diff options
| author | Simo Sorce <idra@samba.org> | 2003-08-02 20:06:57 +0000 |
|---|---|---|
| committer | Simo Sorce <idra@samba.org> | 2003-08-02 20:06:57 +0000 |
| commit | 04bf12b176d5abe06b7f1401810369bcafe0b611 (patch) | |
| tree | 8bb6627c3ffa4cab902787b874206f8012a33e3a /source3/utils | |
| parent | 7efce478976e2ac71bcaf4e4d1049bb263634711 (diff) | |
| download | samba-04bf12b176d5abe06b7f1401810369bcafe0b611.tar.gz samba-04bf12b176d5abe06b7f1401810369bcafe0b611.tar.bz2 samba-04bf12b176d5abe06b7f1401810369bcafe0b611.zip | |
port latest changes from SAMBA_3_0 tree
(This used to be commit 3101c236b8241dc0183995ffceed551876427de4)
Diffstat (limited to 'source3/utils')
| -rw-r--r-- | source3/utils/net.c | 32 | ||||
| -rw-r--r-- | source3/utils/net_ads.c | 8 | ||||
| -rw-r--r-- | source3/utils/net_cache.c | 2 | ||||
| -rw-r--r-- | source3/utils/net_idmap.c | 9 | ||||
| -rw-r--r-- | source3/utils/net_rpc_samsync.c | 13 | ||||
| -rw-r--r-- | source3/utils/net_time.c | 4 | ||||
| -rw-r--r-- | source3/utils/ntlm_auth.c | 509 | ||||
| -rw-r--r-- | source3/utils/pdbedit.c | 22 | ||||
| -rw-r--r-- | source3/utils/smbcacls.c | 3 | ||||
| -rw-r--r-- | source3/utils/smbcontrol.c | 6 | ||||
| -rw-r--r-- | source3/utils/smbcquotas.c | 3 | ||||
| -rw-r--r-- | source3/utils/smbpasswd.c | 15 | ||||
| -rw-r--r-- | source3/utils/status.c | 5 |
13 files changed, 548 insertions, 83 deletions
diff --git a/source3/utils/net.c b/source3/utils/net.c index e643a3d10d..8f6b09a3fa 100644 --- a/source3/utils/net.c +++ b/source3/utils/net.c @@ -77,20 +77,7 @@ static int opt_machine_pass = 0; BOOL opt_have_ip = False; struct in_addr opt_dest_ip; -/***************************************************************************** - stubb functions -****************************************************************************/ - -void become_root( void ) -{ - return; -} - -void unbecome_root( void ) -{ - return; -} - +extern BOOL AllowDebugChange; uint32 get_sec_channel_type(const char *param) { @@ -154,7 +141,7 @@ NTSTATUS connect_to_ipc(struct cli_state **c, struct in_addr *server_ip, server_ip, opt_port, "IPC$", "IPC", opt_user_name, opt_workgroup, - opt_password, 0, NULL); + opt_password, 0, Undefined, NULL); if (NT_STATUS_IS_OK(nt_status)) { return nt_status; @@ -184,7 +171,7 @@ NTSTATUS connect_to_ipc_anonymous(struct cli_state **c, server_ip, opt_port, "IPC$", "IPC", "", "", - "", 0, NULL); + "", 0, Undefined, NULL); if (NT_STATUS_IS_OK(nt_status)) { return nt_status; @@ -580,6 +567,8 @@ static struct functable net_func[] = { zero_ip(&opt_dest_ip); + /* set default debug level to 0 regardless of what smb.conf sets */ + DEBUGLEVEL_CLASS[DBGC_ALL] = 0; dbf = x_stderr; pc = poptGetContext(NULL, argc, (const char **) argv, long_options, @@ -615,9 +604,14 @@ static struct functable net_func[] = { } } - lp_load(dyn_CONFIGFILE,True,False,False); - - argv_new = (const char **)poptGetArgs(pc); + /* + * Don't load debug level from smb.conf. It should be + * set by cmdline arg or remain default (0) + */ + AllowDebugChange = False; + lp_load(dyn_CONFIGFILE,True,False,False); + + argv_new = (const char **)poptGetArgs(pc); argc_new = argc; for (i=0; i<argc; i++) { diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 69d282420d..631e235127 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -68,7 +68,7 @@ static int net_ads_lookup(int argc, const char **argv) { ADS_STRUCT *ads; - ads = ads_init(NULL, NULL, opt_host); + ads = ads_init(NULL, opt_target_workgroup, opt_host); if (ads) { ads->auth.flags |= ADS_AUTH_NO_BIND; } @@ -89,7 +89,7 @@ static int net_ads_info(int argc, const char **argv) { ADS_STRUCT *ads; - ads = ads_init(NULL, NULL, opt_host); + ads = ads_init(NULL, opt_target_workgroup, opt_host); if (ads) { ads->auth.flags |= ADS_AUTH_NO_BIND; @@ -129,7 +129,7 @@ static ADS_STRUCT *ads_startup(void) BOOL second_time = False; char *cp; - ads = ads_init(NULL, NULL, opt_host); + ads = ads_init(NULL, opt_target_workgroup, opt_host); if (!opt_user_name) { opt_user_name = "administrator"; @@ -848,7 +848,7 @@ static int net_ads_printer_publish(int argc, const char **argv) opt_user_name, opt_workgroup, opt_password ? opt_password : "", CLI_FULL_CONNECTION_USE_KERBEROS, - NULL); + Undefined, NULL); if (NT_STATUS_IS_ERR(nt_status)) { d_printf("Unable to open a connnection to %s to obtain data " diff --git a/source3/utils/net_cache.c b/source3/utils/net_cache.c index 8dd9db599d..a955916458 100644 --- a/source3/utils/net_cache.c +++ b/source3/utils/net_cache.c @@ -214,7 +214,7 @@ static int net_cache_del(int argc, const char **argv) const char *keystr = argv[0]; if (argc < 1) { - d_printf("\nUsage: net cache add <key string>\n"); + d_printf("\nUsage: net cache del <key string>\n"); return -1; } diff --git a/source3/utils/net_idmap.c b/source3/utils/net_idmap.c index 689d4ff813..b035d8d2f1 100644 --- a/source3/utils/net_idmap.c +++ b/source3/utils/net_idmap.c @@ -95,10 +95,14 @@ static int net_idmap_restore(int argc, const char **argv) if ( (len > 0) && (line[len-1] == '\n') ) line[len-1] = '\0'; + /* Yuck - this is broken for sizeof(gid_t) != sizeof(int) */ + if (sscanf(line, "GID %d %s", &id.gid, sid_string) == 2) { type = ID_GROUPID; } + /* Yuck - this is broken for sizeof(uid_t) != sizeof(int) */ + if (sscanf(line, "UID %d %s", &id.uid, sid_string) == 2) { type = ID_USERID; } @@ -114,9 +118,10 @@ static int net_idmap_restore(int argc, const char **argv) } if (!NT_STATUS_IS_OK(idmap_set_mapping(&sid, id, type))) { - d_printf("Could not set mapping of %s %d to sid %s\n", + d_printf("Could not set mapping of %s %lu to sid %s\n", (type == ID_GROUPID) ? "GID" : "UID", - (type == ID_GROUPID) ? id.gid : id.uid, + (type == ID_GROUPID) ? (unsigned long)id.gid: + (unsigned long)id.uid, sid_string_static(&sid)); continue; } diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index e5e9a68b2e..9eadbbbade 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -400,8 +400,7 @@ sam_account_from_delta(SAM_ACCOUNT *account, SAM_ACCOUNT_INFO *delta) return NT_STATUS_OK; } -static NTSTATUS -fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) +static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) { NTSTATUS nt_ret; fstring account; @@ -429,6 +428,7 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) (delta->acb_info & ACB_DOMTRUST) ) { pstrcpy(add_script, lp_addmachine_script()); } else { + *add_script = '\0'; DEBUG(1, ("Unknown user type: %s\n", smbpasswd_encode_acb_info(delta->acb_info))); } @@ -439,8 +439,7 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) add_ret = smbrun(add_script,NULL); DEBUG(1,("fetch_account: Running the command `%s' " "gave %d\n", add_script, add_ret)); - } - else { + } else { DEBUG(8,("fetch_account_info: no add user/machine script. Asking winbindd\n")); /* don't need a RID allocated since the user already has a SID */ @@ -487,8 +486,8 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) } else { if (map.gid != passwd->pw_gid) { if (!(grp = getgrgid(map.gid))) { - DEBUG(0, ("Could not find unix group %d for user %s (group SID=%s)\n", - map.gid, pdb_get_username(sam_account), sid_string_static(&group_sid))); + DEBUG(0, ("Could not find unix group %lu for user %s (group SID=%s)\n", + (unsigned long)map.gid, pdb_get_username(sam_account), sid_string_static(&group_sid))); } else { smb_set_primary_group(grp->gr_name, pdb_get_username(sam_account)); } @@ -585,7 +584,7 @@ fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) } if (!(grp = getgrgid(map.gid))) { - DEBUG(0, ("Could not find unix group %d\n", map.gid)); + DEBUG(0, ("Could not find unix group %lu\n", (unsigned long)map.gid)); return NT_STATUS_NO_SUCH_GROUP; } diff --git a/source3/utils/net_time.c b/source3/utils/net_time.c index 40619a0796..45c1783805 100644 --- a/source3/utils/net_time.c +++ b/source3/utils/net_time.c @@ -71,12 +71,12 @@ static time_t nettime(int *zone) /* return a time as a string ready to be passed to /bin/date */ static char *systime(time_t t) { - static char s[100]; + static fstring s; struct tm *tm; tm = localtime(&t); - snprintf(s, sizeof(s), "%02d%02d%02d%02d%04d.%02d", + fstr_sprintf(s, "%02d%02d%02d%02d%04d.%02d", tm->tm_mon+1, tm->tm_mday, tm->tm_hour, tm->tm_min, tm->tm_year + 1900, tm->tm_sec); return s; diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c index 3dfa157bda..1d36a7ce52 100644 --- a/source3/utils/ntlm_auth.c +++ b/source3/utils/ntlm_auth.c @@ -32,7 +32,9 @@ enum squid_mode { SQUID_2_4_BASIC, SQUID_2_5_BASIC, - SQUID_2_5_NTLMSSP + SQUID_2_5_NTLMSSP, + GSS_SPNEGO, + GSS_SPNEGO_CLIENT }; @@ -342,6 +344,501 @@ static void manage_squid_basic_request(enum squid_mode squid_mode, } } +static void offer_gss_spnego_mechs(void) { + + DATA_BLOB token; + ASN1_DATA asn1; + SPNEGO_DATA spnego; + ssize_t len; + char *reply_base64; + + ZERO_STRUCT(spnego); + + /* Server negTokenInit (mech offerings) */ + spnego.type = SPNEGO_NEG_TOKEN_INIT; + spnego.negTokenInit.mechTypes = smb_xmalloc(sizeof(char *) * 2); + spnego.negTokenInit.mechTypes[0] = smb_xstrdup(OID_NTLMSSP); + spnego.negTokenInit.mechTypes[1] = NULL; + + ZERO_STRUCT(asn1); + asn1_push_tag(&asn1, ASN1_SEQUENCE(0)); + asn1_push_tag(&asn1, ASN1_CONTEXT(0)); + asn1_write_GeneralString(&asn1, "NONE"); + asn1_pop_tag(&asn1); + asn1_pop_tag(&asn1); + spnego.negTokenInit.mechListMIC = data_blob(asn1.data, asn1.length); + asn1_free(&asn1); + + len = write_spnego_data(&token, &spnego); + free_spnego_data(&spnego); + + if (len == -1) { + DEBUG(1, ("Could not write SPNEGO data blob\n")); + x_fprintf(x_stdout, "BH\n"); + return; + } + + reply_base64 = base64_encode_data_blob(token); + x_fprintf(x_stdout, "TT %s *\n", reply_base64); + + SAFE_FREE(reply_base64); + data_blob_free(&token); + DEBUG(10, ("sent SPNEGO negTokenInit\n")); + return; +} + +static void manage_gss_spnego_request(enum squid_mode squid_mode, + char *buf, int length) +{ + static NTLMSSP_STATE *ntlmssp_state = NULL; + SPNEGO_DATA spnego; + DATA_BLOB request, token; + NTSTATUS status; + ssize_t len; + + const char *reply_code; + char *reply_base64; + pstring reply_argument; + + if (strlen(buf) < 2) { + + if (ntlmssp_state != NULL) { + DEBUG(1, ("Request for initial SPNEGO request where " + "we already have a state\n")); + x_fprintf(x_stdout, "BH\n"); + return; + } + + DEBUG(1, ("NTLMSSP query [%s] invalid", buf)); + x_fprintf(x_stdout, "BH\n"); + return; + } + + if ( (strlen(buf) == 2) && (strcmp(buf, "YR") == 0) ) { + + /* Initial request, get the negTokenInit offering + mechanisms */ + + offer_gss_spnego_mechs(); + return; + } + + /* All subsequent requests are "KK" (Knock, Knock ;)) and have + a blob. This might be negTokenInit or negTokenTarg */ + + if ( (strlen(buf) <= 3) || (strncmp(buf, "KK", 2) != 0) ) { + DEBUG(1, ("GSS-SPNEGO query [%s] invalid\n", buf)); + x_fprintf(x_stdout, "BH\n"); + return; + } + + request = base64_decode_data_blob(buf + 3); + len = read_spnego_data(request, &spnego); + data_blob_free(&request); + + if (len == -1) { + DEBUG(1, ("GSS-SPNEGO query [%s] invalid", buf)); + x_fprintf(x_stdout, "BH\n"); + return; + } + + if (spnego.type == SPNEGO_NEG_TOKEN_INIT) { + + /* Second request from Client. This is where the + client offers its mechanism to use. We currently + only support NTLMSSP, the decision for Kerberos + would be taken here. */ + + if ( (spnego.negTokenInit.mechTypes == NULL) || + (spnego.negTokenInit.mechTypes[0] == NULL) ) { + DEBUG(1, ("Client did not offer any mechanism")); + x_fprintf(x_stdout, "BH\n"); + return; + } + + if ( strcmp(spnego.negTokenInit.mechTypes[0], OID_NTLMSSP) != 0 ) { + DEBUG(1, ("Client did not choose NTLMSSP but %s\n", + spnego.negTokenInit.mechTypes[0])); + x_fprintf(x_stdout, "BH\n"); + return; + } + + if ( spnego.negTokenInit.mechToken.data == NULL ) { + DEBUG(1, ("Client did not provide NTLMSSP data\n")); + x_fprintf(x_stdout, "BH\n"); + return; + } + + if ( ntlmssp_state != NULL ) { + DEBUG(1, ("Client wants a new NTLMSSP challenge, but " + "already got one\n")); + x_fprintf(x_stdout, "BH\n"); + ntlmssp_server_end(&ntlmssp_state); + return; + } + + ntlmssp_server_start(&ntlmssp_state); + ntlmssp_state->check_password = winbind_pw_check; + ntlmssp_state->get_domain = get_winbind_domain; + ntlmssp_state->get_global_myname = get_winbind_netbios_name; + + DEBUG(10, ("got NTLMSSP packet:\n")); + dump_data(10, spnego.negTokenInit.mechToken.data, + spnego.negTokenInit.mechToken.length); + + free_spnego_data(&spnego); + + spnego.type = SPNEGO_NEG_TOKEN_TARG; + spnego.negTokenTarg.negResult = SPNEGO_ACCEPT_INCOMPLETE; + spnego.negTokenTarg.supportedMech = strdup(OID_NTLMSSP); + + status = ntlmssp_server_update(ntlmssp_state, + spnego.negTokenInit.mechToken, + &spnego.negTokenTarg.responseToken); + + } else { + + /* spnego.type == SPNEGO_NEG_TOKEN_TARG */ + + DATA_BLOB response; + + if (spnego.negTokenTarg.responseToken.data == NULL) { + DEBUG(1, ("Got a negTokenArg without a responseToken!\n")); + x_fprintf(x_stdout, "BH\n"); + return; + } + + status = ntlmssp_server_update(ntlmssp_state, + spnego.negTokenTarg.responseToken, + &response); + + data_blob_free(&spnego.negTokenTarg.responseToken); + + spnego.negTokenTarg.responseToken = response; + + } + + if (NT_STATUS_IS_OK(status)) { + spnego.negTokenTarg.negResult = SPNEGO_ACCEPT_COMPLETED; + reply_code = "AF"; + pstr_sprintf(reply_argument, "%s\\%s", + ntlmssp_state->domain, ntlmssp_state->user); + } else if (NT_STATUS_EQUAL(status, + NT_STATUS_MORE_PROCESSING_REQUIRED)) { + spnego.negTokenTarg.negResult = SPNEGO_ACCEPT_INCOMPLETE; + reply_code = "TT"; + pstr_sprintf(reply_argument, "*"); + } else { + spnego.negTokenTarg.negResult = SPNEGO_REJECT; + reply_code = "NA"; + pstrcpy(reply_argument, nt_errstr(status)); + } + + len = write_spnego_data(&token, &spnego); + free_spnego_data(&spnego); + + if (len == -1) { + DEBUG(1, ("Could not write SPNEGO data blob\n")); + x_fprintf(x_stdout, "BH\n"); + return; + } + + reply_base64 = base64_encode_data_blob(token); + + x_fprintf(x_stdout, "%s %s %s\n", + reply_code, reply_base64, reply_argument); + + SAFE_FREE(reply_base64); + data_blob_free(&token); + + if (NT_STATUS_IS_OK(status)) { + ntlmssp_server_end(&ntlmssp_state); + } + + return; +} + +static NTLMSSP_CLIENT_STATE *client_ntlmssp_state = NULL; + +static void manage_client_ntlmssp_init(SPNEGO_DATA spnego) +{ + NTSTATUS status; + DATA_BLOB null_blob = data_blob(NULL, 0); + DATA_BLOB to_server; + char *to_server_base64; + const char *my_mechs[] = {OID_NTLMSSP, NULL}; + + DEBUG(10, ("Got spnego negTokenInit with NTLMSSP\n")); + + if (client_ntlmssp_state != NULL) { + DEBUG(1, ("Request for initial SPNEGO request where " + "we already have a state\n")); + x_fprintf(x_stdout, "BH\n"); + return; + } + + if ( (opt_username == NULL) || (opt_domain == NULL) ) { + DEBUG(1, ("Need username and domain for NTLMSSP\n")); + x_fprintf(x_stdout, "BH\n"); + return; + } + + if (opt_password == NULL) { + + /* Request a password from the calling process. After + sending it, the calling process should retry with + the negTokenInit. */ + + DEBUG(10, ("Requesting password\n")); + x_fprintf(x_stdout, "PW\n"); + return; + } + + status = ntlmssp_client_start(&client_ntlmssp_state); + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1, ("Could not start NTLMSSP client: %s\n", + nt_errstr(status))); + x_fprintf(x_stdout, "BH\n"); + ntlmssp_client_end(&client_ntlmssp_state); + return; + } + + status = ntlmssp_set_username(client_ntlmssp_state, opt_username); + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1, ("Could not set username: %s\n", + nt_errstr(status))); + x_fprintf(x_stdout, "BH\n"); + ntlmssp_client_end(&client_ntlmssp_state); + return; + } + + status = ntlmssp_set_domain(client_ntlmssp_state, opt_domain); + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1, ("Could not set domain: %s\n", + nt_errstr(status))); + x_fprintf(x_stdout, "BH\n"); + ntlmssp_client_end(&client_ntlmssp_state); + return; + } + + status = ntlmssp_set_password(client_ntlmssp_state, opt_password); + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1, ("Could not set password: %s\n", + nt_errstr(status))); + x_fprintf(x_stdout, "BH\n"); + ntlmssp_client_end(&client_ntlmssp_state); + return; + } + + spnego.type = SPNEGO_NEG_TOKEN_INIT; + spnego.negTokenInit.mechTypes = my_mechs; + spnego.negTokenInit.reqFlags = 0; + spnego.negTokenInit.mechListMIC = null_blob; + + status = ntlmssp_client_update(client_ntlmssp_state, null_blob, + &spnego.negTokenInit.mechToken); + + if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { + DEBUG(1, ("Expected MORE_PROCESSING_REQUIRED, got: %s\n", + nt_errstr(status))); + x_fprintf(x_stdout, "BH\n"); + ntlmssp_client_end(&client_ntlmssp_state); + return; + } + + write_spnego_data(&to_server, &spnego); + data_blob_free(&spnego.negTokenInit.mechToken); + + to_server_base64 = base64_encode_data_blob(to_server); + data_blob_free(&to_server); + x_fprintf(x_stdout, "KK %s\n", to_server_base64); + SAFE_FREE(to_server_base64); + return; +} + +static void manage_client_ntlmssp_targ(SPNEGO_DATA spnego) +{ + NTSTATUS status; + DATA_BLOB null_blob = data_blob(NULL, 0); + DATA_BLOB request; + DATA_BLOB to_server; + char *to_server_base64; + + DEBUG(10, ("Got spnego negTokenTarg with NTLMSSP\n")); + + if (client_ntlmssp_state == NULL) { + DEBUG(1, ("Got NTLMSSP tArg without a client state\n")); + x_fprintf(x_stdout, "BH\n"); + ntlmssp_client_end(&client_ntlmssp_state); + return; + } + + if (spnego.negTokenTarg.negResult == SPNEGO_REJECT) { + x_fprintf(x_stdout, "NA\n"); + ntlmssp_client_end(&client_ntlmssp_state); + return; + } + + if (spnego.negTokenTarg.negResult == SPNEGO_ACCEPT_COMPLETED) { + x_fprintf(x_stdout, "AF\n"); + ntlmssp_client_end(&client_ntlmssp_state); + return; + } + + status = ntlmssp_client_update(client_ntlmssp_state, + spnego.negTokenTarg.responseToken, + &request); + + if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { + DEBUG(1, ("Expected MORE_PROCESSING_REQUIRED from " + "ntlmssp_client_update, got: %s\n", + nt_errstr(status))); + x_fprintf(x_stdout, "BH\n"); + data_blob_free(&request); + ntlmssp_client_end(&client_ntlmssp_state); + return; + } + + spnego.type = SPNEGO_NEG_TOKEN_TARG; + spnego.negTokenTarg.negResult = SPNEGO_ACCEPT_INCOMPLETE; + spnego.negTokenTarg.supportedMech = OID_NTLMSSP; + spnego.negTokenTarg.responseToken = request; + spnego.negTokenTarg.mechListMIC = null_blob; + + write_spnego_data(&to_server, &spnego); + data_blob_free(&request); + + to_server_base64 = base64_encode_data_blob(to_server); + data_blob_free(&to_server); + x_fprintf(x_stdout, "KK %s\n", to_server_base64); + SAFE_FREE(to_server_base64); + return; +} + +static void manage_client_krb5_init(SPNEGO_DATA spnego) +{ + DEBUG(1, ("to be done ... \n")); + x_fprintf(x_stdout, "BH\n"); + return; +} + +static void manage_client_krb5_targ(SPNEGO_DATA spnego) +{ + DEBUG(1, ("Got a negTokenTarg with a Kerberos token. This should not " + "happen!\n")); + x_fprintf(x_stdout, "BH\n"); + return; +} + +static void manage_gss_spnego_client_request(enum squid_mode squid_mode, + char *buf, int length) +{ + DATA_BLOB request; + SPNEGO_DATA spnego; + ssize_t len; + + if (strlen(buf) <= 3) { + DEBUG(1, ("SPNEGO query [%s] too short\n", buf)); + x_fprintf(x_stdout, "BH\n"); + return; + } + + request = base64_decode_data_blob(buf+3); + + if (strncmp(buf, "PW ", 3) == 0) { + + /* We asked for a password and obviously got it :-) */ + + opt_password = strndup(request.data, request.length); + + if (opt_password == NULL) { + DEBUG(1, ("Out of memory\n")); + x_fprintf(x_stdout, "BH\n"); + data_blob_free(&request); + return; + } + + x_fprintf(x_stdout, "OK\n"); + data_blob_free(&request); + return; + } + + if ( (strncmp(buf, "TT ", 3) != 0) && + (strncmp(buf, "AF ", 3) != 0) && + (strncmp(buf, "NA ", 3) != 0) ) { + DEBUG(1, ("SPNEGO request [%s] invalid\n", buf)); + x_fprintf(x_stdout, "BH\n"); + data_blob_free(&request); + return; + } + + /* So we got a server challenge to generate a SPNEGO + client-to-server request... */ + + len = read_spnego_data(request, &spnego); + data_blob_free(&request); + + if (len == -1) { + DEBUG(1, ("Could not read SPNEGO data for [%s]\n", buf)); + x_fprintf(x_stdout, "BH\n"); + return; + } + + if (spnego.type == SPNEGO_NEG_TOKEN_INIT) { + + /* The server offers a list of mechanisms */ + + const char **mechType = spnego.negTokenInit.mechTypes; + + while (*mechType != NULL) { + + if (strcmp(*mechType, OID_NTLMSSP) == 0) { + manage_client_ntlmssp_init(spnego); + goto out; + } + + if (strcmp(*mechType, OID_KERBEROS5_OLD) == 0) { + manage_client_krb5_init(spnego); + goto out; + } + + mechType++; + } + + DEBUG(1, ("Server offered no compatible mechanism\n")); + x_fprintf(x_stdout, "BH\n"); + return; + } + + if (spnego.type == SPNEGO_NEG_TOKEN_TARG) { + + if (strcmp(spnego.negTokenTarg.supportedMech, + OID_NTLMSSP) == 0) { + manage_client_ntlmssp_targ(spnego); + goto out; + } + + if (strcmp(spnego.negTokenTarg.supportedMech, + OID_KERBEROS5_OLD) == 0) { + manage_client_krb5_targ(spnego); + goto out; + } + + } + + DEBUG(1, ("Got an SPNEGO token I could not handle [%s]!\n", buf)); + x_fprintf(x_stdout, "BH\n"); + return; + + out: + free_spnego_data(&spnego); + return; +} + static void manage_squid_request(enum squid_mode squid_mode) { char buf[SQUID_BUFFER_SIZE+1]; @@ -383,6 +880,10 @@ static void manage_squid_request(enum squid_mode squid_mode) manage_squid_basic_request(squid_mode, buf, length); } else if (squid_mode == SQUID_2_5_NTLMSSP) { manage_squid_ntlmssp_request(squid_mode, buf, length); + } else if (squid_mode == GSS_SPNEGO) { + manage_gss_spnego_request(squid_mode, buf, length); + } else if (squid_mode == GSS_SPNEGO_CLIENT) { + manage_gss_spnego_client_request(squid_mode, buf, length); } } @@ -1334,6 +1835,10 @@ enum { squid_stream(SQUID_2_5_BASIC); } else if (strcmp(helper_protocol, "squid-2.4-basic")== 0) { squid_stream(SQUID_2_4_BASIC); + } else if (strcmp(helper_protocol, "gss-spnego")== 0) { + squid_stream(GSS_SPNEGO); + } else if (strcmp(helper_protocol, "gss-spnego-client") == 0) { + squid_stream(GSS_SPNEGO_CLIENT); } else { x_fprintf(x_stderr, "unknown helper protocol [%s]\n", helper_protocol); exit(1); @@ -1372,7 +1877,7 @@ enum { } else { fstring user; - snprintf(user, sizeof(user)-1, "%s%c%s", opt_domain, winbind_separator(), opt_username); + fstr_sprintf(user, "%s%c%s", opt_domain, winbind_separator(), opt_username); if (!check_plaintext_auth(user, opt_password, True)) { exit(1); } diff --git a/source3/utils/pdbedit.c b/source3/utils/pdbedit.c index 96d0d3c057..0f1f6edf08 100644 --- a/source3/utils/pdbedit.c +++ b/source3/utils/pdbedit.c @@ -51,21 +51,6 @@ #define MASK_ALWAYS_GOOD 0x0000001F #define MASK_USER_GOOD 0x00401F00 -/***************************************************************************** - stubb functions -****************************************************************************/ - -void become_root( void ) -{ - return; -} - -void unbecome_root( void ) -{ - return; -} - - /********************************************************* Add all currently available users to another db ********************************************************/ @@ -176,16 +161,17 @@ static int print_sam_info (SAM_ACCOUNT *sam_pwent, BOOL verbosity, BOOL smbpwdst pdb_sethexpwd(lm_passwd, pdb_get_lanman_passwd(sam_pwent), pdb_get_acct_ctrl(sam_pwent)); pdb_sethexpwd(nt_passwd, pdb_get_nt_passwd(sam_pwent), pdb_get_acct_ctrl(sam_pwent)); - printf("%s:%d:%s:%s:%s:LCT-%08X:\n", + printf("%s:%lu:%s:%s:%s:LCT-%08X:\n", pdb_get_username(sam_pwent), - uid, + (unsigned long)uid, lm_passwd, nt_passwd, pdb_encode_acct_ctrl(pdb_get_acct_ctrl(sam_pwent),NEW_PW_FORMAT_SPACE_PADDED_LEN), (uint32)pdb_get_pass_last_set_time(sam_pwent)); } else { uid = nametouid(pdb_get_username(sam_pwent)); - printf ("%s:%d:%s\n", pdb_get_username(sam_pwent), uid, pdb_get_fullname(sam_pwent)); + printf ("%s:%lu:%s\n", pdb_get_username(sam_pwent), (unsigned long)uid, + pdb_get_fullname(sam_pwent)); } return 0; diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c index 69dc2dd47a..c90c042106 100644 --- a/source3/utils/smbcacls.c +++ b/source3/utils/smbcacls.c @@ -724,7 +724,8 @@ static struct cli_state *connect_one(const char *share) &ip, 0, share, "?????", cmdline_auth_info.username, lp_workgroup(), - cmdline_auth_info.password, 0, NULL))) { + cmdline_auth_info.password, 0, + cmdline_auth_info.signing_state, NULL))) { return c; } else { DEBUG(0,("cli_full_connection failed! (%s)\n", nt_errstr(nt_status))); diff --git a/source3/utils/smbcontrol.c b/source3/utils/smbcontrol.c index b7333f2317..190627e2a5 100644 --- a/source3/utils/smbcontrol.c +++ b/source3/utils/smbcontrol.c @@ -591,12 +591,6 @@ static const struct { { NULL } }; -/* Yuck - we need these because we link to printing*.o even though - they aren't used. */ - -void become_root(void) {} -void unbecome_root(void) {} - /* Display usage information */ static void usage(poptContext *pc) diff --git a/source3/utils/smbcquotas.c b/source3/utils/smbcquotas.c index 9c7379ca2a..64321d5bfc 100644 --- a/source3/utils/smbcquotas.c +++ b/source3/utils/smbcquotas.c @@ -371,7 +371,8 @@ static struct cli_state *connect_one(const char *share) &ip, 0, share, "?????", cmdline_auth_info.username, lp_workgroup(), - cmdline_auth_info.password, 0, NULL))) { + cmdline_auth_info.password, 0, + cmdline_auth_info.signing_state, NULL))) { return c; } else { DEBUG(0,("cli_full_connection failed! (%s)\n", nt_errstr(nt_status))); diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c index eade5331af..6ab6d35e73 100644 --- a/source3/utils/smbpasswd.c +++ b/source3/utils/smbpasswd.c @@ -37,21 +37,6 @@ static const char *remote_machine = NULL; static fstring ldap_secret; -/***************************************************************************** - stubb functions -****************************************************************************/ - -void become_root( void ) -{ - return; -} - -void unbecome_root( void ) -{ - return; -} - - /********************************************************* Print command usage on stderr and die. **********************************************************/ diff --git a/source3/utils/status.c b/source3/utils/status.c index bbaeecdd6b..8bf67fc4d6 100644 --- a/source3/utils/status.c +++ b/source3/utils/status.c @@ -45,11 +45,6 @@ static int locks_only = 0; /* Added by RJS */ static BOOL processes_only=False; static int show_brl; -/* we need these because we link to locking*.o */ - void become_root(void) {} - void unbecome_root(void) {} - - /* added by OH */ static void Ucrit_addUsername(const char *username) { |