diff options
author | Luke Leighton <lkcl@samba.org> | 1999-12-08 21:43:03 +0000 |
---|---|---|
committer | Luke Leighton <lkcl@samba.org> | 1999-12-08 21:43:03 +0000 |
commit | 4ab9d91428b66bd2fe407b0dba94f4130160b576 (patch) | |
tree | 2733683a3097225f44e459d2fe73e1ac880b7aba | |
parent | a0ba234cf9b40adf6b5390e4e67730163a42883f (diff) | |
download | samba-4ab9d91428b66bd2fe407b0dba94f4130160b576.tar.gz samba-4ab9d91428b66bd2fe407b0dba94f4130160b576.tar.bz2 samba-4ab9d91428b66bd2fe407b0dba94f4130160b576.zip |
ABOUT TIME!!!!!!!!
damn, this one is bad.
started, at least two days ago, to add an authentication mechanism to
the smbd<->msrpc redirector/relay, such that sufficient unix / nt
information could be transferred across the unix socket to do a
become_user() on the other side of the socket.
it is necessary that the msrpc daemon inherit the same unix and nt
credentials as the smbd process from which it was spawned, until
such time as the msrpc daemon receives an authentication request
of its own, whereupon the msrpc daemon is responsible for authenticating
the new credentials and doing yet another become_user() etc sequence.
(This used to be commit 30c7fdd6ef10ecd35594311c1b250b95ff895489)
-rw-r--r-- | source3/Makefile.in | 20 | ||||
-rw-r--r-- | source3/include/client.h | 36 | ||||
-rw-r--r-- | source3/include/proto.h | 65 | ||||
-rw-r--r-- | source3/include/rpcclient.h | 3 | ||||
-rw-r--r-- | source3/include/smb.h | 68 | ||||
-rw-r--r-- | source3/lib/domain_namemap.c | 4 | ||||
-rw-r--r-- | source3/lib/msrpc-agent.c | 63 | ||||
-rw-r--r-- | source3/lib/msrpc-client.c | 127 | ||||
-rw-r--r-- | source3/lib/msrpc_use.c | 38 | ||||
-rw-r--r-- | source3/libsmb/clientgen.c | 76 | ||||
-rw-r--r-- | source3/lsarpcd/lsarpcd_process.c | 117 | ||||
-rw-r--r-- | source3/rpc_client/cli_connect.c | 11 | ||||
-rw-r--r-- | source3/rpc_client/cli_lsarpc.c | 8 | ||||
-rw-r--r-- | source3/rpc_client/cli_use.c | 22 | ||||
-rw-r--r-- | source3/rpc_parse/parse_prs.c | 8 | ||||
-rw-r--r-- | source3/rpc_server/srv_pipe.c | 6 | ||||
-rw-r--r-- | source3/rpcclient/cmd_netlogon.c | 2 | ||||
-rw-r--r-- | source3/rpcclient/cmd_samr.c | 2 | ||||
-rw-r--r-- | source3/rpcclient/cmd_spoolss.c | 2 | ||||
-rw-r--r-- | source3/rpcclient/rpcclient.c | 22 | ||||
-rw-r--r-- | source3/smbd/server.c | 2 | ||||
-rw-r--r-- | source3/utils/smb-agent.c | 69 |
22 files changed, 423 insertions, 348 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index 2ded87c858..d6b959afdc 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -120,11 +120,12 @@ LIB_OBJ = lib/charcnv.o lib/charset.o lib/debug.o lib/fault.o \ lib/bitmap.o lib/crc32.o lib/util_sid.o lib/snprintf.o \ lib/util_str.o lib/util_unistr.o \ lib/util_file.o mem_man/mem_man.o \ - lib/util_sock.o lib/unix_sec_ctxt.o \ + lib/util_sock.o \ lib/util_array.o \ lib/vagent.o \ - lib/util_hnd.o \ - lib/passcheck.o + lib/util_hnd.o + +LIBSRV_OBJ = lib/passcheck.o UBIQX_OBJ = ubiqx/ubi_BinTree.o ubiqx/ubi_Cache.o ubiqx/ubi_SplayTree.o \ ubiqx/ubi_dLinkList.o ubiqx/ubi_sLinkList.o @@ -158,13 +159,16 @@ RPC_PARSE_OBJ1 = rpc_parse/parse_lsa.o \ rpc_parse/parse_net.o \ rpc_parse/parse_reg.o \ rpc_parse/parse_samr.o rpc_parse/parse_srv.o \ - rpc_parse/parse_wks.o rpc_parse/parse_sec.o \ + rpc_parse/parse_wks.o \ rpc_parse/parse_svc.o rpc_parse/parse_at.o \ rpc_parse/parse_spoolss.o rpc_parse/parse_eventlog.o \ rpc_parse/parse_brs.o -RPC_PARSE_OBJ2 = rpc_parse/parse_rpc.o rpc_parse/parse_prs.o \ +RPC_PARSE_OBJ2 = rpc_parse/parse_rpc.o \ + rpc_parse/parse_prs.o \ rpc_parse/parse_misc.o \ + rpc_parse/parse_creds.o \ + rpc_parse/parse_sec.o \ lib/msrpc-agent.o \ lib/msrpc-client.o \ lib/msrpc_use.o \ @@ -231,14 +235,16 @@ LSARPCD_OBJ1 = lsarpcd/lsarpcd.o \ SMBD_OBJ = $(SMBD_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) \ $(RPC_SERVER_OBJ) $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) \ $(LOCKING_OBJ) $(SAMPASSDB_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \ - $(LIBSTATUS_OBJ) $(PRINTING_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) + $(LIBSTATUS_OBJ) $(PRINTING_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) \ + $(LIBSRV_OBJ) LSARPCD_OBJ = $(LSARPCD_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) \ $(UBIQX_OBJ) \ $(RPC_SRVUTIL_OBJ) $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) \ $(LOCKING_OBJ) $(SAMPASSDB_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \ - $(LIBSTATUS_OBJ) $(PRINTING_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) + $(LIBSTATUS_OBJ) $(PRINTING_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) \ + $(LIBSRV_OBJ) NMBD_OBJ1 = nmbd/asyncdns.o nmbd/nmbd.o nmbd/nmbd_become_dmb.o \ nmbd/nmbd_become_lmb.o nmbd/nmbd_browserdb.o \ diff --git a/source3/include/client.h b/source3/include/client.h index 477ceb1160..275f3b44da 100644 --- a/source3/include/client.h +++ b/source3/include/client.h @@ -56,38 +56,6 @@ struct print_job_info time_t t; }; -struct pwd_info -{ - BOOL null_pwd; - BOOL cleartext; - BOOL crypted; - - fstring password; - - uchar smb_lm_pwd[16]; - uchar smb_nt_pwd[16]; - - uchar smb_lm_owf[24]; - uchar smb_nt_owf[128]; - size_t nt_owf_len; - - uchar lm_cli_chal[8]; - uchar nt_cli_chal[128]; - size_t nt_cli_chal_len; - - uchar sess_key[16]; -}; - -struct user_credentials -{ - fstring user_name; - fstring domain; - struct pwd_info pwd; - - uint32 ntlmssp_flags; - BOOL reuse; -}; - struct cli_state { int port; @@ -101,7 +69,8 @@ struct cli_state int rap_error; int privileges; - struct user_credentials usr; + struct ntuser_creds usr; + BOOL retry; fstring eff_name; fstring desthost; @@ -128,6 +97,7 @@ struct cli_state BOOL use_ntlmv2; BOOL redirect; + BOOL reuse; uint32 sesskey; int serverzone; diff --git a/source3/include/proto.h b/source3/include/proto.h index b94e13aa0e..5cc40b929c 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -291,12 +291,12 @@ BOOL msrpc_send_prs(struct msrpc_state *msrpc, prs_struct *ps); BOOL msrpc_receive_prs(struct msrpc_state *msrpc, prs_struct *ps); BOOL msrpc_send(struct msrpc_state *msrpc, BOOL show); BOOL msrpc_connect(struct msrpc_state *msrpc, const char *pipe_name); -void msrpc_init_creds(struct msrpc_state *msrpc, const struct user_credentials *usr); +void msrpc_init_creds(struct msrpc_state *msrpc, const struct user_creds *usr); void msrpc_close_socket(struct msrpc_state *msrpc); void msrpc_sockopt(struct msrpc_state *msrpc, char *options); BOOL msrpc_connect_auth(struct msrpc_state *msrpc, const char* pipename, - const struct user_credentials *usr); + const struct user_creds *usr); struct msrpc_state *msrpc_initialise(struct msrpc_state *msrpc); void msrpc_shutdown(struct msrpc_state *msrpc); BOOL msrpc_establish_connection(struct msrpc_state *msrpc, @@ -307,10 +307,10 @@ BOOL msrpc_establish_connection(struct msrpc_state *msrpc, void init_msrpc_use(void); void free_msrpc_use(void); struct msrpc_state *msrpc_use_add(const char* pipe_name, - const struct user_credentials *usr_creds, + const struct user_creds *usr_creds, BOOL redir); BOOL msrpc_use_del(const char* pipe_name, - const struct user_credentials *usr_creds, + const struct user_creds *usr_creds, BOOL force_close, BOOL *connection_closed); void msrpc_net_use_enum(uint32 *num_cons, struct use_info ***use); @@ -428,14 +428,6 @@ time_t get_create_time(SMB_STRUCT_STAT *st,BOOL fake_dirs); char *ufc_crypt(char *key,char *salt); -/*The following definitions come from lib/unix_sec_ctxt.c */ - -void init_sec_ctxt(void); -BOOL become_unix_sec_ctxt(struct unix_sec_ctxt const *ctxt); -BOOL unbecome_unix_sec_ctxt(void); -void become_unix_root_sec_ctxt(void) ; -void unbecome_unix_root_sec_ctxt(void); - /*The following definitions come from lib/username.c */ struct passwd *hashed_getpwnam(const char *name); @@ -740,8 +732,6 @@ uint16 register_vuid(uid_t uid,gid_t gid, char *unix_name, char *requested_name, /*The following definitions come from libsmb/clientgen.c */ -void copy_user_creds(struct user_credentials *to, - const struct user_credentials *from); int cli_set_port(struct cli_state *cli, int port); char *cli_errstr(struct cli_state *cli); void cli_safe_smb_errstr(struct cli_state *cli, char *msg, size_t len); @@ -821,7 +811,7 @@ BOOL cli_negprot(struct cli_state *cli); BOOL cli_session_request(struct cli_state *cli, struct nmb_name *calling, struct nmb_name *called); BOOL cli_connect(struct cli_state *cli, const char *host, struct in_addr *ip); -void cli_init_creds(struct cli_state *cli, const struct user_credentials *usr); +void cli_init_creds(struct cli_state *cli, const struct ntuser_creds *usr); struct cli_state *cli_initialise(struct cli_state *cli); void cli_close_socket(struct cli_state *cli); void cli_shutdown(struct cli_state *cli); @@ -837,10 +827,10 @@ BOOL cli_establish_connection(struct cli_state *cli, BOOL cli_connect_auth(struct cli_state *cli, const char* desthost, struct in_addr *dest_ip, - const struct user_credentials *usr); + const struct ntuser_creds *usr); BOOL cli_connect_servers_auth(struct cli_state *cli, char *p, - const struct user_credentials *usr); + const struct ntuser_creds *usr); BOOL cli_connect_serverlist(struct cli_state *cli, char *p); int cli_printjob_del(struct cli_state *cli, int job); int cli_print_queue(struct cli_state *cli, @@ -2263,10 +2253,11 @@ BOOL svc_change_svc_cfg( POLICY_HND *hnd, void init_cli_use(void); void free_cli_use(void); struct cli_state *cli_net_use_add(const char* srv_name, - const struct user_credentials *usr_creds, - BOOL redir); + const struct ntuser_creds *usr_creds, + BOOL redir, + BOOL reuse); BOOL cli_net_use_del(const char* srv_name, - const struct user_credentials *usr_creds, + const struct ntuser_creds *usr_creds, BOOL force_close, BOOL *connection_closed); void cli_net_use_enum(uint32 *num_cons, struct use_info ***use); @@ -2477,6 +2468,40 @@ BOOL make_brs_r_query_info(BRS_R_QUERY_INFO *r_u, int status) ; BOOL brs_io_r_query_info(char *desc, BRS_R_QUERY_INFO *r_u, prs_struct *ps, int depth); +/*The following definitions come from rpc_parse/parse_creds.c */ + +BOOL make_creds_unix(CREDS_UNIX *r_u, const char* user_name); +BOOL creds_io_unix(char *desc, CREDS_UNIX *r_u, prs_struct *ps, int depth); +void creds_free_unix(CREDS_UNIX *r_u); +BOOL make_creds_unix_sec(CREDS_UNIX_SEC *r_u, + uint32 uid, uint32 gid, uint32 num_grps, uint32 *grps); +BOOL creds_io_unix_sec(char *desc, CREDS_UNIX_SEC *r_u, prs_struct *ps, int depth); +void creds_free_unix_sec(CREDS_UNIX_SEC *r_u); +BOOL creds_io_nt_sec(char *desc, CREDS_NT_SEC *r_u, prs_struct *ps, int depth); +void creds_free_nt_sec(CREDS_NT_SEC *r_u); +BOOL creds_io_pwd_info(char *desc, struct pwd_info *pwd, prs_struct *ps, int depth); +BOOL creds_io_nt(char *desc, CREDS_NT *r_u, prs_struct *ps, int depth); +void creds_free_nt(CREDS_NT *r_u); +BOOL creds_io_hybrid(char *desc, CREDS_HYBRID *r_u, prs_struct *ps, int depth); +void copy_unix_creds(CREDS_UNIX *to, const CREDS_UNIX *from); +void copy_nt_sec_creds(CREDS_NT_SEC *to, const CREDS_NT_SEC *from); +void copy_unix_sec_creds(CREDS_UNIX_SEC *to, const CREDS_UNIX_SEC *from); +void copy_nt_creds(struct ntuser_creds *to, + const struct ntuser_creds *from); +void copy_user_creds(struct user_creds *to, + const struct user_creds *from); +void free_user_creds(struct user_creds *creds); +BOOL creds_io_cmd(char *desc, CREDS_CMD *r_u, prs_struct *ps, int depth); +BOOL create_ntuser_creds( prs_struct *ps, + const char* name, + uint16 version, uint16 command, + const struct ntuser_creds *ntu, + BOOL reuse); +BOOL create_user_creds( prs_struct *ps, + const char* name, + uint16 version, uint16 command, + const struct user_creds *usr); + /*The following definitions come from rpc_parse/parse_eventlog.c */ BOOL make_eventlog_q_open(EVENTLOG_Q_OPEN *q_u, const char *journal, char *unk); diff --git a/source3/include/rpcclient.h b/source3/include/rpcclient.h index 210567c2ce..63b8e83a55 100644 --- a/source3/include/rpcclient.h +++ b/source3/include/rpcclient.h @@ -68,6 +68,7 @@ struct nt_client_info /* domain controller */ fstring level3_dom; fstring level5_dom; + }; struct client_info @@ -80,6 +81,8 @@ struct client_info struct tar_client_info tar; struct nt_client_info dom; + + BOOL reuse; }; enum action_type {ACTION_HEADER, ACTION_ENUMERATE, ACTION_FOOTER}; diff --git a/source3/include/smb.h b/source3/include/smb.h index d75b1fe0ad..22bba17e62 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -576,14 +576,14 @@ typedef struct connection_struct uid_t uid; /* uid of user who *opened* this connection */ gid_t gid; /* gid of user who *opened* this connection */ - uint16 vuid; /* vuid of user who *opened* this connection, or UID_FIELD_INVALID */ - - /* following groups stuff added by ih */ - /* This groups info is valid for the user that *opened* the connection */ int ngroups; gid_t *groups; + uint16 vuid; /* vuid of user who *opened* this connection, or UID_FIELD_INVALID */ + + /* following groups stuff added by ih */ + time_t lastused; BOOL used; int num_files_open; @@ -593,34 +593,6 @@ typedef struct connection_struct } connection_struct; -struct unix_sec_ctxt -{ - uid_t uid; - gid_t gid; - int ngroups; - gid_t *groups; - - char *name; -}; - -struct nt_sec_ctxt -{ - /* this should (will?) probably become a SEC_DESC */ - DOM_SID user_sid; - DOM_SID group_sid; - - char *name; - char *domain; -}; - -#if 0 -struct sec_ctxt -{ - struct unix_sec_ctxt unix; - struct nt_sec_ctxt nt; -}; -#endif - struct current_user { connection_struct *conn; @@ -1700,8 +1672,6 @@ struct nmb_name { unsigned int name_type; }; -#include "client.h" -#include "rpcclient.h" #include "dfs.h" @@ -1744,6 +1714,7 @@ struct field_info }; #define AGENT_CMD_CON 0 +#define AGENT_CMD_CON_ANON 2 #define AGENT_CMD_CON_REUSE 1 #define MAX_MAX_MUX_LIMIT 16 @@ -1754,10 +1725,34 @@ struct nmb_state int port; }; +struct pwd_info +{ + BOOL null_pwd; + BOOL cleartext; + BOOL crypted; + + fstring password; + + uchar smb_lm_pwd[16]; + uchar smb_nt_pwd[16]; + + uchar smb_lm_owf[24]; + uchar smb_nt_owf[128]; + size_t nt_owf_len; + + uchar lm_cli_chal[8]; + uchar nt_cli_chal[128]; + size_t nt_cli_chal_len; + + uchar sess_key[16]; +}; + +#include "rpc_creds.h" + struct msrpc_state { fstring pipe_name; - struct user_credentials usr; + struct user_creds usr; int fd; BOOL redirect; BOOL initialised; @@ -1765,6 +1760,9 @@ struct msrpc_state char *outbuf; }; +#include "client.h" +#include "rpcclient.h" + #endif /* _SMB_H */ /* _SMB_H */ diff --git a/source3/lib/domain_namemap.c b/source3/lib/domain_namemap.c index 551c7290ea..9c94783239 100644 --- a/source3/lib/domain_namemap.c +++ b/source3/lib/domain_namemap.c @@ -882,8 +882,8 @@ static BOOL lookup_remote_ntname(const char *ntname, DOM_SID *sid, uint8 *type) struct cli_state cli; POLICY_HND lsa_pol; fstring srv_name; - extern struct user_credentials *usr_creds; - struct user_credentials usr; + extern struct ntuser_creds *usr_creds; + struct ntuser_creds usr; BOOL res3 = True; BOOL res4 = True; diff --git a/source3/lib/msrpc-agent.c b/source3/lib/msrpc-agent.c index 0bb9429ecb..9fc592d377 100644 --- a/source3/lib/msrpc-agent.c +++ b/source3/lib/msrpc-agent.c @@ -28,7 +28,7 @@ static char packet[BUFFER_SIZE]; /**************************************************************************** terminate sockent connection -***********************************************************<*****************/ +****************************************************************************/ static void free_sock(void *sock) { if (sock != NULL) @@ -41,20 +41,21 @@ static void free_sock(void *sock) static struct msrpc_state *init_client_connection(int c) { pstring buf; - uchar ntpw[16]; - uchar lmpw[16]; fstring pipe_name; - struct user_credentials usr; - char *p = buf; + struct user_creds usr; int rl; uint32 len; - uint16 version; - uint16 command; BOOL new_con = False; + struct msrpc_state *n = NULL; + + CREDS_CMD cmd; + prs_struct ps; ZERO_STRUCT(usr); + ZERO_STRUCT(cmd); + cmd.cred = &usr; - DEBUG(10,("first request\n")); + DEBUG(10,("init_client_connection: first request\n")); rl = read(c, &buf, sizeof(len)); @@ -84,41 +85,30 @@ static struct msrpc_state *init_client_connection(int c) #ifdef DEBUG_PASSWORD dump_data(100, buf, rl); #endif - version = SVAL(p, 0); - p += 2; - command = SVAL(p, 0); - p += 2; - fstrcpy(pipe_name, p); - p = skip_string(p, 1); - fstrcpy(usr.user_name, p); - p = skip_string(p, 1); - fstrcpy(usr.domain, p); - p = skip_string(p, 1); + /* make a static data parsing structure from the api_fd_reply data */ + prs_init(&ps, 0, 4, 0, True); + mem_create(ps.data, buf, 0, len, 0, False); - if (PTR_DIFF(p, buf) < rl) - { - memcpy(lmpw, p, 16); - p += 16; - memcpy(ntpw, p, 16); - p += 16; - pwd_set_lm_nt_16(&usr.pwd, lmpw, ntpw); - } - else + if (!creds_io_cmd("creds", &cmd, &ps, 0)) { - pwd_set_nullpwd(&usr.pwd); + DEBUG(0,("Unable to parse credentials\n")); + mem_free_data(ps.data); + return NULL; } - if (PTR_DIFF(p, buf) != rl) + mem_free_data(ps.data); + + if (ps.offset != rl) { - DEBUG(0,("Buffer size %d %d!\n", - PTR_DIFF(p, buf), rl)); + DEBUG(0,("Buffer size %d %d!\n", ps.offset, rl)); return NULL; } - switch (command) + switch (cmd.command) { case AGENT_CMD_CON: + case AGENT_CMD_CON_ANON: { new_con = True; break; @@ -126,19 +116,17 @@ static struct msrpc_state *init_client_connection(int c) case AGENT_CMD_CON_REUSE: { new_con = True; - usr.reuse = True; break; } default: { - DEBUG(0,("unknown command %d\n", command)); + DEBUG(0,("unknown command %d\n", cmd.command)); return NULL; } } if (new_con) { - struct msrpc_state *n; uint32 status = 0; n = msrpc_use_add(pipe_name, &usr, False); @@ -162,9 +150,9 @@ static struct msrpc_state *init_client_connection(int c) n = NULL; } } - return n; } - return NULL; + free_user_creds(&usr); + return n; } static BOOL process_cli_sock(struct sock_redir **socks, uint32 num_socks, @@ -256,6 +244,7 @@ void start_msrpc_agent(char *pipe_name) if (fork() == 0) { + /* child */ start_agent(&va); } } diff --git a/source3/lib/msrpc-client.c b/source3/lib/msrpc-client.c index fb82c54700..6e80063862 100644 --- a/source3/lib/msrpc-client.c +++ b/source3/lib/msrpc-client.c @@ -134,7 +134,7 @@ BOOL msrpc_connect(struct msrpc_state *msrpc, const char *pipe_name) /**************************************************************************** initialise a msrpcent structure ****************************************************************************/ -void msrpc_init_creds(struct msrpc_state *msrpc, const struct user_credentials *usr) +void msrpc_init_creds(struct msrpc_state *msrpc, const struct user_creds *usr) { copy_user_creds(&msrpc->usr, usr); } @@ -161,58 +161,39 @@ void msrpc_sockopt(struct msrpc_state *msrpc, char *options) } -static BOOL msrpc_init_redirect(struct msrpc_state *msrpc, - const char* pipe_name, - const struct user_credentials *usr) +static BOOL msrpc_authenticate(struct msrpc_state *msrpc, + const struct user_creds *usr) { - int sock; struct msrpc_state msrpc_redir; - fstring path; - pstring data; + int sock = msrpc->fd; + char *data; + prs_struct ps; uint32 len; - char *p; char *in = msrpc->inbuf; char *out = msrpc->outbuf; + uint16 command; - slprintf(path, sizeof(path)-1, "/tmp/.msrpc/.%s/agent", pipe_name); - - sock = open_pipe_sock(path); + command = usr != NULL ? AGENT_CMD_CON : AGENT_CMD_CON_ANON; - if (sock < 0) + if (usr != NULL) { - return False; + usr->ptr_ntc = 1; + usr->ptr_uxc = 1; + usr->ptr_nts = 0; + usr->ptr_uxs = 0; } - ZERO_STRUCT(data); - - p = &data[4]; - SSVAL(p, 0, 0); - p += 2; - - SSVAL(p, 0, usr->reuse ? AGENT_CMD_CON_REUSE : AGENT_CMD_CON); - p += 2; - - safe_strcpy(p, pipe_name, 16); - p = skip_string(p, 1); - safe_strcpy(p, usr != NULL ? usr->user_name : "", 16); - p = skip_string(p, 1); - safe_strcpy(p, usr != NULL ? usr->domain : "", 16); - p = skip_string(p, 1); - - if (usr != NULL && !pwd_is_nullpwd(&usr->pwd)) + if (!create_user_creds(&ps, msrpc->pipe_name, 0x0, command, usr)) { - uchar lm16[16]; - uchar nt16[16]; - - pwd_get_lm_nt_16(&usr->pwd, lm16, nt16); - memcpy(p, lm16, 16); - p += 16; - memcpy(p, nt16, 16); - p += 16; + DEBUG(0,("could not parse credentials\n")); + close(sock); + return False; } - len = PTR_DIFF(p, data); + len = ps.offset; + data = mem_data(&ps.data, 0); + SIVAL(data, 0, len); #ifdef DEBUG_PASSWORD @@ -223,31 +204,67 @@ static BOOL msrpc_init_redirect(struct msrpc_state *msrpc, if (write(sock, data, len) <= 0) { DEBUG(0,("write failed\n")); - close(sock); return False; } - len = read(sock, &msrpc_redir, sizeof(msrpc_redir)); + if (msrpc->redirect) + { + len = read(sock, &msrpc_redir, sizeof(msrpc_redir)); - if (len != sizeof(msrpc_redir)) + if (len != sizeof(msrpc_redir)) + { + DEBUG(0,("read failed\n")); + return False; + } + + memcpy(msrpc, &msrpc_redir, sizeof(msrpc_redir)); + msrpc->inbuf = in; + msrpc->outbuf = out; + msrpc->fd = sock; + msrpc->usr.reuse = False; + } + else + { + uint32 status; + len = read(sock, &status, sizeof(status)); + + return len == sizeof(status) && status == 0x0; + } + return True; +} + +static BOOL msrpc_init_redirect(struct msrpc_state *msrpc, + const char* pipe_name, + const struct user_creds *usr) +{ + int sock; + fstring path; + + slprintf(path, sizeof(path)-1, "/tmp/.msrpc/.%s/agent", pipe_name); + + sock = open_pipe_sock(path); + + if (sock < 0) { - DEBUG(0,("read failed\n")); - close(sock); return False; } - - memcpy(msrpc, &msrpc_redir, sizeof(msrpc_redir)); - msrpc->inbuf = in; - msrpc->outbuf = out; + msrpc->fd = sock; - msrpc->usr.reuse = False; + + if (!msrpc_authenticate(msrpc, usr)) + { + DEBUG(0,("authenticate failed\n")); + close(msrpc->fd); + msrpc->fd = -1; + return False; + } return True; } BOOL msrpc_connect_auth(struct msrpc_state *msrpc, const char* pipename, - const struct user_credentials *usr) + const struct user_creds *usr) { ZERO_STRUCTP(msrpc); if (!msrpc_initialise(msrpc)) @@ -326,7 +343,7 @@ BOOL msrpc_establish_connection(struct msrpc_state *msrpc, { DEBUG(5,("msrpc_establish_connection: connecting to %s (%s) - %s\n", pipe_name, - msrpc->usr.user_name, msrpc->usr.domain)); + msrpc->usr.ntc.user_name, msrpc->usr.ntc.domain)); /* establish connection */ @@ -359,6 +376,14 @@ BOOL msrpc_establish_connection(struct msrpc_state *msrpc, } } + if (!msrpc_authenticate(msrpc, &msrpc->usr)) + { + DEBUG(0,("authenticate failed\n")); + close(msrpc->fd); + msrpc->fd = -1; + return False; + } + return True; } diff --git a/source3/lib/msrpc_use.c b/source3/lib/msrpc_use.c index a8fb009df0..193867e610 100644 --- a/source3/lib/msrpc_use.c +++ b/source3/lib/msrpc_use.c @@ -109,18 +109,18 @@ find client state. server name, user name, domain name and password must all match. ****************************************************************************/ static struct msrpc_use *msrpc_find(const char* pipe_name, - const struct user_credentials *usr_creds) + const struct user_creds *usr_creds) { int i; - struct user_credentials null_usr; + struct user_creds null_usr; copy_user_creds(&null_usr, usr_creds); usr_creds = &null_usr; DEBUG(10,("msrpc_find: %s %s %s\n", pipe_name, - usr_creds->user_name, - usr_creds->domain)); + usr_creds->ntc.user_name, + usr_creds->ntc.domain)); for (i = 0; i < num_msrpcs; i++) { @@ -133,28 +133,28 @@ static struct msrpc_use *msrpc_find(const char* pipe_name, DEBUG(10,("msrpc_find[%d]: %s %s %s\n", i, msrpc_name, - c->cli->usr.user_name, - c->cli->usr.domain)); + c->cli->usr.ntc.user_name, + c->cli->usr.ntc.domain)); if (!strequal(msrpc_name, pipe_name)) { continue; } - if (!strequal(usr_creds->user_name, c->cli->usr.user_name)) + if (!strequal(usr_creds->ntc.user_name, c->cli->usr.ntc.user_name)) { continue; } if (!usr_creds->reuse && - !pwd_compare(&usr_creds->pwd, &c->cli->usr.pwd)) + !pwd_compare(&usr_creds->ntc.pwd, &c->cli->usr.ntc.pwd)) { DEBUG(100,("password doesn't match\n")); continue; } - if (usr_creds->domain[0] == 0) + if (usr_creds->ntc.domain[0] == 0) { return c; } - if (strequal(usr_creds->domain, c->cli->usr.domain)) + if (strequal(usr_creds->ntc.domain, c->cli->usr.ntc.domain)) { return c; } @@ -167,7 +167,7 @@ static struct msrpc_use *msrpc_find(const char* pipe_name, create a new client state from user credentials ****************************************************************************/ static struct msrpc_use *msrpc_use_get(const char* pipe_name, - const struct user_credentials *usr_creds) + const struct user_creds *usr_creds) { struct msrpc_use *cli = (struct msrpc_use*)malloc(sizeof(*cli)); @@ -194,7 +194,7 @@ static struct msrpc_use *msrpc_use_get(const char* pipe_name, init client state ****************************************************************************/ struct msrpc_state *msrpc_use_add(const char* pipe_name, - const struct user_credentials *usr_creds, + const struct user_creds *usr_creds, BOOL redir) { struct msrpc_use *cli = msrpc_find(pipe_name, usr_creds); @@ -236,7 +236,7 @@ struct msrpc_state *msrpc_use_add(const char* pipe_name, delete a client state ****************************************************************************/ BOOL msrpc_use_del(const char* pipe_name, - const struct user_credentials *usr_creds, + const struct user_creds *usr_creds, BOOL force_close, BOOL *connection_closed) { @@ -261,10 +261,10 @@ BOOL msrpc_use_del(const char* pipe_name, if (!strequal(msrpc_name, pipe_name)) continue; - if (strequal(usr_creds->user_name, - msrpcs[i]->cli->usr.user_name) && - strequal(usr_creds->domain, - msrpcs[i]->cli->usr.domain)) + if (strequal(usr_creds->ntc.user_name, + msrpcs[i]->cli->usr.ntc.user_name) && + strequal(usr_creds->ntc.domain, + msrpcs[i]->cli->usr.ntc.domain)) { /* decrement number of users */ msrpcs[i]->num_users--; @@ -311,8 +311,8 @@ void msrpc_net_use_enum(uint32 *num_cons, struct use_info ***use) if (item.connected) { item.srv_name = msrpcs[i]->cli->pipe_name; - item.user_name = msrpcs[i]->cli->usr.user_name; - item.domain = msrpcs[i]->cli->usr.domain; + item.user_name = msrpcs[i]->cli->usr.ntc.user_name; + item.domain = msrpcs[i]->cli->usr.ntc.domain; } add_use_info_to_array(num_cons, use, &item); diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c index 86edfa8bec..49772cd37a 100644 --- a/source3/libsmb/clientgen.c +++ b/source3/libsmb/clientgen.c @@ -31,26 +31,6 @@ extern int DEBUGLEVEL; * set the port that will be used for connections by the client */ -void copy_user_creds(struct user_credentials *to, - const struct user_credentials *from) -{ - if (from == NULL) - { - to->domain[0] = 0; - to->user_name[0] = 0; - pwd_set_nullpwd(&to->pwd); - to->ntlmssp_flags = 0; - to->reuse = False; - - return; - } - safe_strcpy(to->domain , from->domain , sizeof(from->domain )-1); - safe_strcpy(to->user_name, from->user_name, sizeof(from->user_name)-1); - memcpy(&to->pwd, &from->pwd, sizeof(from->pwd)); - to->ntlmssp_flags = from->ntlmssp_flags; - to->reuse = from->reuse; -}; - int cli_set_port(struct cli_state *cli, int port) { @@ -787,7 +767,7 @@ BOOL cli_session_setup_x(struct cli_state *cli, char *p; BOOL esec = cli->capabilities & CAP_EXTENDED_SECURITY; - if (cli->usr.reuse) + if (cli->reuse) { DEBUG(3,("cli_session_setup_x: reuse enabled, skipping SMBsesssetupX\n")); return True; @@ -1071,7 +1051,7 @@ BOOL cli_session_setup(struct cli_state *cli, BOOL cli_ulogoff(struct cli_state *cli) { - if (cli->usr.reuse) + if (cli->reuse) { DEBUG(3,("cli_ulogoff: reuse enabled, skipping SMBulogoff\n")); return True; @@ -2697,9 +2677,9 @@ BOOL cli_connect(struct cli_state *cli, const char *host, struct in_addr *ip) /**************************************************************************** initialise a client structure ****************************************************************************/ -void cli_init_creds(struct cli_state *cli, const struct user_credentials *usr) +void cli_init_creds(struct cli_state *cli, const struct ntuser_creds *usr) { - copy_user_creds(&cli->usr, usr); + copy_nt_creds(&cli->usr, usr); } /**************************************************************************** @@ -2946,18 +2926,19 @@ BOOL cli_reestablish_connection(struct cli_state *cli) static int cli_init_redirect(struct cli_state *cli, const char* srv_name, struct in_addr *destip, - const struct user_credentials *usr) + const struct ntuser_creds *usr) { int sock; fstring ip_name; struct cli_state cli_redir; fstring path; - pstring data; uint32 len; - char *p; + char *data; char *in = cli->inbuf; char *out = cli->outbuf; + prs_struct ps; + uint16 command; slprintf(path, sizeof(path)-1, "/tmp/.smb.%d/agent", getuid()); @@ -2975,42 +2956,25 @@ static int cli_init_redirect(struct cli_state *cli, return sock; } - ZERO_STRUCT(data); - - p = &data[4]; - SSVAL(p, 0, 0); - p += 2; - - SSVAL(p, 0, usr->reuse ? AGENT_CMD_CON_REUSE : AGENT_CMD_CON); - p += 2; - - safe_strcpy(p, srv_name, 16); - p = skip_string(p, 1); - safe_strcpy(p, usr != NULL ? usr->user_name : "", 16); - p = skip_string(p, 1); - safe_strcpy(p, usr != NULL ? usr->domain : "", 16); - p = skip_string(p, 1); + command = usr != NULL ? AGENT_CMD_CON : AGENT_CMD_CON_ANON; - if (usr != NULL && !pwd_is_nullpwd(&usr->pwd)) + if (!create_ntuser_creds(&ps, srv_name, 0x0, command, usr, cli->reuse)) { - uchar lm16[16]; - uchar nt16[16]; - - pwd_get_lm_nt_16(&usr->pwd, lm16, nt16); - memcpy(p, lm16, 16); - p += 16; - memcpy(p, nt16, 16); - p += 16; + DEBUG(0,("could not parse credentials\n")); + close(sock); + return False; } - len = PTR_DIFF(p, data); - SIVAL(data, 0, len); + len = ps.offset; + data = mem_data(&ps.data, 0); #ifdef DEBUG_PASSWORD DEBUG(100,("data len: %d\n", len)); dump_data(100, data, len); #endif + SIVAL(data, 0, len); + if (write(sock, data, len) <= 0) { DEBUG(0,("write failed\n")); @@ -3031,7 +2995,7 @@ static int cli_init_redirect(struct cli_state *cli, cli->inbuf = in; cli->outbuf = out; cli->fd = sock; - cli->usr.reuse = False; + cli->reuse = False; return sock; } @@ -3449,7 +3413,7 @@ BOOL cli_establish_connection(struct cli_state *cli, BOOL cli_connect_auth(struct cli_state *cli, const char* desthost, struct in_addr *dest_ip, - const struct user_credentials *usr) + const struct ntuser_creds *usr) { extern pstring global_myname; extern pstring scope; @@ -3484,7 +3448,7 @@ BOOL cli_connect_auth(struct cli_state *cli, ****************************************************************************/ BOOL cli_connect_servers_auth(struct cli_state *cli, char *p, - const struct user_credentials *usr) + const struct ntuser_creds *usr) { fstring remote_host; BOOL connected_ok = False; diff --git a/source3/lsarpcd/lsarpcd_process.c b/source3/lsarpcd/lsarpcd_process.c index f54c41bcb4..47a4f9a86c 100644 --- a/source3/lsarpcd/lsarpcd_process.c +++ b/source3/lsarpcd/lsarpcd_process.c @@ -290,15 +290,122 @@ void process_smb(char *inbuf, char *outbuf) } +BOOL get_user_creds(struct user_creds *usr) +{ + pstring buf; + int rl; + uint32 len; + BOOL new_con = False; + extern int Client; + uint32 status; + + CREDS_CMD cmd; + prs_struct ps; + + ZERO_STRUCTP(usr); + ZERO_STRUCT(cmd); + cmd.cred = usr; + + DEBUG(10,("get_user_creds: first request\n")); + + rl = read(Client, &buf, sizeof(len)); + + if (rl != sizeof(len)) + { + DEBUG(0,("Unable to read length\n")); + dump_data(0, buf, sizeof(len)); + return False; + } + + len = IVAL(buf, 0); + + if (len > sizeof(buf)) + { + DEBUG(0,("length %d too long\n", len)); + return False; + } + + rl = read(Client, buf, len); + + if (rl < 0) + { + DEBUG(0,("Unable to read from connection\n")); + return False; + } + +#ifdef DEBUG_PASSWORD + dump_data(100, buf, rl); +#endif + + /* make a static data parsing structure from the api_fd_reply data */ + prs_init(&ps, 0, 4, 0, True); + mem_create(ps.data, buf, 0, len, 0, False); + + if (!creds_io_cmd("creds", &cmd, &ps, 0)) + { + DEBUG(0,("Unable to parse credentials\n")); + mem_free_data(ps.data); + return False; + } + + mem_free_data(ps.data); + + if (ps.offset != rl) + { + DEBUG(0,("Buffer size %d %d!\n", ps.offset, rl)); + return False; + } + + switch (cmd.command) + { + case AGENT_CMD_CON: + case AGENT_CMD_CON_ANON: + { + new_con = True; + break; + } + case AGENT_CMD_CON_REUSE: + { + new_con = True; + break; + } + default: + { + DEBUG(0,("unknown command %d\n", cmd.command)); + return False; + } + } + + status = new_con ? 0x0 : 0x1; + + if (write(Client, &status, sizeof(status)) != + sizeof(status)) + { + return False; + } + + return new_con; +} /**************************************************************************** process commands from the client ****************************************************************************/ void lsarpcd_process(void) { + struct user_creds usr; + ZERO_STRUCT(static_pipe); fstrcpy(static_pipe.name, "lsarpc"); + + if (!get_user_creds(&usr)) + { + DEBUG(0,("authentication failed\n")); + free_user_creds(&usr); + return; + } + + free_user_creds(&usr); InBuffer = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN); OutBuffer = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN); @@ -308,7 +415,6 @@ void lsarpcd_process(void) InBuffer += SMB_ALIGNMENT; OutBuffer += SMB_ALIGNMENT; - max_recv = MIN(lp_maxxmit(),BUFFER_SIZE); /* re-initialise the timezone */ @@ -316,19 +422,10 @@ void lsarpcd_process(void) while (True) { - int deadtime = lp_deadtime()*60; int counter; int service_load_counter = 0; BOOL got_smb = False; - if (deadtime <= 0) - deadtime = DEFAULT_SMBD_TIMEOUT; - -#if USE_READ_PREDICTION - if (lp_readprediction()) - do_read_prediction(); -#endif - errno = 0; for (counter=SMBD_SELECT_LOOP; diff --git a/source3/rpc_client/cli_connect.c b/source3/rpc_client/cli_connect.c index 147be96ba4..f935b53044 100644 --- a/source3/rpc_client/cli_connect.c +++ b/source3/rpc_client/cli_connect.c @@ -24,7 +24,7 @@ #include "includes.h" -struct user_credentials *usr_creds = NULL; +struct ntuser_creds *usr_creds = NULL; extern int DEBUGLEVEL; extern pstring scope; @@ -35,7 +35,7 @@ struct cli_connection uint32 num_connections; char *srv_name; char *pipe_name; - struct user_credentials usr_creds; + struct ntuser_creds usr_creds; struct cli_state *cli; uint16 fnum; }; @@ -74,7 +74,7 @@ void free_connections(void) } static struct cli_connection *cli_con_get(const char* srv_name, - const char* pipe_name) + const char* pipe_name, BOOL reuse) { struct cli_connection *con = NULL; @@ -96,7 +96,7 @@ static struct cli_connection *cli_con_get(const char* srv_name, con->pipe_name = strdup(pipe_name); } - con->cli = cli_net_use_add(srv_name, usr_creds, True); + con->cli = cli_net_use_add(srv_name, usr_creds, True, reuse); if (con->cli == NULL) { @@ -181,12 +181,13 @@ BOOL cli_connection_init(const char* srv_name, const char* pipe_name, struct cli_connection **con) { BOOL res = True; + BOOL reuse = False; /* * allocate */ - *con = cli_con_get(srv_name, pipe_name); + *con = cli_con_get(srv_name, pipe_name, reuse); if ((*con) == NULL) { diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 665383ca10..1cf584a29b 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -44,8 +44,8 @@ BOOL get_domain_sids(const char *myname, BOOL res1 = True; fstring dom3; fstring dom5; - extern struct user_credentials *usr_creds; - struct user_credentials usr; + extern struct ntuser_creds *usr_creds; + struct ntuser_creds usr; usr_creds = &usr; ZERO_STRUCT(usr); @@ -140,8 +140,8 @@ BOOL get_trust_sid_and_domain(const char* myname, char *server, fstring dom3; fstring dom5; - extern struct user_credentials *usr_creds; - struct user_credentials usr; + extern struct ntuser_creds *usr_creds; + struct ntuser_creds usr; usr_creds = &usr; ZERO_STRUCT(usr); diff --git a/source3/rpc_client/cli_use.c b/source3/rpc_client/cli_use.c index 93a85d748d..96122c307d 100644 --- a/source3/rpc_client/cli_use.c +++ b/source3/rpc_client/cli_use.c @@ -110,13 +110,14 @@ find client state. server name, user name, domain name and password must all match. ****************************************************************************/ static struct cli_use *cli_find(const char* srv_name, - const struct user_credentials *usr_creds) + const struct ntuser_creds *usr_creds, + BOOL reuse) { int i; const char *sv_name = srv_name; - struct user_credentials null_usr; + struct ntuser_creds null_usr; - copy_user_creds(&null_usr, usr_creds); + copy_nt_creds(&null_usr, usr_creds); usr_creds = &null_usr; if (strnequal("\\\\", sv_name, 2)) @@ -156,7 +157,7 @@ static struct cli_use *cli_find(const char* srv_name, { continue; } - if (!usr_creds->reuse && + if (!reuse && !pwd_compare(&usr_creds->pwd, &c->cli->usr.pwd)) { DEBUG(100,("password doesn't match\n")); @@ -179,7 +180,7 @@ static struct cli_use *cli_find(const char* srv_name, create a new client state from user credentials ****************************************************************************/ static struct cli_use *cli_use_get(const char* srv_name, - const struct user_credentials *usr_creds) + const struct ntuser_creds *usr_creds) { struct cli_use *cli = (struct cli_use*)malloc(sizeof(*cli)); @@ -206,8 +207,9 @@ static struct cli_use *cli_use_get(const char* srv_name, init client state ****************************************************************************/ struct cli_state *cli_net_use_add(const char* srv_name, - const struct user_credentials *usr_creds, - BOOL redir) + const struct ntuser_creds *usr_creds, + BOOL redir, + BOOL reuse) { struct nmb_name calling; struct nmb_name called; @@ -215,7 +217,7 @@ struct cli_state *cli_net_use_add(const char* srv_name, fstring dest_host; struct in_addr ip; - struct cli_use *cli = cli_find(srv_name, usr_creds); + struct cli_use *cli = cli_find(srv_name, usr_creds, reuse); if (cli != NULL) { @@ -224,7 +226,7 @@ struct cli_state *cli_net_use_add(const char* srv_name, } /* reuse an existing connection requested, and one was not found */ - if (usr_creds != NULL && usr_creds->reuse && !redir) + if (usr_creds != NULL && reuse && !redir) { return False; } @@ -277,7 +279,7 @@ struct cli_state *cli_net_use_add(const char* srv_name, delete a client state ****************************************************************************/ BOOL cli_net_use_del(const char* srv_name, - const struct user_credentials *usr_creds, + const struct ntuser_creds *usr_creds, BOOL force_close, BOOL *connection_closed) { diff --git a/source3/rpc_parse/parse_prs.c b/source3/rpc_parse/parse_prs.c index f53b2da955..4c52e15769 100644 --- a/source3/rpc_parse/parse_prs.c +++ b/source3/rpc_parse/parse_prs.c @@ -429,6 +429,9 @@ BOOL _prs_string(char *name, prs_struct *ps, int depth, char *str, uint16 len, u if (ps->error) return False; start = (uint8*)mem_data(&(ps->data), ps->offset); + DEBUG(120,("_prs_string: string %s len %d max %d\n", + str, len, max_buf_size)); + do { char *q; @@ -443,7 +446,7 @@ BOOL _prs_string(char *name, prs_struct *ps, int depth, char *str, uint16 len, u if (i < len || len == 0) { - RW_CVAL(ps->io, q, str[i],0); + RW_CVAL(ps->io, q, str[i], 0); } else { @@ -453,6 +456,9 @@ BOOL _prs_string(char *name, prs_struct *ps, int depth, char *str, uint16 len, u } while (i < max_buf_size && (len == 0 ? str[i] != 0 : i < len) ); + DEBUG(120,("_prs_string: string %s len %d max %d\n", + str, len, max_buf_size)); + ps->offset += i+1; dump_data(5+depth, (char *)start, i); diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 04fa0955ea..ca87cafcf7 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -482,7 +482,11 @@ void add_msrpc_command_processor(char* pipe_name, char* process_name, BOOL (*fn) (pipes_struct *, prs_struct *)) { - struct api_cmd cmd = { pipe_name, process_name, fn }; + struct api_cmd cmd; + cmd.pipe_clnt_name = pipe_name; + cmd.pipe_srv_name = process_name; + cmd.fn = fn; + add_api_cmd_to_array(&num_cmds, &api_fd_commands, &cmd); } diff --git a/source3/rpcclient/cmd_netlogon.c b/source3/rpcclient/cmd_netlogon.c index 9bd398643f..c518fbb9f5 100644 --- a/source3/rpcclient/cmd_netlogon.c +++ b/source3/rpcclient/cmd_netlogon.c @@ -33,7 +33,7 @@ extern int DEBUGLEVEL; #define DEBUG_TESTING -extern struct user_credentials *usr_creds; +extern struct ntuser_creds *usr_creds; extern FILE* out_hnd; diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c index 078d7d2cc3..9d15699532 100644 --- a/source3/rpcclient/cmd_samr.c +++ b/source3/rpcclient/cmd_samr.c @@ -33,7 +33,7 @@ extern int DEBUGLEVEL; #define DEBUG_TESTING -extern struct user_credentials *usr_creds; +extern struct ntuser_creds *usr_creds; extern FILE* out_hnd; diff --git a/source3/rpcclient/cmd_spoolss.c b/source3/rpcclient/cmd_spoolss.c index ad45cb3dc8..43fa9900d4 100644 --- a/source3/rpcclient/cmd_spoolss.c +++ b/source3/rpcclient/cmd_spoolss.c @@ -34,7 +34,7 @@ extern int DEBUGLEVEL; extern FILE* out_hnd; -extern struct user_credentials *usr_creds; +extern struct ntuser_creds *usr_creds; /**************************************************************************** nt spoolss query diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c index 30fbd4ee9d..517697a8c5 100644 --- a/source3/rpcclient/rpcclient.c +++ b/source3/rpcclient/rpcclient.c @@ -48,7 +48,7 @@ static void cmd_quit(struct client_info *info, int argc, char *argv[]); static void cmd_set (struct client_info *info, int argc, char *argv[]); static void cmd_net (struct client_info *info, int argc, char *argv[]); -static struct user_credentials usr; +static struct ntuser_creds usr; static struct client_info cli_info; @@ -1322,7 +1322,7 @@ static char *complete_cmd_null(char *text, int state) #endif /* HAVE_LIBREADLINE */ -static void set_user_password(struct user_credentials *u, +static void set_user_password(struct ntuser_creds *u, BOOL got_pass, char *password) { /* set the password cache info */ @@ -1350,19 +1350,19 @@ static void cmd_net(struct client_info *info, int argc, char *argv[]) BOOL net_use = False; BOOL net_use_add = True; BOOL force_close = False; - struct user_credentials u; + struct ntuser_creds u; fstring dest_host; fstring srv_name; BOOL null_pwd = False; BOOL got_pwd = False; pstring password; - extern struct user_credentials *usr_creds; + extern struct ntuser_creds *usr_creds; - copy_user_creds(&u, usr_creds); + copy_nt_creds(&u, usr_creds); pstrcpy(dest_host, cli_info.dest_host); pstrcpy(u.user_name,optarg); - u.reuse = False; + info->reuse = False; if (argc <= 1) { @@ -1494,7 +1494,7 @@ static void cmd_net(struct client_info *info, int argc, char *argv[]) srv_name, u.user_name, u.domain); report(out_hnd, "Connection:\t"); - if (cli_net_use_add(srv_name, &u, True) != NULL) + if (cli_net_use_add(srv_name, &u, True, info->reuse) != NULL) { report(out_hnd, "OK\n"); } @@ -1561,6 +1561,7 @@ static void cmd_set(struct client_info *info, int argc, char *argv[]) static pstring servicesf = CONFIGFILE; pstring term_code; pstring password; /* local copy only, if one is entered */ + info->reuse = False; #ifdef KANJI pstrcpy(term_code, KANJI); @@ -1568,7 +1569,6 @@ static void cmd_set(struct client_info *info, int argc, char *argv[]) *term_code = 0; #endif /* KANJI */ - usr.reuse = False; if (argc > 1 && *argv[1] != '-') { @@ -1588,7 +1588,7 @@ static void cmd_set(struct client_info *info, int argc, char *argv[]) { case 'R': { - usr.reuse = True; + info->reuse = True; break; } @@ -1793,7 +1793,7 @@ static void cmd_set(struct client_info *info, int argc, char *argv[]) } } -static void read_user_env(struct user_credentials *u) +static void read_user_env(struct ntuser_creds *u) { pstring password; @@ -1860,7 +1860,7 @@ void readline_init(void) ****************************************************************************/ int main(int argc,char *argv[]) { - extern struct user_credentials *usr_creds; + extern struct ntuser_creds *usr_creds; mode_t myumask = 0755; DEBUGLEVEL = 2; diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 7fde1fc6f6..f6ea8ecb65 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -678,9 +678,7 @@ static void usage(char *pname) } #endif /* WITH_SSL */ -#if 0 start_msrpc_agent("lsarpc"); -#endif add_msrpc_command_processor( "samr", "lsass", api_samr_rpc ); add_msrpc_command_processor( "srvsvc", "ntsvcs", api_srvsvc_rpc ); add_msrpc_command_processor( "wkssvc", "ntsvcs", api_wkssvc_rpc ); diff --git a/source3/utils/smb-agent.c b/source3/utils/smb-agent.c index 96c43cadaf..2ecfdba7e2 100644 --- a/source3/utils/smb-agent.c +++ b/source3/utils/smb-agent.c @@ -53,23 +53,25 @@ static void free_sock(void *sock) } } + static struct cli_state *init_client_connection(int c) { pstring buf; - uchar ntpw[16]; - uchar lmpw[16]; - fstring srv_name; - struct user_credentials usr; - char *p = buf; + struct user_creds usr; int rl; uint32 len; - uint16 version; - uint16 command; BOOL new_con = False; + CREDS_CMD cmd; + prs_struct ps; + BOOL reuse = False; + + ZERO_STRUCT(usr); + ZERO_STRUCT(cmd); + cmd.cred = &usr; ZERO_STRUCT(usr); - DEBUG(10,("first request\n")); + DEBUG(10,("init_client_connection: first request\n")); rl = read(c, &buf, sizeof(len)); @@ -99,39 +101,26 @@ static struct cli_state *init_client_connection(int c) #ifdef DEBUG_PASSWORD dump_data(100, buf, rl); #endif - version = SVAL(p, 0); - p += 2; - command = SVAL(p, 0); - p += 2; - - fstrcpy(srv_name, p); - p = skip_string(p, 1); - fstrcpy(usr.user_name, p); - p = skip_string(p, 1); - fstrcpy(usr.domain, p); - p = skip_string(p, 1); - - if (PTR_DIFF(p, buf) < rl) - { - memcpy(lmpw, p, 16); - p += 16; - memcpy(ntpw, p, 16); - p += 16; - pwd_set_lm_nt_16(&usr.pwd, lmpw, ntpw); - } - else + /* make a static data parsing structure from the api_fd_reply data */ + prs_init(&ps, 0, 4, 0, True); + mem_create(ps.data, buf, 0, len, 0, False); + + if (!creds_io_cmd("creds", &cmd, &ps, 0)) { - pwd_set_nullpwd(&usr.pwd); + DEBUG(0,("Unable to parse credentials\n")); + mem_free_data(ps.data); + return NULL; } - if (PTR_DIFF(p, buf) != rl) + mem_free_data(ps.data); + + if (ps.offset != rl) { - DEBUG(0,("Buffer size %d %d!\n", - PTR_DIFF(p, buf), rl)); + DEBUG(0,("Buffer size %d %d!\n", ps.offset, rl)); return NULL; } - switch (command) + switch (cmd.command) { case AGENT_CMD_CON: { @@ -141,12 +130,12 @@ static struct cli_state *init_client_connection(int c) case AGENT_CMD_CON_REUSE: { new_con = True; - usr.reuse = True; + reuse = True; break; } default: { - DEBUG(0,("unknown command %d\n", command)); + DEBUG(0,("unknown command %d\n", cmd.command)); return NULL; } } @@ -154,11 +143,11 @@ static struct cli_state *init_client_connection(int c) if (new_con) { struct cli_state *n; - n = cli_net_use_add(srv_name, &usr, False); + n = cli_net_use_add(cmd.name, &usr.ntc, False, reuse); if (n == NULL) { - DEBUG(0,("Unable to connect to %s\n", srv_name)); + DEBUG(0,("Unable to connect to %s\n", cmd.name)); return NULL; } @@ -173,7 +162,7 @@ static struct cli_state *init_client_connection(int c) if (write(c, n, sizeof(*n)) < 0) { DEBUG(0,("Could not write connection down pipe.\n")); - cli_net_use_del(srv_name, &usr, False, NULL); + cli_net_use_del(cmd.name, &usr.ntc, False, NULL); return NULL; } return n; @@ -305,8 +294,6 @@ static BOOL process_srv_sock(struct sock_redir **socks, uint32 num_socks, static int get_agent_sock(char *id) { - int s; - struct sockaddr_un sa; fstring path; fstring dir; |