summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2002-05-23 14:02:17 +0000
committerAndrew Bartlett <abartlet@samba.org>2002-05-23 14:02:17 +0000
commite46a6ecc697418ad7eb9aedb1610d1fbbe419029 (patch)
tree8164626af06d1f7d788f26eb8e93f3f4d17051d7
parent4f46de7972eaab44b492f2cfe8a9d9c2a728766c (diff)
downloadsamba-e46a6ecc697418ad7eb9aedb1610d1fbbe419029.tar.gz
samba-e46a6ecc697418ad7eb9aedb1610d1fbbe419029.tar.bz2
samba-e46a6ecc697418ad7eb9aedb1610d1fbbe419029.zip
Given Jeremy's positive response, and a lack of one from tpot, I'll commit
this: More code cleanup - this lot a bit more dodgy than the last: The aim is to trim pwd_cache down to size. Its overly complex, and a pain to deal with. With a header comment like this: 'obfusticaion is planned' I think it deserved to die (at least partly). This was being done to allow 'cli_establish_connection' to die - its functionality has been replaced by cli_full_connection(), which does not duplicate code everywhere for creating names etc. This also removes the little 'init' fucntions for the various pipes, becouse they were only used in one place, and even then it was dodgy. (I've reworked smbcacls not to use anonymous connections any more, as this will (should) fail with a 'restrict anonymous' PDC). This allowed me to remove cli_pipe_util.c, which was calling cli_establish_connection. tpot: I'm not sure what direction you were going with the client stuff, and you may well have been wanting the init functions. If thats the case, give me a yell and I'll reimplement them against cli_full_connection. Andrew Bartlett (This used to be commit fa67e4626bed623333c571e76e06ccd52cba5cc5)
-rw-r--r--source3/Makefile.in2
-rw-r--r--source3/libsmb/cli_dfs.c8
-rw-r--r--source3/libsmb/cli_lsarpc.c13
-rw-r--r--source3/libsmb/cli_netlogon.c9
-rw-r--r--source3/libsmb/cli_pipe_util.c82
-rw-r--r--source3/libsmb/cli_reg.c9
-rw-r--r--source3/libsmb/cli_samr.c8
-rw-r--r--source3/libsmb/cli_spoolss.c14
-rw-r--r--source3/libsmb/cli_srvsvc.c9
-rw-r--r--source3/libsmb/cli_wkssvc.c18
-rw-r--r--source3/libsmb/cliconnect.c148
-rw-r--r--source3/libsmb/pwd_cache.c135
-rw-r--r--source3/rpcclient/samsync.c59
-rw-r--r--source3/utils/smbcacls.c115
14 files changed, 70 insertions, 559 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in
index fb16344f43..fc2c0506b2 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -163,7 +163,7 @@ LIBSMB_OBJ = libsmb/clientgen.o libsmb/cliconnect.o libsmb/clifile.o \
LIBMSRPC_OBJ = libsmb/cli_lsarpc.o libsmb/cli_samr.o libsmb/cli_spoolss.o \
libsmb/cli_netlogon.o libsmb/cli_srvsvc.o libsmb/cli_wkssvc.o \
libsmb/cli_dfs.o libsmb/cli_reg.o libsmb/trust_passwd.o\
- rpc_client/cli_pipe.o libsmb/cli_pipe_util.o
+ rpc_client/cli_pipe.o
LIBMSRPC_PICOBJ = $(LIBMSRPC_OBJ:.o=.po)
diff --git a/source3/libsmb/cli_dfs.c b/source3/libsmb/cli_dfs.c
index 312275926c..7fc27b9c3b 100644
--- a/source3/libsmb/cli_dfs.c
+++ b/source3/libsmb/cli_dfs.c
@@ -20,14 +20,6 @@
#include "includes.h"
-/* Opens a SMB connection to the netdfs pipe */
-
-struct cli_state *cli_dfs_initialise(struct cli_state *cli, char *system_name,
- struct ntuser_creds *creds)
-{
- return cli_pipe_initialise(cli, system_name, PIPE_NETDFS, creds);
-}
-
/* Query DFS support */
NTSTATUS cli_dfs_exist(struct cli_state *cli, TALLOC_CTX *mem_ctx,
diff --git a/source3/libsmb/cli_lsarpc.c b/source3/libsmb/cli_lsarpc.c
index 8eaf6da2ec..9d07eb1d1e 100644
--- a/source3/libsmb/cli_lsarpc.c
+++ b/source3/libsmb/cli_lsarpc.c
@@ -38,19 +38,6 @@
* security authority", which is half of a password database.
**/
-/** Opens a SMB connection and connects to the LSARPC pipe.
- *
- * @param cli Uninitialised client handle.
- * @param system_name NETBIOS name of the machine to connect to.
- * @param creds User credentials to connect as.
- * @returns Initialised client handle.
- */
-struct cli_state *cli_lsa_initialise(struct cli_state *cli, char *system_name,
- struct ntuser_creds *creds)
-{
- return cli_pipe_initialise(cli, system_name, PIPE_LSARPC, creds);
-}
-
/** Open a LSA policy handle
*
* @param cli Handle on an initialised SMB connection */
diff --git a/source3/libsmb/cli_netlogon.c b/source3/libsmb/cli_netlogon.c
index 12651966d7..765f19a5fe 100644
--- a/source3/libsmb/cli_netlogon.c
+++ b/source3/libsmb/cli_netlogon.c
@@ -25,15 +25,6 @@
#include "includes.h"
-/* Opens a SMB connection to the netlogon pipe */
-
-struct cli_state *cli_netlogon_initialise(struct cli_state *cli,
- char *system_name,
- struct ntuser_creds *creds)
-{
- return cli_pipe_initialise(cli, system_name, PIPE_NETLOGON, creds);
-}
-
/* LSA Request Challenge. Sends our challenge to server, then gets
server response. These are used to generate the credentials. */
diff --git a/source3/libsmb/cli_pipe_util.c b/source3/libsmb/cli_pipe_util.c
deleted file mode 100644
index de1c832e44..0000000000
--- a/source3/libsmb/cli_pipe_util.c
+++ /dev/null
@@ -1,82 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- RPC pipe client utility functions
- Copyright (C) Tim Potter 2001,
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-/** \defgroup rpc_client RPC Client routines
- */
-
-/* Opens a SMB connection to a named pipe */
-
-struct cli_state *cli_pipe_initialise(struct cli_state *cli, char *system_name,
- char *pipe_name,
- struct ntuser_creds *creds)
-{
- struct in_addr dest_ip;
- struct nmb_name calling, called;
- fstring dest_host;
- extern pstring global_myname;
- struct ntuser_creds anon;
-
- /* Initialise cli_state information */
-
- if (!cli_initialise(cli)) {
- return NULL;
- }
-
- if (!creds) {
- ZERO_STRUCT(anon);
- anon.pwd.null_pwd = 1;
- creds = &anon;
- }
-
- cli_init_creds(cli, creds);
-
- /* Establish a SMB connection */
-
- if (!resolve_srv_name(system_name, dest_host, &dest_ip)) {
- return NULL;
- }
-
- make_nmb_name(&called, dns_to_netbios_name(dest_host), 0x20);
- make_nmb_name(&calling, dns_to_netbios_name(global_myname), 0);
-
- if (!cli_establish_connection(cli, dest_host, &dest_ip, &calling,
- &called, "IPC$", "IPC", False, True)) {
- return NULL;
- }
-
- /* Open a NT session thingy */
-
- if (!cli_nt_session_open(cli, pipe_name)) {
- cli_shutdown(cli);
- return NULL;
- }
-
- return cli;
-}
-
-/* Shut down a SMB connection to the SAMR pipe */
-
-void cli_pipe_shutdown(struct cli_state *cli)
-{
- if (cli->fd != -1) cli_ulogoff(cli);
- cli_shutdown(cli);
-}
diff --git a/source3/libsmb/cli_reg.c b/source3/libsmb/cli_reg.c
index c09ccabb29..aaf18882f7 100644
--- a/source3/libsmb/cli_reg.c
+++ b/source3/libsmb/cli_reg.c
@@ -25,15 +25,6 @@
#include "includes.h"
-/* Opens a SMB connection to the WINREG pipe */
-
-struct cli_state *cli_winreg_initialise(struct cli_state *cli,
- char *system_name,
- struct ntuser_creds *creds)
-{
- return cli_pipe_initialise(cli, system_name, PIPE_WINREG, creds);
-}
-
/* Shutdown a server */
NTSTATUS cli_reg_shutdown(struct cli_state * cli, TALLOC_CTX *mem_ctx,
diff --git a/source3/libsmb/cli_samr.c b/source3/libsmb/cli_samr.c
index f3560ede5d..9a332aa99e 100644
--- a/source3/libsmb/cli_samr.c
+++ b/source3/libsmb/cli_samr.c
@@ -24,14 +24,6 @@
#include "includes.h"
-/* Opens a SMB connection to the SAMR pipe */
-
-struct cli_state *cli_samr_initialise(struct cli_state *cli, char *system_name,
- struct ntuser_creds *creds)
-{
- return cli_pipe_initialise(cli, system_name, PIPE_SAMR, creds);
-}
-
/* Connect to SAMR database */
NTSTATUS cli_samr_connect(struct cli_state *cli, TALLOC_CTX *mem_ctx,
diff --git a/source3/libsmb/cli_spoolss.c b/source3/libsmb/cli_spoolss.c
index 28f4f481fa..5e33e00c68 100644
--- a/source3/libsmb/cli_spoolss.c
+++ b/source3/libsmb/cli_spoolss.c
@@ -31,20 +31,6 @@
* @{
**/
-/** Opens a SMB connection and connects to the SPOOLSS pipe.
- *
- * @param cli Uninitialised client handle.
- * @param system_name NETBIOS name of the machine to connect to.
- * @param creds User credentials to connect as.
- * @returns Initialised client handle.
- */
-struct cli_state *cli_spoolss_initialise(struct cli_state *cli,
- char *system_name,
- struct ntuser_creds *creds)
-{
- return cli_pipe_initialise(cli, system_name, PIPE_SPOOLSS, creds);
-}
-
/**********************************************************************
Initialize a new spoolss buff for use by a client rpc
**********************************************************************/
diff --git a/source3/libsmb/cli_srvsvc.c b/source3/libsmb/cli_srvsvc.c
index 9d33149540..b5b4478684 100644
--- a/source3/libsmb/cli_srvsvc.c
+++ b/source3/libsmb/cli_srvsvc.c
@@ -22,15 +22,6 @@
#include "includes.h"
-/* Opens a SMB connection to the svrsvc pipe */
-
-struct cli_state *cli_svrsvc_initialise(struct cli_state *cli,
- char *system_name,
- struct ntuser_creds *creds)
-{
- return cli_pipe_initialise(cli, system_name, PIPE_SRVSVC, creds);
-}
-
NTSTATUS cli_srvsvc_net_srv_get_info(struct cli_state *cli,
TALLOC_CTX *mem_ctx,
uint32 switch_value, SRV_INFO_CTR *ctr)
diff --git a/source3/libsmb/cli_wkssvc.c b/source3/libsmb/cli_wkssvc.c
index 2a84e6b698..756ff61e5b 100644
--- a/source3/libsmb/cli_wkssvc.c
+++ b/source3/libsmb/cli_wkssvc.c
@@ -24,24 +24,6 @@
#include "includes.h"
/**
- * Opens a SMB connection to the wkssvc pipe
- *
- * @param cli client structure (not yet initialised)
- * @param system_name called rpc server name
- * @param creds user credentials
- *
- * @return client structure with opened pipe
- **/
-
-struct cli_state *cli_wkssvc_initialise(struct cli_state *cli,
- char *system_name,
- struct ntuser_creds *creds)
-{
- return cli_pipe_initialise(cli, system_name, PIPE_WKSSVC, creds);
-}
-
-
-/**
* WksQueryInfo rpc call (like query for server's capabilities)
*
* @param initialised client structure with \PIPE\wkssvc opened
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index ec2c33f419..f41c3b7701 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -1027,152 +1027,6 @@ BOOL cli_connect(struct cli_state *cli, const char *host, struct in_addr *ip)
return True;
}
-/****************************************************************************
-establishes a connection right up to doing tconX, password in cache.
-****************************************************************************/
-BOOL cli_establish_connection(struct cli_state *cli,
- char *dest_host, struct in_addr *dest_ip,
- struct nmb_name *calling, struct nmb_name *called,
- char *service, char *service_type,
- BOOL do_shutdown, BOOL do_tcon)
-{
- DEBUG(5,("cli_establish_connection: %s connecting to %s (%s) - %s [%s]\n",
- nmb_namestr(calling), nmb_namestr(called), inet_ntoa(*dest_ip),
- cli->user_name, cli->domain));
-
- /* establish connection */
-
- if ((!cli->initialised))
- {
- return False;
- }
-
- /* cli_establish_connection() can't handle spnego yet. Once we get rid of
- pwd_cache and other horrors we can get rid of this */
- cli->use_spnego = False;
-
- if (cli->fd == -1)
- {
- if (!cli_connect(cli, dest_host, dest_ip))
- {
- DEBUG(1,("cli_establish_connection: failed to connect to %s (%s)\n",
- nmb_namestr(called), inet_ntoa(*dest_ip)));
- return False;
- }
- }
-
- if (!cli_session_request(cli, calling, called))
- {
- DEBUG(1,("failed session request\n"));
- if (do_shutdown)
- cli_shutdown(cli);
- return False;
- }
-
- if (!cli_negprot(cli))
- {
- DEBUG(1,("failed negprot\n"));
- if (do_shutdown)
- cli_shutdown(cli);
- return False;
- }
-
- if (cli->pwd.cleartext || cli->pwd.null_pwd)
- {
- fstring passwd;
- int pass_len;
-
- if (cli->pwd.null_pwd)
- {
- /* attempt null session */
- passwd[0] = 0;
- pass_len = 1;
- }
- else
- {
- /* attempt clear-text session */
- pwd_get_cleartext(&(cli->pwd), passwd);
- pass_len = strlen(passwd);
- }
-
- /* attempt clear-text session */
- if (!cli_session_setup(cli, cli->user_name,
- passwd, pass_len,
- NULL, 0,
- cli->domain))
- {
- DEBUG(1,("failed session setup\n"));
- if (do_shutdown)
- {
- cli_shutdown(cli);
- }
- return False;
- }
- if (do_tcon)
- {
- if (!cli_send_tconX(cli, service, service_type,
- (char*)passwd, strlen(passwd)))
- {
- DEBUG(1,("failed tcon_X\n"));
- if (do_shutdown)
- {
- cli_shutdown(cli);
- }
- return False;
- }
- }
- }
- else
- {
- /* attempt encrypted session */
- unsigned char nt_sess_pwd[24];
- unsigned char lm_sess_pwd[24];
-
- /* creates (storing a copy of) and then obtains a 24 byte password OWF */
- pwd_make_lm_nt_owf(&(cli->pwd), cli->secblob.data);
- pwd_get_lm_nt_owf(&(cli->pwd), lm_sess_pwd, nt_sess_pwd);
-
- /* attempt encrypted session */
- if (!cli_session_setup(cli, cli->user_name,
- (char*)lm_sess_pwd, sizeof(lm_sess_pwd),
- (char*)nt_sess_pwd, sizeof(nt_sess_pwd),
- cli->domain))
- {
- DEBUG(1,("failed session setup\n"));
- if (do_shutdown)
- cli_shutdown(cli);
- return False;
- }
-
- DEBUG(1,("session setup ok\n"));
-
- if (*cli->server_domain || *cli->server_os || *cli->server_type)
- {
- DEBUG(1,("Domain=[%s] OS=[%s] Server=[%s]\n",
- cli->server_domain,
- cli->server_os,
- cli->server_type));
- }
-
- if (do_tcon)
- {
- if (!cli_send_tconX(cli, service, service_type,
- (char*)nt_sess_pwd, sizeof(nt_sess_pwd)))
- {
- DEBUG(1,("failed tcon_X\n"));
- if (do_shutdown)
- cli_shutdown(cli);
- return False;
- }
- }
- }
-
- if (do_shutdown)
- cli_shutdown(cli);
-
- return True;
-}
-
/* Initialise client credentials for authenticated pipe access */
static void init_creds(struct ntuser_creds *creds, char* username,
@@ -1230,7 +1084,7 @@ again:
DEBUG(3,("Connecting to host=%s share=%s\n", dest_host, service));
if (!cli_connect(cli, dest_host, &ip)) {
- DEBUG(1,("cli_establish_connection: failed to connect to %s (%s)\n",
+ DEBUG(1,("cli_full_connection: failed to connect to %s (%s)\n",
nmb_namestr(&called), inet_ntoa(*dest_ip)));
cli_shutdown(cli);
return NT_STATUS_UNSUCCESSFUL;
diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c
index 7d1185d9a7..8b79788fed 100644
--- a/source3/libsmb/pwd_cache.c
+++ b/source3/libsmb/pwd_cache.c
@@ -24,7 +24,7 @@
Initialises a password structure.
****************************************************************************/
-void pwd_init(struct pwd_info *pwd)
+static void pwd_init(struct pwd_info *pwd)
{
memset((char *)pwd->password , '\0', sizeof(pwd->password ));
memset((char *)pwd->smb_lm_pwd, '\0', sizeof(pwd->smb_lm_pwd));
@@ -38,89 +38,21 @@ void pwd_init(struct pwd_info *pwd)
}
/****************************************************************************
- Returns NULL password flag.
-****************************************************************************/
-
-BOOL pwd_is_nullpwd(const struct pwd_info *pwd)
-{
- return pwd->null_pwd;
-}
-
-/****************************************************************************
- Compares two passwords. hmm, not as trivial as expected. hmm.
-****************************************************************************/
-
-BOOL pwd_compare(const struct pwd_info *pwd1, const struct pwd_info *pwd2)
-{
- if (pwd1->cleartext && pwd2->cleartext) {
- if (strequal(pwd1->password, pwd2->password))
- return True;
- }
- if (pwd1->null_pwd && pwd2->null_pwd)
- return True;
-
- if (!pwd1->null_pwd && !pwd2->null_pwd &&
- !pwd1->cleartext && !pwd2->cleartext) {
-#ifdef DEBUG_PASSWORD
- DEBUG(100,("pwd compare: nt#\n"));
- dump_data(100, pwd1->smb_nt_pwd, 16);
- dump_data(100, pwd2->smb_nt_pwd, 16);
-#endif
- if (memcmp(pwd1->smb_nt_pwd, pwd2->smb_nt_pwd, 16) == 0)
- return True;
-#ifdef DEBUG_PASSWORD
- DEBUG(100,("pwd compare: lm#\n"));
- dump_data(100, pwd1->smb_lm_pwd, 16);
- dump_data(100, pwd2->smb_lm_pwd, 16);
-#endif
- if (memcmp(pwd1->smb_lm_pwd, pwd2->smb_lm_pwd, 16) == 0)
- return True;
- }
- return False;
-}
-
-/****************************************************************************
- Reads a password.
+ Makes lm and nt hashed passwords.
****************************************************************************/
-void pwd_read(struct pwd_info *pwd, char *passwd_report, BOOL do_encrypt)
+static void pwd_make_lm_nt_16(struct pwd_info *pwd, char *clr)
{
- /* grab a password */
- char *user_pass;
+ pstring dos_passwd;
pwd_init(pwd);
- user_pass = (char*)getpass(passwd_report);
-
- /*
- * Do not assume that an empty string is a NULL password.
- * If you do this will break the session key generation for
- * and account with an emtpy password. If you wish to use
- * a NULL password, use the -N option to smbclient and rpcclient
- * --jerry
- */
-#if 0
- if (user_pass == NULL || user_pass[0] == 0)
- pwd_set_nullpwd(pwd);
- else if (do_encrypt)
-#endif
- if (do_encrypt)
- pwd_make_lm_nt_16(pwd, user_pass);
- else
- pwd_set_cleartext(pwd, user_pass);
-}
-
-/****************************************************************************
- Stores a cleartext password.
-****************************************************************************/
-
-void pwd_set_nullpwd(struct pwd_info *pwd)
-{
- pwd_init(pwd);
+ push_ascii_pstring(dos_passwd, clr);
+ nt_lm_owf_gen(dos_passwd, pwd->smb_nt_pwd, pwd->smb_lm_pwd);
+ pwd->null_pwd = False;
pwd->cleartext = False;
- pwd->null_pwd = True;
- pwd->crypted = False;
+ pwd->crypted = False;
}
/****************************************************************************
@@ -151,29 +83,6 @@ void pwd_get_cleartext(struct pwd_info *pwd, char *clr)
}
/****************************************************************************
- Stores lm and nt hashed passwords.
-****************************************************************************/
-
-void pwd_set_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16])
-{
- pwd_init(pwd);
-
- if (lm_pwd)
- memcpy(pwd->smb_lm_pwd, lm_pwd, 16);
- else
- memset((char *)pwd->smb_lm_pwd, '\0', 16);
-
- if (nt_pwd)
- memcpy(pwd->smb_nt_pwd, nt_pwd, 16);
- else
- memset((char *)pwd->smb_nt_pwd, '\0', 16);
-
- pwd->null_pwd = False;
- pwd->cleartext = False;
- pwd->crypted = False;
-}
-
-/****************************************************************************
Gets lm and nt hashed passwords.
****************************************************************************/
@@ -186,24 +95,6 @@ void pwd_get_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16])
}
/****************************************************************************
- Makes lm and nt hashed passwords.
-****************************************************************************/
-
-void pwd_make_lm_nt_16(struct pwd_info *pwd, char *clr)
-{
- pstring dos_passwd;
-
- pwd_init(pwd);
-
- push_ascii_pstring(dos_passwd, clr);
-
- nt_lm_owf_gen(dos_passwd, pwd->smb_nt_pwd, pwd->smb_lm_pwd);
- pwd->null_pwd = False;
- pwd->cleartext = False;
- pwd->crypted = False;
-}
-
-/****************************************************************************
Makes lm and nt OWF crypts.
****************************************************************************/
@@ -247,3 +138,13 @@ void pwd_get_lm_nt_owf(struct pwd_info *pwd, uchar lm_owf[24], uchar nt_owf[24])
if (nt_owf != NULL)
memcpy(nt_owf, pwd->smb_nt_owf, 24);
}
+
+
+
+
+
+
+
+
+
+
diff --git a/source3/rpcclient/samsync.c b/source3/rpcclient/samsync.c
index 14f7ed8953..0b30798070 100644
--- a/source3/rpcclient/samsync.c
+++ b/source3/rpcclient/samsync.c
@@ -396,51 +396,19 @@ static void usage(void)
printf("\n");
}
-/* Initialise client credentials for authenticated pipe access */
-
-void init_rpcclient_creds(struct ntuser_creds *creds, char* username,
- char* domain, char* password)
-{
- ZERO_STRUCTP(creds);
-
- if (lp_encrypted_passwords()) {
- pwd_make_lm_nt_16(&creds->pwd, password);
- } else {
- pwd_set_cleartext(&creds->pwd, password);
- }
-
- fstrcpy(creds->user_name, username);
- fstrcpy(creds->domain, domain);
-
- if (! *username) {
- creds->pwd.null_pwd = True;
- }
-}
-
/* Connect to primary domain controller */
-static struct cli_state *init_connection(struct cli_state *cli,
+static struct cli_state *init_connection(struct cli_state **cli,
char *username, char *domain,
char *password)
{
- struct ntuser_creds creds;
extern pstring global_myname;
struct in_addr *dest_ip;
- struct nmb_name calling, called;
int count;
fstring dest_host;
/* Initialise cli_state information */
- ZERO_STRUCTP(cli);
-
- if (!cli_initialise(cli)) {
- return NULL;
- }
-
- init_rpcclient_creds(&creds, username, domain, password);
- cli_init_creds(cli, &creds);
-
/* Look up name of PDC controller */
if (!get_dc_list(True, lp_workgroup(), &dest_ip, &count)) {
@@ -456,20 +424,15 @@ static struct cli_state *init_connection(struct cli_state *cli,
return NULL;
}
- get_myname((*global_myname)?NULL:global_myname);
- strupper(global_myname);
-
- make_nmb_name(&called, dns_to_netbios_name(dest_host), 0x20);
- make_nmb_name(&calling, dns_to_netbios_name(global_myname), 0);
-
- /* Establish a SMB connection */
-
- if (!cli_establish_connection(cli, dest_host, dest_ip, &calling,
- &called, "IPC$", "IPC", False, True)) {
+ if (NT_STATUS_IS_OK(cli_full_connection(cli, global_myname, dest_host,
+ dest_ip, 0,
+ "IPC$", "IPC",
+ username, domain,
+ password, strlen(password)))) {
+ return *cli;
+ } else {
return NULL;
}
-
- return cli;
}
/* Main function */
@@ -477,7 +440,7 @@ static struct cli_state *init_connection(struct cli_state *cli,
int main(int argc, char **argv)
{
BOOL do_sam_sync = False, do_sam_repl = False;
- struct cli_state cli;
+ struct cli_state *cli;
NTSTATUS result;
int opt;
pstring logfile;
@@ -605,10 +568,10 @@ static struct cli_state *init_connection(struct cli_state *cli,
return 1;
if (do_sam_sync)
- result = sam_sync(&cli, trust_passwd, do_smbpasswd_output, verbose);
+ result = sam_sync(cli, trust_passwd, do_smbpasswd_output, verbose);
if (do_sam_repl)
- result = sam_repl(&cli, trust_passwd, low_serial);
+ result = sam_repl(cli, trust_passwd, low_serial);
if (!NT_STATUS_IS_OK(result)) {
DEBUG(0, ("%s\n", nt_errstr(result)));
diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c
index 017f4035b0..62ab6357b4 100644
--- a/source3/utils/smbcacls.c
+++ b/source3/utils/smbcacls.c
@@ -42,6 +42,9 @@ enum acl_mode {SMB_ACL_SET, SMB_ACL_DELETE, SMB_ACL_MODIFY, SMB_ACL_ADD };
enum chown_mode {REQUEST_NONE, REQUEST_CHOWN, REQUEST_CHGRP};
enum exit_values {EXIT_OK, EXIT_FAILED, EXIT_PARSE_ERROR};
+extern pstring global_myname;
+extern fstring global_myworkgroup;
+
struct perm_value {
char *perm;
uint32 mask;
@@ -66,24 +69,25 @@ static struct perm_value standard_values[] = {
{ NULL, 0 },
};
-struct cli_state lsa_cli;
-POLICY_HND pol;
-struct ntuser_creds creds;
-BOOL got_policy_hnd;
+static struct cli_state *global_hack_cli;
+static POLICY_HND pol;
+static BOOL got_policy_hnd;
+
+static struct cli_state *connect_one(char *share);
/* Open cli connection and policy handle */
static BOOL cacls_open_policy_hnd(void)
{
- creds.pwd.null_pwd = 1;
-
/* Initialise cli LSA connection */
- if (!lsa_cli.initialised &&
- !cli_lsa_initialise(&lsa_cli, server, &creds)) {
- return False;
+ if (!global_hack_cli) {
+ global_hack_cli = connect_one("IPC$");
+ if (!cli_nt_session_open (global_hack_cli, PIPE_LSARPC)) {
+ return False;
+ }
}
-
+
/* Open policy handle */
if (!got_policy_hnd) {
@@ -91,7 +95,7 @@ static BOOL cacls_open_policy_hnd(void)
/* Some systems don't support SEC_RIGHTS_MAXIMUM_ALLOWED,
but NT sends 0x2000000 so we might as well do it too. */
- if (!NT_STATUS_IS_OK(cli_lsa_open_policy(&lsa_cli, lsa_cli.mem_ctx, True,
+ if (!NT_STATUS_IS_OK(cli_lsa_open_policy(global_hack_cli, global_hack_cli->mem_ctx, True,
GENERIC_EXECUTE_ACCESS, &pol))) {
return False;
}
@@ -116,7 +120,7 @@ static void SidToString(fstring str, DOM_SID *sid)
/* Ask LSA to convert the sid to a name */
if (!cacls_open_policy_hnd() ||
- !NT_STATUS_IS_OK(cli_lsa_lookup_sids(&lsa_cli, lsa_cli.mem_ctx,
+ !NT_STATUS_IS_OK(cli_lsa_lookup_sids(global_hack_cli, global_hack_cli->mem_ctx,
&pol, 1, sid, &domains,
&names, &types)) ||
!domains || !domains[0] || !names || !names[0]) {
@@ -143,7 +147,7 @@ static BOOL StringToSid(DOM_SID *sid, const char *str)
}
if (!cacls_open_policy_hnd() ||
- !NT_STATUS_IS_OK(cli_lsa_lookup_names(&lsa_cli, lsa_cli.mem_ctx,
+ !NT_STATUS_IS_OK(cli_lsa_lookup_names(global_hack_cli, global_hack_cli->mem_ctx,
&pol, 1, &str, &sids,
&types))) {
result = False;
@@ -700,80 +704,29 @@ static int cacl_set(struct cli_state *cli, char *filename,
/*****************************************************
return a connection to a server
*******************************************************/
-struct cli_state *connect_one(char *share)
+static struct cli_state *connect_one(char *share)
{
struct cli_state *c;
- struct nmb_name called, calling;
struct in_addr ip;
- extern pstring global_myname;
-
- fstrcpy(server,share+2);
- share = strchr_m(server,'\\');
- if (!share) return NULL;
- *share = 0;
- share++;
-
- zero_ip(&ip);
-
- make_nmb_name(&calling, global_myname, 0x0);
- make_nmb_name(&called , server, 0x20);
-
- again:
- zero_ip(&ip);
-
- /* have to open a new connection */
- if (!(c=cli_initialise(NULL)) || !cli_connect(c, server, &ip)) {
- DEBUG(0,("Connection to %s failed\n", server));
- cli_shutdown(c);
- return NULL;
- }
-
- if (!cli_session_request(c, &calling, &called)) {
- DEBUG(0,("session request to %s failed\n", called.name));
- cli_shutdown(c);
- if (strcmp(called.name, "*SMBSERVER")) {
- make_nmb_name(&called , "*SMBSERVER", 0x20);
- goto again;
- }
- return NULL;
- }
-
- DEBUG(4,(" session request ok\n"));
-
- if (!cli_negprot(c)) {
- DEBUG(0,("protocol negotiation failed\n"));
- cli_shutdown(c);
- return NULL;
- }
-
+ zero_ip(&ip);
+
if (!got_pass) {
char *pass = getpass("Password: ");
if (pass) {
pstrcpy(password, pass);
+ got_pass = True;
}
}
- if (!cli_session_setup(c, username,
- password, strlen(password),
- password, strlen(password),
- lp_workgroup())) {
- DEBUG(0,("session setup failed: %s\n", cli_errstr(c)));
- cli_shutdown(c);
- return NULL;
- }
-
- DEBUG(4,(" session setup ok\n"));
-
- if (!cli_send_tconX(c, share, "?????",
- password, strlen(password)+1)) {
- DEBUG(0,("tree connect failed: %s\n", cli_errstr(c)));
- cli_shutdown(c);
+ if (NT_STATUS_IS_OK(cli_full_connection(&c, global_myname, server,
+ &ip, 0,
+ share, "?????",
+ username, global_myworkgroup,
+ password, strlen(password)))) {
+ return c;
+ } else {
return NULL;
}
-
- DEBUG(4,(" tconx ok\n"));
-
- return c;
}
@@ -811,12 +764,13 @@ You can string acls together with spaces, commas or newlines\n\
extern int optind;
int opt;
char *p;
- struct cli_state *cli=NULL;
enum acl_mode mode = SMB_ACL_SET;
char *the_acl = NULL;
enum chown_mode change_mode = REQUEST_NONE;
int result;
+ struct cli_state *cli;
+
ctx=talloc_init();
setlinebuf(stdout);
@@ -930,12 +884,20 @@ You can string acls together with spaces, commas or newlines\n\
/* Make connection to server */
+ fstrcpy(server,share+2);
+ share = strchr_m(server,'\\');
+ if (!share) return -1;
+ *share = 0;
+ share++;
+
if (!test_args) {
cli = connect_one(share);
if (!cli) {
talloc_destroy(ctx);
exit(EXIT_FAILED);
}
+ } else {
+ exit(0);
}
all_string_sub(filename, "/", "\\", 0);
@@ -960,3 +922,4 @@ You can string acls together with spaces, commas or newlines\n\
return result;
}
+