diff options
author | Andrew Bartlett <abartlet@samba.org> | 2002-05-23 14:02:17 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2002-05-23 14:02:17 +0000 |
commit | e46a6ecc697418ad7eb9aedb1610d1fbbe419029 (patch) | |
tree | 8164626af06d1f7d788f26eb8e93f3f4d17051d7 /source3/libsmb | |
parent | 4f46de7972eaab44b492f2cfe8a9d9c2a728766c (diff) | |
download | samba-e46a6ecc697418ad7eb9aedb1610d1fbbe419029.tar.gz samba-e46a6ecc697418ad7eb9aedb1610d1fbbe419029.tar.bz2 samba-e46a6ecc697418ad7eb9aedb1610d1fbbe419029.zip |
Given Jeremy's positive response, and a lack of one from tpot, I'll commit
this:
More code cleanup - this lot a bit more dodgy than the last:
The aim is to trim pwd_cache down to size. Its overly complex, and a
pain to deal with. With a header comment like this:
'obfusticaion is planned'
I think it deserved to die (at least partly).
This was being done to allow 'cli_establish_connection' to die - its
functionality has been replaced by cli_full_connection(), which does
not duplicate code everywhere for creating names etc.
This also removes the little 'init' fucntions for the various pipes,
becouse they were only used in one place, and even then it was dodgy.
(I've reworked smbcacls not to use anonymous connections any more, as
this will (should) fail with a 'restrict anonymous' PDC).
This allowed me to remove cli_pipe_util.c, which was calling
cli_establish_connection.
tpot: I'm not sure what direction you were going with the client stuff,
and you may well have been wanting the init functions. If thats the case,
give me a yell and I'll reimplement them against cli_full_connection.
Andrew Bartlett
(This used to be commit fa67e4626bed623333c571e76e06ccd52cba5cc5)
Diffstat (limited to 'source3/libsmb')
-rw-r--r-- | source3/libsmb/cli_dfs.c | 8 | ||||
-rw-r--r-- | source3/libsmb/cli_lsarpc.c | 13 | ||||
-rw-r--r-- | source3/libsmb/cli_netlogon.c | 9 | ||||
-rw-r--r-- | source3/libsmb/cli_pipe_util.c | 82 | ||||
-rw-r--r-- | source3/libsmb/cli_reg.c | 9 | ||||
-rw-r--r-- | source3/libsmb/cli_samr.c | 8 | ||||
-rw-r--r-- | source3/libsmb/cli_spoolss.c | 14 | ||||
-rw-r--r-- | source3/libsmb/cli_srvsvc.c | 9 | ||||
-rw-r--r-- | source3/libsmb/cli_wkssvc.c | 18 | ||||
-rw-r--r-- | source3/libsmb/cliconnect.c | 148 | ||||
-rw-r--r-- | source3/libsmb/pwd_cache.c | 135 |
11 files changed, 19 insertions, 434 deletions
diff --git a/source3/libsmb/cli_dfs.c b/source3/libsmb/cli_dfs.c index 312275926c..7fc27b9c3b 100644 --- a/source3/libsmb/cli_dfs.c +++ b/source3/libsmb/cli_dfs.c @@ -20,14 +20,6 @@ #include "includes.h" -/* Opens a SMB connection to the netdfs pipe */ - -struct cli_state *cli_dfs_initialise(struct cli_state *cli, char *system_name, - struct ntuser_creds *creds) -{ - return cli_pipe_initialise(cli, system_name, PIPE_NETDFS, creds); -} - /* Query DFS support */ NTSTATUS cli_dfs_exist(struct cli_state *cli, TALLOC_CTX *mem_ctx, diff --git a/source3/libsmb/cli_lsarpc.c b/source3/libsmb/cli_lsarpc.c index 8eaf6da2ec..9d07eb1d1e 100644 --- a/source3/libsmb/cli_lsarpc.c +++ b/source3/libsmb/cli_lsarpc.c @@ -38,19 +38,6 @@ * security authority", which is half of a password database. **/ -/** Opens a SMB connection and connects to the LSARPC pipe. - * - * @param cli Uninitialised client handle. - * @param system_name NETBIOS name of the machine to connect to. - * @param creds User credentials to connect as. - * @returns Initialised client handle. - */ -struct cli_state *cli_lsa_initialise(struct cli_state *cli, char *system_name, - struct ntuser_creds *creds) -{ - return cli_pipe_initialise(cli, system_name, PIPE_LSARPC, creds); -} - /** Open a LSA policy handle * * @param cli Handle on an initialised SMB connection */ diff --git a/source3/libsmb/cli_netlogon.c b/source3/libsmb/cli_netlogon.c index 12651966d7..765f19a5fe 100644 --- a/source3/libsmb/cli_netlogon.c +++ b/source3/libsmb/cli_netlogon.c @@ -25,15 +25,6 @@ #include "includes.h" -/* Opens a SMB connection to the netlogon pipe */ - -struct cli_state *cli_netlogon_initialise(struct cli_state *cli, - char *system_name, - struct ntuser_creds *creds) -{ - return cli_pipe_initialise(cli, system_name, PIPE_NETLOGON, creds); -} - /* LSA Request Challenge. Sends our challenge to server, then gets server response. These are used to generate the credentials. */ diff --git a/source3/libsmb/cli_pipe_util.c b/source3/libsmb/cli_pipe_util.c deleted file mode 100644 index de1c832e44..0000000000 --- a/source3/libsmb/cli_pipe_util.c +++ /dev/null @@ -1,82 +0,0 @@ -/* - Unix SMB/CIFS implementation. - RPC pipe client utility functions - Copyright (C) Tim Potter 2001, - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -/** \defgroup rpc_client RPC Client routines - */ - -/* Opens a SMB connection to a named pipe */ - -struct cli_state *cli_pipe_initialise(struct cli_state *cli, char *system_name, - char *pipe_name, - struct ntuser_creds *creds) -{ - struct in_addr dest_ip; - struct nmb_name calling, called; - fstring dest_host; - extern pstring global_myname; - struct ntuser_creds anon; - - /* Initialise cli_state information */ - - if (!cli_initialise(cli)) { - return NULL; - } - - if (!creds) { - ZERO_STRUCT(anon); - anon.pwd.null_pwd = 1; - creds = &anon; - } - - cli_init_creds(cli, creds); - - /* Establish a SMB connection */ - - if (!resolve_srv_name(system_name, dest_host, &dest_ip)) { - return NULL; - } - - make_nmb_name(&called, dns_to_netbios_name(dest_host), 0x20); - make_nmb_name(&calling, dns_to_netbios_name(global_myname), 0); - - if (!cli_establish_connection(cli, dest_host, &dest_ip, &calling, - &called, "IPC$", "IPC", False, True)) { - return NULL; - } - - /* Open a NT session thingy */ - - if (!cli_nt_session_open(cli, pipe_name)) { - cli_shutdown(cli); - return NULL; - } - - return cli; -} - -/* Shut down a SMB connection to the SAMR pipe */ - -void cli_pipe_shutdown(struct cli_state *cli) -{ - if (cli->fd != -1) cli_ulogoff(cli); - cli_shutdown(cli); -} diff --git a/source3/libsmb/cli_reg.c b/source3/libsmb/cli_reg.c index c09ccabb29..aaf18882f7 100644 --- a/source3/libsmb/cli_reg.c +++ b/source3/libsmb/cli_reg.c @@ -25,15 +25,6 @@ #include "includes.h" -/* Opens a SMB connection to the WINREG pipe */ - -struct cli_state *cli_winreg_initialise(struct cli_state *cli, - char *system_name, - struct ntuser_creds *creds) -{ - return cli_pipe_initialise(cli, system_name, PIPE_WINREG, creds); -} - /* Shutdown a server */ NTSTATUS cli_reg_shutdown(struct cli_state * cli, TALLOC_CTX *mem_ctx, diff --git a/source3/libsmb/cli_samr.c b/source3/libsmb/cli_samr.c index f3560ede5d..9a332aa99e 100644 --- a/source3/libsmb/cli_samr.c +++ b/source3/libsmb/cli_samr.c @@ -24,14 +24,6 @@ #include "includes.h" -/* Opens a SMB connection to the SAMR pipe */ - -struct cli_state *cli_samr_initialise(struct cli_state *cli, char *system_name, - struct ntuser_creds *creds) -{ - return cli_pipe_initialise(cli, system_name, PIPE_SAMR, creds); -} - /* Connect to SAMR database */ NTSTATUS cli_samr_connect(struct cli_state *cli, TALLOC_CTX *mem_ctx, diff --git a/source3/libsmb/cli_spoolss.c b/source3/libsmb/cli_spoolss.c index 28f4f481fa..5e33e00c68 100644 --- a/source3/libsmb/cli_spoolss.c +++ b/source3/libsmb/cli_spoolss.c @@ -31,20 +31,6 @@ * @{ **/ -/** Opens a SMB connection and connects to the SPOOLSS pipe. - * - * @param cli Uninitialised client handle. - * @param system_name NETBIOS name of the machine to connect to. - * @param creds User credentials to connect as. - * @returns Initialised client handle. - */ -struct cli_state *cli_spoolss_initialise(struct cli_state *cli, - char *system_name, - struct ntuser_creds *creds) -{ - return cli_pipe_initialise(cli, system_name, PIPE_SPOOLSS, creds); -} - /********************************************************************** Initialize a new spoolss buff for use by a client rpc **********************************************************************/ diff --git a/source3/libsmb/cli_srvsvc.c b/source3/libsmb/cli_srvsvc.c index 9d33149540..b5b4478684 100644 --- a/source3/libsmb/cli_srvsvc.c +++ b/source3/libsmb/cli_srvsvc.c @@ -22,15 +22,6 @@ #include "includes.h" -/* Opens a SMB connection to the svrsvc pipe */ - -struct cli_state *cli_svrsvc_initialise(struct cli_state *cli, - char *system_name, - struct ntuser_creds *creds) -{ - return cli_pipe_initialise(cli, system_name, PIPE_SRVSVC, creds); -} - NTSTATUS cli_srvsvc_net_srv_get_info(struct cli_state *cli, TALLOC_CTX *mem_ctx, uint32 switch_value, SRV_INFO_CTR *ctr) diff --git a/source3/libsmb/cli_wkssvc.c b/source3/libsmb/cli_wkssvc.c index 2a84e6b698..756ff61e5b 100644 --- a/source3/libsmb/cli_wkssvc.c +++ b/source3/libsmb/cli_wkssvc.c @@ -24,24 +24,6 @@ #include "includes.h" /** - * Opens a SMB connection to the wkssvc pipe - * - * @param cli client structure (not yet initialised) - * @param system_name called rpc server name - * @param creds user credentials - * - * @return client structure with opened pipe - **/ - -struct cli_state *cli_wkssvc_initialise(struct cli_state *cli, - char *system_name, - struct ntuser_creds *creds) -{ - return cli_pipe_initialise(cli, system_name, PIPE_WKSSVC, creds); -} - - -/** * WksQueryInfo rpc call (like query for server's capabilities) * * @param initialised client structure with \PIPE\wkssvc opened diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index ec2c33f419..f41c3b7701 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -1027,152 +1027,6 @@ BOOL cli_connect(struct cli_state *cli, const char *host, struct in_addr *ip) return True; } -/**************************************************************************** -establishes a connection right up to doing tconX, password in cache. -****************************************************************************/ -BOOL cli_establish_connection(struct cli_state *cli, - char *dest_host, struct in_addr *dest_ip, - struct nmb_name *calling, struct nmb_name *called, - char *service, char *service_type, - BOOL do_shutdown, BOOL do_tcon) -{ - DEBUG(5,("cli_establish_connection: %s connecting to %s (%s) - %s [%s]\n", - nmb_namestr(calling), nmb_namestr(called), inet_ntoa(*dest_ip), - cli->user_name, cli->domain)); - - /* establish connection */ - - if ((!cli->initialised)) - { - return False; - } - - /* cli_establish_connection() can't handle spnego yet. Once we get rid of - pwd_cache and other horrors we can get rid of this */ - cli->use_spnego = False; - - if (cli->fd == -1) - { - if (!cli_connect(cli, dest_host, dest_ip)) - { - DEBUG(1,("cli_establish_connection: failed to connect to %s (%s)\n", - nmb_namestr(called), inet_ntoa(*dest_ip))); - return False; - } - } - - if (!cli_session_request(cli, calling, called)) - { - DEBUG(1,("failed session request\n")); - if (do_shutdown) - cli_shutdown(cli); - return False; - } - - if (!cli_negprot(cli)) - { - DEBUG(1,("failed negprot\n")); - if (do_shutdown) - cli_shutdown(cli); - return False; - } - - if (cli->pwd.cleartext || cli->pwd.null_pwd) - { - fstring passwd; - int pass_len; - - if (cli->pwd.null_pwd) - { - /* attempt null session */ - passwd[0] = 0; - pass_len = 1; - } - else - { - /* attempt clear-text session */ - pwd_get_cleartext(&(cli->pwd), passwd); - pass_len = strlen(passwd); - } - - /* attempt clear-text session */ - if (!cli_session_setup(cli, cli->user_name, - passwd, pass_len, - NULL, 0, - cli->domain)) - { - DEBUG(1,("failed session setup\n")); - if (do_shutdown) - { - cli_shutdown(cli); - } - return False; - } - if (do_tcon) - { - if (!cli_send_tconX(cli, service, service_type, - (char*)passwd, strlen(passwd))) - { - DEBUG(1,("failed tcon_X\n")); - if (do_shutdown) - { - cli_shutdown(cli); - } - return False; - } - } - } - else - { - /* attempt encrypted session */ - unsigned char nt_sess_pwd[24]; - unsigned char lm_sess_pwd[24]; - - /* creates (storing a copy of) and then obtains a 24 byte password OWF */ - pwd_make_lm_nt_owf(&(cli->pwd), cli->secblob.data); - pwd_get_lm_nt_owf(&(cli->pwd), lm_sess_pwd, nt_sess_pwd); - - /* attempt encrypted session */ - if (!cli_session_setup(cli, cli->user_name, - (char*)lm_sess_pwd, sizeof(lm_sess_pwd), - (char*)nt_sess_pwd, sizeof(nt_sess_pwd), - cli->domain)) - { - DEBUG(1,("failed session setup\n")); - if (do_shutdown) - cli_shutdown(cli); - return False; - } - - DEBUG(1,("session setup ok\n")); - - if (*cli->server_domain || *cli->server_os || *cli->server_type) - { - DEBUG(1,("Domain=[%s] OS=[%s] Server=[%s]\n", - cli->server_domain, - cli->server_os, - cli->server_type)); - } - - if (do_tcon) - { - if (!cli_send_tconX(cli, service, service_type, - (char*)nt_sess_pwd, sizeof(nt_sess_pwd))) - { - DEBUG(1,("failed tcon_X\n")); - if (do_shutdown) - cli_shutdown(cli); - return False; - } - } - } - - if (do_shutdown) - cli_shutdown(cli); - - return True; -} - /* Initialise client credentials for authenticated pipe access */ static void init_creds(struct ntuser_creds *creds, char* username, @@ -1230,7 +1084,7 @@ again: DEBUG(3,("Connecting to host=%s share=%s\n", dest_host, service)); if (!cli_connect(cli, dest_host, &ip)) { - DEBUG(1,("cli_establish_connection: failed to connect to %s (%s)\n", + DEBUG(1,("cli_full_connection: failed to connect to %s (%s)\n", nmb_namestr(&called), inet_ntoa(*dest_ip))); cli_shutdown(cli); return NT_STATUS_UNSUCCESSFUL; diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c index 7d1185d9a7..8b79788fed 100644 --- a/source3/libsmb/pwd_cache.c +++ b/source3/libsmb/pwd_cache.c @@ -24,7 +24,7 @@ Initialises a password structure. ****************************************************************************/ -void pwd_init(struct pwd_info *pwd) +static void pwd_init(struct pwd_info *pwd) { memset((char *)pwd->password , '\0', sizeof(pwd->password )); memset((char *)pwd->smb_lm_pwd, '\0', sizeof(pwd->smb_lm_pwd)); @@ -38,89 +38,21 @@ void pwd_init(struct pwd_info *pwd) } /**************************************************************************** - Returns NULL password flag. -****************************************************************************/ - -BOOL pwd_is_nullpwd(const struct pwd_info *pwd) -{ - return pwd->null_pwd; -} - -/**************************************************************************** - Compares two passwords. hmm, not as trivial as expected. hmm. -****************************************************************************/ - -BOOL pwd_compare(const struct pwd_info *pwd1, const struct pwd_info *pwd2) -{ - if (pwd1->cleartext && pwd2->cleartext) { - if (strequal(pwd1->password, pwd2->password)) - return True; - } - if (pwd1->null_pwd && pwd2->null_pwd) - return True; - - if (!pwd1->null_pwd && !pwd2->null_pwd && - !pwd1->cleartext && !pwd2->cleartext) { -#ifdef DEBUG_PASSWORD - DEBUG(100,("pwd compare: nt#\n")); - dump_data(100, pwd1->smb_nt_pwd, 16); - dump_data(100, pwd2->smb_nt_pwd, 16); -#endif - if (memcmp(pwd1->smb_nt_pwd, pwd2->smb_nt_pwd, 16) == 0) - return True; -#ifdef DEBUG_PASSWORD - DEBUG(100,("pwd compare: lm#\n")); - dump_data(100, pwd1->smb_lm_pwd, 16); - dump_data(100, pwd2->smb_lm_pwd, 16); -#endif - if (memcmp(pwd1->smb_lm_pwd, pwd2->smb_lm_pwd, 16) == 0) - return True; - } - return False; -} - -/**************************************************************************** - Reads a password. + Makes lm and nt hashed passwords. ****************************************************************************/ -void pwd_read(struct pwd_info *pwd, char *passwd_report, BOOL do_encrypt) +static void pwd_make_lm_nt_16(struct pwd_info *pwd, char *clr) { - /* grab a password */ - char *user_pass; + pstring dos_passwd; pwd_init(pwd); - user_pass = (char*)getpass(passwd_report); - - /* - * Do not assume that an empty string is a NULL password. - * If you do this will break the session key generation for - * and account with an emtpy password. If you wish to use - * a NULL password, use the -N option to smbclient and rpcclient - * --jerry - */ -#if 0 - if (user_pass == NULL || user_pass[0] == 0) - pwd_set_nullpwd(pwd); - else if (do_encrypt) -#endif - if (do_encrypt) - pwd_make_lm_nt_16(pwd, user_pass); - else - pwd_set_cleartext(pwd, user_pass); -} - -/**************************************************************************** - Stores a cleartext password. -****************************************************************************/ - -void pwd_set_nullpwd(struct pwd_info *pwd) -{ - pwd_init(pwd); + push_ascii_pstring(dos_passwd, clr); + nt_lm_owf_gen(dos_passwd, pwd->smb_nt_pwd, pwd->smb_lm_pwd); + pwd->null_pwd = False; pwd->cleartext = False; - pwd->null_pwd = True; - pwd->crypted = False; + pwd->crypted = False; } /**************************************************************************** @@ -151,29 +83,6 @@ void pwd_get_cleartext(struct pwd_info *pwd, char *clr) } /**************************************************************************** - Stores lm and nt hashed passwords. -****************************************************************************/ - -void pwd_set_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16]) -{ - pwd_init(pwd); - - if (lm_pwd) - memcpy(pwd->smb_lm_pwd, lm_pwd, 16); - else - memset((char *)pwd->smb_lm_pwd, '\0', 16); - - if (nt_pwd) - memcpy(pwd->smb_nt_pwd, nt_pwd, 16); - else - memset((char *)pwd->smb_nt_pwd, '\0', 16); - - pwd->null_pwd = False; - pwd->cleartext = False; - pwd->crypted = False; -} - -/**************************************************************************** Gets lm and nt hashed passwords. ****************************************************************************/ @@ -186,24 +95,6 @@ void pwd_get_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16]) } /**************************************************************************** - Makes lm and nt hashed passwords. -****************************************************************************/ - -void pwd_make_lm_nt_16(struct pwd_info *pwd, char *clr) -{ - pstring dos_passwd; - - pwd_init(pwd); - - push_ascii_pstring(dos_passwd, clr); - - nt_lm_owf_gen(dos_passwd, pwd->smb_nt_pwd, pwd->smb_lm_pwd); - pwd->null_pwd = False; - pwd->cleartext = False; - pwd->crypted = False; -} - -/**************************************************************************** Makes lm and nt OWF crypts. ****************************************************************************/ @@ -247,3 +138,13 @@ void pwd_get_lm_nt_owf(struct pwd_info *pwd, uchar lm_owf[24], uchar nt_owf[24]) if (nt_owf != NULL) memcpy(nt_owf, pwd->smb_nt_owf, 24); } + + + + + + + + + + |