlogon_creds_CredentialState *creds,
struct netr_LMSessionKey *key)
{
int rc;
@@ -473,6 +473,58 @@ NTSTATUS netlogon_creds_aes_decrypt(struct
netlogon_creds_CredentialState *creds
return NT_STATUS_OK;
}
+static struct netlogon_creds_CredentialState *
+netlogon_creds_alloc(TALLOC_CTX *mem_ctx,
+ const char *client_account,
+ const char *client_computer_name,
+ uint16_t secure_channel_type,
+ uint32_t client_requested_flags,
+ const struct dom_sid *client_sid,
+ uint32_t negotiate_flags)
+{
+ struct netlogon_creds_CredentialState *creds = NULL;
+ struct timeval tv = timeval_current();
+ NTTIME now = timeval_to_nttime(&tv);
+
+ creds = talloc_zero(mem_ctx, struct netlogon_creds_CredentialState);
+ if (creds == NULL) {
+ return NULL;
+ }
+
+ if (client_sid == NULL) {
+ creds->sequence = tv.tv_sec;
+ }
+ creds->negotiate_flags = negotiate_flags;
+ creds->secure_channel_type = secure_channel_type;
+
+ creds->computer_name = talloc_strdup(creds, client_computer_name);
+ if (!creds->computer_name) {
+ talloc_free(creds);
+ return NULL;
+ }
+ creds->account_name = talloc_strdup(creds, client_account);
+ if (!creds->account_name) {
+ talloc_free(creds);
+ return NULL;
+ }
+
+ creds->ex = talloc_zero(creds,
+ struct netlogon_creds_CredentialState_extra_info);
+ if (creds->ex == NULL) {
+ talloc_free(creds);
+ return NULL;
+ }
+ creds->ex->client_requested_flags = client_requested_flags;
+ creds->ex->auth_time = now;
+ if (client_sid != NULL) {
+ creds->ex->client_sid = *client_sid;
+ } else {
+ creds->ex->client_sid = global_sid_NULL;
+ }
+
+ return creds;
+}
+
/*****************************************************************
The above functions are common to the client and server interface
next comes the client specific functions
@@ -491,30 +543,23 @@ struct netlogon_creds_CredentialState
*netlogon_creds_client_init(TALLOC_CTX *me
const struct
netr_Credential *server_challenge,
const struct
samr_Password *machine_password,
struct
netr_Credential *initial_credential,
+ uint32_t
client_requested_flags,
uint32_t
negotiate_flags)
{
- struct netlogon_creds_CredentialState *creds = talloc_zero(mem_ctx,
struct netlogon_creds_CredentialState);
+ struct netlogon_creds_CredentialState *creds = NULL;
NTSTATUS status;
+ creds = netlogon_creds_alloc(mem_ctx,
+ client_account,
+ client_computer_name,
+ secure_channel_type,
+ client_requested_flags,
+ NULL, /* client_sid */
+ negotiate_flags);
if (!creds) {
return NULL;
}
- creds->sequence = time(NULL);
- creds->negotiate_flags = negotiate_flags;
- creds->secure_channel_type = secure_channel_type;
-
- creds->computer_name = talloc_strdup(creds, client_computer_name);
- if (!creds->computer_name) {
- talloc_free(creds);
- return NULL;
- }
- creds->account_name = talloc_strdup(creds, client_account);
- if (!creds->account_name) {
- talloc_free(creds);
- return NULL;
- }
-
dump_data_pw("Client chall", client_challenge->data,
sizeof(client_challenge->data));
dump_data_pw("Server chall", server_challenge->data,
sizeof(server_challenge->data));
dump_data_pw("Machine Pass", machine_password->hash,
sizeof(machine_password->hash));
@@ -563,25 +608,6 @@ struct netlogon_creds_CredentialState
*netlogon_creds_client_init(TALLOC_CTX *me
return creds;
}
-/*
- initialise the credentials structure with only a session key. The caller
better know what they are doing!
- */
-
-struct netlogon_creds_CredentialState
*netlogon_creds_client_init_session_key(TALLOC_CTX *mem_ctx,
-
const uint8_t session_key[16])
-{
- struct netlogon_creds_CredentialState *creds;
-
- creds = talloc_zero(mem_ctx, struct netlogon_creds_CredentialState);
- if (!creds) {
- return NULL;
- }
-
- memcpy(creds->session_key, session_key, 16);
-
- return creds;
-}
-
/*
step the credentials to the next element in the chain, updating the
current client and server credentials and the seed
@@ -631,14 +657,34 @@ netlogon_creds_client_authenticator(struct
netlogon_creds_CredentialState *creds
/*
check that a credentials reply from a server is correct
*/
-bool netlogon_creds_client_check(struct netlogon_creds_CredentialState *creds,
- const struct netr_Credential *received_credentials)
+NTSTATUS netlogon_creds_client_verify(struct netlogon_creds_CredentialState
*creds,
+ const struct netr_Credential *received_credentials,
+ enum dcerpc_AuthType auth_type,
+ enum dcerpc_AuthLevel auth_level)
{
if (!received_credentials ||
!mem_equal_const_time(received_credentials->data,
creds->server.data, 8)) {
DEBUG(2,("credentials check failed\n"));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+ return NT_STATUS_OK;
+}
+
+bool netlogon_creds_client_check(struct netlogon_creds_CredentialState *creds,
+ const struct netr_Credential *received_credentials)
+{
+ enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE;
+ enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
+ NTSTATUS status;
+
+ status = netlogon_creds_client_verify(creds,
+ received_credentials,
+ auth_type,
+ auth_level);
+ if (!NT_STATUS_IS_OK(status)) {
return false;
}
+
return true;
}
@@ -676,20 +722,25 @@ struct netlogon_creds_CredentialState
*netlogon_creds_server_init(TALLOC_CTX *me
const struct
samr_Password *machine_password,
const struct
netr_Credential *credentials_in,
struct
netr_Credential *credentials_out,
+ uint32_t
client_requested_flags,
+ const struct
dom_sid *client_sid,
uint32_t
negotiate_flags)
{
-
- struct netlogon_creds_CredentialState *creds = talloc_zero(mem_ctx,
struct netlogon_creds_CredentialState);
+ struct netlogon_creds_CredentialState *creds = NULL;
NTSTATUS status;
bool ok;
+ creds = netlogon_creds_alloc(mem_ctx,
+ client_account,
+ client_computer_name,
+ secure_channel_type,
+ client_requested_flags,
+ client_sid,
+ negotiate_flags);
if (!creds) {
return NULL;
}
- creds->negotiate_flags = negotiate_flags;
- creds->secure_channel_type = secure_channel_type;
-
dump_data_pw("Client chall", client_challenge->data,
sizeof(client_challenge->data));
dump_data_pw("Server chall", server_challenge->data,
sizeof(server_challenge->data));
dump_data_pw("Machine Pass", machine_password->hash,
sizeof(machine_password->hash));
@@ -708,17 +759,6 @@ struct netlogon_creds_CredentialState
*netlogon_creds_server_init(TALLOC_CTX *me
return NULL;
}
- creds->computer_name = talloc_strdup(creds, client_computer_name);
- if (!creds->computer_name) {
- talloc_free(creds);
- return NULL;
- }
- creds->account_name = talloc_strdup(creds, client_account);
- if (!creds->account_name) {
- talloc_free(creds);
- return NULL;
- }
-
if (negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
status = netlogon_creds_init_hmac_sha256(creds,
client_challenge,
@@ -778,7 +818,9 @@ struct netlogon_creds_CredentialState
*netlogon_creds_server_init(TALLOC_CTX *me
NTSTATUS netlogon_creds_server_step_check(struct
netlogon_creds_CredentialState *creds,
const struct netr_Authenticator
*received_authenticator,
- struct netr_Authenticator
*return_authenticator)
+ struct netr_Authenticator
*return_authenticator,
+ enum dcerpc_AuthType auth_type,
+ enum dcerpc_AuthLevel auth_level)
{
NTSTATUS status;
@@ -810,6 +852,8 @@ NTSTATUS netlogon_creds_server_step_check(struct
netlogon_creds_CredentialState
static NTSTATUS netlogon_creds_crypt_samlogon_validation(struct
netlogon_creds_CredentialState *creds,
uint16_t
validation_level,
union netr_Validation
*validation,
+ enum dcerpc_AuthType
auth_type,
+ enum dcerpc_AuthLevel
auth_level,
bool do_encrypt)
{
struct netr_SamBaseInfo *base = NULL;
@@ -925,27 +969,37 @@ static NTSTATUS
netlogon_creds_crypt_samlogon_validation(struct netlogon_creds_C
NTSTATUS netlogon_creds_decrypt_samlogon_validation(struct
netlogon_creds_CredentialState *creds,
uint16_t validation_level,
- union netr_Validation
*validation)
+ union netr_Validation
*validation,
+ enum dcerpc_AuthType
auth_type,
+ enum dcerpc_AuthLevel
auth_level)
{
return netlogon_creds_crypt_samlogon_validation(creds,
validation_level,
validation,
+ auth_type,
+ auth_level,
false);
}
NTSTATUS netlogon_creds_encrypt_samlogon_validation(struct
netlogon_creds_CredentialState *creds,
uint16_t validation_level,
- union netr_Validation
*validation)
+ union netr_Validation
*validation,
+ enum dcerpc_AuthType
auth_type,
+ enum dcerpc_AuthLevel
auth_level)
{
return netlogon_creds_crypt_samlogon_validation(creds,
validation_level,
validation,
+ auth_type,
+ auth_level,
true);
}
static NTSTATUS netlogon_creds_crypt_samlogon_logon(struct
netlogon_creds_CredentialState *creds,
enum netr_LogonInfoClass
level,
union netr_LogonLevel
*logon,
+ enum dcerpc_AuthType
auth_type,
+ enum dcerpc_AuthLevel
auth_level,
bool do_encrypt)
{
NTSTATUS status;
@@ -1082,6 +1136,7 @@ static NTSTATUS
netlogon_creds_crypt_samlogon_logon(struct netlogon_creds_Creden
}
} else {
/* Using DES to verify kerberos tickets makes no sense
*/
+ return NT_STATUS_INVALID_PARAMETER;
}
break;
}
@@ -1091,16 +1146,178 @@ static NTSTATUS
netlogon_creds_crypt_samlogon_logon(struct netlogon_creds_Creden
NTSTATUS netlogon_creds_decrypt_samlogon_logon(struct
netlogon_creds_CredentialState *creds,
enum netr_LogonInfoClass level,
- union netr_LogonLevel *logon)
+ union netr_LogonLevel *logon,
+ enum dcerpc_AuthType auth_type,
+ enum dcerpc_AuthLevel auth_level)
{
- return netlogon_creds_crypt_samlogon_logon(creds, level, logon, false);
+ return netlogon_creds_crypt_samlogon_logon(creds,
+ level,
+ logon,
+ auth_type,
+ auth_level,
+ false);
}
NTSTATUS netlogon_creds_encrypt_samlogon_logon(struct
netlogon_creds_CredentialState *creds,
enum netr_LogonInfoClass level,
- union netr_LogonLevel *logon)
+ union netr_LogonLevel *logon,
+ enum dcerpc_AuthType auth_type,
+ enum dcerpc_AuthLevel auth_level)
{
- return netlogon_creds_crypt_samlogon_logon(creds, level, logon, true);
+ return netlogon_creds_crypt_samlogon_logon(creds,
+ level,
+ logon,
+ auth_type,
+ auth_level,
+ true);
+}
+
+static NTSTATUS netlogon_creds_crypt_samr_Password(
+ struct netlogon_creds_CredentialState *creds,
+ struct samr_Password *pass,
+ enum dcerpc_AuthType auth_type,
+ enum dcerpc_AuthLevel auth_level,
+ bool do_encrypt)
+{
+ if (all_zero(pass->hash, ARRAY_SIZE(pass->hash))) {
+ return NT_STATUS_OK;
+ }
+
+ /*
+ * Even with NETLOGON_NEG_SUPPORTS_AES or
+ * NETLOGON_NEG_ARCFOUR this uses DES
+ */
+
+ if (do_encrypt) {
+ return netlogon_creds_des_encrypt(creds, pass);
+ }
+
+ return netlogon_creds_des_decrypt(creds, pass);
+}
+
+NTSTATUS netlogon_creds_decrypt_samr_Password(struct
netlogon_creds_CredentialState *creds,
+ struct samr_Password *pass,
+ enum dcerpc_AuthType auth_type,
+ enum dcerpc_AuthLevel auth_level)
+{
+ return netlogon_creds_crypt_samr_Password(creds,
+ pass,
+ auth_type,
+ auth_level,
+ false);
+}
+
+NTSTATUS netlogon_creds_encrypt_samr_Password(struct
netlogon_creds_CredentialState *creds,
+ struct samr_Password *pass,
+ enum dcerpc_AuthType auth_type,
+ enum dcerpc_AuthLevel auth_level)
--
Samba Shared Repository
