summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/proto.h11
-rw-r--r--source3/lib/sids.c14
-rw-r--r--source3/lib/util.c1
-rw-r--r--source3/libsmb/clientgen.c154
4 files changed, 147 insertions, 33 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h
index ff74fd90e1..df1adedf70 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -304,6 +304,7 @@ BOOL create_sidmap_table(void);
BOOL generate_sam_sid(char *domain_name, DOM_SID *sid);
BOOL map_domain_name_to_sid(DOM_SID *sid, char **nt_domain);
BOOL map_domain_sid_to_name(DOM_SID *sid, char *nt_domain);
+BOOL map_domain_sid_to_any_dc(DOM_SID *sid, char *dc_name);
BOOL split_domain_name(const char *fullname, char *domain, char *name);
BOOL enumtrustdoms(char ***doms, uint32 *num_entries);
BOOL enumdomains(char ***doms, uint32 *num_entries);
@@ -485,6 +486,7 @@ void reg_get_subkey(char *full_keyname, char *key_name, char *subkey_name);
BOOL reg_split_key(const char *full_keyname, uint32 *reg_type, char *key_name);
BOOL become_user_permanently(uid_t uid, gid_t gid);
char *get_trusted_serverlist(const char* domain);
+BOOL get_any_dc_name(const char *domain, char *srv_name);
/*The following definitions come from lib/util_array.c */
@@ -764,10 +766,17 @@ void cli_sockopt(struct cli_state *cli, char *options);
uint16 cli_setpid(struct cli_state *cli, uint16 pid);
BOOL cli_reestablish_connection(struct cli_state *cli);
BOOL cli_establish_connection(struct cli_state *cli,
- char *dest_host, struct in_addr *dest_ip,
+ const char *dest_host, struct in_addr *dest_ip,
struct nmb_name *calling, struct nmb_name *called,
char *service, char *service_type,
BOOL do_shutdown, BOOL do_tcon);
+BOOL cli_connect_auth(struct cli_state *cli,
+ const char* desthost,
+ struct in_addr *dest_ip,
+ const struct user_credentials *usr);
+BOOL cli_connect_servers_auth(struct cli_state *cli,
+ char *p,
+ const struct user_credentials *usr);
BOOL cli_connect_serverlist(struct cli_state *cli, char *p);
int cli_printjob_del(struct cli_state *cli, int job);
int cli_print_queue(struct cli_state *cli,
diff --git a/source3/lib/sids.c b/source3/lib/sids.c
index e46d3782cb..0f9b32f49d 100644
--- a/source3/lib/sids.c
+++ b/source3/lib/sids.c
@@ -434,6 +434,20 @@ BOOL map_domain_sid_to_name(DOM_SID *sid, char *nt_domain)
return False;
}
+/**************************************************************************
+ turns a domain SID into a domain controller name.
+***************************************************************************/
+BOOL map_domain_sid_to_any_dc(DOM_SID *sid, char *dc_name)
+{
+ fstring domain;
+
+ if (!map_domain_sid_to_name(sid, domain))
+ {
+ return False;
+ }
+
+ return get_any_dc_name(domain, dc_name);
+}
/**************************************************************************
splits a name of format \DOMAIN\name or name into its two components.
diff --git a/source3/lib/util.c b/source3/lib/util.c
index b0d6e82970..9a9f87d473 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -3262,3 +3262,4 @@ char *get_trusted_serverlist(const char* domain)
return NULL;
}
+
diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index 5a0363185f..7124211286 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -2935,7 +2935,7 @@ BOOL cli_reestablish_connection(struct cli_state *cli)
establishes a connection right up to doing tconX, reading in a password.
****************************************************************************/
BOOL cli_establish_connection(struct cli_state *cli,
- char *dest_host, struct in_addr *dest_ip,
+ const char *dest_host, struct in_addr *dest_ip,
struct nmb_name *calling, struct nmb_name *called,
char *service, char *service_type,
BOOL do_shutdown, BOOL do_tcon)
@@ -3328,17 +3328,104 @@ BOOL cli_establish_connection(struct cli_state *cli,
return True;
}
+BOOL cli_connect_auth(struct cli_state *cli,
+ const char* desthost,
+ struct in_addr *dest_ip,
+ const struct user_credentials *usr)
+{
+ extern pstring global_myname;
+ extern pstring scope;
+ struct nmb_name calling, called;
+ if (!cli_initialise(cli))
+ {
+ DEBUG(0,("unable to initialise client connection.\n"));
+ return False;
+ }
+
+ make_nmb_name(&calling, global_myname, 0x0 , scope);
+ make_nmb_name(&called , desthost , 0x20, scope);
+
+ cli_init_creds(cli, usr);
+
+ if (!cli_establish_connection(cli, desthost, dest_ip,
+ &calling, &called,
+ "IPC$", "IPC",
+ False, True))
+ {
+ cli_shutdown(cli);
+ return False;
+ }
+
+ return True;
+}
+
+/****************************************************************************
+ connect to one of multiple servers: don't care which
+****************************************************************************/
+BOOL cli_connect_servers_auth(struct cli_state *cli,
+ char *p,
+ const struct user_credentials *usr)
+{
+ fstring remote_host;
+ BOOL connected_ok = False;
+
+ /*
+ * Treat each name in the 'password server =' line as a potential
+ * PDC/BDC. Contact each in turn and try and authenticate.
+ */
+
+ while(p && next_token(&p,remote_host,LIST_SEP,sizeof(remote_host)))
+ {
+ fstring desthost;
+ struct in_addr dest_ip;
+ strupper(remote_host);
+
+ if (!resolve_srv_name( remote_host, desthost, &dest_ip))
+ {
+ DEBUG(1,("Can't resolve address for %s\n", remote_host));
+ continue;
+ }
+
+ if (!cli_connect_auth(cli, desthost, &dest_ip, usr) &&
+ !cli_connect_auth(cli, "*SMBSERVER", &dest_ip, usr))
+ {
+ continue;
+ }
+
+ if (cli->protocol < PROTOCOL_LANMAN2 ||
+ !IS_BITS_SET_ALL(cli->sec_mode, 1))
+ {
+ DEBUG(1,("machine %s not in user level security mode\n",
+ remote_host));
+ cli_shutdown(cli);
+ continue;
+ }
+
+ /*
+ * We have an anonymous connection to IPC$.
+ */
+
+ connected_ok = True;
+ break;
+ }
+
+ if (!connected_ok)
+ {
+ DEBUG(0,("Domain password server not available.\n"));
+ cli_shutdown(cli);
+ }
+
+ return connected_ok;
+}
+
/****************************************************************************
connect to one of multiple servers: don't care which
****************************************************************************/
BOOL cli_connect_serverlist(struct cli_state *cli, char *p)
{
- extern pstring global_myname;
- extern pstring scope;
- fstring remote_machine;
+ fstring remote_host;
fstring desthost;
struct in_addr dest_ip;
- struct nmb_name calling, called, stupid_smbserver_called;
BOOL connected_ok = False;
/*
@@ -3346,58 +3433,43 @@ BOOL cli_connect_serverlist(struct cli_state *cli, char *p)
* PDC/BDC. Contact each in turn and try and authenticate.
*/
- while(p && next_token(&p,remote_machine,LIST_SEP,sizeof(remote_machine)))
+ while(p && next_token(&p,remote_host,LIST_SEP,sizeof(remote_host)))
{
ZERO_STRUCTP(cli);
if (!cli_initialise(cli))
{
- DEBUG(0,("cli_connect_serverlist: unable to initialize client connection.\n"));
+ DEBUG(0,("cli_connect_serverlist: unable to initialise client connection.\n"));
return False;
}
- standard_sub_basic(remote_machine);
- strupper(remote_machine);
+ standard_sub_basic(remote_host);
+ strupper(remote_host);
- if (!resolve_srv_name( remote_machine, desthost, &dest_ip))
+ if (!resolve_srv_name( remote_host, desthost, &dest_ip))
{
- DEBUG(1,("cli_connect_serverlist: Can't resolve address for %s\n", remote_machine));
+ DEBUG(1,("cli_connect_serverlist: Can't resolve address for %s\n", remote_host));
continue;
}
if ((lp_security() != SEC_USER) && (ismyip(dest_ip)))
{
- DEBUG(1,("cli_connect_serverlist: Password server loop - not using password server %s\n", remote_machine));
+ DEBUG(1,("cli_connect_serverlist: Password server loop - not using password server %s\n", remote_host));
continue;
}
- make_nmb_name(&calling, global_myname, 0x0 , scope);
- make_nmb_name(&called , desthost , 0x20, scope);
- /* stupid microsoft destruction of the ability of netbios
- * to provide multiple netbios servers on one host.
- */
- make_nmb_name(&stupid_smbserver_called , "*SMBSERVER", 0x20, scope);
-
- pwd_set_nullpwd(&cli->usr.pwd);
-
- if (!cli_establish_connection(cli, desthost, &dest_ip,
- &calling, &called,
- "IPC$", "IPC",
- False, True) &&
- !cli_establish_connection(cli, desthost, &dest_ip,
- &calling, &stupid_smbserver_called,
- "IPC$", "IPC",
- False, True))
+ if (!cli_connect_auth(cli, remote_host , &dest_ip, NULL) &&
+ !cli_connect_auth(cli, "*SMBSERVER", &dest_ip, NULL))
{
- cli_shutdown(cli);
continue;
- }
+ }
+
if (cli->protocol < PROTOCOL_LANMAN2 ||
!IS_BITS_SET_ALL(cli->sec_mode, 1))
{
DEBUG(1,("cli_connect_serverlist: machine %s isn't in user level security mode\n",
- remote_machine));
+ remote_host));
cli_shutdown(cli);
continue;
}
@@ -3679,3 +3751,21 @@ BOOL cli_dskattr(struct cli_state *cli, int *bsize, int *total, int *avail)
return True;
}
+BOOL get_any_dc_name(const char *domain, char *srv_name)
+{
+ struct cli_state cli;
+
+ if (!cli_connect_servers_auth(&cli,
+ get_trusted_serverlist(domain), NULL))
+ {
+ return False;
+ }
+
+ fstrcpy(srv_name, "\\\\");
+ fstrcat(srv_name, cli.desthost);
+ strupper(srv_name);
+
+ cli_shutdown(&cli);
+
+ return True;
+}