Makefile :

	adding bits for new nt domain code

byteorder.h :

	trying to get macros right, and not to crash on SUNOS5...

client.c :

	added #ifdef NTDOMAIN, and created do_nt_login() function.  don't
	want to have to recompile client.c unless absolutely necessary.

credentials.c :

	moved deal_with_creds() [possibly inappropriately] into credentials.c

ipc.c reply.c server.c uid.c :

	attempting to make (un)become_root() functions calleable from smbclient.
	this is a little tricky: smbclient might have to be another setuid
	root program, immediately setuid'ing to non-root, so that we can
	reset-uid to root to get at the smbpasswd file.  or, have a secure
	pipe mechanism to smbd to grab smbpasswd entries.  or the like.

smbdes.c smbencrypt.c :

	created a function to generate lm and nt owf hashes.

lsaparse.c ntclient.c smbparse.c :

	added nt client LSA_AUTH2 code.  it works, too!

pipenetlog.c pipentlsa.c pipesrvsvc.c :

	simplification.  code-shuffling.  getting that damn offset right
	for the opcode in RPC_HDR.

smb.h :

	changed dcinfo xxx_creds to DOM_CRED structures instead of DOM_CHAL.
	we might need to store the server times as well.

proto.h :

	the usual.
(This used to be commit 82436a3d99d4bdce249ce9ff27fd2ca4b2447e07)

4 files changed, 29 insertions, 30 deletions

diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c
index 61b282fd42..9c9c183a14 100644
--- a/source3/smbd/ipc.c
+++ b/source3/smbd/ipc.c
@@ -1606,11 +1606,12 @@ static BOOL api_PrintJobInfo(int cnum,uint16 vuid,char *param,char *data,
 	  if (Files[i].open && Files[i].print_file)
 	    {
 	      pstring wd;
+          int fcnum = Files[i].cnum;
 	      GetWd(wd);
 	      unbecome_user();
 	      
-	      if (!become_user(Files[i].cnum,vuid) || 
-		  !become_service(Files[i].cnum,True))
+	      if (!become_user(&Connections[fcnum], fcnum,vuid) || 
+		  !become_service(fcnum,True))
 		break;
 	      
 	      if (sys_rename(Files[i].name,name) == 0)
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 3643b6eed0..22c22ccc55 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -2614,7 +2614,7 @@ int reply_printqueue(char *inbuf,char *outbuf)
       DEBUG(5,("connection not open or not a printer, using cnum %d\n",cnum));
     }
 
-  if (!become_user(cnum,vuid))
+  if (!become_user(&Connections[cnum], cnum, vuid))
     return(ERROR(ERRSRV,ERRinvnid));
 
   {
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index 20c1a1c1b7..9b428df44c 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -94,7 +94,7 @@ BOOL global_oplock_break = False;
 
 extern fstring remote_machine;
 
-pstring OriginalDir;
+extern pstring OriginalDir;
 
 /* these can be set by some functions to override the error codes */
 int unix_ERR_class=SUCCESS;
@@ -3462,7 +3462,7 @@ int make_connection(char *service,char *user,char *password, int pwlen, char *de
       smbrun(cmd,NULL,False);
     }
 
-  if (!become_user(cnum,pcon->vuid))
+  if (!become_user(&Connections[cnum], cnum,pcon->vuid))
     {
       DEBUG(0,("Can't become connected user!\n"));
       pcon->open = False;
@@ -4019,7 +4019,7 @@ void close_cnum(int cnum, uint16 vuid)
   dptr_closecnum(cnum);
 
   /* execute any "postexec = " line */
-  if (*lp_postexec(SNUM(cnum)) && become_user(cnum,vuid))
+  if (*lp_postexec(SNUM(cnum)) && become_user(&Connections[cnum], cnum,vuid))
     {
       pstring cmd;
       strcpy(cmd,lp_postexec(SNUM(cnum)));
@@ -4542,7 +4542,7 @@ static int switch_message(int type,char *inbuf,char *outbuf,int size,int bufsize
 	    unbecome_user();
 
 	  /* does this protocol need to be run as the connected user? */
-	  if ((flags & AS_USER) && !become_user(cnum,session_tag)) {
+	  if ((flags & AS_USER) && !become_user(&Connections[cnum], cnum,session_tag)) {
 	    if (flags & AS_GUEST) 
 	      flags &= ~AS_USER;
 	    else
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index 28bf4b421a..645d078979 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -23,15 +23,13 @@
 
 extern int DEBUGLEVEL;
 
-extern connection_struct Connections[];
-
 static int initial_uid;
 static int initial_gid;
 
 /* what user is current? */
 struct current_user current_user;
 
-extern pstring OriginalDir;
+pstring OriginalDir;
 
 /****************************************************************************
 initialise the uid routines
@@ -183,19 +181,19 @@ BOOL become_guest(void)
 /*******************************************************************
 check if a username is OK
 ********************************************************************/
-static BOOL check_user_ok(int cnum,user_struct *vuser,int snum)
+static BOOL check_user_ok(connection_struct *conn, user_struct *vuser,int snum)
 {
   int i;
-  for (i=0;i<Connections[cnum].uid_cache.entries;i++)
-    if (Connections[cnum].uid_cache.list[i] == vuser->uid) return(True);
+  for (i=0;i<conn->uid_cache.entries;i++)
+    if (conn->uid_cache.list[i] == vuser->uid) return(True);
 
   if (!user_ok(vuser->name,snum)) return(False);
 
-  i = Connections[cnum].uid_cache.entries % UID_CACHE_SIZE;
-  Connections[cnum].uid_cache.list[i] = vuser->uid;
+  i = conn->uid_cache.entries % UID_CACHE_SIZE;
+  conn->uid_cache.list[i] = vuser->uid;
 
-  if (Connections[cnum].uid_cache.entries < UID_CACHE_SIZE)
-    Connections[cnum].uid_cache.entries++;
+  if (conn->uid_cache.entries < UID_CACHE_SIZE)
+    conn->uid_cache.entries++;
 
   return(True);
 }
@@ -204,7 +202,7 @@ static BOOL check_user_ok(int cnum,user_struct *vuser,int snum)
 /****************************************************************************
   become the user of a connection number
 ****************************************************************************/
-BOOL become_user(int cnum, uint16 vuid)
+BOOL become_user(connection_struct *conn, int cnum, uint16 vuid)
 {
   user_struct *vuser = get_valid_user_struct(vuid);
   int snum,gid;
@@ -217,23 +215,23 @@ BOOL become_user(int cnum, uint16 vuid)
 
   unbecome_user();
 
-  if (!OPEN_CNUM(cnum)) {
+  if (!(VALID_CNUM(cnum) && conn->open)) {
     DEBUG(2,("Connection %d not open\n",cnum));
     return(False);
   }
 
-  snum = Connections[cnum].service;
+  snum = conn->service;
 
-  if (Connections[cnum].force_user || 
+  if (conn->force_user || 
       lp_security() == SEC_SHARE ||
       !(vuser) || (vuser->guest) ||
-      !check_user_ok(cnum,vuser,snum))
+      !check_user_ok(conn, vuser, snum))
   {
-    uid = Connections[cnum].uid;
-    gid = Connections[cnum].gid;
-    current_user.groups = Connections[cnum].groups;
-    current_user.igroups = Connections[cnum].igroups;
-    current_user.ngroups = Connections[cnum].ngroups;
+    uid = conn->uid;
+    gid = conn->gid;
+    current_user.groups = conn->groups;
+    current_user.igroups = conn->igroups;
+    current_user.ngroups = conn->ngroups;
     current_user.attrs   = vuser->attrs;
   }
   else
@@ -246,7 +244,7 @@ BOOL become_user(int cnum, uint16 vuid)
     if(!*lp_force_group(snum))
       gid = vuser->gid;
     else
-      gid = Connections[cnum].gid;
+      gid = conn->gid;
     current_user.ngroups = vuser->n_groups;
     current_user.groups  = vuser->groups;
     current_user.igroups = vuser->igroups;
@@ -258,7 +256,7 @@ BOOL become_user(int cnum, uint16 vuid)
       if (!become_gid(gid)) return(False);
 
 #ifndef NO_SETGROUPS      
-      if (!IS_IPC(cnum)) {
+      if (!(VALID_CNUM(cnum) && conn->ipc)) {
 	/* groups stuff added by ih/wreu */
 	if (current_user.ngroups > 0)
 	  if (setgroups(current_user.ngroups,current_user.groups)<0)
@@ -266,7 +264,7 @@ BOOL become_user(int cnum, uint16 vuid)
       }
 #endif
 
-      if (!Connections[cnum].admin_user && !become_uid(uid))
+      if (!conn->admin_user && !become_uid(uid))
 	return(False);
     }