diff options
| author | Jeremy Allison <jra@samba.org> | 2009-03-13 17:49:24 -0700 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2009-03-13 17:49:24 -0700 |
| commit | f48a345e4a215173ad9e7d2777bacc0decb2bcc7 (patch) | |
| tree | 411aabcb24f39c0e9c908cac0aef264920564810 | |
| parent | 5df46fa35bd7c7aa083d4db1331b6f056ef70c77 (diff) | |
| download | samba-f48a345e4a215173ad9e7d2777bacc0decb2bcc7.tar.gz samba-f48a345e4a215173ad9e7d2777bacc0decb2bcc7.tar.bz2 samba-f48a345e4a215173ad9e7d2777bacc0decb2bcc7.zip | |
Remove pwd_cache.c, it was doing nothing. Make user_name, domain, and
password talloc'ed strings within the cli_struct.
Jeremy.
| -rw-r--r-- | source3/Makefile.in | 2 | ||||
| -rw-r--r-- | source3/include/client.h | 6 | ||||
| -rw-r--r-- | source3/include/proto.h | 10 | ||||
| -rw-r--r-- | source3/include/smb.h | 7 | ||||
| -rw-r--r-- | source3/libsmb/cliconnect.c | 35 | ||||
| -rw-r--r-- | source3/libsmb/clientgen.c | 59 | ||||
| -rw-r--r-- | source3/libsmb/passchange.c | 18 | ||||
| -rw-r--r-- | source3/libsmb/pwd_cache.c | 61 | ||||
| -rw-r--r-- | source3/rpc_client/cli_pipe.c | 4 | ||||
| -rw-r--r-- | source3/torture/torture.c | 6 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_cm.c | 39 |
11 files changed, 135 insertions, 112 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index 76fd91a31e..6b0a1516d0 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -457,7 +457,7 @@ LIBSMB_OBJ = libsmb/clientgen.o libsmb/cliconnect.o libsmb/clifile.o \ libsmb/clireadwrite.o libsmb/clilist.o libsmb/cliprint.o \ libsmb/clitrans.o libsmb/clisecdesc.o libsmb/clidgram.o \ libsmb/clistr.o libsmb/cliquota.o libsmb/clifsinfo.o libsmb/clidfs.o \ - libsmb/credentials.o libsmb/pwd_cache.o \ + libsmb/credentials.o \ libsmb/clioplock.o libsmb/clirap2.o \ libsmb/smb_seal.o libsmb/async_smb.o \ $(LIBSAMBA_OBJ) \ diff --git a/source3/include/client.h b/source3/include/client.h index eae22fdbce..320a90e66b 100644 --- a/source3/include/client.h +++ b/source3/include/client.h @@ -187,9 +187,9 @@ struct cli_state { fstring desthost; /* The credentials used to open the cli_state connection. */ - fstring domain; - fstring user_name; - struct pwd_info pwd; + char *domain; + char *user_name; + char *password; /* Can be null to force use of zero NTLMSSP session key. */ /* * The following strings are the diff --git a/source3/include/proto.h b/source3/include/proto.h index 5811574068..f992f0686a 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -2424,7 +2424,10 @@ bool cli_send_smb_direct_writeX(struct cli_state *cli, void cli_setup_packet_buf(struct cli_state *cli, char *buf); void cli_setup_packet(struct cli_state *cli); void cli_setup_bcc(struct cli_state *cli, void *p); -void cli_init_creds(struct cli_state *cli, const char *username, const char *domain, const char *password); +NTSTATUS cli_set_domain(struct cli_state *cli, const char *domain); +NTSTATUS cli_set_username(struct cli_state *cli, const char *username); +NTSTATUS cli_set_password(struct cli_state *cli, const char *password); +NTSTATUS cli_init_creds(struct cli_state *cli, const char *username, const char *domain, const char *password); struct cli_state *cli_initialise(void); struct cli_state *cli_initialise_ex(int signing_state); void cli_nt_pipes_close(struct cli_state *cli); @@ -3154,11 +3157,6 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam const char *old_passwd, const char *new_passwd, char **err_str); -/* The following definitions come from libsmb/pwd_cache.c */ - -void pwd_set_cleartext(struct pwd_info *pwd, const char *clr); -void pwd_get_cleartext(struct pwd_info *pwd, fstring clr); - /* The following definitions come from libsmb/samlogon_cache.c */ bool netsamlogon_cache_init(void); diff --git a/source3/include/smb.h b/source3/include/smb.h index a0140fe081..281a218256 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -1759,13 +1759,6 @@ struct node_status_extra { /* There really is more here ... */ }; -struct pwd_info { - bool null_pwd; - bool cleartext; - - fstring password; -}; - /* For split krb5 SPNEGO blobs. */ struct pending_auth_data { struct pending_auth_data *prev, *next; diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index ec2932488e..43326e912c 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -61,6 +61,7 @@ static NTSTATUS cli_session_setup_lanman2(struct cli_state *cli, { DATA_BLOB session_key = data_blob_null; DATA_BLOB lm_response = data_blob_null; + NTSTATUS status; fstring pword; char *p; @@ -129,7 +130,10 @@ static NTSTATUS cli_session_setup_lanman2(struct cli_state *cli, /* use the returned vuid from now on */ cli->vuid = SVAL(cli->inbuf,smb_uid); - fstrcpy(cli->user_name, user); + status = cli_set_username(cli, user); + if (!NT_STATUS_IS_OK(status)) { + return status; + } if (session_key.data) { /* Have plaintext orginal */ @@ -237,7 +241,10 @@ NTSTATUS cli_session_setup_guest_recv(struct async_req *req) cli->is_samba = True; } - fstrcpy(cli->user_name, ""); + status = cli_set_username(cli, ""); + if (!NT_STATUS_IS_OK(status)) { + return status; + } return NT_STATUS_OK; } @@ -289,6 +296,7 @@ static NTSTATUS cli_session_setup_plaintext(struct cli_state *cli, { uint32 capabilities = cli_session_setup_capabilities(cli); char *p; + NTSTATUS status; fstring lanman; fstr_sprintf( lanman, "Samba %s", samba_version_string()); @@ -349,8 +357,10 @@ static NTSTATUS cli_session_setup_plaintext(struct cli_state *cli, -1, STR_TERMINATE); p += clistr_pull(cli->inbuf, cli->server_domain, p, sizeof(fstring), -1, STR_TERMINATE); - fstrcpy(cli->user_name, user); - + status = cli_set_username(cli, user); + if (!NT_STATUS_IS_OK(status)) { + return status; + } if (strstr(cli->server_type, "Samba")) { cli->is_samba = True; } @@ -520,7 +530,10 @@ static NTSTATUS cli_session_setup_nt1(struct cli_state *cli, const char *user, cli->is_samba = True; } - fstrcpy(cli->user_name, user); + result = cli_set_username(cli, user); + if (!NT_STATUS_IS_OK(result)) { + goto end; + } if (session_key.data) { /* Have plaintext orginal */ @@ -898,6 +911,7 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user, DATA_BLOB blob; const char *p = NULL; char *account = NULL; + NTSTATUS status; DEBUG(3,("Doing spnego session setup (blob length=%lu)\n", (unsigned long)cli->secblob.length)); @@ -936,7 +950,10 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user, DEBUG(3,("got principal=%s\n", principal ? principal : "<null>")); - fstrcpy(cli->user_name, user); + status = cli_set_username(cli, user); + if (!NT_STATUS_IS_OK(status)) { + return ADS_ERROR_NT(status); + } #ifdef HAVE_KRB5 /* If password is set we reauthenticate to kerberos server @@ -2101,7 +2118,11 @@ NTSTATUS cli_full_connection(struct cli_state **output_cli, } } - cli_init_creds(cli, user, domain, password); + nt_status = cli_init_creds(cli, user, domain, password); + if (!NT_STATUS_IS_OK(nt_status)) { + cli_shutdown(cli); + return nt_status; + } *output_cli = cli; return NT_STATUS_OK; diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c index 7c42da4430..295ccae456 100644 --- a/source3/libsmb/clientgen.c +++ b/source3/libsmb/clientgen.c @@ -409,19 +409,64 @@ void cli_setup_bcc(struct cli_state *cli, void *p) } /**************************************************************************** + Initialize Domain, user or password. +****************************************************************************/ + +NTSTATUS cli_set_domain(struct cli_state *cli, const char *domain) +{ + TALLOC_FREE(cli->domain); + cli->domain = talloc_strdup(cli, domain ? domain : ""); + if (cli->domain == NULL) { + return NT_STATUS_NO_MEMORY; + } + return NT_STATUS_OK; +} + +NTSTATUS cli_set_username(struct cli_state *cli, const char *username) +{ + TALLOC_FREE(cli->user_name); + cli->user_name = talloc_strdup(cli, username ? username : ""); + if (cli->user_name == NULL) { + return NT_STATUS_NO_MEMORY; + } + return NT_STATUS_OK; +} + +NTSTATUS cli_set_password(struct cli_state *cli, const char *password) +{ + TALLOC_FREE(cli->password); + + /* Password can be NULL. */ + if (password) { + cli->password = talloc_strdup(cli, password); + if (cli->password == NULL) { + return NT_STATUS_NO_MEMORY; + } + } else { + /* Use zero NTLMSSP hashes and session key. */ + cli->password = NULL; + } + + return NT_STATUS_OK; +} + +/**************************************************************************** Initialise credentials of a client structure. ****************************************************************************/ -void cli_init_creds(struct cli_state *cli, const char *username, const char *domain, const char *password) +NTSTATUS cli_init_creds(struct cli_state *cli, const char *username, const char *domain, const char *password) { - fstrcpy(cli->domain, domain); - fstrcpy(cli->user_name, username); - pwd_set_cleartext(&cli->pwd, password); - if (!*username) { - cli->pwd.null_pwd = true; + NTSTATUS status = cli_set_username(cli, username); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + status = cli_set_domain(cli, domain); + if (!NT_STATUS_IS_OK(status)) { + return status; } + DEBUG(10,("cli_init_creds: user %s domain %s\n", cli->user_name, cli->domain)); - DEBUG(10,("cli_init_creds: user %s domain %s\n", cli->user_name, cli->domain)); + return cli_set_password(cli, password); } /**************************************************************************** diff --git a/source3/libsmb/passchange.c b/source3/libsmb/passchange.c index f9ff4b3191..45cd392a5a 100644 --- a/source3/libsmb/passchange.c +++ b/source3/libsmb/passchange.c @@ -133,9 +133,17 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam return result; } - cli_init_creds(cli, "", "", NULL); + result = cli_init_creds(cli, "", "", NULL); + if (!NT_STATUS_IS_OK(result)) { + cli_shutdown(cli); + return result; + } } else { - cli_init_creds(cli, user_name, "", old_passwd); + result = cli_init_creds(cli, user_name, "", old_passwd); + if (!NT_STATUS_IS_OK(result)) { + cli_shutdown(cli); + return result; + } } result = cli_tcon_andx(cli, "IPC$", "IPC", "", 1); @@ -222,7 +230,11 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam TALLOC_FREE(pipe_hnd); /* Try anonymous NTLMSSP... */ - cli_init_creds(cli, "", "", NULL); + result = cli_init_creds(cli, "", "", NULL); + if (!NT_STATUS_IS_OK(result)) { + cli_shutdown(cli); + return result; + } result = NT_STATUS_UNSUCCESSFUL; diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c deleted file mode 100644 index 071e729e8c..0000000000 --- a/source3/libsmb/pwd_cache.c +++ /dev/null @@ -1,61 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Password cacheing. obfuscation is planned - Copyright (C) Luke Kenneth Casson Leighton 1996-1998 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" - -/**************************************************************************** - Initialises a password structure. -****************************************************************************/ - -static void pwd_init(struct pwd_info *pwd) -{ - memset((char *)pwd->password , '\0', sizeof(pwd->password )); - - pwd->null_pwd = True; /* safest option... */ -} - -/**************************************************************************** - Stores a cleartext password. -****************************************************************************/ - -void pwd_set_cleartext(struct pwd_info *pwd, const char *clr) -{ - pwd_init(pwd); - if (clr) { - fstrcpy(pwd->password, clr); - pwd->null_pwd = False; - } else { - pwd->null_pwd = True; - } - - pwd->cleartext = True; -} - -/**************************************************************************** - Gets a cleartext password. -****************************************************************************/ - -void pwd_get_cleartext(struct pwd_info *pwd, fstring clr) -{ - if (pwd->cleartext) - fstrcpy(clr, pwd->password); - else - clr[0] = 0; - -} diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index 24dbcb0193..ef10c123f3 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -2974,7 +2974,7 @@ bool rpccli_get_pwd_hash(struct rpc_pipe_client *rpc_cli, uint8_t nt_hash[16]) if (cli == NULL) { return false; } - E_md4hash(cli->pwd.password, nt_hash); + E_md4hash(cli->password ? cli->password : "", nt_hash); return true; } @@ -3699,7 +3699,7 @@ static NTSTATUS cli_rpc_pipe_open_ntlmssp_internal(struct cli_state *cli, status = rpccli_ntlmssp_bind_data( result, auth_type, auth_level, domain, username, - cli->pwd.null_pwd ? NULL : password, &auth); + password, &auth); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("rpccli_ntlmssp_bind_data returned %s\n", nt_errstr(status))); diff --git a/source3/torture/torture.c b/source3/torture/torture.c index 64dfb5224c..e2d1497b28 100644 --- a/source3/torture/torture.c +++ b/source3/torture/torture.c @@ -333,6 +333,7 @@ bool torture_cli_session_setup2(struct cli_state *cli, uint16 *new_vuid) uint16 old_vuid = cli->vuid; fstring old_user_name; size_t passlen = strlen(password); + NTSTATUS status; bool ret; fstrcpy(old_user_name, cli->user_name); @@ -343,7 +344,10 @@ bool torture_cli_session_setup2(struct cli_state *cli, uint16 *new_vuid) workgroup)); *new_vuid = cli->vuid; cli->vuid = old_vuid; - fstrcpy(cli->user_name, old_user_name); + status = cli_set_username(cli, old_user_name); + if (!NT_STATUS_IS_OK(status)) { + return false; + } return ret; } diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index 7a53f19ffd..e06e30e0a8 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -866,7 +866,10 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain, result = ads_ntstatus(ads_status); if (NT_STATUS_IS_OK(result)) { /* Ensure creds are stored for NTLMSSP authenticated pipe access. */ - cli_init_creds(*cli, machine_account, lp_workgroup(), machine_password); + result = cli_init_creds(*cli, machine_account, lp_workgroup(), machine_password); + if (!NT_STATUS_IS_OK(result)) { + goto done; + } goto session_setup_done; } } @@ -891,7 +894,10 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain, result = ads_ntstatus(ads_status); if (NT_STATUS_IS_OK(result)) { /* Ensure creds are stored for NTLMSSP authenticated pipe access. */ - cli_init_creds(*cli, machine_account, lp_workgroup(), machine_password); + result = cli_init_creds(*cli, machine_account, lp_workgroup(), machine_password); + if (!NT_STATUS_IS_OK(result)) { + goto done; + } goto session_setup_done; } } @@ -917,7 +923,10 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain, ipc_password, strlen(ipc_password)+1, ipc_domain))) { /* Successful logon with given username. */ - cli_init_creds(*cli, ipc_username, ipc_domain, ipc_password); + result = cli_init_creds(*cli, ipc_username, ipc_domain, ipc_password); + if (!NT_STATUS_IS_OK(result)) { + goto done; + } goto session_setup_done; } else { DEBUG(4, ("authenticated session setup with user %s\\%s failed.\n", @@ -935,7 +944,10 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain, if (NT_STATUS_IS_OK(cli_session_setup(*cli, "", NULL, 0, NULL, 0, ""))) { DEBUG(5, ("Connected anonymously\n")); - cli_init_creds(*cli, "", "", ""); + result = cli_init_creds(*cli, "", "", ""); + if (!NT_STATUS_IS_OK(result)) { + goto done; + } goto session_setup_done; } @@ -970,8 +982,11 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain, *retry = False; /* set the domain if empty; needed for schannel connections */ - if ( !*(*cli)->domain ) { - fstrcpy( (*cli)->domain, domain->name ); + if ( !(*cli)->domain[0] ) { + result = cli_set_domain((*cli), domain->name); + if (!NT_STATUS_IS_OK(result)) { + return result; + } } result = NT_STATUS_OK; @@ -1979,7 +1994,6 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, { struct winbindd_cm_conn *conn; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - fstring conn_pwd; struct dcinfo *p_dcinfo; char *machine_password = NULL; char *machine_account = NULL; @@ -2004,10 +2018,9 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, * anonymous. */ - pwd_get_cleartext(&conn->cli->pwd, conn_pwd); if ((conn->cli->user_name[0] == '\0') || (conn->cli->domain[0] == '\0') || - (conn_pwd[0] == '\0')) + (conn->cli->password == NULL || conn->cli->password[0] == '\0')) { result = get_trust_creds(domain, &machine_password, &machine_account, NULL); @@ -2018,7 +2031,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, } domain_name = domain->name; } else { - machine_password = SMB_STRDUP(conn_pwd); + machine_password = SMB_STRDUP(conn->cli->password); machine_account = SMB_STRDUP(conn->cli->user_name); domain_name = conn->cli->domain; } @@ -2147,7 +2160,6 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, { struct winbindd_cm_conn *conn; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - fstring conn_pwd; struct dcinfo *p_dcinfo; result = init_dc_connection(domain); @@ -2160,10 +2172,9 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, goto done; } - pwd_get_cleartext(&conn->cli->pwd, conn_pwd); if ((conn->cli->user_name[0] == '\0') || (conn->cli->domain[0] == '\0') || - (conn_pwd[0] == '\0')) { + (conn->cli->password == NULL || conn->cli->password[0] == '\0')) { DEBUG(10, ("cm_connect_lsa: No no user available for " "domain %s, trying schannel\n", conn->cli->domain)); goto schannel; @@ -2174,7 +2185,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, result = cli_rpc_pipe_open_spnego_ntlmssp (conn->cli, &ndr_table_lsarpc.syntax_id, PIPE_AUTH_LEVEL_PRIVACY, - conn->cli->domain, conn->cli->user_name, conn_pwd, + conn->cli->domain, conn->cli->user_name, conn->cli->password, &conn->lsa_pipe); if (!NT_STATUS_IS_OK(result)) { |