summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/proto.h10
-rw-r--r--source3/lib/util_array.c13
-rw-r--r--source3/libsmb/clienttrust.c3
-rw-r--r--source3/rpc_client/cli_connect.c42
-rw-r--r--source3/rpc_client/cli_login.c28
-rwxr-xr-xsource3/rpc_server/srv_spoolss.c34
-rw-r--r--source3/rpcclient/cmd_netlogon.c9
-rw-r--r--source3/smbd/password.c64
8 files changed, 105 insertions, 98 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 8a0fb3d083..b29565f4b2 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -491,8 +491,6 @@ void* add_copy_to_array(uint32 *len, void ***array, const void *item,
void* add_item_to_array(uint32 *len, void ***array, void *item);
void free_char_array(uint32 num_entries, char **entries);
char* add_chars_to_array(uint32 *len, char ***array, const char *name);
-void free_con_array(uint32 num_entries, struct cli_connection **entries);
-struct cli_connection* add_con_to_array(uint32 *len, struct cli_connection ***array, struct cli_connection *con);
void free_uint32_array(uint32 num_entries, uint32 **entries);
uint32* add_uint32s_to_array(uint32 *len, uint32 ***array, const uint32 *name);
void free_unistr_array(uint32 num_entries, UNISTR2 **entries);
@@ -1801,6 +1799,7 @@ BOOL cli_connection_getsrv(const char* srv_name, const char* pipe_name,
BOOL cli_connection_get(const POLICY_HND *pol, struct cli_connection **con);
BOOL cli_pol_link(POLICY_HND *to, const POLICY_HND *from);
BOOL cli_get_con_sesskey(struct cli_connection *con, uchar sess_key[16]);
+BOOL cli_con_get_srvname(struct cli_connection *con, char *srv_name);
BOOL cli_get_sesskey(const POLICY_HND *pol, uchar sess_key[16]);
BOOL cli_get_sesskey_srv(const char* srv_name, uchar sess_key[16]);
void cli_con_gen_next_creds(struct cli_connection *con,
@@ -1827,10 +1826,11 @@ BOOL event_readeventlog(POLICY_HND *hnd,
/*The following definitions come from rpc_client/cli_login.c */
-uint32 cli_nt_setup_creds( const char* srv_name, const char* myhostname,
+uint32 cli_nt_setup_creds( char* servers, const char* myhostname,
const char* trust_acct,
unsigned char trust_pwd[16],
- uint16 sec_chan);
+ uint16 sec_chan,
+ char *srv_name);
BOOL cli_nt_srv_pwset(const char* srv_name, const char* myhostname,
const char* trust_acct,
unsigned char *new_hashof_trust_pwd,
@@ -1849,7 +1849,7 @@ BOOL cli_nt_login_network(const char* srv_name, const char* myhostname,
NET_USER_INFO_3 *user_info3);
BOOL cli_nt_logoff(const char* srv_name, const char* myhostname,
NET_ID_INFO_CTR *ctr);
-BOOL net_sam_sync(const char* srv_name, const char* myhostname,
+BOOL net_sam_sync(char* servers, const char* myhostname,
const char* trust_acct,
uchar trust_passwd[16],
SAM_DELTA_HDR hdr_deltas[MAX_SAM_DELTAS],
diff --git a/source3/lib/util_array.c b/source3/lib/util_array.c
index 71f7046d62..62be3f17bd 100644
--- a/source3/lib/util_array.c
+++ b/source3/lib/util_array.c
@@ -91,19 +91,6 @@ char* add_chars_to_array(uint32 *len, char ***array, const char *name)
}
-void free_con_array(uint32 num_entries, struct cli_connection **entries)
-{
- void(*fn)(void*) = (void(*)(void*))&cli_connection_free;
- free_void_array(num_entries, (void**)entries, *fn);
-}
-
-struct cli_connection* add_con_to_array(uint32 *len, struct cli_connection ***array, struct cli_connection *con)
-{
- return (struct cli_connection*)add_item_to_array(len,
- (void***)array, (void*)con);
-
-}
-
static uint32 *uint32_dup(const uint32* from)
{
if (from != NULL)
diff --git a/source3/libsmb/clienttrust.c b/source3/libsmb/clienttrust.c
index b223750529..d9d3392d0b 100644
--- a/source3/libsmb/clienttrust.c
+++ b/source3/libsmb/clienttrust.c
@@ -57,7 +57,8 @@ static BOOL modify_trust_password( char *domain, char *remote_machine,
make_nmb_name(&called , remote_machine, 0x20, scope);
if (cli_nt_setup_creds(srv_name, global_myname, trust_acct,
- orig_trust_passwd_hash, sec_chan) != 0x0)
+ orig_trust_passwd_hash, sec_chan,
+ srv_name) != 0x0)
{
return False;
}
diff --git a/source3/rpc_client/cli_connect.c b/source3/rpc_client/cli_connect.c
index fc6f5c8c44..6b7fba41c5 100644
--- a/source3/rpc_client/cli_connect.c
+++ b/source3/rpc_client/cli_connect.c
@@ -50,6 +50,20 @@ void init_connections(void)
num_cons = 0;
}
+static void free_con_array(uint32 num_entries, struct cli_connection **entries)
+{
+ void(*fn)(void*) = (void(*)(void*))&cli_connection_free;
+ free_void_array(num_entries, (void**)entries, *fn);
+}
+
+static struct cli_connection* add_con_to_array(uint32 *len,
+ struct cli_connection ***array,
+ struct cli_connection *con)
+{
+ return (struct cli_connection*)add_item_to_array(len,
+ (void***)array, (void*)con);
+
+}
void free_connections(void)
{
free_con_array(num_cons, con_list);
@@ -286,6 +300,10 @@ policy handle.
****************************************************************************/
BOOL cli_get_con_sesskey(struct cli_connection *con, uchar sess_key[16])
{
+ if (con == NULL)
+ {
+ return False;
+ }
memcpy(sess_key, con->cli->sess_key, sizeof(con->cli->sess_key));
return True;
@@ -295,6 +313,30 @@ BOOL cli_get_con_sesskey(struct cli_connection *con, uchar sess_key[16])
get a user session key associated with a connection associated with a
policy handle.
****************************************************************************/
+BOOL cli_con_get_srvname(struct cli_connection *con, char *srv_name)
+{
+ if (con == NULL)
+ {
+ return False;
+ }
+
+ if (strnequal("\\\\", con->cli->desthost, 2))
+ {
+ fstrcpy(srv_name, con->cli->desthost);
+ }
+ else
+ {
+ fstrcpy(srv_name, "\\\\");
+ fstrcat(srv_name, con->cli->desthost);
+ }
+
+ return True;
+}
+
+/****************************************************************************
+get a user session key associated with a connection associated with a
+policy handle.
+****************************************************************************/
BOOL cli_get_sesskey(const POLICY_HND *pol, uchar sess_key[16])
{
struct cli_connection *con = NULL;
diff --git a/source3/rpc_client/cli_login.c b/source3/rpc_client/cli_login.c
index 6bb9fed063..832731d92d 100644
--- a/source3/rpc_client/cli_login.c
+++ b/source3/rpc_client/cli_login.c
@@ -29,10 +29,11 @@ extern int DEBUGLEVEL;
Initialize domain session credentials.
****************************************************************************/
-uint32 cli_nt_setup_creds( const char* srv_name, const char* myhostname,
+uint32 cli_nt_setup_creds( char* servers, const char* myhostname,
const char* trust_acct,
unsigned char trust_pwd[16],
- uint16 sec_chan)
+ uint16 sec_chan,
+ char *srv_name)
{
DOM_CHAL clnt_chal;
DOM_CHAL srv_chal;
@@ -41,12 +42,25 @@ uint32 cli_nt_setup_creds( const char* srv_name, const char* myhostname,
uint8 sess_key[16];
DOM_CRED clnt_cred;
+ /******************* make connection **********************/
+ struct cli_connection *con = NULL;
+
+ if (!cli_connection_init_list(servers, PIPE_NETLOGON, &con))
+ {
+ return False;
+ }
+
+ if (!cli_con_get_srvname(con, srv_name))
+ {
+ return False;
+ }
+
/******************* Request Challenge ********************/
generate_random_buffer( clnt_chal.data, 8, False);
/* send a client challenge; receive a server challenge */
- ret = cli_net_req_chal(srv_name, myhostname, &clnt_chal, &srv_chal);
+ ret = cli_net_req_chal(servers, myhostname, &clnt_chal, &srv_chal);
if (ret != 0)
{
DEBUG(1,("cli_nt_setup_creds: request challenge failed\n"));
@@ -233,7 +247,7 @@ BOOL cli_nt_logoff(const char* srv_name, const char* myhostname,
/****************************************************************************
NT SAM database sync
****************************************************************************/
-BOOL net_sam_sync(const char* srv_name, const char* myhostname,
+BOOL net_sam_sync(char* servers, const char* myhostname,
const char* trust_acct,
uchar trust_passwd[16],
SAM_DELTA_HDR hdr_deltas[MAX_SAM_DELTAS],
@@ -241,15 +255,17 @@ BOOL net_sam_sync(const char* srv_name, const char* myhostname,
uint32 *num_deltas)
{
BOOL res = True;
+ fstring srv_name;
*num_deltas = 0;
DEBUG(5,("Attempting SAM sync with PDC: %s\n",
srv_name));
- res = res ? cli_nt_setup_creds( srv_name, myhostname,
+ res = res ? cli_nt_setup_creds( servers, myhostname,
trust_acct,
- trust_passwd, SEC_CHAN_BDC) == 0x0 : False;
+ trust_passwd, SEC_CHAN_BDC,
+ srv_name) == 0x0 : False;
memset(trust_passwd, 0, 16);
diff --git a/source3/rpc_server/srv_spoolss.c b/source3/rpc_server/srv_spoolss.c
index 1f9d8a19d5..a3760587cd 100755
--- a/source3/rpc_server/srv_spoolss.c
+++ b/source3/rpc_server/srv_spoolss.c
@@ -50,7 +50,7 @@ static struct
uint32 document_lastwritten;
pstring document_name;
pstring job_name;
- PRINTER_HND printer_hnd;
+ POLICY_HND printer_hnd;
BOOL printer_type;
union
{
@@ -82,7 +82,7 @@ void init_printer_hnd(void)
/****************************************************************************
create a unique printer handle
****************************************************************************/
-static void create_printer_hnd(PRINTER_HND *hnd)
+static void create_printer_hnd(POLICY_HND *hnd)
{
static uint32 prt_hnd_low = 0;
static uint32 prt_hnd_high = 0;
@@ -103,15 +103,15 @@ static void create_printer_hnd(PRINTER_HND *hnd)
/****************************************************************************
clear an handle
****************************************************************************/
-static void clear_handle(PRINTER_HND *hnd)
+static void clear_handle(POLICY_HND *hnd)
{
- bzero(hnd->data, PRINTER_HND_SIZE);
+ bzero(hnd->data, POLICY_HND_SIZE);
}
/****************************************************************************
find first available printer slot. creates a printer handle for you.
****************************************************************************/
-static BOOL open_printer_hnd(PRINTER_HND *hnd)
+static BOOL open_printer_hnd(POLICY_HND *hnd)
{
int i;
@@ -135,7 +135,7 @@ static BOOL open_printer_hnd(PRINTER_HND *hnd)
/****************************************************************************
find printer index by handle
****************************************************************************/
-static int find_printer_index_by_hnd(PRINTER_HND *hnd)
+static int find_printer_index_by_hnd(POLICY_HND *hnd)
{
int i;
@@ -156,7 +156,7 @@ static int find_printer_index_by_hnd(PRINTER_HND *hnd)
/****************************************************************************
set printer handle type.
****************************************************************************/
-static BOOL set_printer_hnd_accesstype(PRINTER_HND *hnd, uint32 access_required)
+static BOOL set_printer_hnd_accesstype(POLICY_HND *hnd, uint32 access_required)
{
int pnum = find_printer_index_by_hnd(hnd);
@@ -182,7 +182,7 @@ static BOOL set_printer_hnd_accesstype(PRINTER_HND *hnd, uint32 access_required)
/****************************************************************************
set printer handle type.
****************************************************************************/
-static BOOL set_printer_hnd_printertype(PRINTER_HND *hnd, char *printername)
+static BOOL set_printer_hnd_printertype(POLICY_HND *hnd, char *printername)
{
int pnum = find_printer_index_by_hnd(hnd);
@@ -225,7 +225,7 @@ static BOOL set_printer_hnd_printertype(PRINTER_HND *hnd, char *printername)
/****************************************************************************
set printer handle printername.
****************************************************************************/
-static BOOL set_printer_hnd_printername(PRINTER_HND *hnd, char *printername)
+static BOOL set_printer_hnd_printername(POLICY_HND *hnd, char *printername)
{
int pnum = find_printer_index_by_hnd(hnd);
char *back;
@@ -301,7 +301,7 @@ static BOOL set_printer_hnd_printername(PRINTER_HND *hnd, char *printername)
/****************************************************************************
return the snum of a printer corresponding to an handle
****************************************************************************/
-static BOOL get_printer_snum(PRINTER_HND *hnd, int *number)
+static BOOL get_printer_snum(POLICY_HND *hnd, int *number)
{
int snum;
int pnum = find_printer_index_by_hnd(hnd);
@@ -350,7 +350,7 @@ static BOOL get_printer_snum(PRINTER_HND *hnd, int *number)
/********************************************************************
********************************************************************/
-static BOOL handle_is_printserver(PRINTER_HND *handle)
+static BOOL handle_is_printserver(POLICY_HND *handle)
{
int pnum=find_printer_index_by_hnd(handle);
@@ -372,7 +372,7 @@ static BOOL handle_is_printserver(PRINTER_HND *handle)
/********************************************************************
********************************************************************/
/*
-static BOOL handle_is_printer(PRINTER_HND *handle)
+static BOOL handle_is_printer(POLICY_HND *handle)
{
return (!handle_is_printserver(handle));
}
@@ -538,7 +538,7 @@ static BOOL getprinterdata_printer_server(fstring value, uint32 size, uint32 *ty
/********************************************************************
********************************************************************/
-static BOOL getprinterdata_printer(PRINTER_HND *handle, fstring value, uint32 size, uint32 *type,
+static BOOL getprinterdata_printer(POLICY_HND *handle, fstring value, uint32 size, uint32 *type,
uint32 *numeric_data, uint8 **data, uint32 *needed )
{
NT_PRINTER_INFO_LEVEL printer;
@@ -1315,7 +1315,7 @@ static void construct_notify_jobs_info(print_queue_struct *queue, SPOOL_NOTIFY_I
* fill a notify_info struct with info asked
*
********************************************************************/
-static void printserver_notify_info(PRINTER_HND *hnd, SPOOL_NOTIFY_INFO *info, connection_struct *conn)
+static void printserver_notify_info(POLICY_HND *hnd, SPOOL_NOTIFY_INFO *info, connection_struct *conn)
{
int snum;
int pnum=find_printer_index_by_hnd(hnd);
@@ -1348,7 +1348,7 @@ static void printserver_notify_info(PRINTER_HND *hnd, SPOOL_NOTIFY_INFO *info, c
* fill a notify_info struct with info asked
*
********************************************************************/
-static void printer_notify_info(PRINTER_HND *hnd, SPOOL_NOTIFY_INFO *info, connection_struct *conn)
+static void printer_notify_info(POLICY_HND *hnd, SPOOL_NOTIFY_INFO *info, connection_struct *conn)
{
int snum;
int pnum=find_printer_index_by_hnd(hnd);
@@ -2458,7 +2458,7 @@ static void api_spoolss_writeprinter(pipes_struct *p, prs_struct *data,
* called from the spoolss dispatcher
*
********************************************************************/
-static void control_printer(PRINTER_HND handle, uint32 command, connection_struct *conn)
+static void control_printer(POLICY_HND handle, uint32 command, connection_struct *conn)
{
int pnum;
int snum;
@@ -2489,7 +2489,7 @@ static void control_printer(PRINTER_HND handle, uint32 command, connection_struc
* called by spoolss_api_setprinter
* when updating a printer description
********************************************************************/
-static void update_printer(PRINTER_HND handle, uint32 level,
+static void update_printer(POLICY_HND handle, uint32 level,
SPOOL_PRINTER_INFO_LEVEL info, DEVICEMODE *devmode)
{
int pnum;
diff --git a/source3/rpcclient/cmd_netlogon.c b/source3/rpcclient/cmd_netlogon.c
index 4933501b7a..0b0292e632 100644
--- a/source3/rpcclient/cmd_netlogon.c
+++ b/source3/rpcclient/cmd_netlogon.c
@@ -113,7 +113,8 @@ void cmd_netlogon_login_test(struct client_info *info, int argc, char *argv[])
res = res ? cli_nt_setup_creds(srv_name, info->myhostname,
trust_acct,
- trust_passwd, SEC_CHAN_WKSTA) == 0x0 : False;
+ trust_passwd, SEC_CHAN_WKSTA,
+ srv_name) == 0x0 : False;
#if 0
/* change the machine password? */
@@ -182,9 +183,11 @@ void cmd_netlogon_domain_test(struct client_info *info, int argc, char *argv[])
res = res ? trust_get_passwd(trust_passwd, usr_creds->domain, nt_trust_dom) : False;
- res = res ? cli_nt_setup_creds(srv_name, info->myhostname, inter_dom_acct,
+ res = res ? cli_nt_setup_creds(srv_name,
+ info->myhostname, inter_dom_acct,
trust_passwd,
- SEC_CHAN_DOMAIN) == 0x0 : False;
+ SEC_CHAN_DOMAIN,
+ srv_name) == 0x0 : False;
memset(trust_passwd, 0, 16);
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 010272b807..fa6f2b06e3 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -1116,16 +1116,15 @@ BOOL domain_client_validate( char *user, char *domain, char *server_list,
char *smb_ntpasswd, int smb_ntpasslen,
uchar user_sess_key[16])
{
- uint16 nt_pipe_fnum;
unsigned char local_challenge[8];
unsigned char local_lm_response[24];
unsigned char local_nt_reponse[24];
unsigned char trust_passwd[16];
NET_ID_INFO_CTR ctr;
NET_USER_INFO_3 info3;
- struct cli_state cli;
uint32 smb_uid_low;
fstring trust_acct;
+ fstring srv_name;
fstrcpy(trust_acct, acct_name);
fstrcat(trust_acct, "$");
@@ -1192,50 +1191,31 @@ BOOL domain_client_validate( char *user, char *domain, char *server_list,
* see if they were valid.
*/
- if (!cli_connect_serverlist(&cli, server_list))
- {
- DEBUG(0,("domain_client_validate: Domain password server not available.\n"));
- return False;
- }
-
/*
* Ok - we have an anonymous connection to the IPC$ share.
* Now start the NT Domain stuff :-).
*/
- if (!cli_nt_session_open(&cli, PIPE_NETLOGON, &nt_pipe_fnum)) {
- DEBUG(0,("domain_client_validate: unable to open the domain client session to \
- machine %s. Error was : %s.\n", cli.desthost, cli_errstr(&cli)));
- cli_nt_session_close(&cli, nt_pipe_fnum);
- cli_ulogoff(&cli);
- cli_shutdown(&cli);
- return False;
- }
-
- if(cli_nt_setup_creds(&cli, nt_pipe_fnum,
- trust_acct, global_myname, trust_passwd, acct_type) != 0x0)
+ if(cli_nt_setup_creds(server_list, global_myname, trust_acct,
+ trust_passwd, acct_type, srv_name) != 0x0)
{
DEBUG(0,("domain_client_validate: unable to setup the PDC credentials to machine \
- %s. Error was : %s.\n", cli.desthost, cli_errstr(&cli)));
- cli_nt_session_close(&cli, nt_pipe_fnum);
- cli_ulogoff(&cli);
- cli_shutdown(&cli);
+ %s.\n", srv_name));
return False;
}
/* We really don't care what LUID we give the user. */
generate_random_buffer( (unsigned char *)&smb_uid_low, 4, False);
- if (!cli_nt_login_network(&cli, nt_pipe_fnum, domain, user, smb_uid_low, (char *)local_challenge,
- ((smb_apasslen != 0) ? smb_apasswd : NULL),
- ((smb_ntpasslen != 0) ? smb_ntpasswd : NULL),
- &ctr, &info3))
+ if (!cli_nt_login_network(srv_name, global_myname,
+ domain, user,
+ smb_uid_low, (char *)local_challenge,
+ ((smb_apasslen != 0) ? smb_apasswd : NULL),
+ ((smb_ntpasslen != 0) ? smb_ntpasswd : NULL),
+ &ctr, &info3))
{
DEBUG(0,("domain_client_validate: unable to validate password for user %s in domain \
- %s to Domain controller %s. Error was %s.\n", user, domain, cli.desthost, cli_errstr(&cli)));
- cli_nt_session_close(&cli, nt_pipe_fnum);
- cli_ulogoff(&cli);
- cli_shutdown(&cli);
+ %s to Domain controller %s.\n", user, domain, srv_name));
return False;
}
@@ -1245,27 +1225,5 @@ BOOL domain_client_validate( char *user, char *domain, char *server_list,
* locked out / disabled" etc!!!!
*/
-#if 0
- /*
- * We don't actually need to do this - plus it fails currently with
- * NT_STATUS_INVALID_INFO_CLASS - we need to know *exactly* what to
- * send here. JRA.
- */
-
- if (!cli_nt_logoff(&cli, nt_pipe_fnum, &ctr))
- {
- DEBUG(0,("domain_client_validate: unable to log off user %s in domain \
- %s to Domain controller %s. Error was %s.\n", user, domain, cli.desthost, cli_errstr(&cli)));
- cli_nt_session_close(&cli, nt_pipe_fnum);
- cli_ulogoff(&cli);
- cli_shutdown(&cli);
- return False;
- }
-#endif /* 0 */
-
- cli_nt_session_close(&cli, nt_pipe_fnum);
- cli_ulogoff(&cli);
- cli_shutdown(&cli);
-
return True;
}