diff options
author | Jeremy Allison <jra@samba.org> | 1997-11-10 19:23:17 +0000 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 1997-11-10 19:23:17 +0000 |
commit | 77aec4ae6307c0ad0b843bbf23d64ccb1aaf7476 (patch) | |
tree | 92e15c7219e20ad5e58833b83f1387feb3e1125e | |
parent | cc512947c9e1744c5541252c7cc934ebcd2e6961 (diff) | |
download | samba-77aec4ae6307c0ad0b843bbf23d64ccb1aaf7476.tar.gz samba-77aec4ae6307c0ad0b843bbf23d64ccb1aaf7476.tar.bz2 samba-77aec4ae6307c0ad0b843bbf23d64ccb1aaf7476.zip |
Rolled back tree state to 11:59pm 8th November 1997 EST to
remove problems.
Jeremy
(This used to be commit 4a36ac236c2ad634f05efcd0179875d09988614a)
-rw-r--r-- | source3/client/client.c | 2 | ||||
-rw-r--r-- | source3/client/ntclient.c | 214 | ||||
-rw-r--r-- | source3/include/byteorder.h | 6 | ||||
-rw-r--r-- | source3/include/proto.h | 42 | ||||
-rw-r--r-- | source3/include/smb.h | 50 | ||||
-rw-r--r-- | source3/libsmb/clientgen.c | 146 | ||||
-rw-r--r-- | source3/libsmb/nterr.c | 30 | ||||
-rw-r--r-- | source3/libsmb/smbencrypt.c | 22 | ||||
-rw-r--r-- | source3/libsmb/smberr.c | 26 | ||||
-rw-r--r-- | source3/nmbsync.c | 3 | ||||
-rw-r--r-- | source3/passdb/smbpass.c | 2 | ||||
-rw-r--r-- | source3/smbd/password.c | 140 | ||||
-rw-r--r-- | source3/smbd/reply.c | 89 | ||||
-rw-r--r-- | source3/smbd/server.c | 93 | ||||
-rw-r--r-- | source3/utils/torture.c | 6 |
15 files changed, 354 insertions, 517 deletions
diff --git a/source3/client/client.c b/source3/client/client.c index 082118e0ba..52f4b837a6 100644 --- a/source3/client/client.c +++ b/source3/client/client.c @@ -3900,7 +3900,7 @@ static void usage(char *pname) { if (!cli_send_login(NULL,NULL,True,True)) return(1); - do_nt_login(dest_ip, desthost, myhostname, Client, cnum); + do_nt_login(desthost, myhostname, Client, cnum); cli_send_logout(); close_sockets(); diff --git a/source3/client/ntclient.c b/source3/client/ntclient.c index 8d1ad0e8eb..7e360981c0 100644 --- a/source3/client/ntclient.c +++ b/source3/client/ntclient.c @@ -25,7 +25,6 @@ #endif #include "includes.h" -#include "nterr.h" extern int DEBUGLEVEL; extern pstring username; @@ -36,109 +35,11 @@ extern pstring workgroup; #ifdef NTDOMAIN -/************************************************************************ - check workstation trust account status - ************************************************************************/ -BOOL wksta_trust_account_check(struct in_addr dest_ip, char *dest_host, - char *myhostname, char *domain, - fstring mach_pwd, fstring new_mach_pwd) -{ - pstring tmp; - struct cli_state wksta_trust; - fstring mach_acct; - uchar lm_owf_mach_pwd[16]; - uchar nt_owf_mach_pwd[16]; - uchar lm_sess_pwd[24]; - uchar nt_sess_pwd[24]; - BOOL right_error_code = False; - - char *start_mach_pwd; - char *change_mach_pwd; - - fstrcpy(mach_acct, myhostname); - strlower(mach_pwd); - - fstrcpy(mach_pwd , myhostname); - strcat(mach_acct, "$"); - strupper(mach_acct); - - sprintf(tmp, "Enter Workstation Trust Account password for [%s].\nDefault is [%s]. Password: ", - mach_acct, mach_pwd); - - start_mach_pwd = (char*)getpass(tmp); - - if (start_mach_pwd[0] != 0) - { - fstrcpy(mach_pwd, start_mach_pwd); - } - - sprintf(tmp, "Enter new Workstation Trust Account password for [%s]\nPress Return to leave at old value. Password: ", - mach_acct); - - change_mach_pwd = (char*)getpass(tmp); - - fstrcpy(new_mach_pwd, change_mach_pwd); - - if (!cli_initialise(&wksta_trust)) - { - DEBUG(1,("cli_initialise failed for wksta_trust\n")); - return False; - } - - if (!server_connect_init(&wksta_trust, myhostname, dest_ip, dest_host)) - { - uint8 err_cls; - uint32 err_num; - cli_error(&wksta_trust, &err_cls, &err_num); - DEBUG(1,("server_connect_init failed (%s)\n", cli_errstr(&wksta_trust))); - - cli_shutdown(&wksta_trust); - return False; - } - - nt_lm_owf_gen(mach_pwd, nt_owf_mach_pwd, lm_owf_mach_pwd); - - DEBUG(5,("generating nt owf from initial machine pwd: %s\n", mach_pwd)); - SMBOWFencrypt(nt_owf_mach_pwd, wksta_trust.cryptkey, nt_sess_pwd); - SMBOWFencrypt(lm_owf_mach_pwd, wksta_trust.cryptkey, lm_sess_pwd); - - right_error_code = False; - - if (!server_validate2(&wksta_trust, mach_acct, domain, - lm_sess_pwd, sizeof(lm_sess_pwd), - nt_sess_pwd, sizeof(nt_sess_pwd))) - { - uint8 err_cls; - uint32 err_num; - cli_error(&wksta_trust, &err_cls, &err_num); - - if (err_num == (0xC0000000 | NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT)) - { - DEBUG(1,("server_validate: valid workstation trust account exists\n")); - right_error_code = True; - } - - if (err_num == (0xC0000000 | NT_STATUS_NO_SUCH_USER)) - { - DEBUG(1,("server_validate: workstation trust account does not exist\n")); - right_error_code = False; - } - } - - if (!right_error_code) - { - DEBUG(1,("server_validate failed (%s)\n", cli_errstr(&wksta_trust))); - } - - cli_shutdown(&wksta_trust); - return right_error_code; -} /**************************************************************************** experimental nt login. ****************************************************************************/ -BOOL do_nt_login(struct in_addr dest_ip, char *dest_host, - char *myhostname, +BOOL do_nt_login(char *desthost, char *myhostname, int Client, int cnum) { DOM_CHAL clnt_chal; @@ -148,10 +49,6 @@ BOOL do_nt_login(struct in_addr dest_ip, char *dest_host, DOM_CHAL auth2_srv_chal; - DOM_CRED srv_pwset_clnt_cred; - DOM_CRED srv_pwset_rtn_cred; - DOM_CRED srv_pwset_srv_cred; - DOM_CRED sam_logon_clnt_cred; DOM_CRED sam_logon_rtn_cred; DOM_CRED sam_logon_srv_cred; @@ -169,13 +66,9 @@ BOOL do_nt_login(struct in_addr dest_ip, char *dest_host, uchar sess_key[8]; char nt_owf_mach_pwd[16]; - char nt_owf_new_mach_pwd[16]; - - fstring server_name; fstring mach_acct; - fstring mach_pwd; - fstring new_mach_pwd; + fstring server_name; RPC_IFACE abstract; RPC_IFACE transfer; @@ -195,8 +88,6 @@ BOOL do_nt_login(struct in_addr dest_ip, char *dest_host, uint32 call_id = 0; char *inbuf,*outbuf; - /******************** initialise ********************************/ - zerotime.time = 0; inbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN); @@ -300,46 +191,6 @@ BOOL do_nt_login(struct in_addr dest_ip, char *dest_host, - /************ Check workstation trust account *******************/ - - /* default machine password is lower-case machine name (really secure) */ - fstrcpy(mach_pwd, myhostname); - strlower(mach_pwd); - - wksta_trust_account_check(dest_ip, dest_host, myhostname, workgroup, mach_pwd, new_mach_pwd); - - /************ Long-term Session key (default) **********/ - - { - char lm_owf_mach_pwd[16]; -#ifdef DEBUG_PASSWORD - DEBUG(100,("generating nt owf from initial machine pwd: %s\n", mach_pwd)); -#endif - nt_lm_owf_gen( mach_pwd, nt_owf_mach_pwd , lm_owf_mach_pwd ); - } - -#ifdef DEBUG_PASSWORD - dump_data(6, nt_owf_mach_pwd, 16); -#endif - - /* calculate the session key */ - cred_session_key(&clnt_chal, &srv_chal, nt_owf_mach_pwd, sess_key); - - /*********** next new trust account password ************/ - { - char lm_owf_new_mach_pwd[16]; -#ifdef DEBUG_PASSWORD - DEBUG(100,("generating nt owf from new machine pwd: %s\n", new_mach_pwd)); -#endif - nt_lm_owf_gen(new_mach_pwd, nt_owf_new_mach_pwd, lm_owf_new_mach_pwd); - } - -#ifdef DEBUG_PASSWORD - dump_data(6, nt_owf_new_mach_pwd, 16); -#endif - - - /******************* open the \PIPE\NETLOGON file *****************/ if ((fnum = rpc_pipe_open(inbuf, outbuf, PIPE_NETLOGON, Client, cnum)) == 0xffff) @@ -365,51 +216,68 @@ BOOL do_nt_login(struct in_addr dest_ip, char *dest_host, /******************* Request Challenge ********************/ + fstrcpy(mach_acct, myhostname); + strlower(mach_pwd); + + fstrcpy(mach_pwd , myhostname); + strcat(mach_acct, "$"); + SIVAL(clnt_chal.data, 0, 0x11111111); SIVAL(clnt_chal.data, 4, 0x22222222); /* send a client challenge; receive a server challenge */ - if (!do_lsa_req_chal(fnum, ++call_id, dest_host, myhostname, &clnt_chal, &srv_chal)) + if (!do_lsa_req_chal(fnum, ++call_id, desthost, myhostname, &clnt_chal, &srv_chal)) { cli_smb_close(inbuf, outbuf, Client, cnum, fnum); free(inbuf); free(outbuf); return False; } - /******************* Authenticate 2 ********************/ - - /* calculate auth-2 credentials */ - cred_create(sess_key, &clnt_chal, zerotime, &(clnt_cred.challenge)); + /************ Long-term Session key (default) **********/ - /* send client auth-2 challenge; receive an auth-2 challenge */ - if (!do_lsa_auth2(fnum, ++call_id, dest_host, mach_acct, 2, myhostname, - &(clnt_cred.challenge), 0x000001ff, &auth2_srv_chal)) +#if 0 + /* DAMN! can't get the machine password - need become_root() to do it! */ + /* get the machine password */ + if (!get_md4pw(mach_acct, nt_owf_mach_pwd)) { cli_smb_close(inbuf, outbuf, Client, cnum, fnum); free(inbuf); free(outbuf); return False; } - /**************** Net Server Password Set **************/ + DEBUG(5,("got nt owf from smbpasswd entry: %s\n", mach_pwd)); +#else - clnt_cred.timestamp.time = srv_pwset_clnt_cred.timestamp.time = time(NULL); + { + char lm_owf_mach_pwd[16]; + nt_lm_owf_gen(mach_pwd, nt_owf_mach_pwd, lm_owf_mach_pwd); + DEBUG(5,("generating nt owf from initial machine pwd: %s\n", mach_pwd)); + } - /* calculate sam logon credentials, using the auth2 client challenge */ - cred_create(sess_key, &(clnt_cred.challenge), srv_pwset_clnt_cred.timestamp, - &(srv_pwset_clnt_cred.challenge)); - - /* send client srv_pwset challenge; receive a srv_pwset challenge */ - if (!do_lsa_srv_pwset(fnum, ++call_id, sess_key, - dest_host, mach_acct, 2, myhostname, - &srv_pwset_clnt_cred, &srv_pwset_srv_cred, - nt_owf_new_mach_pwd)) +#endif + + dump_data(6, nt_owf_mach_pwd, 16); + + /* calculate the session key */ + cred_session_key(&clnt_chal, &srv_chal, nt_owf_mach_pwd, sess_key); + + + /******************* Authenticate 2 ********************/ + + /* calculate auth-2 credentials */ + cred_create(sess_key, &clnt_chal, zerotime, &(clnt_cred.challenge)); + + /* send client auth-2 challenge; receive an auth-2 challenge */ + if (!do_lsa_auth2(fnum, ++call_id, desthost, mach_acct, 2, myhostname, + &(clnt_cred.challenge), 0x000001ff, &auth2_srv_chal)) { cli_smb_close(inbuf, outbuf, Client, cnum, fnum); free(inbuf); free(outbuf); return False; } - /****************** SAM Info Preparation *******************/ + + /*********************** SAM Info ***********************/ { char lm_owf_user_pwd[16]; @@ -443,7 +311,7 @@ BOOL do_nt_login(struct in_addr dest_ip, char *dest_host, /* send client sam-logon challenge; receive a sam-logon challenge */ if (!do_lsa_sam_logon(fnum, ++call_id, sess_key, &clnt_cred, - dest_host, mach_acct, + desthost, mach_acct, &sam_logon_clnt_cred, &sam_logon_rtn_cred, 1, 1, &id1, &user_info1, &sam_logon_srv_cred)) @@ -464,7 +332,7 @@ BOOL do_nt_login(struct in_addr dest_ip, char *dest_host, /* send client sam-logoff challenge; receive a sam-logoff challenge */ if (!do_lsa_sam_logoff(fnum, ++call_id, sess_key, &clnt_cred, - dest_host, mach_acct, + desthost, mach_acct, &sam_logoff_clnt_cred, &sam_logoff_rtn_cred, 1, 1, &id1, &sam_logoff_srv_cred)) diff --git a/source3/include/byteorder.h b/source3/include/byteorder.h index 46a44bad8c..4d972a5cac 100644 --- a/source3/include/byteorder.h +++ b/source3/include/byteorder.h @@ -207,7 +207,7 @@ it also defines lots of intermediate macros, just ignore those :-) DEBUG(5,("%s%04x %s: ", \ tab_depth(depth), PTR_DIFF(inbuf,base),string)); \ if (charmode) print_asc(5, (unsigned char*)(outbuf), (len)); else \ - { int idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%02x ", (uint8)((outbuf)[idx]))); } } \ + { int idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%02x ", (outbuf)[idx])); } } \ DEBUG(5,("\n")); #define DBG_RW_PSVAL(charmode,string,depth,base,read,inbuf,outbuf,len) \ @@ -215,7 +215,7 @@ it also defines lots of intermediate macros, just ignore those :-) DEBUG(5,("%s%04x %s: ", \ tab_depth(depth), PTR_DIFF(inbuf,base),string)); \ if (charmode) print_asc(5, (unsigned char*)(outbuf), 2*(len)); else \ - { int idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%04x ", (uint16)((outbuf)[idx]))); } } \ + { int idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%04x ", (outbuf)[idx])); } } \ DEBUG(5,("\n")); #define DBG_RW_PIVAL(charmode,string,depth,base,read,inbuf,outbuf,len) \ @@ -223,7 +223,7 @@ it also defines lots of intermediate macros, just ignore those :-) DEBUG(5,("%s%04x %s: ", \ tab_depth(depth), PTR_DIFF(inbuf,base),string)); \ if (charmode) print_asc(5, (unsigned char*)(outbuf), 4*(len)); else \ - { int idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%08x ", (uint32)((outbuf)[idx]))); } } \ + { int idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%08x ", (outbuf)[idx])); } } \ DEBUG(5,("\n")); #define DBG_RW_CVAL(string,depth,base,read,inbuf,outbuf) \ diff --git a/source3/include/proto.h b/source3/include/proto.h index df7e182848..1724c312db 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -61,14 +61,13 @@ BOOL cli_unlock(struct cli_state *cli, int fnum, uint32 offset, uint32 len, int int cli_read(struct cli_state *cli, int fnum, char *buf, uint32 offset, uint16 size); int cli_write(struct cli_state *cli, int fnum, char *buf, uint32 offset, uint16 size); BOOL cli_negprot(struct cli_state *cli); -BOOL cli_session_request(struct cli_state *cli, - char *called_host_name , int called_name_type, - char calling_netbios_name[16], int calling_name_type); +BOOL cli_session_request(struct cli_state *cli, char *host, int name_type, + char *myname); BOOL cli_connect(struct cli_state *cli, char *host, struct in_addr *ip); BOOL cli_initialise(struct cli_state *cli); void cli_shutdown(struct cli_state *cli); char *cli_errstr(struct cli_state *cli); -BOOL cli_error(struct cli_state *cli, uint8 *eclass, uint32 *num); +void cli_error(struct cli_state *cli, int *eclass, int *num); void cli_sockopt(struct cli_state *cli, char *options); int cli_setpid(struct cli_state *cli, int pid); @@ -628,17 +627,9 @@ void sync_browse_lists(struct subnet_record *d, struct work_record *work, /*The following definitions come from ntclient.c */ -BOOL wksta_trust_account_check(struct in_addr dest_ip, char *dest_host, - char *myhostname, char *domain, - fstring mach_pwd, fstring new_mach_pwd); -BOOL do_nt_login(struct in_addr dest_ip, char *dest_host, - char *myhostname, +BOOL do_nt_login(char *desthost, char *myhostname, int Client, int cnum); -/*The following definitions come from nterr.c */ - -char *get_nt_error_msg(uint16 nt_code); - /*The following definitions come from params.c */ BOOL pm_process( char *FileName, @@ -663,6 +654,11 @@ BOOL user_ok(char *user,int snum); BOOL authorise_login(int snum,char *user,char *password, int pwlen, BOOL *guest,BOOL *force,uint16 vuid); BOOL check_hosts_equiv(char *user); +struct cli_state *server_client(void); +struct cli_state *server_cryptkey(void); +BOOL server_validate(char *user, char *domain, + char *pass, int passlen, + char *ntpass, int ntpasslen); /*The following definitions come from pcap.c */ @@ -696,18 +692,6 @@ void status_printjob(int cnum,int snum,int jobid,int status); int printjob_encode(int snum, int job); void printjob_decode(int jobid, int *snum, int *job); -/*The following definitions come from pwd_validate.c */ - -BOOL server_connect_init(struct cli_state *clnt, char my_netbios_name[16], - struct in_addr dest_ip, char *desthost); -BOOL server_cryptkey(struct cli_state *clnt, char my_netbios_name[16]); -BOOL server_validate2(struct cli_state *clnt, char *user, char *domain, - char *pass, int passlen, - char *ntpass, int ntpasslen); -BOOL server_validate(struct cli_state *clnt, char *user, char *domain, - char *pass, int passlen, - char *ntpass, int ntpasslen); - /*The following definitions come from quotas.c */ BOOL disk_quotas(char *path, int *bsize, int *dfree, int *dsize); @@ -1057,7 +1041,6 @@ char* wks_io_r_unknown_0(BOOL io, WKS_R_UNKNOWN_0 *r_u, char *q, char *base, int /*The following definitions come from server.c */ -struct cli_state *pwd_server_connection(void); void *dflt_sig(void); void killkids(void); mode_t unix_mode(int cnum,int dosmode); @@ -1125,11 +1108,10 @@ void cred_hash2(unsigned char *out,unsigned char *in,unsigned char *key); /*The following definitions come from smbencrypt.c */ -void SMBencrypt(uchar *passwd, uchar *c8, uchar p24[24]); +void SMBencrypt(uchar *passwd, uchar *c8, uchar *p24); void E_md4hash(uchar *passwd, uchar *p16); -void SMBOWFencrypt(char passwd[16], uchar *c8, uchar p24[24]); -void SMBNTencrypt(uchar *passwd, uchar *c8, uchar p24[24]); -void nt_lm_owf_gen(char *pwd, char nt_p16[16], char p16[16]); +void SMBNTencrypt(uchar *passwd, uchar *c8, uchar *p24); +void nt_lm_owf_gen(char *pwd, char *nt_p16, char *p16); /*The following definitions come from smberr.c */ diff --git a/source3/include/smb.h b/source3/include/smb.h index 687f14b9ca..afa9e3d9b9 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -1363,13 +1363,9 @@ struct cli_state { int protocol; int sec_mode; int error; - int privileges; + int privilages; fstring eff_name; - - fstring full_dest_host_name; - char called_netbios_name[16]; - char calling_netbios_name[16]; - + fstring desthost; char cryptkey[8]; uint32 sesskey; int serverzone; @@ -2024,15 +2020,6 @@ char *Strstr(char *s, char *p); #define BROWSER_CONSTANT 0xaa55 -/* NT Flags2 bits - cifs6.txt section 3.1.2 */ - -#define FLAGS2_LONG_PATH_COMPONENTS 0x0001 -#define FLAGS2_EXTENDED_ATTRIBUTES 0x0002 -#define FLAGS2_DFS_PATHNAMES 0x1000 -#define FLAGS2_READ_PERMIT_NO_EXECUTE 0x2000 -#define FLAGS2_32_BIT_ERROR_CODES 0x4000 -#define FLAGS2_UNICODE_STRINGS 0x8000 - /* Capabilities. see ftp.microsoft.com/developr/drg/cifs/cifs/cifs4.txt */ #define CAP_RAW_MODE 0x0001 @@ -2050,39 +2037,14 @@ char *Strstr(char *s, char *p); /* protocol types. It assumes that higher protocols include lower protocols as subsets */ -enum protocol_types -{ - PROTOCOL_NONE, - PROTOCOL_CORE, - PROTOCOL_COREPLUS, - PROTOCOL_LANMAN1, - PROTOCOL_LANMAN2, - PROTOCOL_NT1 -}; +enum protocol_types {PROTOCOL_NONE,PROTOCOL_CORE,PROTOCOL_COREPLUS,PROTOCOL_LANMAN1,PROTOCOL_LANMAN2,PROTOCOL_NT1}; /* security levels */ -enum security_types -{ - SEC_SHARE, - SEC_USER, - SEC_SERVER -}; - -/* bit-masks for security mode. see cifs6.txt Negprot 4.1.1 server response */ -#define USE_USER_LEVEL_SECURITY 1 -#define USE_CHALLENGE_RESPONSE 2 +enum security_types {SEC_SHARE,SEC_USER,SEC_SERVER}; /* printing types */ -enum printing_types -{ - PRINT_BSD, - PRINT_SYSV, - PRINT_AIX, - PRINT_HPUX, - PRINT_QNX, - PRINT_PLP, - PRINT_LPRNG -}; +enum printing_types {PRINT_BSD,PRINT_SYSV,PRINT_AIX,PRINT_HPUX, + PRINT_QNX,PRINT_PLP,PRINT_LPRNG}; /* Remote architectures we know about. */ enum remote_arch_types {RA_UNKNOWN, RA_WFWG, RA_OS2, RA_WIN95, RA_WINNT, RA_SAMBA}; diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c index 78bbf8115f..b98f2fca69 100644 --- a/source3/libsmb/clientgen.c +++ b/source3/libsmb/clientgen.c @@ -104,7 +104,7 @@ static BOOL cli_send_trans(struct cli_state *cli, if (this_ldata < ldata || this_lparam < lparam) { /* receive interim response */ if (!receive_smb(cli->fd,cli->inbuf,cli->timeout) || - cli_error(cli,NULL, NULL)) { + CVAL(cli->inbuf,smb_rcls) != 0) { return(False); } @@ -176,7 +176,8 @@ static BOOL cli_receive_trans(struct cli_state *cli, CVAL(cli->inbuf,smb_com))); return(False); } - if (cli_error(cli,NULL, NULL)) return(False); + if (CVAL(cli->inbuf,smb_rcls) != 0) + return(False); /* parse out the lengths */ total_data = SVAL(cli->inbuf,smb_tdrcnt); @@ -226,7 +227,8 @@ static BOOL cli_receive_trans(struct cli_state *cli, CVAL(cli->inbuf,smb_com))); return(False); } - if (cli_error(cli,NULL, NULL)) return(False); + if (CVAL(cli->inbuf,smb_rcls) != 0) + return(False); } return(True); @@ -298,7 +300,7 @@ BOOL cli_NetWkstaUserLogon(struct cli_state *cli,char *user, char *workstation) if (cli->error == 0) { DEBUG(4,("NetWkstaUserLogon success\n")); - cli->privileges = SVAL(p, 24); + cli->privilages = SVAL(p, 24); fstrcpy(cli->eff_name,p+2); } else { DEBUG(1,("NetwkstaUserLogon gave error %d\n", cli->error)); @@ -422,22 +424,15 @@ BOOL cli_session_setup(struct cli_state *cli, return False; } - if ((cli->sec_mode & USE_CHALLENGE_RESPONSE) && *pass && passlen != 24) - { + if ((cli->sec_mode & 2) && *pass && passlen != 24) { passlen = 24; SMBencrypt((uchar *)pass,(uchar *)cli->cryptkey,(uchar *)pword); - } - else - { + } else { memcpy(pword, pass, passlen); } /* if in share level security then don't send a password now */ - if (!(cli->sec_mode & USE_USER_LEVEL_SECURITY)) - { - fstrcpy(pword, ""); - passlen=1; - } + if (!(cli->sec_mode & 1)) {fstrcpy(pword, "");passlen=1;} /* send a session setup command */ bzero(cli->outbuf,smb_size); @@ -492,7 +487,9 @@ BOOL cli_session_setup(struct cli_state *cli, show_msg(cli->inbuf); - if (cli_error(cli,NULL, NULL)) return(False); + if (CVAL(cli->inbuf,smb_rcls) != 0) { + return False; + } /* use the returned uid from now on */ cli->uid = SVAL(cli->inbuf,smb_uid); @@ -512,19 +509,19 @@ BOOL cli_send_tconX(struct cli_state *cli, bzero(cli->outbuf,smb_size); bzero(cli->inbuf,smb_size); - if (cli->sec_mode & USE_USER_LEVEL_SECURITY) { + if (cli->sec_mode & 1) { passlen = 1; pass = ""; } - if ((cli->sec_mode & USE_CHALLENGE_RESPONSE) && *pass && passlen != 24) { + if ((cli->sec_mode & 2) && *pass && passlen != 24) { passlen = 24; SMBencrypt((uchar *)pass,(uchar *)cli->cryptkey,(uchar *)pword); } else { memcpy(pword, pass, passlen); } - sprintf(fullshare, "\\\\%s\\%s", cli->called_netbios_name, share); + sprintf(fullshare, "\\\\%s\\%s", cli->desthost, share); set_message(cli->outbuf,4, 2 + strlen(fullshare) + passlen + strlen(dev),True); @@ -547,7 +544,9 @@ BOOL cli_send_tconX(struct cli_state *cli, if (!receive_smb(cli->fd,cli->inbuf,cli->timeout)) return False; - if (cli_error(cli,NULL, NULL)) return(False); + if (CVAL(cli->inbuf,smb_rcls) != 0) { + return False; + } cli->cnum = SVAL(cli->inbuf,smb_tid); return True; @@ -569,7 +568,7 @@ BOOL cli_tdis(struct cli_state *cli) if (!receive_smb(cli->fd,cli->inbuf,cli->timeout)) return False; - return !cli_error(cli,NULL, NULL); + return CVAL(cli->inbuf,smb_rcls) == 0; } /**************************************************************************** @@ -600,7 +599,9 @@ BOOL cli_unlink(struct cli_state *cli, char *fname) return False; } - if (cli_error(cli,NULL, NULL)) return False; + if (CVAL(cli->inbuf,smb_rcls) != 0) { + return False; + } return True; } @@ -658,7 +659,9 @@ int cli_open(struct cli_state *cli, char *fname, int flags, int share_mode) return -1; } - if (cli_error(cli,NULL, NULL)) return -1; + if (CVAL(cli->inbuf,smb_rcls) != 0) { + return -1; + } return SVAL(cli->inbuf,smb_vwv2); } @@ -689,7 +692,9 @@ BOOL cli_close(struct cli_state *cli, int fnum) return False; } - if (cli_error(cli,NULL, NULL)) return False; + if (CVAL(cli->inbuf,smb_rcls) != 0) { + return False; + } return True; } @@ -728,7 +733,9 @@ BOOL cli_lock(struct cli_state *cli, int fnum, uint32 offset, uint32 len, int ti return False; } - if (cli_error(cli,NULL, NULL)) return False; + if (CVAL(cli->inbuf,smb_rcls) != 0) { + return False; + } return True; } @@ -766,7 +773,9 @@ BOOL cli_unlock(struct cli_state *cli, int fnum, uint32 offset, uint32 len, int return False; } - if (cli_error(cli,NULL, NULL)) return False; + if (CVAL(cli->inbuf,smb_rcls) != 0) { + return False; + } return True; } @@ -799,7 +808,9 @@ int cli_read(struct cli_state *cli, int fnum, char *buf, uint32 offset, uint16 s return -1; } - if (cli_error(cli,NULL, NULL)) return -1; + if (CVAL(cli->inbuf,smb_rcls) != 0) { + return -1; + } size = SVAL(cli->inbuf, smb_vwv5); p = smb_base(cli->inbuf) + SVAL(cli->inbuf,smb_vwv6); @@ -841,7 +852,9 @@ int cli_write(struct cli_state *cli, int fnum, char *buf, uint32 offset, uint16 return -1; } - if (cli_error(cli,NULL, NULL)) return -1; + if (CVAL(cli->inbuf,smb_rcls) != 0) { + return -1; + } return SVAL(cli->inbuf, smb_vwv2); } @@ -886,8 +899,10 @@ BOOL cli_negprot(struct cli_state *cli) show_msg(cli->inbuf); - if (cli_error(cli,NULL, NULL)) return False; - if ((int)SVAL(cli->inbuf,smb_vwv0) >= numprots) return(False); + if (CVAL(cli->inbuf,smb_rcls) != 0 || + ((int)SVAL(cli->inbuf,smb_vwv0) >= numprots)) { + return(False); + } cli->protocol = prots[SVAL(cli->inbuf,smb_vwv0)].prot; @@ -921,43 +936,33 @@ BOOL cli_negprot(struct cli_state *cli) return True; } -#define TRUNCATE_NETBIOS_NAME 1 /**************************************************************************** - send a session request. see rfc1002.txt 4.3 and 4.3.2 + send a session request ****************************************************************************/ -BOOL cli_session_request(struct cli_state *cli, - char *called_host_name , int called_name_type, - char calling_netbios_name[16], int calling_name_type) +BOOL cli_session_request(struct cli_state *cli, char *host, int name_type, + char *myname) { + fstring dest; char *p; int len = 4; /* send a session request (RFC 1002) */ - strncpy(cli->called_netbios_name , called_host_name , sizeof(cli->called_netbios_name )); - strncpy(cli->calling_netbios_name, calling_netbios_name, sizeof(cli->calling_netbios_name)); + fstrcpy(dest,host); - /* sorry, don't trust strncpy to null-terminate the string... */ - cli->called_netbios_name [sizeof(cli->called_netbios_name )-1] = 0; - cli->calling_netbios_name[sizeof(cli->calling_netbios_name)-1] = 0; - -#ifdef TRUNCATE_NETBIOS_NAME - /* ok. this is because of a stupid microsoft-ism. if the called host - name contains a '.', microsoft clients expect you to truncate the - netbios name up to and including the '.' - */ - p = strchr(cli->called_netbios_name, '.'); + p = strchr(dest,'.'); if (p) *p = 0; -#endif /* TRUNCATE_NETBIOS_NAME */ + + fstrcpy(cli->desthost, dest); /* put in the destination name */ p = cli->outbuf+len; - name_mangle(cli->called_netbios_name, p, called_name_type); + name_mangle(dest,p,name_type); len += name_len(p); /* and my name */ p = cli->outbuf+len; - name_mangle(cli->calling_netbios_name, p, calling_name_type); + name_mangle(myname,p,0); len += name_len(p); /* setup the packet length */ @@ -985,27 +990,26 @@ BOOL cli_connect(struct cli_state *cli, char *host, struct in_addr *ip) { struct in_addr dest_ip; - fstrcpy(cli->full_dest_host_name, host); + fstrcpy(cli->desthost, host); - if (!ip) - { - /* no ip specified - look up the name */ + if (!ip) { struct hostent *hp; - if ((hp = Get_Hostbyname(host)) == 0) { + if ((hp = Get_Hostbyname(cli->desthost)) == 0) { return False; } putip((char *)&dest_ip,(char *)hp->h_addr); } else { - /* use the given ip address */ dest_ip = *ip; } - /* open the socket */ + cli->fd = open_socket_out(SOCK_STREAM, &dest_ip, 139, cli->timeout); + if (cli->fd == -1) + return False; - return (cli->fd != -1); + return True; } @@ -1055,32 +1059,10 @@ char *cli_errstr(struct cli_state *cli) /**************************************************************************** return error codes for the last packet ****************************************************************************/ -BOOL cli_error(struct cli_state *cli, uint8 *eclass, uint32 *num) +void cli_error(struct cli_state *cli, int *eclass, int *num) { - int flgs2 = SVAL(cli->inbuf,smb_flg2); - - if (eclass) *eclass = 0; - if (num ) *num = 0; - - if (flgs2 & FLAGS2_32_BIT_ERROR_CODES) - { - /* 32 bit error codes detected */ - uint32 nt_err = IVAL(cli->inbuf,smb_rcls); - if (num) *num = nt_err; - return (nt_err != 0); - } - else - { - /* dos 16 bit error codes detected */ - char rcls = CVAL(cli->inbuf,smb_rcls); - if (rcls != 0) - { - if (eclass) *eclass = rcls; - if (num ) *num = SVAL(cli->inbuf,smb_err); - return True; - } - } - return False; + *eclass = CVAL(cli->inbuf,smb_rcls); + *num = SVAL(cli->inbuf,smb_err); } /**************************************************************************** diff --git a/source3/libsmb/nterr.c b/source3/libsmb/nterr.c index 7dd2234e1d..bda0f882a6 100644 --- a/source3/libsmb/nterr.c +++ b/source3/libsmb/nterr.c @@ -1,16 +1,12 @@ -/* NT error codes. please read nterr.h */ -#include "includes.h" #include "nterr.h" -typedef struct +static struct { char *nt_errstr; uint16 nt_errcode; -} nt_err_code_struct; - -nt_err_code_struct nt_errs[] = +} nt_errs[] = { { "NT_STATUS_UNSUCCESSFUL", NT_STATUS_UNSUCCESSFUL }, { "NT_STATUS_NOT_IMPLEMENTED", NT_STATUS_NOT_IMPLEMENTED }, @@ -516,25 +512,3 @@ nt_err_code_struct nt_errs[] = { NULL, 0 } }; -/***************************************************************************** - returns an NT error message. not amazingly helpful, but better than a number. - *****************************************************************************/ -char *get_nt_error_msg(uint16 nt_code) -{ - static pstring msg; - int idx = 0; - - strcpy(msg, "Unknown NT error"); - - while (nt_errs[idx].nt_errstr != NULL) - { - if (nt_errs[idx].nt_errcode == nt_code) - { - strcpy(msg, nt_errs[idx].nt_errstr); - return msg; - } - idx++; - } - return NULL; -} - diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c index 1bf0bcc8e6..38d414cf23 100644 --- a/source3/libsmb/smbencrypt.c +++ b/source3/libsmb/smbencrypt.c @@ -29,9 +29,8 @@ extern int DEBUGLEVEL; /* This implements the X/Open SMB password encryption It takes a password, a 8 byte "crypt key" and puts 24 bytes of - encrypted password into p24 - */ -void SMBencrypt(uchar *passwd, uchar *c8, uchar p24[24]) + encrypted password into p24 */ +void SMBencrypt(uchar *passwd, uchar *c8, uchar *p24) { uchar p14[15], p21[21]; @@ -98,19 +97,9 @@ void E_md4hash(uchar *passwd, uchar *p16) mdfour(p16, (unsigned char *)wpwd, len); } -/* Does the des encryption from the NT or LM MD4 hash. */ -void SMBOWFencrypt(char passwd[16], uchar *c8, uchar p24[24]) -{ - uchar p21[21]; - - memset(p21,'\0',21); - - memcpy(p21, passwd, sizeof(passwd)); - E_P24(p21, c8, p24); -} - /* Does the NT MD4 hash then des encryption. */ -void SMBNTencrypt(uchar *passwd, uchar *c8, uchar p24[24]) + +void SMBNTencrypt(uchar *passwd, uchar *c8, uchar *p24) { uchar p21[21]; @@ -121,7 +110,8 @@ void SMBNTencrypt(uchar *passwd, uchar *c8, uchar p24[24]) } /* Does both the NT and LM owfs of a user's password */ -void nt_lm_owf_gen(char *pwd, char nt_p16[16], char p16[16]) + +void nt_lm_owf_gen(char *pwd, char *nt_p16, char *p16) { char passwd[130]; StrnCpy(passwd, pwd, sizeof(passwd)-1); diff --git a/source3/libsmb/smberr.c b/source3/libsmb/smberr.c index 35cd0bf88f..5149568c04 100644 --- a/source3/libsmb/smberr.c +++ b/source3/libsmb/smberr.c @@ -151,28 +151,9 @@ return a SMB error string from a SMB buffer char *smb_errstr(char *inbuf) { static pstring ret; - int i,j; - BOOL nt_errors = (SVAL(inbuf,smb_flg2) & FLAGS2_32_BIT_ERROR_CODES) == FLAGS2_32_BIT_ERROR_CODES; - - if (nt_errors) - { - char *nt_errstr = NULL; - uint32 nt_err = IVAL(inbuf, smb_rcls); - uint16 nt_num = nt_err & 0x0000ffff; - uint16 class = (nt_err & 0xffff0000) >> 16; - - /* maybe lookup the error message in the nt error codes... */ - if ((nt_errstr = get_nt_error_msg(nt_num)) != NULL) - { - sprintf(ret,"NT Error: (%4x, %s)", class, nt_errstr); - return ret; - } - sprintf(ret,"NT Error: Unknown error (%4x %4x)", class, nt_num); - } - else - { int class = CVAL(inbuf,smb_rcls); int num = SVAL(inbuf,smb_err); + int i,j; for (i=0;err_classes[i].class;i++) if (err_classes[i].code == class) @@ -195,8 +176,7 @@ char *smb_errstr(char *inbuf) sprintf(ret,"%s - %d",err_classes[i].class,num); return ret; } - sprintf(ret,"Error: Unknown error (%4x,%d)", class, num); - } - + + sprintf(ret,"Error: Unknown error (%d,%d)",class,num); return(ret); } diff --git a/source3/nmbsync.c b/source3/nmbsync.c index 7fc422d254..c1db37ff5c 100644 --- a/source3/nmbsync.c +++ b/source3/nmbsync.c @@ -77,8 +77,7 @@ void sync_browse_lists(struct subnet_record *d, struct work_record *work, DEBUG(1,("Failed to start browse sync with %s\n", name)); } - if (!cli_session_request(&cli, name, nm_type, local_machine, 0x0)) - { + if (!cli_session_request(&cli, name, nm_type, local_machine)) { DEBUG(1,("%s rejected the browse sync session\n",name)); cli_shutdown(&cli); return; diff --git a/source3/passdb/smbpass.c b/source3/passdb/smbpass.c index e74a8f7610..cc0e1fd26d 100644 --- a/source3/passdb/smbpass.c +++ b/source3/passdb/smbpass.c @@ -508,7 +508,7 @@ Error was %s\n", } sprintf(new_entry, "%s:%u:", pwd->smb_name, (unsigned)pwd->smb_userid); - p = (unsigned char*)(&new_entry[strlen(new_entry)]); + p = &new_entry[strlen(new_entry)]; for( i = 0; i < 16; i++) { diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 7dd2133406..185fc68f5a 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -21,7 +21,7 @@ #include "includes.h" -#ifdef NETGROUP +#if (defined(NETGROUP) && defined (AUTOMOUNT)) #include "rpcsvc/ypclnt.h" #endif @@ -1475,3 +1475,141 @@ BOOL check_hosts_equiv(char *user) return(False); } + +static struct cli_state cli; + +/**************************************************************************** +return the client state structure +****************************************************************************/ +struct cli_state *server_client(void) +{ + return &cli; +} + +/**************************************************************************** +support for server level security +****************************************************************************/ +struct cli_state *server_cryptkey(void) +{ + fstring desthost; + struct in_addr dest_ip; + extern fstring local_machine; + char *p; + + if (!cli_initialise(&cli)) + return NULL; + + for (p=strtok(lp_passwordserver(),LIST_SEP); p ; p = strtok(NULL,LIST_SEP)) { + fstrcpy(desthost,p); + standard_sub_basic(desthost); + strupper(desthost); + + dest_ip = *interpret_addr2(desthost); + if (zero_ip(dest_ip)) { + DEBUG(1,("Can't resolve address for %s\n",p)); + continue; + } + + if (ismyip(dest_ip)) { + DEBUG(1,("Password server loop - disabling password server %s\n",p)); + continue; + } + + if (cli_connect(&cli, desthost, &dest_ip)) { + DEBUG(3,("connected to password server %s\n",p)); + break; + } + } + + if (!p) { + DEBUG(1,("password server not available\n")); + cli_shutdown(&cli); + return NULL; + } + + if (!cli_session_request(&cli, desthost, 0x20, local_machine)) { + DEBUG(1,("%s rejected the session\n",desthost)); + cli_shutdown(&cli); + return NULL; + } + + DEBUG(3,("got session\n")); + + if (!cli_negprot(&cli)) { + DEBUG(1,("%s rejected the negprot\n",desthost)); + cli_shutdown(&cli); + return NULL; + } + + if (cli.protocol < PROTOCOL_LANMAN2 || + !(cli.sec_mode & 1)) { + DEBUG(1,("%s isn't in user level security mode\n",desthost)); + cli_shutdown(&cli); + return NULL; + } + + DEBUG(3,("password server OK\n")); + + return &cli; +} + +/**************************************************************************** +validate a password with the password server +****************************************************************************/ +BOOL server_validate(char *user, char *domain, + char *pass, int passlen, + char *ntpass, int ntpasslen) +{ + extern fstring local_machine; + + if (!cli.initialised) { + DEBUG(1,("password server %s is not connected\n", cli.desthost)); + return(False); + } + + if (!cli_session_setup(&cli, user, pass, passlen, ntpass, ntpasslen, domain)) { + DEBUG(1,("password server %s rejected the password\n", cli.desthost)); + return False; + } + + /* if logged in as guest then reject */ + if ((SVAL(cli.inbuf,smb_vwv2) & 1) != 0) { + DEBUG(1,("password server %s gave us guest only\n", cli.desthost)); + return(False); + } + + + if (!cli_send_tconX(&cli, "IPC$", "IPC", "", 1)) { + DEBUG(1,("password server %s refused IPC$ connect\n", cli.desthost)); + return False; + } + + + if (!cli_NetWkstaUserLogon(&cli,user,local_machine)) { + DEBUG(1,("password server %s failed NetWkstaUserLogon\n", cli.desthost)); + cli_tdis(&cli); + return False; + } + + if (cli.privilages == 0) { + DEBUG(1,("password server %s gave guest privilages\n", cli.desthost)); + cli_tdis(&cli); + return False; + } + + if (!strequal(cli.eff_name, user)) { + DEBUG(1,("password server %s gave different username %s\n", + cli.desthost, + cli.eff_name)); + cli_tdis(&cli); + return False; + } + + DEBUG(3,("password server %s accepted the password\n", cli.desthost)); + + cli_tdis(&cli); + + return(True); +} + + diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 532fc583c2..78dad6f02f 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -395,7 +395,6 @@ int reply_sesssetup_and_X(char *inbuf,char *outbuf,int length,int bufsize) static BOOL done_sesssetup = False; BOOL doencrypt = SMBENCRYPT(); char *domain = ""; - struct cli_state *pwd_srv = NULL; *smb_apasswd = 0; *smb_ntpasswd = 0; @@ -519,17 +518,19 @@ int reply_sesssetup_and_X(char *inbuf,char *outbuf,int length,int bufsize) if (!smb_pass) { /* lkclXXXX: if workstation entry doesn't exist, indicate logon failure */ - DEBUG(4,("Workstation trust account %s doesn't exist\n",user)); - SSVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES); /* PAXX: Someone please unhack this */ - return(ERROR(0, 0xc0000000|NT_STATUS_LOGON_FAILURE)); /* decimal 109; critical NT error */ + DEBUG(4,("Workstation trust account %s doesn't exist.",user)); + SSVAL(outbuf, smb_flg2, 0xc003); /* PAXX: Someone please unhack this */ + CVAL(outbuf, smb_reh) = 1; /* PAXX: Someone please unhack this */ + return(ERROR(NT_STATUS_LOGON_FAILURE, 0xc000)); /* decimal 109 NT error, 0xc000 */ } else { /* PAXX: This is the NO LOGON workstation trust account stuff */ /* lkclXXXX: if the workstation *does* exist, indicate failure differently! */ - DEBUG(4,("No Workstation trust account %s\n",user)); - SSVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES); /* PAXX: Someone please unhack this */ - return(ERROR(0, 0xc0000000|NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT)); /* decimal 409; critical NT error */ + DEBUG(4,("No Workstation trust account %s",user)); + SSVAL(outbuf, smb_flg2, 0xc003); /* PAXX: Someone please unhack this */ + CVAL(outbuf, smb_reh) = 1; /* PAXX: Someone please unhack this */ + return(ERROR(NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT, 0xc000)); /* decimal 409 NT error, 0xc000 */ } computer_id = True; @@ -562,59 +563,43 @@ int reply_sesssetup_and_X(char *inbuf,char *outbuf,int length,int bufsize) */ if(!guest && strequal(user,lp_guestaccount(-1)) && (*smb_apasswd == 0)) - { guest = True; - } - - if (!guest && !(lp_security() == SEC_SERVER && - ((pwd_srv = pwd_server_connection()) != NULL) && - server_validate(pwd_srv, user, domain, - smb_apasswd, smb_apasslen, - smb_ntpasswd, smb_ntpasslen)) && - !check_hosts_equiv(user)) - { - /* now check if it's a valid username/password */ - /* If an NT password was supplied try and validate with that - first. This is superior as the passwords are mixed case - 128 length unicode */ + if (!guest && !(lp_security() == SEC_SERVER && + server_validate(user, domain, + smb_apasswd, smb_apasslen, + smb_ntpasswd, smb_ntpasslen)) && + !check_hosts_equiv(user)) + { - if (smb_ntpasslen) - { - /* check the NT password, if there is one. */ - if(!password_ok(user,smb_ntpasswd,smb_ntpasslen,NULL)) - { - DEBUG(0,("NT Password did not match ! Defaulting to Lanman\n")); - } - else - { - valid_nt_password = True; - } - } - - /* check the LM password instead */ - if (!valid_nt_password && !password_ok(user,smb_apasswd,smb_apasslen,NULL)) - { - if (!computer_id && lp_security() >= SEC_USER) - { + /* now check if it's a valid username/password */ + /* If an NT password was supplied try and validate with that + first. This is superior as the passwords are mixed case + 128 length unicode */ + if(smb_ntpasslen) + { + if(!password_ok(user,smb_ntpasswd,smb_ntpasslen,NULL)) + DEBUG(0,("NT Password did not match ! Defaulting to Lanman\n")); + else + valid_nt_password = True; + } + if (!valid_nt_password && !password_ok(user,smb_apasswd,smb_apasslen,NULL)) + { + if (!computer_id && lp_security() >= SEC_USER) { #if (GUEST_SESSSETUP == 0) - return(ERROR(ERRSRV,ERRbadpw)); + return(ERROR(ERRSRV,ERRbadpw)); #endif #if (GUEST_SESSSETUP == 1) - if (Get_Pwnam(user,True)) - return(ERROR(ERRSRV,ERRbadpw)); + if (Get_Pwnam(user,True)) + return(ERROR(ERRSRV,ERRbadpw)); #endif - } - - /* no lm or nt password specified: username doesn't exist. allow guest access */ - if (*smb_apasswd || !Get_Pwnam(user,True)) - { - strcpy(user, lp_guestaccount(-1)); - DEBUG(3,("Registered username %s for guest access\n",user)); - guest = True; - } - } + } + if (*smb_apasswd || !Get_Pwnam(user,True)) + strcpy(user,lp_guestaccount(-1)); + DEBUG(3,("Registered username %s for guest access\n",user)); + guest = True; } + } if (!Get_Pwnam(user,True)) { DEBUG(3,("No such user %s - using guest account\n",user)); diff --git a/source3/smbd/server.c b/source3/smbd/server.c index a42b4deea2..908cf984b8 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -25,7 +25,6 @@ pstring servicesf = CONFIGFILE; extern pstring debugf; extern pstring sesssetup_user; -extern pstring local_machine; extern fstring myworkgroup; char *InBuffer = NULL; @@ -115,21 +114,6 @@ static int find_free_connection(int hash); #define IS_DOS_SYSTEM(test_mode) (((test_mode) & aSYSTEM) != 0) #define IS_DOS_HIDDEN(test_mode) (((test_mode) & aHIDDEN) != 0) -/* use this to validate user against a password server. "security = server" */ -static struct cli_state pwd_srv; - -/**************************************************************************** - for use in reply.c, to access the password server connection. -****************************************************************************/ -struct cli_state *pwd_server_connection(void) -{ - if (pwd_srv.initialised) - { - return &pwd_srv; - } - return NULL; -} - /**************************************************************************** when exiting, take the whole family ****************************************************************************/ @@ -2273,30 +2257,21 @@ int error_packet(char *inbuf,char *outbuf,int error_class,uint32 error_code,int { int outsize = set_message(outbuf,0,0,True); int cmd; - int flgs2; - cmd = CVAL(inbuf,smb_com); - flgs2 = SVAL(outbuf,smb_flg2); + cmd = CVAL(inbuf,smb_com); - if ((flgs2 & FLAGS2_32_BIT_ERROR_CODES) == FLAGS2_32_BIT_ERROR_CODES) - { - SIVAL(outbuf,smb_rcls,error_code); - - DEBUG(3,("%s 32 bit error packet at line %d cmd=%d (%s) eclass=%08x [%s]\n", - timestring(), line, cmd, smb_fn_name(cmd), error_code, smb_errstr(outbuf))); - } - else - { - CVAL(outbuf,smb_rcls) = error_class; - SSVAL(outbuf,smb_err,error_code); - - DEBUG(3,("%s error packet at line %d cmd=%d (%s) eclass=%d ecode=%d\n", - timestring(), line, cmd, smb_fn_name(cmd), error_class, error_code)); - } + CVAL(outbuf,smb_rcls) = error_class; + SSVAL(outbuf,smb_err,error_code); + DEBUG(3,("%s error packet at line %d cmd=%d (%s) eclass=%d ecode=%d\n", + timestring(), + line, + (int)CVAL(inbuf,smb_com), + smb_fn_name(CVAL(inbuf,smb_com)), + error_class, + error_code)); + if (errno != 0) - { - DEBUG(3,("error string = %s\n", strerror(errno))); - } + DEBUG(3,("error string = %s\n",strerror(errno))); return(outsize); } @@ -2353,13 +2328,12 @@ static int sig_cld() **************************************************************************/ static int sig_pipe() { + struct cli_state *cli; BlockSignals(True,SIGPIPE); - if (pwd_srv.initialised) - { + if ((cli = server_client()) && cli->initialised) { DEBUG(3,("lost connection to password server\n")); - cli_shutdown(&pwd_srv); - + cli_shutdown(cli); #ifndef DONT_REINSTALL_SIG signal(SIGPIPE, SIGNAL_CAST sig_pipe); #endif @@ -3710,27 +3684,29 @@ int reply_lanman2(char *outbuf) int secword=0; BOOL doencrypt = SMBENCRYPT(); time_t t = time(NULL); + struct cli_state *cli = NULL; char cryptkey[8]; char crypt_len = 0; - if (lp_security() == SEC_SERVER && server_cryptkey(&pwd_srv, local_machine)) - { + if (lp_security() == SEC_SERVER) { + cli = server_cryptkey(); + } + + if (cli) { DEBUG(3,("using password server validation\n")); - doencrypt = ((pwd_srv.sec_mode & 2) != 0); + doencrypt = ((cli->sec_mode & 2) != 0); } if (lp_security()>=SEC_USER) secword |= 1; if (doencrypt) secword |= 2; - if (doencrypt) - { + if (doencrypt) { crypt_len = 8; - if (pwd_srv.initialised) - { + if (!cli) { generate_next_challenge(cryptkey); } else { - memcpy(cryptkey, pwd_srv.cryptkey, 8); - set_challenge(pwd_srv.cryptkey); + memcpy(cryptkey, cli->cryptkey, 8); + set_challenge(cli->cryptkey); } } @@ -3775,14 +3751,16 @@ int reply_nt1(char *outbuf) char cryptkey[8]; char crypt_len = 0; - if (lp_security() == SEC_SERVER && server_cryptkey(&pwd_srv, local_machine)) - { + if (lp_security() == SEC_SERVER) { + cli = server_cryptkey(); + } + + if (cli) { DEBUG(3,("using password server validation\n")); - doencrypt = ((pwd_srv.sec_mode & 2) != 0); + doencrypt = ((cli->sec_mode & 2) != 0); } - if (doencrypt) - { + if (doencrypt) { crypt_len = 8; if (!cli) { generate_next_challenge(cryptkey); @@ -4884,14 +4862,15 @@ static void process(void) if (keepalive && (counter-last_keepalive)>keepalive) { + struct cli_state *cli = server_client(); if (!send_keepalive(Client)) { DEBUG(2,("%s Keepalive failed - exiting\n",timestring())); return; } /* also send a keepalive to the password server if its still connected */ - if (pwd_srv.initialised) - send_keepalive(pwd_srv.fd); + if (cli && cli->initialised) + send_keepalive(cli->fd); last_keepalive = counter; } diff --git a/source3/utils/torture.c b/source3/utils/torture.c index a0e32ff395..506f31481c 100644 --- a/source3/utils/torture.c +++ b/source3/utils/torture.c @@ -46,14 +46,12 @@ static double end_timer() static BOOL open_connection(struct cli_state *c) { - if (!cli_initialise(c) || !cli_connect(c, host, NULL)) - { + if (!cli_initialise(c) || !cli_connect(c, host, NULL)) { printf("Failed to connect with %s\n", host); return False; } - if (!cli_session_request(c, host, 0x20, myname, 0x0)) - { + if (!cli_session_request(c, host, 0x20, myname)) { printf("%s rejected the session\n",host); cli_shutdown(c); return False; |