summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2000-01-03 06:30:50 +0000
committerAndrew Tridgell <tridge@samba.org>2000-01-03 06:30:50 +0000
commit632b4f806eae15e319b8f62caef5d25634cf720c (patch)
treec80dee43c351194241e6b989d11df5c7050e2ff7 /source3/smbd
parent8d1d27b43c9b5a8e6252126ccd15054b003b5f28 (diff)
downloadsamba-632b4f806eae15e319b8f62caef5d25634cf720c.tar.gz
samba-632b4f806eae15e319b8f62caef5d25634cf720c.tar.bz2
samba-632b4f806eae15e319b8f62caef5d25634cf720c.zip
added suppport for unexpected udp/138 packets
I also fixed up the lookup_pdc_name() code so that it now works, even with a NT server that insists on replying to udp/138. The method I used to match packets was to use the mailslot string as a datagram ID. The true dgm_id doesn't work as NT doesn't set it correctly. uggh. PS: Jeremy, I had to change your code quite a bit, are you sure this worked with a Samba PDC?? The code looked broken, it got the offsets wrong in the SMB portion of the packet and filled in the IP incorrectly. (This used to be commit 32f66f4ea63038cb4b3785bdf1762abdde076f5d)
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/password.c163
1 files changed, 88 insertions, 75 deletions
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 9792c9ebc8..ca588c6681 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -959,16 +959,18 @@ struct cli_state *server_cryptkey(void)
struct cli_state *cli;
fstring desthost;
struct in_addr dest_ip;
- char *p;
- BOOL connected_ok = False;
+ char *p, *pserver;
+ BOOL connected_ok = False;
cli = server_client();
if (!cli_initialise(cli))
return NULL;
- p = lp_passwordserver();
- while(p && next_token( &p, desthost, LIST_SEP, sizeof(desthost))) {
+ pserver = strdup(lp_passwordserver());
+ p = pserver;
+
+ while(next_token( &p, desthost, LIST_SEP, sizeof(desthost))) {
standard_sub_basic(desthost);
strupper(desthost);
@@ -989,6 +991,8 @@ struct cli_state *server_cryptkey(void)
}
}
+ free(pserver);
+
if (!connected_ok) {
DEBUG(0,("password server not available\n"));
cli_shutdown(cli);
@@ -1249,15 +1253,79 @@ static BOOL attempt_connect_to_dc(struct cli_state *pcli, struct in_addr *ip, un
* Ignore addresses we have already tried.
*/
- if(ip_equal(ipzero, *ip))
- return False;
+ if (ip_equal(ipzero, *ip))
+ return False;
- if(!lookup_pdc_name(global_myname, lp_workgroup(), ip, dc_name))
- return False;
+ if (!lookup_pdc_name(global_myname, lp_workgroup(), ip, dc_name))
+ return False;
return connect_to_domain_password_server(pcli, dc_name, trust_passwd);
}
+
+
+/***********************************************************************
+ We have been asked to dynamcially determine the IP addresses of
+ the PDC and BDC's for this DOMAIN, and query them in turn.
+************************************************************************/
+static BOOL find_connect_pdc(struct cli_state *pcli, unsigned char *trust_passwd)
+{
+ struct in_addr *ip_list = NULL;
+ int count = 0;
+ int i;
+ BOOL connected_ok = False;
+
+ if (!get_dc_list(lp_workgroup(), &ip_list, &count))
+ return False;
+
+ /*
+ * Firstly try and contact a PDC/BDC who has the same
+ * network address as any of our interfaces.
+ */
+ for(i = 0; i < count; i++) {
+ if(!is_local_net(ip_list[i]))
+ continue;
+
+ if((connected_ok = attempt_connect_to_dc(pcli, &ip_list[i], trust_passwd)))
+ break;
+
+ ip_list[i] = ipzero; /* Tried and failed. */
+ }
+
+ /*
+ * Secondly try and contact a random PDC/BDC.
+ */
+ if(!connected_ok) {
+ i = (sys_random() % count);
+
+ if (!(connected_ok = attempt_connect_to_dc(pcli, &ip_list[i], trust_passwd)))
+ ip_list[i] = ipzero; /* Tried and failed. */
+ }
+
+ /*
+ * Finally go through the IP list in turn, ignoring any addresses
+ * we have already tried.
+ */
+ if(!connected_ok) {
+ /*
+ * Try and connect to any of the other IP addresses in the PDC/BDC list.
+ * Note that from a WINS server the #1 IP address is the PDC.
+ */
+ for(i = 0; i < count; i++) {
+ if((connected_ok = attempt_connect_to_dc(pcli, &ip_list[i], trust_passwd)))
+ break;
+ }
+ }
+
+ if(ip_list != NULL)
+ free((char *)ip_list);
+
+
+ return connected_ok;
+}
+
+
+
/***********************************************************************
Do the same as security=server, but using NT Domain calls and a session
key from the machine password.
@@ -1273,7 +1341,7 @@ BOOL domain_client_validate( char *user, char *domain,
unsigned char local_nt_reponse[24];
unsigned char trust_passwd[16];
fstring remote_machine;
- char *p;
+ char *p, *pserver;
NET_ID_INFO_CTR ctr;
NET_USER_INFO_3 info3;
struct cli_state cli;
@@ -1349,75 +1417,20 @@ BOOL domain_client_validate( char *user, char *domain,
* PDC/BDC. Contact each in turn and try and authenticate.
*/
- p = lp_passwordserver();
- while(!connected_ok && p &&
- next_token(&p,remote_machine,LIST_SEP,sizeof(remote_machine))) {
- if(strequal(remote_machine, "*")) {
-
- /*
- * We have been asked to dynamcially determine the IP addresses of
- * the PDC and BDC's for this DOMAIN, and query them in turn.
- */
-
- struct in_addr *ip_list = NULL;
- int count = 0;
- int i;
-
- if(!get_dc_list(lp_workgroup(), &ip_list, &count))
- continue;
-
- /*
- * Firstly try and contact a PDC/BDC who has the same
- * network address as any of our interfaces.
- */
-
- for(i = 0; i < count; i++) {
- if(!is_local_net(ip_list[i]))
- continue;
-
- if((connected_ok = attempt_connect_to_dc(&cli, &ip_list[i], trust_passwd)))
- break;
-
- ip_list[i] = ipzero; /* Tried and failed. */
- }
-
- /*
- * Secondly try and contact a random PDC/BDC.
- */
-
- if(!connected_ok) {
- i = (sys_random() % count);
+ pserver = strdup(lp_passwordserver());
+ p = pserver;
- if(!(connected_ok = attempt_connect_to_dc(&cli, &ip_list[i], trust_passwd)))
- ip_list[i] = ipzero; /* Tried and failed. */
- }
-
- /*
- * Finally go through the IP list in turn, ignoring any addresses
- * we have already tried.
- */
-
- if(!connected_ok) {
-
- /*
- * Try and connect to any of the other IP addresses in the PDC/BDC list.
- * Note that from a WINS server the #1 IP address is the PDC.
- */
-
- for(i = 0; i < count; i++) {
- if((connected_ok = attempt_connect_to_dc(&cli, &ip_list[i], trust_passwd)))
- break;
- }
- }
-
- if(ip_list != NULL)
- free((char *)ip_list);
-
- } else {
- connected_ok = connect_to_domain_password_server(&cli, remote_machine, trust_passwd);
- }
+ while (!connected_ok &&
+ next_token(&p,remote_machine,LIST_SEP,sizeof(remote_machine))) {
+ if(strequal(remote_machine, "*")) {
+ connected_ok = find_connect_pdc(&cli, trust_passwd);
+ } else {
+ connected_ok = connect_to_domain_password_server(&cli, remote_machine, trust_passwd);
+ }
}
+ free(pserver);
+
if (!connected_ok) {
DEBUG(0,("domain_client_validate: Domain password server not available.\n"));
cli_shutdown(&cli);