diff options
Diffstat (limited to 'source3/libsmb')
| -rw-r--r-- | source3/libsmb/cliconnect.c | 2 | ||||
| -rw-r--r-- | source3/libsmb/doserr.c | 202 | ||||
| -rw-r--r-- | source3/libsmb/dsgetdcname.c | 2 | ||||
| -rw-r--r-- | source3/libsmb/nterr.c | 1 | ||||
| -rw-r--r-- | source3/libsmb/ntlm_check.c | 65 |
5 files changed, 40 insertions, 232 deletions
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 6b4798e492..1588ae3efe 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -516,7 +516,7 @@ static DATA_BLOB cli_session_setup_blob_receive(struct cli_state *cli) p += clistr_pull(cli, cli->server_os, p, sizeof(fstring), -1, STR_TERMINATE); /* w2k with kerberos doesn't properly null terminate this field */ - len = smb_buflen(cli->inbuf) - PTR_DIFF(p, smb_buf(cli->inbuf)); + len = smb_bufrem(cli->inbuf, p); p += clistr_pull(cli, cli->server_type, p, sizeof(fstring), len, 0); return blob2; diff --git a/source3/libsmb/doserr.c b/source3/libsmb/doserr.c deleted file mode 100644 index 0cccae1e6a..0000000000 --- a/source3/libsmb/doserr.c +++ /dev/null @@ -1,202 +0,0 @@ -/* - * Unix SMB/CIFS implementation. - * DOS error routines - * Copyright (C) Tim Potter 2002. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, see <http://www.gnu.org/licenses/>. - */ - -/* DOS error codes. please read doserr.h */ - -#include "includes.h" - -typedef const struct { - const char *dos_errstr; - WERROR werror; -} werror_code_struct; - -typedef const struct { - WERROR werror; - const char *friendly_errstr; -} werror_str_struct; - -werror_code_struct dos_errs[] = -{ - { "WERR_OK", WERR_OK }, - { "WERR_GENERAL_FAILURE", WERR_GENERAL_FAILURE }, - { "WERR_BADFILE", WERR_BADFILE }, - { "WERR_ACCESS_DENIED", WERR_ACCESS_DENIED }, - { "WERR_BADFID", WERR_BADFID }, - { "WERR_BADFUNC", WERR_BADFUNC }, - { "WERR_INSUFFICIENT_BUFFER", WERR_INSUFFICIENT_BUFFER }, - { "WERR_SEM_TIMEOUT", WERR_SEM_TIMEOUT }, - { "WERR_NO_SUCH_SHARE", WERR_NO_SUCH_SHARE }, - { "WERR_FILE_EXISTS", WERR_FILE_EXISTS }, - { "WERR_INVALID_PARAM", WERR_INVALID_PARAM }, - { "WERR_NOT_SUPPORTED", WERR_NOT_SUPPORTED }, - { "WERR_BAD_PASSWORD", WERR_BAD_PASSWORD }, - { "WERR_NOMEM", WERR_NOMEM }, - { "WERR_INVALID_NAME", WERR_INVALID_NAME }, - { "WERR_UNKNOWN_LEVEL", WERR_UNKNOWN_LEVEL }, - { "WERR_OBJECT_PATH_INVALID", WERR_OBJECT_PATH_INVALID }, - { "WERR_NO_MORE_ITEMS", WERR_NO_MORE_ITEMS }, - { "WERR_MORE_DATA", WERR_MORE_DATA }, - { "WERR_UNKNOWN_PRINTER_DRIVER", WERR_UNKNOWN_PRINTER_DRIVER }, - { "WERR_INVALID_PRINTER_NAME", WERR_INVALID_PRINTER_NAME }, - { "WERR_PRINTER_ALREADY_EXISTS", WERR_PRINTER_ALREADY_EXISTS }, - { "WERR_INVALID_DATATYPE", WERR_INVALID_DATATYPE }, - { "WERR_INVALID_ENVIRONMENT", WERR_INVALID_ENVIRONMENT }, - { "WERR_INVALID_FORM_NAME", WERR_INVALID_FORM_NAME }, - { "WERR_INVALID_FORM_SIZE", WERR_INVALID_FORM_SIZE }, - { "WERR_BUF_TOO_SMALL", WERR_BUF_TOO_SMALL }, - { "WERR_JOB_NOT_FOUND", WERR_JOB_NOT_FOUND }, - { "WERR_DEST_NOT_FOUND", WERR_DEST_NOT_FOUND }, - { "WERR_GROUP_NOT_FOUND", WERR_GROUP_NOT_FOUND }, - { "WERR_USER_NOT_FOUND", WERR_USER_NOT_FOUND }, - { "WERR_NOT_LOCAL_DOMAIN", WERR_NOT_LOCAL_DOMAIN }, - { "WERR_USER_EXISTS", WERR_USER_EXISTS }, - { "WERR_REVISION_MISMATCH", WERR_REVISION_MISMATCH }, - { "WERR_NO_LOGON_SERVERS", WERR_NO_LOGON_SERVERS }, - { "WERR_NO_SUCH_LOGON_SESSION", WERR_NO_SUCH_LOGON_SESSION }, - { "WERR_USER_ALREADY_EXISTS", WERR_USER_ALREADY_EXISTS }, - { "WERR_NO_SUCH_USER", WERR_NO_SUCH_USER }, - { "WERR_GROUP_EXISTS", WERR_GROUP_EXISTS }, - { "WERR_MEMBER_IN_GROUP", WERR_MEMBER_IN_GROUP }, - { "WERR_USER_NOT_IN_GROUP", WERR_USER_NOT_IN_GROUP }, - { "WERR_PRINTER_DRIVER_IN_USE", WERR_PRINTER_DRIVER_IN_USE }, - { "WERR_STATUS_MORE_ENTRIES ", WERR_STATUS_MORE_ENTRIES }, - { "WERR_DFS_NO_SUCH_VOL", WERR_DFS_NO_SUCH_VOL }, - { "WERR_DFS_NO_SUCH_SHARE", WERR_DFS_NO_SUCH_SHARE }, - { "WERR_DFS_NO_SUCH_SERVER", WERR_DFS_NO_SUCH_SERVER }, - { "WERR_DFS_INTERNAL_ERROR", WERR_DFS_INTERNAL_ERROR }, - { "WERR_DFS_CANT_CREATE_JUNCT", WERR_DFS_CANT_CREATE_JUNCT }, - { "WERR_INVALID_COMPUTERNAME", WERR_INVALID_COMPUTERNAME }, - { "WERR_INVALID_DOMAINNAME", WERR_INVALID_DOMAINNAME }, - { "WERR_MACHINE_LOCKED", WERR_MACHINE_LOCKED }, - { "WERR_DC_NOT_FOUND", WERR_DC_NOT_FOUND }, - { "WERR_SETUP_NOT_JOINED", WERR_SETUP_NOT_JOINED }, - { "WERR_SETUP_ALREADY_JOINED", WERR_SETUP_ALREADY_JOINED }, - { "WERR_SETUP_DOMAIN_CONTROLLER", WERR_SETUP_DOMAIN_CONTROLLER }, - { "WERR_DEFAULT_JOIN_REQUIRED", WERR_DEFAULT_JOIN_REQUIRED }, - { "WERR_DEVICE_NOT_AVAILABLE", WERR_DEVICE_NOT_AVAILABLE }, - { "WERR_LOGON_FAILURE", WERR_LOGON_FAILURE }, - { "WERR_WRONG_PASSWORD", WERR_WRONG_PASSWORD }, - { "WERR_PASSWORD_RESTRICTION", WERR_PASSWORD_RESTRICTION }, - { "WERR_NO_SUCH_DOMAIN", WERR_NO_SUCH_DOMAIN }, - { "WERR_NONE_MAPPED", WERR_NONE_MAPPED }, - { "WERR_INVALID_SECURITY_DESCRIPTOR", WERR_INVALID_SECURITY_DESCRIPTOR }, - { "WERR_INVALID_DOMAIN_STATE", WERR_INVALID_DOMAIN_STATE }, - { "WERR_INVALID_DOMAIN_ROLE", WERR_INVALID_DOMAIN_ROLE }, - { "WERR_SPECIAL_ACCOUNT", WERR_SPECIAL_ACCOUNT }, - { "WERR_ALIAS_EXISTS", WERR_ALIAS_EXISTS }, - { "WERR_NO_SUCH_ALIAS", WERR_NO_SUCH_ALIAS }, - { "WERR_MEMBER_IN_ALIAS", WERR_MEMBER_IN_ALIAS }, - { "WERR_TIME_SKEW", WERR_TIME_SKEW }, - { "WERR_INVALID_OWNER", WERR_INVALID_OWNER }, - { "WERR_SERVER_UNAVAILABLE", WERR_SERVER_UNAVAILABLE }, - { "WERR_IO_PENDING", WERR_IO_PENDING }, - { "WERR_INVALID_SERVICE_CONTROL", WERR_INVALID_SERVICE_CONTROL }, - { "WERR_SERVICE_ALREADY_RUNNING", WERR_SERVICE_ALREADY_RUNNING }, - { "WERR_NET_NAME_NOT_FOUND", WERR_NET_NAME_NOT_FOUND }, - { "WERR_REG_CORRUPT", WERR_REG_CORRUPT }, - { "WERR_REG_IO_FAILURE", WERR_REG_IO_FAILURE }, - { "WERR_REG_FILE_INVALID", WERR_REG_FILE_INVALID }, - { "WERR_NO_SUCH_SERVICE", WERR_NO_SUCH_SERVICE }, - { "WERR_SERVICE_DISABLED", WERR_SERVICE_DISABLED }, - { "WERR_SERVICE_NEVER_STARTED", WERR_SERVICE_NEVER_STARTED }, - { "WERR_NOT_FOUND", WERR_NOT_FOUND }, - { "WERR_CAN_NOT_COMPLETE", WERR_CAN_NOT_COMPLETE}, - { "WERR_INVALID_FLAGS", WERR_INVALID_FLAGS}, - { "WERR_PASSWORD_MUST_CHANGE", WERR_PASSWORD_MUST_CHANGE }, - { "WERR_DOMAIN_CONTROLLER_NOT_FOUND", WERR_DOMAIN_CONTROLLER_NOT_FOUND }, - { "WERR_ACCOUNT_LOCKED_OUT", WERR_ACCOUNT_LOCKED_OUT }, - { "WERR_DS_DRA_BAD_DN", WERR_DS_DRA_BAD_DN }, - { "WERR_DS_DRA_BAD_NC", WERR_DS_DRA_BAD_NC }, - { NULL, W_ERROR(0) } -}; - -werror_str_struct dos_err_strs[] = { - { WERR_OK, "Success" }, - { WERR_ACCESS_DENIED, "Access is denied" }, - { WERR_INVALID_PARAM, "Invalid parameter" }, - { WERR_NOT_SUPPORTED, "Not supported" }, - { WERR_BAD_PASSWORD, "A bad password was supplied" }, - { WERR_NOMEM, "Out of memory" }, - { WERR_NO_LOGON_SERVERS, "No logon servers found" }, - { WERR_NO_SUCH_LOGON_SESSION, "No such logon session" }, - { WERR_DOMAIN_CONTROLLER_NOT_FOUND, "A domain controller could not be found" }, - { WERR_DC_NOT_FOUND, "A domain controller could not be found" }, - { WERR_SETUP_NOT_JOINED, "Join failed" }, - { WERR_SETUP_ALREADY_JOINED, "Machine is already joined" }, - { WERR_SETUP_DOMAIN_CONTROLLER, "Machine is a Domain Controller" }, - { WERR_LOGON_FAILURE, "Invalid logon credentials" }, - { WERR_USER_EXISTS, "User account already exists" }, - { WERR_PASSWORD_MUST_CHANGE, "The password must be changed" }, - { WERR_ACCOUNT_LOCKED_OUT, "Account locked out" }, - { WERR_TIME_SKEW, "Time difference between client and server" }, - { WERR_USER_ALREADY_EXISTS, "User already exists" }, - { WERR_PASSWORD_RESTRICTION, "Password does not meet restrictions" }, - { WERR_NONE_MAPPED, "Could not map names to SIDs" }, - { WERR_NO_SUCH_USER, "No such User" }, - { WERR_GROUP_EXISTS, "Group already exists" }, - { WERR_DS_DRA_BAD_DN, "An invalid distinguished name was specified for this replication" }, - { WERR_DS_DRA_BAD_NC, "An invalid naming context was specified for this replication operation" }, - { WERR_WRONG_PASSWORD, "The current password is incorrect" } -}; - -/***************************************************************************** - Returns a DOS error message. not amazingly helpful, but better than a number. - *****************************************************************************/ - -const char *dos_errstr(WERROR werror) -{ - char *result; - int idx = 0; - - while (dos_errs[idx].dos_errstr != NULL) { - if (W_ERROR_V(dos_errs[idx].werror) == - W_ERROR_V(werror)) - return dos_errs[idx].dos_errstr; - idx++; - } - - result = talloc_asprintf(talloc_tos(), "DOS code 0x%08x", - W_ERROR_V(werror)); - SMB_ASSERT(result != NULL); - return result; -} - -/***************************************************************************** - Get friendly error string for WERRORs - *****************************************************************************/ - -const char *get_friendly_werror_msg(WERROR werror) -{ - int i = 0; - - for (i = 0; i < ARRAY_SIZE(dos_err_strs); i++) { - if (W_ERROR_V(dos_err_strs[i].werror) == - W_ERROR_V(werror)) { - return dos_err_strs[i].friendly_errstr; - } - } - - return dos_errstr(werror); -} - -/* compat function for samba4 */ -const char *win_errstr(WERROR werror) -{ - return dos_errstr(werror); -} diff --git a/source3/libsmb/dsgetdcname.c b/source3/libsmb/dsgetdcname.c index ff0a8f9808..d8c2b70175 100644 --- a/source3/libsmb/dsgetdcname.c +++ b/source3/libsmb/dsgetdcname.c @@ -1040,6 +1040,8 @@ static NTSTATUS process_dc_netbios(TALLOC_CTX *mem_ctx, r->data.nt4 = logon1; r->ntver = nt_version; + map_netlogon_samlogon_response(r); + namecache_store(tmp_dc_name, NBT_NAME_SERVER, 1, &ip_list); goto make_reply; diff --git a/source3/libsmb/nterr.c b/source3/libsmb/nterr.c index 1ba230cefe..465d88a9b6 100644 --- a/source3/libsmb/nterr.c +++ b/source3/libsmb/nterr.c @@ -532,6 +532,7 @@ static const nt_err_code_struct nt_errs[] = { "NT_STATUS_TOO_MANY_LINKS", NT_STATUS_TOO_MANY_LINKS }, { "NT_STATUS_QUOTA_LIST_INCONSISTENT", NT_STATUS_QUOTA_LIST_INCONSISTENT }, { "NT_STATUS_FILE_IS_OFFLINE", NT_STATUS_FILE_IS_OFFLINE }, + { "NT_STATUS_DS_BUSY", NT_STATUS_DS_BUSY }, { "NT_STATUS_DS_NO_MORE_RIDS", NT_STATUS_DS_NO_MORE_RIDS }, { "NT_STATUS_NOT_A_REPARSE_POINT", NT_STATUS_NOT_A_REPARSE_POINT }, { "NT_STATUS_DOWNGRADE_DETECTED", NT_STATUS_DOWNGRADE_DETECTED }, diff --git a/source3/libsmb/ntlm_check.c b/source3/libsmb/ntlm_check.c index ae10d7373d..9380a83ea0 100644 --- a/source3/libsmb/ntlm_check.c +++ b/source3/libsmb/ntlm_check.c @@ -40,19 +40,19 @@ static bool smb_pwd_check_ntlmv1(const DATA_BLOB *nt_response, if (part_passwd == NULL) { DEBUG(10,("No password set - DISALLOWING access\n")); /* No password set - always false ! */ - return False; + return false; } if (sec_blob->length != 8) { DEBUG(0, ("smb_pwd_check_ntlmv1: incorrect challenge size (%lu)\n", (unsigned long)sec_blob->length)); - return False; + return false; } if (nt_response->length != 24) { DEBUG(0, ("smb_pwd_check_ntlmv1: incorrect password length (%lu)\n", (unsigned long)nt_response->length)); - return False; + return false; } SMBOWFencrypt(part_passwd, sec_blob->data, p24); @@ -62,7 +62,7 @@ static bool smb_pwd_check_ntlmv1(const DATA_BLOB *nt_response, } -#ifdef DEBUG_PASSWORD +#if DEBUG_PASSWORD DEBUG(100,("Part password (P16) was |\n")); dump_data(100, part_passwd, 16); DEBUGADD(100,("Password from client was |\n")); @@ -80,30 +80,31 @@ static bool smb_pwd_check_ntlmv1(const DATA_BLOB *nt_response, Note: The same code works with both NTLMv2 and LMv2. ****************************************************************************/ -static bool smb_pwd_check_ntlmv2(const DATA_BLOB *ntv2_response, - const uchar *part_passwd, +static bool smb_pwd_check_ntlmv2(TALLOC_CTX *mem_ctx, + const DATA_BLOB *ntv2_response, + const uint8_t *part_passwd, const DATA_BLOB *sec_blob, const char *user, const char *domain, bool upper_case_domain, /* should the domain be transformed into upper case? */ DATA_BLOB *user_sess_key) { /* Finish the encryption of part_passwd. */ - uchar kr[16]; - uchar value_from_encryption[16]; - uchar client_response[16]; + uint8_t kr[16]; + uint8_t value_from_encryption[16]; + uint8_t client_response[16]; DATA_BLOB client_key_data; bool res; if (part_passwd == NULL) { DEBUG(10,("No password set - DISALLOWING access\n")); - /* No password set - always False */ - return False; + /* No password set - always false */ + return false; } if (sec_blob->length != 8) { DEBUG(0, ("smb_pwd_check_ntlmv2: incorrect challenge size (%lu)\n", (unsigned long)sec_blob->length)); - return False; + return false; } if (ntv2_response->length < 24) { @@ -112,10 +113,10 @@ static bool smb_pwd_check_ntlmv2(const DATA_BLOB *ntv2_response, for LMv2, let alone NTLMv2. */ DEBUG(0, ("smb_pwd_check_ntlmv2: incorrect password length (%lu)\n", (unsigned long)ntv2_response->length)); - return False; + return false; } - client_key_data = data_blob(ntv2_response->data+16, ntv2_response->length-16); + client_key_data = data_blob_talloc(mem_ctx, ntv2_response->data+16, ntv2_response->length-16); /* todo: should we be checking this for anything? We can't for LMv2, but for NTLMv2 it is meant to contain the current time etc. @@ -124,7 +125,7 @@ static bool smb_pwd_check_ntlmv2(const DATA_BLOB *ntv2_response, memcpy(client_response, ntv2_response->data, sizeof(client_response)); if (!ntv2_owf_gen(part_passwd, user, domain, upper_case_domain, kr)) { - return False; + return false; } SMBOWFencrypt_ntv2(kr, sec_blob, &client_key_data, value_from_encryption); @@ -178,7 +179,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, const char *username, const char *client_username, const char *client_domain, - const uint8 *lm_pw, const uint8 *nt_pw, + const uint8_t *lm_pw, const uint8_t *nt_pw, DATA_BLOB *user_sess_key, DATA_BLOB *lm_sess_key) { @@ -288,7 +289,8 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, use it */ DEBUG(4,("ntlm_password_check: Checking NTLMv2 password with domain [%s]\n", client_domain)); - if (smb_pwd_check_ntlmv2( nt_response, + if (smb_pwd_check_ntlmv2(mem_ctx, + nt_response, nt_pw, challenge, client_username, client_domain, @@ -298,17 +300,19 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, } DEBUG(4,("ntlm_password_check: Checking NTLMv2 password with uppercased version of domain [%s]\n", client_domain)); - if (smb_pwd_check_ntlmv2( nt_response, + if (smb_pwd_check_ntlmv2(mem_ctx, + nt_response, nt_pw, challenge, client_username, client_domain, - True, + true, user_sess_key)) { return NT_STATUS_OK; } DEBUG(4,("ntlm_password_check: Checking NTLMv2 password without a domain\n")); - if (smb_pwd_check_ntlmv2( nt_response, + if (smb_pwd_check_ntlmv2(mem_ctx, + nt_response, nt_pw, challenge, client_username, "", @@ -333,7 +337,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, so use it only if we otherwise allow LM authentication */ if (lp_lanman_auth() && lm_pw) { - uint8 first_8_lm_hash[16]; + uint8_t first_8_lm_hash[16]; memcpy(first_8_lm_hash, lm_pw, 8); memset(first_8_lm_hash + 8, '\0', 8); if (lm_sess_key) { @@ -376,7 +380,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, if (smb_pwd_check_ntlmv1(lm_response, lm_pw, challenge, NULL)) { - uint8 first_8_lm_hash[16]; + uint8_t first_8_lm_hash[16]; memcpy(first_8_lm_hash, lm_pw, 8); memset(first_8_lm_hash + 8, '\0', 8); if (user_sess_key) { @@ -399,31 +403,34 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, - related to Win9X, legacy NAS pass-though authentication */ DEBUG(4,("ntlm_password_check: Checking LMv2 password with domain %s\n", client_domain)); - if (smb_pwd_check_ntlmv2( lm_response, + if (smb_pwd_check_ntlmv2(mem_ctx, + lm_response, nt_pw, challenge, client_username, client_domain, - False, + false, NULL)) { return NT_STATUS_OK; } DEBUG(4,("ntlm_password_check: Checking LMv2 password with upper-cased version of domain %s\n", client_domain)); - if (smb_pwd_check_ntlmv2( lm_response, + if (smb_pwd_check_ntlmv2(mem_ctx, + lm_response, nt_pw, challenge, client_username, client_domain, - True, + true, NULL)) { return NT_STATUS_OK; } DEBUG(4,("ntlm_password_check: Checking LMv2 password without a domain\n")); - if (smb_pwd_check_ntlmv2( lm_response, + if (smb_pwd_check_ntlmv2(mem_ctx, + lm_response, nt_pw, challenge, client_username, "", - False, + false, NULL)) { return NT_STATUS_OK; } @@ -441,7 +448,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, allow LM authentication */ if (lp_lanman_auth() && lm_pw) { - uint8 first_8_lm_hash[16]; + uint8_t first_8_lm_hash[16]; memcpy(first_8_lm_hash, lm_pw, 8); memset(first_8_lm_hash + 8, '\0', 8); if (user_sess_key) { |