diff options
Diffstat (limited to 'source3/libsmb')
| -rw-r--r-- | source3/libsmb/cliconnect.c | 134 | ||||
| -rw-r--r-- | source3/libsmb/clidfs.c | 312 | ||||
| -rw-r--r-- | source3/libsmb/clientgen.c | 132 | ||||
| -rw-r--r-- | source3/libsmb/clilist.c | 5 | ||||
| -rw-r--r-- | source3/libsmb/clireadwrite.c | 199 | ||||
| -rw-r--r-- | source3/libsmb/clitrans.c | 49 | ||||
| -rw-r--r-- | source3/libsmb/libsmb_context.c | 59 | ||||
| -rw-r--r-- | source3/libsmb/libsmb_dir.c | 37 | ||||
| -rw-r--r-- | source3/libsmb/libsmb_file.c | 35 | ||||
| -rw-r--r-- | source3/libsmb/libsmb_stat.c | 5 | ||||
| -rw-r--r-- | source3/libsmb/libsmb_xattr.c | 47 | ||||
| -rw-r--r-- | source3/libsmb/passchange.c | 18 | ||||
| -rw-r--r-- | source3/libsmb/pwd_cache.c | 61 | ||||
| -rw-r--r-- | source3/libsmb/smb_signing.c | 50 | ||||
| -rw-r--r-- | source3/libsmb/trusts_util.c | 2 |
15 files changed, 580 insertions, 565 deletions
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index ad11ee0ed4..ebb01c44a6 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -61,6 +61,7 @@ static NTSTATUS cli_session_setup_lanman2(struct cli_state *cli, { DATA_BLOB session_key = data_blob_null; DATA_BLOB lm_response = data_blob_null; + NTSTATUS status; fstring pword; char *p; @@ -129,7 +130,10 @@ static NTSTATUS cli_session_setup_lanman2(struct cli_state *cli, /* use the returned vuid from now on */ cli->vuid = SVAL(cli->inbuf,smb_uid); - fstrcpy(cli->user_name, user); + status = cli_set_username(cli, user); + if (!NT_STATUS_IS_OK(status)) { + return status; + } if (session_key.data) { /* Have plaintext orginal */ @@ -237,7 +241,10 @@ NTSTATUS cli_session_setup_guest_recv(struct async_req *req) cli->is_samba = True; } - fstrcpy(cli->user_name, ""); + status = cli_set_username(cli, ""); + if (!NT_STATUS_IS_OK(status)) { + return status; + } return NT_STATUS_OK; } @@ -289,6 +296,7 @@ static NTSTATUS cli_session_setup_plaintext(struct cli_state *cli, { uint32 capabilities = cli_session_setup_capabilities(cli); char *p; + NTSTATUS status; fstring lanman; fstr_sprintf( lanman, "Samba %s", samba_version_string()); @@ -349,8 +357,10 @@ static NTSTATUS cli_session_setup_plaintext(struct cli_state *cli, -1, STR_TERMINATE); p += clistr_pull(cli->inbuf, cli->server_domain, p, sizeof(fstring), -1, STR_TERMINATE); - fstrcpy(cli->user_name, user); - + status = cli_set_username(cli, user); + if (!NT_STATUS_IS_OK(status)) { + return status; + } if (strstr(cli->server_type, "Samba")) { cli->is_samba = True; } @@ -379,6 +389,7 @@ static NTSTATUS cli_session_setup_nt1(struct cli_state *cli, const char *user, DATA_BLOB session_key = data_blob_null; NTSTATUS result; char *p; + bool ok; if (passlen == 0) { /* do nothing - guest login */ @@ -436,11 +447,7 @@ static NTSTATUS cli_session_setup_nt1(struct cli_state *cli, const char *user, SMBsesskeygen_ntv1(nt_hash, NULL, session_key.data); #endif } -#ifdef LANMAN_ONLY - cli_simple_set_signing(cli, session_key, lm_response); -#else - cli_simple_set_signing(cli, session_key, nt_response); -#endif + cli_temp_set_signing(cli); } else { /* pre-encrypted password supplied. Only used for security=server, can't do @@ -492,6 +499,22 @@ static NTSTATUS cli_session_setup_nt1(struct cli_state *cli, const char *user, goto end; } +#ifdef LANMAN_ONLY + ok = cli_simple_set_signing(cli, session_key, lm_response); +#else + ok = cli_simple_set_signing(cli, session_key, nt_response); +#endif + if (ok) { + /* 'resign' the last message, so we get the right sequence numbers + for checking the first reply from the server */ + cli_calculate_sign_mac(cli, cli->outbuf); + + if (!cli_check_sign_mac(cli, cli->inbuf)) { + result = NT_STATUS_ACCESS_DENIED; + goto end; + } + } + /* use the returned vuid from now on */ cli->vuid = SVAL(cli->inbuf,smb_uid); @@ -507,7 +530,10 @@ static NTSTATUS cli_session_setup_nt1(struct cli_state *cli, const char *user, cli->is_samba = True; } - fstrcpy(cli->user_name, user); + result = cli_set_username(cli, user); + if (!NT_STATUS_IS_OK(result)) { + goto end; + } if (session_key.data) { /* Have plaintext orginal */ @@ -885,6 +911,7 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user, DATA_BLOB blob; const char *p = NULL; char *account = NULL; + NTSTATUS status; DEBUG(3,("Doing spnego session setup (blob length=%lu)\n", (unsigned long)cli->secblob.length)); @@ -923,7 +950,10 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user, DEBUG(3,("got principal=%s\n", principal ? principal : "<null>")); - fstrcpy(cli->user_name, user); + status = cli_set_username(cli, user); + if (!NT_STATUS_IS_OK(status)) { + return ADS_ERROR_NT(status); + } #ifdef HAVE_KRB5 /* If password is set we reauthenticate to kerberos server @@ -1284,10 +1314,17 @@ struct async_req *cli_tcon_andx_send(TALLOC_CTX *mem_ctx, return result; access_denied: - result = async_req_new(mem_ctx); - if (async_post_ntstatus(result, ev, NT_STATUS_ACCESS_DENIED)) { - return result; + { + struct cli_request *state; + if (!async_req_setup(mem_ctx, &result, &state, + struct cli_request)) { + goto fail; + } + if (async_post_ntstatus(result, ev, NT_STATUS_ACCESS_DENIED)) { + return result; + } } + fail: TALLOC_FREE(result); return NULL; } @@ -1748,15 +1785,20 @@ bool cli_session_request(struct cli_state *cli, return(True); } -static void smb_sock_connected(struct async_req *req) +struct fd_struct { + int fd; +}; + +static void smb_sock_connected(struct tevent_req *req) { - int *pfd = (int *)req->async.priv; + struct fd_struct *pfd = tevent_req_callback_data( + req, struct fd_struct); int fd; NTSTATUS status; status = open_socket_out_defer_recv(req, &fd); if (NT_STATUS_IS_OK(status)) { - *pfd = fd; + pfd->fd = fd; } } @@ -1764,10 +1806,9 @@ static NTSTATUS open_smb_socket(const struct sockaddr_storage *pss, uint16_t *port, int timeout, int *pfd) { struct event_context *ev; - struct async_req *r139, *r445; - int fd139 = -1; - int fd445 = -1; - NTSTATUS status; + struct tevent_req *r139, *r445; + struct fd_struct *fd139, *fd445; + NTSTATUS status = NT_STATUS_NO_MEMORY; if (*port != 0) { return open_socket_out(pss, *port, timeout, pfd); @@ -1778,43 +1819,54 @@ static NTSTATUS open_smb_socket(const struct sockaddr_storage *pss, return NT_STATUS_NO_MEMORY; } + fd139 = talloc(ev, struct fd_struct); + if (fd139 == NULL) { + goto done; + } + fd139->fd = -1; + + fd445 = talloc(ev, struct fd_struct); + if (fd445 == NULL) { + goto done; + } + fd445->fd = -1; + r445 = open_socket_out_defer_send(ev, ev, timeval_set(0, 0), pss, 445, timeout); r139 = open_socket_out_defer_send(ev, ev, timeval_set(0, 3000), pss, 139, timeout); if ((r445 == NULL) || (r139 == NULL)) { - status = NT_STATUS_NO_MEMORY; goto done; } - r445->async.fn = smb_sock_connected; - r445->async.priv = &fd445; - r139->async.fn = smb_sock_connected; - r139->async.priv = &fd139; + tevent_req_set_callback(r445, smb_sock_connected, fd445); + tevent_req_set_callback(r139, smb_sock_connected, fd139); - while ((fd139 == -1) && (r139->state < ASYNC_REQ_DONE) - && (fd445 == -1) && (r445->state < ASYNC_REQ_DONE)) { + while ((fd139->fd == -1) + && tevent_req_is_in_progress(r139) + && (fd445->fd == -1) + && tevent_req_is_in_progress(r445)) { event_loop_once(ev); } - if ((fd139 != -1) && (fd445 != -1)) { - close(fd139); - fd139 = -1; + if ((fd139->fd != -1) && (fd445->fd != -1)) { + close(fd139->fd); + fd139->fd = -1; } - if (fd445 != -1) { + if (fd445->fd != -1) { *port = 445; - *pfd = fd445; + *pfd = fd445->fd; status = NT_STATUS_OK; goto done; } - if (fd139 != -1) { + if (fd139->fd != -1) { *port = 139; - *pfd = fd139; + *pfd = fd139->fd; status = NT_STATUS_OK; goto done; } - status = open_socket_out_defer_recv(r445, &fd445); + status = open_socket_out_defer_recv(r445, &fd445->fd); done: TALLOC_FREE(ev); return status; @@ -1936,7 +1988,7 @@ NTSTATUS cli_start_connection(struct cli_state **output_cli, if (!my_name) my_name = global_myname(); - if (!(cli = cli_initialise())) { + if (!(cli = cli_initialise_ex(signing_state))) { return NT_STATUS_NO_MEMORY; } @@ -1984,8 +2036,6 @@ again: return NT_STATUS_BAD_NETWORK_NAME; } - cli_setup_signing_state(cli, signing_state); - if (flags & CLI_FULL_CONNECTION_DONT_SPNEGO) cli->use_spnego = False; else if (flags & CLI_FULL_CONNECTION_USE_KERBEROS) @@ -2083,7 +2133,11 @@ NTSTATUS cli_full_connection(struct cli_state **output_cli, } } - cli_init_creds(cli, user, domain, password); + nt_status = cli_init_creds(cli, user, domain, password); + if (!NT_STATUS_IS_OK(nt_status)) { + cli_shutdown(cli); + return nt_status; + } *output_cli = cli; return NT_STATUS_OK; diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c index e642f169f9..430807eb7f 100644 --- a/source3/libsmb/clidfs.c +++ b/source3/libsmb/clidfs.c @@ -3,7 +3,7 @@ client connect/disconnect routines Copyright (C) Andrew Tridgell 1994-1998 Copyright (C) Gerald (Jerry) Carter 2004 - Copyright (C) Jeremy Allison 2007 + Copyright (C) Jeremy Allison 2007-2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -32,25 +32,6 @@ as a separator when looking at the pathname part.... JRA. ********************************************************************/ -struct client_connection { - struct client_connection *prev, *next; - struct cli_state *cli; - char *mount; -}; - -static struct cm_cred_struct { - char *username; - char *password; - bool got_pass; - bool use_kerberos; - bool fallback_after_kerberos; - int signing_state; -} cm_creds; - -static void cm_set_password(const char *newpass); - -static struct client_connection *connections; - static bool cli_check_msdfs_proxy(TALLOC_CTX *ctx, struct cli_state *cli, const char *sharename, @@ -96,7 +77,7 @@ NTSTATUS cli_cm_force_encryption(struct cli_state *c, return status; } - + /******************************************************************** Return a connection to a server. ********************************************************************/ @@ -104,6 +85,7 @@ NTSTATUS cli_cm_force_encryption(struct cli_state *c, static struct cli_state *do_connect(TALLOC_CTX *ctx, const char *server, const char *share, + const struct user_auth_info *auth_info, bool show_sessetup, bool force_encrypt, int max_protocol, @@ -151,7 +133,7 @@ static struct cli_state *do_connect(TALLOC_CTX *ctx, zero_sockaddr(&ss); /* have to open a new connection */ - if (!(c=cli_initialise())) { + if (!(c=cli_initialise_ex(get_cmdline_auth_info_signing_state(auth_info)))) { d_printf("Connection to %s failed\n", server_n); if (c) { cli_shutdown(c); @@ -175,9 +157,9 @@ static struct cli_state *do_connect(TALLOC_CTX *ctx, max_protocol = PROTOCOL_NT1; } c->protocol = max_protocol; - c->use_kerberos = cm_creds.use_kerberos; - c->fallback_after_kerberos = cm_creds.fallback_after_kerberos; - cli_setup_signing_state(c, cm_creds.signing_state); + c->use_kerberos = get_cmdline_auth_info_use_kerberos(auth_info); + c->fallback_after_kerberos = + get_cmdline_auth_info_fallback_after_kerberos(auth_info); if (!cli_session_request(c, &calling, &called)) { char *p; @@ -207,20 +189,8 @@ static struct cli_state *do_connect(TALLOC_CTX *ctx, return NULL; } - if (!cm_creds.got_pass && !cm_creds.use_kerberos) { - char *label = NULL; - char *pass; - label = talloc_asprintf(ctx, "Enter %s's password: ", - cm_creds.username); - pass = getpass(label); - if (pass) { - cm_set_password(pass); - } - TALLOC_FREE(label); - } - - username = cm_creds.username ? cm_creds.username : ""; - password = cm_creds.password ? cm_creds.password : ""; + username = get_cmdline_auth_info_username(auth_info); + password = get_cmdline_auth_info_password(auth_info); if (!NT_STATUS_IS_OK(cli_session_setup(c, username, password, strlen(password), @@ -228,8 +198,9 @@ static struct cli_state *do_connect(TALLOC_CTX *ctx, lp_workgroup()))) { /* If a password was not supplied then * try again with a null username. */ - if (password[0] || !username[0] || cm_creds.use_kerberos || - !NT_STATUS_IS_OK(cli_session_setup(c, "", + if (password[0] || !username[0] || + get_cmdline_auth_info_use_kerberos(auth_info) || + !NT_STATUS_IS_OK(cli_session_setup(c, "", "", 0, "", 0, lp_workgroup()))) { @@ -268,7 +239,7 @@ static struct cli_state *do_connect(TALLOC_CTX *ctx, lp_workgroup())) { cli_shutdown(c); return do_connect(ctx, newserver, - newshare, false, + newshare, auth_info, false, force_encrypt, max_protocol, port, name_type); } @@ -302,111 +273,90 @@ static struct cli_state *do_connect(TALLOC_CTX *ctx, /**************************************************************************** ****************************************************************************/ -static void cli_cm_set_mntpoint(struct cli_state *c, const char *mnt) +static void cli_set_mntpoint(struct cli_state *cli, const char *mnt) { - struct client_connection *p; - int i; - - for (p=connections,i=0; p; p=p->next,i++) { - if (strequal(p->cli->desthost, c->desthost) && - strequal(p->cli->share, c->share)) { - break; - } - } - - if (p) { - char *name = clean_name(NULL, mnt); - if (!name) { - return; - } - TALLOC_FREE(p->mount); - p->mount = talloc_strdup(p, name); - TALLOC_FREE(name); - } -} - -/**************************************************************************** -****************************************************************************/ - -const char *cli_cm_get_mntpoint(struct cli_state *c) -{ - struct client_connection *p; - int i; - - for (p=connections,i=0; p; p=p->next,i++) { - if (strequal(p->cli->desthost, c->desthost) && - strequal(p->cli->share, c->share)) { - break; - } - } - - if (p) { - return p->mount; + char *name = clean_name(NULL, mnt); + if (!name) { + return; } - return NULL; + TALLOC_FREE(cli->dfs_mountpoint); + cli->dfs_mountpoint = talloc_strdup(cli, name); + TALLOC_FREE(name); } /******************************************************************** - Add a new connection to the list + Add a new connection to the list. + referring_cli == NULL means a new initial connection. ********************************************************************/ static struct cli_state *cli_cm_connect(TALLOC_CTX *ctx, struct cli_state *referring_cli, const char *server, const char *share, + const struct user_auth_info *auth_info, bool show_hdr, bool force_encrypt, int max_protocol, int port, int name_type) { - struct client_connection *node; - - /* NB This must be the null context here... JRA. */ - node = TALLOC_ZERO_ARRAY(NULL, struct client_connection, 1); - if (!node) { - return NULL; - } + struct cli_state *cli; - node->cli = do_connect(ctx, server, share, + cli = do_connect(ctx, server, share, + auth_info, show_hdr, force_encrypt, max_protocol, port, name_type); - if ( !node->cli ) { - TALLOC_FREE( node ); + if (!cli ) { return NULL; } - DLIST_ADD( connections, node ); - - cli_cm_set_mntpoint(node->cli, ""); + /* Enter into the list. */ + if (referring_cli) { + DLIST_ADD_END(referring_cli, cli, struct cli_state *); + } if (referring_cli && referring_cli->posix_capabilities) { uint16 major, minor; uint32 caplow, caphigh; - if (cli_unix_extensions_version(node->cli, &major, + if (cli_unix_extensions_version(cli, &major, &minor, &caplow, &caphigh)) { - cli_set_unix_extensions_capabilities(node->cli, + cli_set_unix_extensions_capabilities(cli, major, minor, caplow, caphigh); } } - return node->cli; + return cli; } /******************************************************************** - Return a connection to a server. + Return a connection to a server on a particular share. ********************************************************************/ -static struct cli_state *cli_cm_find(const char *server, const char *share) +static struct cli_state *cli_cm_find(struct cli_state *cli, + const char *server, + const char *share) { - struct client_connection *p; + struct cli_state *p; - for (p=connections; p; p=p->next) { - if ( strequal(server, p->cli->desthost) && - strequal(share,p->cli->share)) { - return p->cli; + if (cli == NULL) { + return NULL; + } + + /* Search to the start of the list. */ + for (p = cli; p; p = p->prev) { + if (strequal(server, p->desthost) && + strequal(share,p->share)) { + return p; + } + } + + /* Search to the end of the list. */ + for (p = cli->next; p; p = p->next) { + if (strequal(server, p->desthost) && + strequal(share,p->share)) { + return p; } } @@ -414,82 +364,68 @@ static struct cli_state *cli_cm_find(const char *server, const char *share) } /**************************************************************************** - Open a client connection to a \\server\share. Set's the current *cli - global variable as a side-effect (but only if the connection is successful). + Open a client connection to a \\server\share. ****************************************************************************/ struct cli_state *cli_cm_open(TALLOC_CTX *ctx, struct cli_state *referring_cli, const char *server, const char *share, + const struct user_auth_info *auth_info, bool show_hdr, bool force_encrypt, int max_protocol, int port, int name_type) { - struct cli_state *c; + /* Try to reuse an existing connection in this list. */ + struct cli_state *c = cli_cm_find(referring_cli, server, share); - /* try to reuse an existing connection */ - - c = cli_cm_find(server, share); - if (!c) { - c = cli_cm_connect(ctx, referring_cli, - server, share, show_hdr, force_encrypt, - max_protocol, port, name_type); + if (c) { + return c; } - return c; -} - -/**************************************************************************** -****************************************************************************/ - -void cli_cm_shutdown(void) -{ - struct client_connection *p, *x; - - for (p=connections; p;) { - cli_shutdown(p->cli); - x = p; - p = p->next; - - TALLOC_FREE(x); + if (auth_info == NULL) { + /* Can't do a new connection + * without auth info. */ + d_printf("cli_cm_open() Unable to open connection [\\%s\\%s] " + "without auth info\n", + server, share ); + return NULL; } - connections = NULL; - return; + return cli_cm_connect(ctx, + referring_cli, + server, + share, + auth_info, + show_hdr, + force_encrypt, + max_protocol, + port, + name_type); } /**************************************************************************** ****************************************************************************/ -void cli_cm_display(void) +void cli_cm_display(const struct cli_state *cli) { - struct client_connection *p; int i; - for ( p=connections,i=0; p; p=p->next,i++ ) { + for (i=0; cli; cli = cli->next,i++ ) { d_printf("%d:\tserver=%s, share=%s\n", - i, p->cli->desthost, p->cli->share ); + i, cli->desthost, cli->share ); } } /**************************************************************************** ****************************************************************************/ -static void cm_set_password(const char *newpass) -{ - SAFE_FREE(cm_creds.password); - cm_creds.password = SMB_STRDUP(newpass); - if (cm_creds.password) { - cm_creds.got_pass = true; - } -} - /**************************************************************************** ****************************************************************************/ +#if 0 void cli_cm_set_credentials(struct user_auth_info *auth_info) { SAFE_FREE(cm_creds.username); @@ -504,51 +440,7 @@ void cli_cm_set_credentials(struct user_auth_info *auth_info) cm_creds.fallback_after_kerberos = false; cm_creds.signing_state = get_cmdline_auth_info_signing_state(auth_info); } - -/**************************************************************************** -****************************************************************************/ - -void cli_cm_set_signing_state(int state) -{ - cm_creds.signing_state = state; -} - -/**************************************************************************** -****************************************************************************/ - -void cli_cm_set_username(const char *username) -{ - SAFE_FREE(cm_creds.username); - cm_creds.username = SMB_STRDUP(username); -} - -/**************************************************************************** -****************************************************************************/ - -void cli_cm_set_password(const char *newpass) -{ - SAFE_FREE(cm_creds.password); - cm_creds.password = SMB_STRDUP(newpass); - if (cm_creds.password) { - cm_creds.got_pass = true; - } -} - -/**************************************************************************** -****************************************************************************/ - -void cli_cm_set_use_kerberos(void) -{ - cm_creds.use_kerberos = true; -} - -/**************************************************************************** -****************************************************************************/ - -void cli_cm_set_fallback_after_kerberos(void) -{ - cm_creds.fallback_after_kerberos = true; -} +#endif /********************************************************************** split a dfs path into the server, share name, and extrapath components @@ -659,13 +551,23 @@ static char *cli_dfs_make_full_path(TALLOC_CTX *ctx, struct cli_state *cli, const char *dir) { + char path_sep = '\\'; + /* Ensure the extrapath doesn't start with a separator. */ while (IS_DIRECTORY_SEP(*dir)) { dir++; } - return talloc_asprintf(ctx, "\\%s\\%s\\%s", - cli->desthost, cli->share, dir); + if (cli->posix_capabilities & CIFS_UNIX_POSIX_PATHNAMES_CAP) { + path_sep = '/'; + } + return talloc_asprintf(ctx, "%c%s%c%s%c%s", + path_sep, + cli->desthost, + path_sep, + cli->share, + path_sep, + dir); } /******************************************************************** @@ -818,6 +720,7 @@ bool cli_dfs_get_referral(TALLOC_CTX *ctx, bool cli_resolve_path(TALLOC_CTX *ctx, const char *mountpt, + const struct user_auth_info *dfs_auth_info, struct cli_state *rootcli, const char *path, struct cli_state **targetcli, @@ -898,13 +801,16 @@ bool cli_resolve_path(TALLOC_CTX *ctx, /* Check for the referral. */ - if (!(cli_ipc = cli_cm_open(ctx, rootcli, - rootcli->desthost, - "IPC$", false, - (rootcli->trans_enc_state != NULL), - rootcli->protocol, - 0, - 0x20))) { + if (!(cli_ipc = cli_cm_open(ctx, + rootcli, + rootcli->desthost, + "IPC$", + dfs_auth_info, + false, + (rootcli->trans_enc_state != NULL), + rootcli->protocol, + 0, + 0x20))) { return false; } @@ -948,6 +854,7 @@ bool cli_resolve_path(TALLOC_CTX *ctx, if ((*targetcli = cli_cm_open(ctx, rootcli, server, share, + dfs_auth_info, false, (rootcli->trans_enc_state != NULL), rootcli->protocol, @@ -999,7 +906,7 @@ bool cli_resolve_path(TALLOC_CTX *ctx, return false; } - cli_cm_set_mntpoint(*targetcli, newmount); + cli_set_mntpoint(*targetcli, newmount); /* Check for another dfs referral, note that we are not checking for loops here. */ @@ -1007,6 +914,7 @@ bool cli_resolve_path(TALLOC_CTX *ctx, if (!strequal(*pp_targetpath, "\\") && !strequal(*pp_targetpath, "/")) { if (cli_resolve_path(ctx, newmount, + dfs_auth_info, *targetcli, *pp_targetpath, &newcli, diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c index 0382ef5fae..c1ba4e5c4f 100644 --- a/source3/libsmb/clientgen.c +++ b/source3/libsmb/clientgen.c @@ -409,49 +409,76 @@ void cli_setup_bcc(struct cli_state *cli, void *p) } /**************************************************************************** - Initialise credentials of a client structure. + Initialize Domain, user or password. ****************************************************************************/ -void cli_init_creds(struct cli_state *cli, const char *username, const char *domain, const char *password) +NTSTATUS cli_set_domain(struct cli_state *cli, const char *domain) { - fstrcpy(cli->domain, domain); - fstrcpy(cli->user_name, username); - pwd_set_cleartext(&cli->pwd, password); - if (!*username) { - cli->pwd.null_pwd = true; + TALLOC_FREE(cli->domain); + cli->domain = talloc_strdup(cli, domain ? domain : ""); + if (cli->domain == NULL) { + return NT_STATUS_NO_MEMORY; } + return NT_STATUS_OK; +} - DEBUG(10,("cli_init_creds: user %s domain %s\n", cli->user_name, cli->domain)); +NTSTATUS cli_set_username(struct cli_state *cli, const char *username) +{ + TALLOC_FREE(cli->user_name); + cli->user_name = talloc_strdup(cli, username ? username : ""); + if (cli->user_name == NULL) { + return NT_STATUS_NO_MEMORY; + } + return NT_STATUS_OK; +} + +NTSTATUS cli_set_password(struct cli_state *cli, const char *password) +{ + TALLOC_FREE(cli->password); + + /* Password can be NULL. */ + if (password) { + cli->password = talloc_strdup(cli, password); + if (cli->password == NULL) { + return NT_STATUS_NO_MEMORY; + } + } else { + /* Use zero NTLMSSP hashes and session key. */ + cli->password = NULL; + } + + return NT_STATUS_OK; } /**************************************************************************** - Set the signing state (used from the command line). + Initialise credentials of a client structure. ****************************************************************************/ -void cli_setup_signing_state(struct cli_state *cli, int signing_state) +NTSTATUS cli_init_creds(struct cli_state *cli, const char *username, const char *domain, const char *password) { - if (signing_state == Undefined) - return; - - if (signing_state == false) { - cli->sign_info.allow_smb_signing = false; - cli->sign_info.mandatory_signing = false; - return; + NTSTATUS status = cli_set_username(cli, username); + if (!NT_STATUS_IS_OK(status)) { + return status; } + status = cli_set_domain(cli, domain); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + DEBUG(10,("cli_init_creds: user %s domain %s\n", cli->user_name, cli->domain)); - cli->sign_info.allow_smb_signing = true; - - if (signing_state == Required) - cli->sign_info.mandatory_signing = true; + return cli_set_password(cli, password); } /**************************************************************************** - Initialise a client structure. Always returns a malloc'ed struct. + Initialise a client structure. Always returns a talloc'ed struct. + Set the signing state (used from the command line). ****************************************************************************/ -struct cli_state *cli_initialise(void) +struct cli_state *cli_initialise_ex(int signing_state) { struct cli_state *cli = NULL; + bool allow_smb_signing = false; + bool mandatory_signing = false; /* Check the effective uid - make sure we are not setuid */ if (is_setuid_root()) { @@ -464,6 +491,10 @@ struct cli_state *cli_initialise(void) return NULL; } + cli->dfs_mountpoint = talloc_strdup(cli, ""); + if (!cli->dfs_mountpoint) { + goto error; + } cli->port = 0; cli->fd = -1; cli->cnum = -1; @@ -490,12 +521,27 @@ struct cli_state *cli_initialise(void) if (getenv("CLI_FORCE_DOSERR")) cli->force_dos_errors = true; - if (lp_client_signing()) - cli->sign_info.allow_smb_signing = true; + if (lp_client_signing()) { + allow_smb_signing = true; + } + + if (lp_client_signing() == Required) { + mandatory_signing = true; + } + + if (signing_state != Undefined) { + allow_smb_signing = true; + } + + if (signing_state == false) { + allow_smb_signing = false; + mandatory_signing = false; + } + + if (signing_state == Required) { + mandatory_signing = true; + } - if (lp_client_signing() == Required) - cli->sign_info.mandatory_signing = true; - if (!cli->outbuf || !cli->inbuf) goto error; @@ -510,6 +556,8 @@ struct cli_state *cli_initialise(void) #endif /* initialise signing */ + cli->sign_info.allow_smb_signing = allow_smb_signing; + cli->sign_info.mandatory_signing = mandatory_signing; cli_null_set_signing(cli); cli->initialised = 1; @@ -522,10 +570,15 @@ struct cli_state *cli_initialise(void) SAFE_FREE(cli->inbuf); SAFE_FREE(cli->outbuf); - SAFE_FREE(cli); + TALLOC_FREE(cli); return NULL; } +struct cli_state *cli_initialise(void) +{ + return cli_initialise_ex(Undefined); +} + /**************************************************************************** Close all pipes open on this session. ****************************************************************************/ @@ -546,6 +599,27 @@ void cli_nt_pipes_close(struct cli_state *cli) void cli_shutdown(struct cli_state *cli) { + if (cli->prev == NULL) { + /* + * Possible head of a DFS list, + * shutdown all subsidiary DFS + * connections. + */ + struct cli_state *p, *next; + + for (p = cli->next; p; p = next) { + next = p->next; + cli_shutdown(p); + } + } else { + /* + * We're a subsidiary connection. + * Just remove ourselves from the + * DFS list. + */ + DLIST_REMOVE(cli->prev, cli); + } + cli_nt_pipes_close(cli); /* diff --git a/source3/libsmb/clilist.c b/source3/libsmb/clilist.c index e604725493..a84a64794b 100644 --- a/source3/libsmb/clilist.c +++ b/source3/libsmb/clilist.c @@ -244,7 +244,6 @@ int cli_list_new(struct cli_state *cli,const char *Mask,uint16 attribute, unsigned int param_len, data_len; uint16 setup; char *param; - const char *mnt; uint32 resume_key = 0; TALLOC_CTX *frame = talloc_stackframe(); DATA_BLOB last_name_raw = data_blob(NULL, 0); @@ -457,8 +456,6 @@ int cli_list_new(struct cli_state *cli,const char *Mask,uint16 attribute, First = False; } - mnt = cli_cm_get_mntpoint( cli ); - /* see if the server disconnected or the connection otherwise failed */ if (cli_is_error(cli)) { total_received = -1; @@ -479,7 +476,7 @@ int cli_list_new(struct cli_state *cli,const char *Mask,uint16 attribute, info_level)); break; } - fn(mnt,&finfo, Mask, state); + fn(cli->dfs_mountpoint, &finfo, Mask, state); } } diff --git a/source3/libsmb/clireadwrite.c b/source3/libsmb/clireadwrite.c index 9d17ff86a5..f2f447b4c9 100644 --- a/source3/libsmb/clireadwrite.c +++ b/source3/libsmb/clireadwrite.c @@ -915,9 +915,15 @@ static NTSTATUS cli_writeall_recv(struct async_req *req) return async_req_simple_recv_ntstatus(req); } -struct cli_push_state { - struct async_req *req; +struct cli_push_write_state { + struct async_req *req;/* This is the main request! Not the subreq */ + uint32_t idx; + off_t ofs; + uint8_t *buf; + size_t size; +}; +struct cli_push_state { struct event_context *ev; struct cli_state *cli; uint16_t fnum; @@ -928,24 +934,70 @@ struct cli_push_state { size_t (*source)(uint8_t *buf, size_t n, void *priv); void *priv; - size_t chunk_size; - - size_t sent; bool eof; + size_t chunk_size; + off_t next_offset; + /* * Outstanding requests */ - int num_reqs; - struct async_req **reqs; - - int pending; - - uint8_t *buf; + uint32_t pending; + uint32_t num_reqs; + struct cli_push_write_state **reqs; }; static void cli_push_written(struct async_req *req); +static bool cli_push_write_setup(struct async_req *req, + struct cli_push_state *state, + uint32_t idx) +{ + struct cli_push_write_state *substate; + struct async_req *subreq; + + substate = talloc(state->reqs, struct cli_push_write_state); + if (!substate) { + return false; + } + substate->req = req; + substate->idx = idx; + substate->ofs = state->next_offset; + substate->buf = talloc_array(substate, uint8_t, state->chunk_size); + if (!substate->buf) { + talloc_free(substate); + return false; + } + substate->size = state->source(substate->buf, + state->chunk_size, + state->priv); + if (substate->size == 0) { + state->eof = true; + /* nothing to send */ + talloc_free(substate); + return true; + } + + subreq = cli_writeall_send(substate, + state->ev, state->cli, + state->fnum, state->mode, + substate->buf, + substate->ofs, + substate->size); + if (!subreq) { + talloc_free(substate); + return false; + } + subreq->async.fn = cli_push_written; + subreq->async.priv = substate; + + state->reqs[idx] = substate; + state->pending += 1; + state->next_offset += substate->size; + + return true; +} + struct async_req *cli_push_send(TALLOC_CTX *mem_ctx, struct event_context *ev, struct cli_state *cli, uint16_t fnum, uint16_t mode, @@ -954,16 +1006,14 @@ struct async_req *cli_push_send(TALLOC_CTX *mem_ctx, struct event_context *ev, void *priv), void *priv) { - struct async_req *result; + struct async_req *req; struct cli_push_state *state; - int i; + uint32_t i; - if (!async_req_setup(mem_ctx, &result, &state, + if (!async_req_setup(mem_ctx, &req, &state, struct cli_push_state)) { return NULL; } - state->req = result; - state->cli = cli; state->ev = ev; state->fnum = fnum; @@ -972,124 +1022,83 @@ struct async_req *cli_push_send(TALLOC_CTX *mem_ctx, struct event_context *ev, state->source = source; state->priv = priv; state->eof = false; - state->sent = 0; state->pending = 0; + state->next_offset = start_offset; state->chunk_size = cli_write_max_bufsize(cli, mode); - state->num_reqs = MAX(window_size/state->chunk_size, 1); + if (window_size == 0) { + window_size = cli->max_mux * state->chunk_size; + } + state->num_reqs = window_size/state->chunk_size; + if ((window_size % state->chunk_size) > 0) { + state->num_reqs += 1; + } state->num_reqs = MIN(state->num_reqs, cli->max_mux); + state->num_reqs = MAX(state->num_reqs, 1); - state->reqs = TALLOC_ZERO_ARRAY(state, struct async_req *, + state->reqs = TALLOC_ZERO_ARRAY(state, struct cli_push_write_state *, state->num_reqs); if (state->reqs == NULL) { goto failed; } - state->buf = TALLOC_ARRAY( - state, uint8_t, state->chunk_size * state->num_reqs); - if (state->buf == NULL) { - goto failed; - } - for (i=0; i<state->num_reqs; i++) { - size_t to_write; - uint8_t *buf = state->buf + i*state->chunk_size; - - to_write = state->source(buf, state->chunk_size, state->priv); - if (to_write == 0) { - state->eof = true; - break; - } - - state->reqs[i] = cli_writeall_send( - state->reqs, state->ev, state->cli, state->fnum, - state->mode, buf, state->start_offset + state->sent, - to_write); - if (state->reqs[i] == NULL) { + if (!cli_push_write_setup(req, state, i)) { goto failed; } - state->reqs[i]->async.fn = cli_push_written; - state->reqs[i]->async.priv = state; - - state->sent += to_write; - state->pending += 1; + if (state->eof) { + break; + } } - if (i == 0) { - if (!async_post_ntstatus(result, ev, NT_STATUS_OK)) { + if (state->pending == 0) { + if (!async_post_ntstatus(req, ev, NT_STATUS_OK)) { goto failed; } - return result; + return req; } - return result; + return req; failed: - TALLOC_FREE(result); + TALLOC_FREE(req); return NULL; } -static void cli_push_written(struct async_req *req) +static void cli_push_written(struct async_req *subreq) { + struct cli_push_write_state *substate = talloc_get_type_abort( + subreq->async.priv, struct cli_push_write_state); + struct async_req *req = substate->req; struct cli_push_state *state = talloc_get_type_abort( - req->async.priv, struct cli_push_state); + req->private_data, struct cli_push_state); NTSTATUS status; - int i; - uint8_t *buf; - size_t to_write; - - for (i=0; i<state->num_reqs; i++) { - if (state->reqs[i] == req) { - break; - } - } - - if (i == state->num_reqs) { - async_req_nterror(state->req, NT_STATUS_INTERNAL_ERROR); - return; - } - - status = cli_writeall_recv(req); - TALLOC_FREE(state->reqs[i]); - req = NULL; - if (!NT_STATUS_IS_OK(status)) { - async_req_nterror(state->req, status); - return; - } + uint32_t idx = substate->idx; + state->reqs[idx] = NULL; state->pending -= 1; - if (state->pending == 0) { - async_req_done(state->req); - return; - } - if (state->eof) { + status = cli_writeall_recv(subreq); + TALLOC_FREE(subreq); + TALLOC_FREE(substate); + if (!NT_STATUS_IS_OK(status)) { + async_req_nterror(req, status); return; } - buf = state->buf + i * state->chunk_size; - - to_write = state->source(buf, state->chunk_size, state->priv); - if (to_write == 0) { - state->eof = true; - return; + if (!state->eof) { + if (!cli_push_write_setup(req, state, idx)) { + async_req_nomem(NULL, req); + return; + } } - state->reqs[i] = cli_writeall_send( - state->reqs, state->ev, state->cli, state->fnum, - state->mode, buf, state->start_offset + state->sent, to_write); - if (state->reqs[i] == NULL) { - async_req_nterror(state->req, NT_STATUS_NO_MEMORY); + if (state->pending == 0) { + async_req_done(req); return; } - - state->reqs[i]->async.fn = cli_push_written; - state->reqs[i]->async.priv = state; - - state->sent += to_write; - state->pending += 1; } NTSTATUS cli_push_recv(struct async_req *req) diff --git a/source3/libsmb/clitrans.c b/source3/libsmb/clitrans.c index 69e2be3af7..0266c0307e 100644 --- a/source3/libsmb/clitrans.c +++ b/source3/libsmb/clitrans.c @@ -112,9 +112,6 @@ bool cli_send_trans(struct cli_state *cli, int trans, this_lparam = MIN(lparam-tot_param,cli->max_xmit - 500); /* hack */ this_ldata = MIN(ldata-tot_data,cli->max_xmit - (500+this_lparam)); - client_set_trans_sign_state_off(cli, mid); - client_set_trans_sign_state_on(cli, mid); - cli_set_message(cli->outbuf,trans==SMBtrans?8:9,0,True); SCVAL(cli->outbuf,smb_com,(trans==SMBtrans ? SMBtranss : SMBtranss2)); @@ -138,20 +135,14 @@ bool cli_send_trans(struct cli_state *cli, int trans, memcpy(outdata,data+tot_data,this_ldata); cli_setup_bcc(cli, outdata+this_ldata); - /* - * Save the mid we're using. We need this for finding - * signing replies. - */ - mid = cli->mid; - show_msg(cli->outbuf); + + client_set_trans_sign_state_off(cli, mid); + cli->mid = mid; if (!cli_send_smb(cli)) { - client_set_trans_sign_state_off(cli, mid); return False; } - - /* Ensure we use the same mid for the secondaries. */ - cli->mid = mid; + client_set_trans_sign_state_on(cli, mid); tot_data += this_ldata; tot_param += this_lparam; @@ -461,21 +452,14 @@ bool cli_send_nt_trans(struct cli_state *cli, memcpy(outdata,data+tot_data,this_ldata); cli_setup_bcc(cli, outdata+this_ldata); - /* - * Save the mid we're using. We need this for finding - * signing replies. - */ - mid = cli->mid; - show_msg(cli->outbuf); + client_set_trans_sign_state_off(cli, mid); + cli->mid = mid; if (!cli_send_smb(cli)) { - client_set_trans_sign_state_off(cli, mid); return False; } - - /* Ensure we use the same mid for the secondaries. */ - cli->mid = mid; + client_set_trans_sign_state_on(cli, mid); tot_data += this_ldata; tot_param += this_lparam; @@ -747,6 +731,7 @@ static struct async_req *cli_ship_trans(TALLOC_CTX *mem_ctx, uint16_t this_data = 0; uint32_t useable_space; uint8_t cmd; + uint8_t pad[3]; frame = talloc_stackframe(); @@ -759,9 +744,16 @@ static struct async_req *cli_ship_trans(TALLOC_CTX *mem_ctx, param_offset = smb_size - 4; + bytes = TALLOC_ARRAY(talloc_tos(), uint8_t, 0); /* padding */ + if (bytes == NULL) { + goto fail; + } + switch (cmd) { case SMBtrans: - bytes = TALLOC_ZERO_P(talloc_tos(), uint8_t); /* padding */ + pad[0] = 0; + bytes = (uint8_t *)talloc_append_blob(talloc_tos(), bytes, + data_blob_const(pad, 1)); if (bytes == NULL) { goto fail; } @@ -775,13 +767,14 @@ static struct async_req *cli_ship_trans(TALLOC_CTX *mem_ctx, param_offset += talloc_get_size(bytes); break; case SMBtrans2: - bytes = TALLOC_ARRAY(talloc_tos(), uint8_t, 3); /* padding */ + pad[0] = 0; + pad[1] = 'D'; /* Copy this from "old" 3.0 behaviour */ + pad[2] = ' '; + bytes = (uint8_t *)talloc_append_blob(talloc_tos(), bytes, + data_blob_const(pad, 3)); if (bytes == NULL) { goto fail; } - bytes[0] = 0; - bytes[1] = 'D'; /* Copy this from "old" 3.0 behaviour */ - bytes[2] = ' '; wct = 14 + state->num_setup; param_offset += talloc_get_size(bytes); break; diff --git a/source3/libsmb/libsmb_context.c b/source3/libsmb/libsmb_context.c index 4c12d18ab7..f09e9c6287 100644 --- a/source3/libsmb/libsmb_context.c +++ b/source3/libsmb/libsmb_context.c @@ -203,6 +203,9 @@ smbc_free_context(SMBCCTX *context, DEBUG(3, ("Context %p successfully freed\n", context)); + /* Free any DFS auth context. */ + TALLOC_FREE(context->internal->auth_info); + SAFE_FREE(context->internal); SAFE_FREE(context); @@ -625,32 +628,20 @@ smbc_version(void) return samba_version_string(); } - /* * Set the credentials so DFS will work when following referrals. + * This function is broken and must be removed. No SMBCCTX arg... + * JRA. */ + void smbc_set_credentials(const char *workgroup, - const char *user, - const char *password, - smbc_bool use_kerberos, - const char *signing_state) + const char *user, + const char *password, + smbc_bool use_kerberos, + const char *signing_state) { - struct user_auth_info *auth_info; - - auth_info = user_auth_info_init(talloc_tos()); - if (auth_info == NULL) { - return; - } - set_cmdline_auth_info_username(auth_info, user); - set_cmdline_auth_info_password(auth_info, password); - set_cmdline_auth_info_use_kerberos(auth_info, use_kerberos); - if (! set_cmdline_auth_info_signing_state(auth_info, signing_state)) { - DEBUG(0, ("Invalid signing state: %s", signing_state)); - } - set_global_myworkgroup(workgroup); - cli_cm_set_credentials(auth_info); - TALLOC_FREE(auth_info); + d_printf("smbc_set_credentials is obsolete. Replace with smbc_set_credentials_with_fallback().\n"); } void smbc_set_credentials_with_fallback(SMBCCTX *context, @@ -660,7 +651,11 @@ void smbc_set_credentials_with_fallback(SMBCCTX *context, { smbc_bool use_kerberos = false; const char *signing_state = "off"; - + struct user_auth_info *auth_info = user_auth_info_init(NULL); + + if (auth_info) { + } + if (! context || ! workgroup || ! *workgroup || ! user || ! *user || @@ -669,6 +664,13 @@ void smbc_set_credentials_with_fallback(SMBCCTX *context, return; } + auth_info = user_auth_info_init(NULL); + + if (auth_info) { + DEBUG(0, ("smbc_set_credentials_with_fallback: allocation fail\n")); + return; + } + if (smbc_getOptionUseKerberos(context)) { use_kerberos = True; } @@ -681,10 +683,15 @@ void smbc_set_credentials_with_fallback(SMBCCTX *context, signing_state = "force"; } - smbc_set_credentials(workgroup, user, password, - use_kerberos, signing_state); + set_cmdline_auth_info_username(auth_info, user); + set_cmdline_auth_info_password(auth_info, password); + set_cmdline_auth_info_use_kerberos(auth_info, use_kerberos); + set_cmdline_auth_info_signing_state(auth_info, signing_state); + set_cmdline_auth_info_fallback_after_kerberos(auth_info, + smbc_getOptionFallbackAfterKerberos(context)); + set_global_myworkgroup(workgroup); - if (smbc_getOptionFallbackAfterKerberos(context)) { - cli_cm_set_fallback_after_kerberos(); - } + TALLOC_FREE(context->internal->auth_info); + + context->internal->auth_info = auth_info; } diff --git a/source3/libsmb/libsmb_dir.c b/source3/libsmb/libsmb_dir.c index 56661af70b..2255db6617 100644 --- a/source3/libsmb/libsmb_dir.c +++ b/source3/libsmb/libsmb_dir.c @@ -770,8 +770,9 @@ SMBC_opendir_ctx(SMBCCTX *context, return NULL; } - if (!cli_resolve_path(frame, "", srv->cli, path, - &targetcli, &targetpath)) { + if (!cli_resolve_path(frame, "", context->internal->auth_info, + srv->cli, path, + &targetcli, &targetpath)) { d_printf("Could not resolve %s\n", path); if (dir) { SAFE_FREE(dir->fname); @@ -1166,8 +1167,9 @@ SMBC_mkdir_ctx(SMBCCTX *context, } /*d_printf(">>>mkdir: resolving %s\n", path);*/ - if (!cli_resolve_path(frame, "", srv->cli, path, - &targetcli, &targetpath)) { + if (!cli_resolve_path(frame, "", context->internal->auth_info, + srv->cli, path, + &targetcli, &targetpath)) { d_printf("Could not resolve %s\n", path); TALLOC_FREE(frame); return -1; @@ -1272,8 +1274,9 @@ SMBC_rmdir_ctx(SMBCCTX *context, } /*d_printf(">>>rmdir: resolving %s\n", path);*/ - if (!cli_resolve_path(frame, "", srv->cli, path, - &targetcli, &targetpath)) { + if (!cli_resolve_path(frame, "", context->internal->auth_info, + srv->cli, path, + &targetcli, &targetpath)) { d_printf("Could not resolve %s\n", path); TALLOC_FREE(frame); return -1; @@ -1554,8 +1557,9 @@ SMBC_chmod_ctx(SMBCCTX *context, } /*d_printf(">>>unlink: resolving %s\n", path);*/ - if (!cli_resolve_path(frame, "", srv->cli, path, - &targetcli, &targetpath)) { + if (!cli_resolve_path(frame, "", context->internal->auth_info, + srv->cli, path, + &targetcli, &targetpath)) { d_printf("Could not resolve %s\n", path); TALLOC_FREE(frame); return -1; @@ -1745,8 +1749,9 @@ SMBC_unlink_ctx(SMBCCTX *context, } /*d_printf(">>>unlink: resolving %s\n", path);*/ - if (!cli_resolve_path(frame, "", srv->cli, path, - &targetcli, &targetpath)) { + if (!cli_resolve_path(frame, "", context->internal->auth_info, + srv->cli, path, + &targetcli, &targetpath)) { d_printf("Could not resolve %s\n", path); TALLOC_FREE(frame); return -1; @@ -1917,8 +1922,10 @@ SMBC_rename_ctx(SMBCCTX *ocontext, password1); /*d_printf(">>>rename: resolving %s\n", path1);*/ - if (!cli_resolve_path(frame, "", srv->cli, path1, - &targetcli1, &targetpath1)) { + if (!cli_resolve_path(frame, "", ocontext->internal->auth_info, + srv->cli, + path1, + &targetcli1, &targetpath1)) { d_printf("Could not resolve %s\n", path1); TALLOC_FREE(frame); return -1; @@ -1932,8 +1939,10 @@ SMBC_rename_ctx(SMBCCTX *ocontext, /*d_printf(">>>rename: resolved path as %s\n", targetpath1);*/ /*d_printf(">>>rename: resolving %s\n", path2);*/ - if (!cli_resolve_path(frame, "", srv->cli, path2, - &targetcli2, &targetpath2)) { + if (!cli_resolve_path(frame, "", ncontext->internal->auth_info, + srv->cli, + path2, + &targetcli2, &targetpath2)) { d_printf("Could not resolve %s\n", path2); TALLOC_FREE(frame); return -1; diff --git a/source3/libsmb/libsmb_file.c b/source3/libsmb/libsmb_file.c index 28256bb241..06e41ad21e 100644 --- a/source3/libsmb/libsmb_file.c +++ b/source3/libsmb/libsmb_file.c @@ -115,8 +115,9 @@ SMBC_open_ctx(SMBCCTX *context, ZERO_STRUCTP(file); /*d_printf(">>>open: resolving %s\n", path);*/ - if (!cli_resolve_path(frame, "", srv->cli, path, - &targetcli, &targetpath)) { + if (!cli_resolve_path(frame, "", context->internal->auth_info, + srv->cli, path, + &targetcli, &targetpath)) { d_printf("Could not resolve %s\n", path); SAFE_FREE(file); TALLOC_FREE(frame); @@ -295,8 +296,9 @@ SMBC_read_ctx(SMBCCTX *context, } /*d_printf(">>>read: resolving %s\n", path);*/ - if (!cli_resolve_path(frame, "", file->srv->cli, path, - &targetcli, &targetpath)) { + if (!cli_resolve_path(frame, "", context->internal->auth_info, + file->srv->cli, path, + &targetcli, &targetpath)) { d_printf("Could not resolve %s\n", path); TALLOC_FREE(frame); return -1; @@ -384,8 +386,9 @@ SMBC_write_ctx(SMBCCTX *context, } /*d_printf(">>>write: resolving %s\n", path);*/ - if (!cli_resolve_path(frame, "", file->srv->cli, path, - &targetcli, &targetpath)) { + if (!cli_resolve_path(frame, "", context->internal->auth_info, + file->srv->cli, path, + &targetcli, &targetpath)) { d_printf("Could not resolve %s\n", path); TALLOC_FREE(frame); return -1; @@ -459,8 +462,9 @@ SMBC_close_ctx(SMBCCTX *context, } /*d_printf(">>>close: resolving %s\n", path);*/ - if (!cli_resolve_path(frame, "", file->srv->cli, path, - &targetcli, &targetpath)) { + if (!cli_resolve_path(frame, "", context->internal->auth_info, + file->srv->cli, path, + &targetcli, &targetpath)) { d_printf("Could not resolve %s\n", path); TALLOC_FREE(frame); return -1; @@ -541,8 +545,9 @@ SMBC_getatr(SMBCCTX * context, } DEBUG(4,("SMBC_getatr: sending qpathinfo\n")); - if (!cli_resolve_path(frame, "", srv->cli, fixedpath, - &targetcli, &targetpath)) { + if (!cli_resolve_path(frame, "", context->internal->auth_info, + srv->cli, fixedpath, + &targetcli, &targetpath)) { d_printf("Couldn't resolve %s\n", path); TALLOC_FREE(frame); return False; @@ -753,8 +758,9 @@ SMBC_lseek_ctx(SMBCCTX *context, } /*d_printf(">>>lseek: resolving %s\n", path);*/ - if (!cli_resolve_path(frame, "", file->srv->cli, path, - &targetcli, &targetpath)) { + if (!cli_resolve_path(frame, "", context->internal->auth_info, + file->srv->cli, path, + &targetcli, &targetpath)) { d_printf("Could not resolve %s\n", path); TALLOC_FREE(frame); return -1; @@ -844,8 +850,9 @@ SMBC_ftruncate_ctx(SMBCCTX *context, } /*d_printf(">>>fstat: resolving %s\n", path);*/ - if (!cli_resolve_path(frame, "", file->srv->cli, path, - &targetcli, &targetpath)) { + if (!cli_resolve_path(frame, "", context->internal->auth_info, + file->srv->cli, path, + &targetcli, &targetpath)) { d_printf("Could not resolve %s\n", path); TALLOC_FREE(frame); return -1; diff --git a/source3/libsmb/libsmb_stat.c b/source3/libsmb/libsmb_stat.c index f8571ff110..dc904d2753 100644 --- a/source3/libsmb/libsmb_stat.c +++ b/source3/libsmb/libsmb_stat.c @@ -257,8 +257,9 @@ SMBC_fstat_ctx(SMBCCTX *context, } /*d_printf(">>>fstat: resolving %s\n", path);*/ - if (!cli_resolve_path(frame, "", file->srv->cli, path, - &targetcli, &targetpath)) { + if (!cli_resolve_path(frame, "", context->internal->auth_info, + file->srv->cli, path, + &targetcli, &targetpath)) { d_printf("Could not resolve %s\n", path); TALLOC_FREE(frame); return -1; diff --git a/source3/libsmb/libsmb_xattr.c b/source3/libsmb/libsmb_xattr.c index 70fbc27883..e4a0a05586 100644 --- a/source3/libsmb/libsmb_xattr.c +++ b/source3/libsmb/libsmb_xattr.c @@ -166,7 +166,7 @@ sort_acl(SEC_ACL *the_acl) /* convert a SID to a string, either numeric or username/group */ static void convert_sid_to_string(struct cli_state *ipc_cli, - POLICY_HND *pol, + struct policy_handle *pol, fstring str, bool numeric, DOM_SID *sid) @@ -211,7 +211,7 @@ convert_sid_to_string(struct cli_state *ipc_cli, /* convert a string to a SID, either numeric or username/group */ static bool convert_string_to_sid(struct cli_state *ipc_cli, - POLICY_HND *pol, + struct policy_handle *pol, bool numeric, DOM_SID *sid, const char *str) @@ -255,7 +255,7 @@ done: /* parse an ACE in the same format as print_ace() */ static bool parse_ace(struct cli_state *ipc_cli, - POLICY_HND *pol, + struct policy_handle *pol, SEC_ACE *ace, bool numeric, char *str) @@ -422,7 +422,7 @@ add_ace(SEC_ACL **the_acl, static SEC_DESC * sec_desc_parse(TALLOC_CTX *ctx, struct cli_state *ipc_cli, - POLICY_HND *pol, + struct policy_handle *pol, bool numeric, const char *str) { @@ -702,7 +702,7 @@ cacl_get(SMBCCTX *context, TALLOC_CTX *ctx, SMBCSRV *srv, struct cli_state *ipc_cli, - POLICY_HND *pol, + struct policy_handle *pol, char *filename, char *attr_name, char *buf, @@ -891,7 +891,8 @@ cacl_get(SMBCCTX *context, /* Point to the portion after "system.nt_sec_desc." */ name += 19; /* if (all) this will be invalid but unused */ - if (!cli_resolve_path(ctx, "", cli, filename, + if (!cli_resolve_path(ctx, "", context->internal->auth_info, + cli, filename, &targetcli, &targetpath)) { DEBUG(5, ("cacl_get Could not resolve %s\n", filename)); @@ -1496,14 +1497,15 @@ cacl_get(SMBCCTX *context, set the ACLs on a file given an ascii description *******************************************************/ static int -cacl_set(TALLOC_CTX *ctx, - struct cli_state *cli, - struct cli_state *ipc_cli, - POLICY_HND *pol, - const char *filename, - char *the_acl, - int mode, - int flags) +cacl_set(SMBCCTX *context, + TALLOC_CTX *ctx, + struct cli_state *cli, + struct cli_state *ipc_cli, + struct policy_handle *pol, + const char *filename, + char *the_acl, + int mode, + int flags) { int fnum; int err = 0; @@ -1547,8 +1549,9 @@ cacl_set(TALLOC_CTX *ctx, return -1; } - if (!cli_resolve_path(ctx, "", cli, filename, - &targetcli, &targetpath)) { + if (!cli_resolve_path(ctx, "", context->internal->auth_info, + cli, filename, + &targetcli, &targetpath)) { DEBUG(5,("cacl_set: Could not resolve %s\n", filename)); errno = ENOENT; return -1; @@ -1793,7 +1796,7 @@ SMBC_setxattr_ctx(SMBCCTX *context, } if (ipc_srv) { - ret = cacl_set(talloc_tos(), srv->cli, + ret = cacl_set(context, talloc_tos(), srv->cli, ipc_srv->cli, &ipc_srv->pol, path, namevalue, (*namevalue == '*' @@ -1857,7 +1860,7 @@ SMBC_setxattr_ctx(SMBCCTX *context, errno = ENOMEM; ret = -1; } else { - ret = cacl_set(talloc_tos(), srv->cli, + ret = cacl_set(context, talloc_tos(), srv->cli, ipc_srv->cli, &ipc_srv->pol, path, namevalue, (*namevalue == '*' @@ -1887,7 +1890,7 @@ SMBC_setxattr_ctx(SMBCCTX *context, errno = ENOMEM; ret = -1; } else { - ret = cacl_set(talloc_tos(), srv->cli, + ret = cacl_set(context, talloc_tos(), srv->cli, ipc_srv->cli, &ipc_srv->pol, path, namevalue, SMBC_XATTR_MODE_CHOWN, 0); } @@ -1914,7 +1917,7 @@ SMBC_setxattr_ctx(SMBCCTX *context, errno = ENOMEM; ret = -1; } else { - ret = cacl_set(talloc_tos(), srv->cli, + ret = cacl_set(context, talloc_tos(), srv->cli, ipc_srv->cli, &ipc_srv->pol, path, namevalue, SMBC_XATTR_MODE_CHGRP, 0); } @@ -2216,7 +2219,7 @@ SMBC_removexattr_ctx(SMBCCTX *context, StrCaseCmp(name, "system.nt_sec_desc.*+") == 0) { /* Yup. */ - ret = cacl_set(talloc_tos(), srv->cli, + ret = cacl_set(context, talloc_tos(), srv->cli, ipc_srv->cli, &ipc_srv->pol, path, NULL, SMBC_XATTR_MODE_REMOVE_ALL, 0); TALLOC_FREE(frame); @@ -2236,7 +2239,7 @@ SMBC_removexattr_ctx(SMBCCTX *context, StrnCaseCmp(name, "system.nt_sec_desc.acl+", 23) == 0) { /* Yup. */ - ret = cacl_set(talloc_tos(), srv->cli, + ret = cacl_set(context, talloc_tos(), srv->cli, ipc_srv->cli, &ipc_srv->pol, path, CONST_DISCARD(char *, name) + 19, SMBC_XATTR_MODE_REMOVE, 0); diff --git a/source3/libsmb/passchange.c b/source3/libsmb/passchange.c index f9ff4b3191..45cd392a5a 100644 --- a/source3/libsmb/passchange.c +++ b/source3/libsmb/passchange.c @@ -133,9 +133,17 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam return result; } - cli_init_creds(cli, "", "", NULL); + result = cli_init_creds(cli, "", "", NULL); + if (!NT_STATUS_IS_OK(result)) { + cli_shutdown(cli); + return result; + } } else { - cli_init_creds(cli, user_name, "", old_passwd); + result = cli_init_creds(cli, user_name, "", old_passwd); + if (!NT_STATUS_IS_OK(result)) { + cli_shutdown(cli); + return result; + } } result = cli_tcon_andx(cli, "IPC$", "IPC", "", 1); @@ -222,7 +230,11 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam TALLOC_FREE(pipe_hnd); /* Try anonymous NTLMSSP... */ - cli_init_creds(cli, "", "", NULL); + result = cli_init_creds(cli, "", "", NULL); + if (!NT_STATUS_IS_OK(result)) { + cli_shutdown(cli); + return result; + } result = NT_STATUS_UNSUCCESSFUL; diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c deleted file mode 100644 index 071e729e8c..0000000000 --- a/source3/libsmb/pwd_cache.c +++ /dev/null @@ -1,61 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Password cacheing. obfuscation is planned - Copyright (C) Luke Kenneth Casson Leighton 1996-1998 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" - -/**************************************************************************** - Initialises a password structure. -****************************************************************************/ - -static void pwd_init(struct pwd_info *pwd) -{ - memset((char *)pwd->password , '\0', sizeof(pwd->password )); - - pwd->null_pwd = True; /* safest option... */ -} - -/**************************************************************************** - Stores a cleartext password. -****************************************************************************/ - -void pwd_set_cleartext(struct pwd_info *pwd, const char *clr) -{ - pwd_init(pwd); - if (clr) { - fstrcpy(pwd->password, clr); - pwd->null_pwd = False; - } else { - pwd->null_pwd = True; - } - - pwd->cleartext = True; -} - -/**************************************************************************** - Gets a cleartext password. -****************************************************************************/ - -void pwd_get_cleartext(struct pwd_info *pwd, fstring clr) -{ - if (pwd->cleartext) - fstrcpy(clr, pwd->password); - else - clr[0] = 0; - -} diff --git a/source3/libsmb/smb_signing.c b/source3/libsmb/smb_signing.c index ea1eb05cfb..a3ed0e7572 100644 --- a/source3/libsmb/smb_signing.c +++ b/source3/libsmb/smb_signing.c @@ -3,17 +3,17 @@ SMB Signing Code Copyright (C) Jeremy Allison 2003. Copyright (C) Andrew Bartlett <abartlet@samba.org> 2002-2003 - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ @@ -119,14 +119,14 @@ static bool cli_set_smb_signing_common(struct cli_state *cli) if (cli->sign_info.doing_signing) { return False; } - + if (cli->sign_info.free_signing_context) cli->sign_info.free_signing_context(&cli->sign_info); /* These calls are INCOMPATIBLE with SMB signing */ cli->readbraw_supported = False; cli->writebraw_supported = False; - + return True; } @@ -196,7 +196,7 @@ static void null_free_signing_context(struct smb_sign_info *si) static bool null_set_signing(struct smb_sign_info *si) { si->signing_context = NULL; - + si->sign_outgoing_message = null_sign_outgoing_message; si->check_incoming_message = null_check_incoming_message; si->free_signing_context = null_free_signing_context; @@ -207,7 +207,7 @@ static bool null_set_signing(struct smb_sign_info *si) /** * Free the signing context */ - + static void free_signing_context(struct smb_sign_info *si) { if (si->free_signing_context) { @@ -227,7 +227,7 @@ static bool signing_good(const char *inbuf, struct smb_sign_info *si, if (!si->doing_signing) { si->doing_signing = True; } - + if (!si->seen_valid) { si->seen_valid = True; } @@ -289,7 +289,7 @@ static void simple_packet_signature(struct smb_basic_signing_context *data, /* Calculate the 16 byte MAC - but don't alter the data in the incoming packet. - + This makes for a bit of fussing about, but it's not too bad. */ MD5Init(&md5_ctx); @@ -368,7 +368,7 @@ static void client_sign_outgoing_message(char *outbuf, struct smb_sign_info *si) I can isolate the fix here rather than re-adding the trans signing on/off calls in libsmb/clitrans2.c JRA. */ - + if (store_sequence_for_reply(&data->outstanding_packet_list, SVAL(outbuf,smb_mid), data->send_seq_num + 1)) { data->send_seq_num += 2; } @@ -409,11 +409,11 @@ static bool client_check_incoming_message(const char *inbuf, server_sent_mac = (unsigned char *)&inbuf[smb_ss_field]; good = (memcmp(server_sent_mac, calc_md5_mac, 8) == 0); - + if (!good) { DEBUG(5, ("client_check_incoming_message: BAD SIG: wanted SMB signature of\n")); dump_data(5, calc_md5_mac, 8); - + DEBUG(5, ("client_check_incoming_message: BAD SIG: got SMB signature of\n")); dump_data(5, server_sent_mac, 8); #if 1 /* JRATEST */ @@ -447,7 +447,7 @@ static void simple_free_signing_context(struct smb_sign_info *si) (struct smb_basic_signing_context *)si->signing_context; struct outstanding_packet_lookup *list; struct outstanding_packet_lookup *next; - + for (list = data->outstanding_packet_list; list; list = next) { next = list->next; DLIST_REMOVE(data->outstanding_packet_list, list); @@ -486,7 +486,7 @@ bool cli_simple_set_signing(struct cli_state *cli, memset(data, '\0', sizeof(*data)); cli->sign_info.signing_context = data; - + data->mac_key = data_blob(NULL, response.length + user_session_key.length); memcpy(&data->mac_key.data[0], user_session_key.data, user_session_key.length); @@ -571,7 +571,7 @@ bool cli_temp_set_signing(struct cli_state *cli) } cli->sign_info.signing_context = NULL; - + cli->sign_info.sign_outgoing_message = temp_sign_outgoing_message; cli->sign_info.check_incoming_message = temp_check_incoming_message; cli->sign_info.free_signing_context = temp_free_signing_context; @@ -587,7 +587,7 @@ void cli_free_signing_context(struct cli_state *cli) /** * Sign a packet with the current mechanism */ - + void cli_calculate_sign_mac(struct cli_state *cli, char *buf) { cli->sign_info.sign_outgoing_message(buf, &cli->sign_info); @@ -598,7 +598,7 @@ void cli_calculate_sign_mac(struct cli_state *cli, char *buf) * @return False if we had an established signing connection * which had a bad checksum, True otherwise. */ - + bool cli_check_sign_mac(struct cli_state *cli, char *buf) { if (!cli->sign_info.check_incoming_message(buf, &cli->sign_info, True)) { @@ -746,7 +746,7 @@ static bool srv_check_incoming_message(const char *inbuf, server_sent_mac = (unsigned char *)&inbuf[smb_ss_field]; good = (memcmp(server_sent_mac, calc_md5_mac, 8) == 0); - + if (!good) { if (saved_seq) { @@ -758,7 +758,7 @@ static bool srv_check_incoming_message(const char *inbuf, (unsigned int)reply_seq_number)); dump_data(5, server_sent_mac, 8); } - + #if 1 /* JRATEST */ { int i; @@ -865,7 +865,7 @@ void srv_defer_sign_response(uint16 mid) cancelled by mid. This should never find one.... ************************************************************/ -void srv_cancel_sign_response(uint16 mid) +void srv_cancel_sign_response(uint16 mid, bool cancel) { struct smb_basic_signing_context *data; uint32 dummy_seq; @@ -884,7 +884,9 @@ void srv_cancel_sign_response(uint16 mid) ; /* cancel doesn't send a reply so doesn't burn a sequence number. */ - data->send_seq_num -= 1; + if (cancel) { + data->send_seq_num -= 1; + } } /*********************************************************** @@ -969,17 +971,17 @@ void srv_set_signing(const DATA_BLOB user_session_key, const DATA_BLOB response) if (srv_sign_info.doing_signing) { return; } - + if (srv_sign_info.free_signing_context) srv_sign_info.free_signing_context(&srv_sign_info); - + srv_sign_info.doing_signing = True; data = SMB_XMALLOC_P(struct smb_basic_signing_context); memset(data, '\0', sizeof(*data)); srv_sign_info.signing_context = data; - + data->mac_key = data_blob(NULL, response.length + user_session_key.length); memcpy(&data->mac_key.data[0], user_session_key.data, user_session_key.length); diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_util.c index f0595695d2..5b6bc00c57 100644 --- a/source3/libsmb/trusts_util.c +++ b/source3/libsmb/trusts_util.c @@ -99,7 +99,7 @@ bool enumerate_domain_trusts( TALLOC_CTX *mem_ctx, const char *domain, char ***domain_names, uint32 *num_domains, DOM_SID **sids ) { - POLICY_HND pol; + struct policy_handle pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; fstring dc_name; struct sockaddr_storage dc_ss; |