diff options
Diffstat (limited to 'source3')
| -rw-r--r-- | source3/Makefile.in | 2 | ||||
| -rw-r--r-- | source3/libsmb/cli_dfs.c | 8 | ||||
| -rw-r--r-- | source3/libsmb/cli_lsarpc.c | 13 | ||||
| -rw-r--r-- | source3/libsmb/cli_netlogon.c | 9 | ||||
| -rw-r--r-- | source3/libsmb/cli_pipe_util.c | 82 | ||||
| -rw-r--r-- | source3/libsmb/cli_reg.c | 9 | ||||
| -rw-r--r-- | source3/libsmb/cli_samr.c | 8 | ||||
| -rw-r--r-- | source3/libsmb/cli_spoolss.c | 14 | ||||
| -rw-r--r-- | source3/libsmb/cli_srvsvc.c | 9 | ||||
| -rw-r--r-- | source3/libsmb/cli_wkssvc.c | 18 | ||||
| -rw-r--r-- | source3/libsmb/cliconnect.c | 148 | ||||
| -rw-r--r-- | source3/libsmb/pwd_cache.c | 135 | ||||
| -rw-r--r-- | source3/rpcclient/samsync.c | 59 | ||||
| -rw-r--r-- | source3/utils/smbcacls.c | 115 |
14 files changed, 70 insertions, 559 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index fb16344f43..fc2c0506b2 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -163,7 +163,7 @@ LIBSMB_OBJ = libsmb/clientgen.o libsmb/cliconnect.o libsmb/clifile.o \ LIBMSRPC_OBJ = libsmb/cli_lsarpc.o libsmb/cli_samr.o libsmb/cli_spoolss.o \ libsmb/cli_netlogon.o libsmb/cli_srvsvc.o libsmb/cli_wkssvc.o \ libsmb/cli_dfs.o libsmb/cli_reg.o libsmb/trust_passwd.o\ - rpc_client/cli_pipe.o libsmb/cli_pipe_util.o + rpc_client/cli_pipe.o LIBMSRPC_PICOBJ = $(LIBMSRPC_OBJ:.o=.po) diff --git a/source3/libsmb/cli_dfs.c b/source3/libsmb/cli_dfs.c index 312275926c..7fc27b9c3b 100644 --- a/source3/libsmb/cli_dfs.c +++ b/source3/libsmb/cli_dfs.c @@ -20,14 +20,6 @@ #include "includes.h" -/* Opens a SMB connection to the netdfs pipe */ - -struct cli_state *cli_dfs_initialise(struct cli_state *cli, char *system_name, - struct ntuser_creds *creds) -{ - return cli_pipe_initialise(cli, system_name, PIPE_NETDFS, creds); -} - /* Query DFS support */ NTSTATUS cli_dfs_exist(struct cli_state *cli, TALLOC_CTX *mem_ctx, diff --git a/source3/libsmb/cli_lsarpc.c b/source3/libsmb/cli_lsarpc.c index 8eaf6da2ec..9d07eb1d1e 100644 --- a/source3/libsmb/cli_lsarpc.c +++ b/source3/libsmb/cli_lsarpc.c @@ -38,19 +38,6 @@ * security authority", which is half of a password database. **/ -/** Opens a SMB connection and connects to the LSARPC pipe. - * - * @param cli Uninitialised client handle. - * @param system_name NETBIOS name of the machine to connect to. - * @param creds User credentials to connect as. - * @returns Initialised client handle. - */ -struct cli_state *cli_lsa_initialise(struct cli_state *cli, char *system_name, - struct ntuser_creds *creds) -{ - return cli_pipe_initialise(cli, system_name, PIPE_LSARPC, creds); -} - /** Open a LSA policy handle * * @param cli Handle on an initialised SMB connection */ diff --git a/source3/libsmb/cli_netlogon.c b/source3/libsmb/cli_netlogon.c index 12651966d7..765f19a5fe 100644 --- a/source3/libsmb/cli_netlogon.c +++ b/source3/libsmb/cli_netlogon.c @@ -25,15 +25,6 @@ #include "includes.h" -/* Opens a SMB connection to the netlogon pipe */ - -struct cli_state *cli_netlogon_initialise(struct cli_state *cli, - char *system_name, - struct ntuser_creds *creds) -{ - return cli_pipe_initialise(cli, system_name, PIPE_NETLOGON, creds); -} - /* LSA Request Challenge. Sends our challenge to server, then gets server response. These are used to generate the credentials. */ diff --git a/source3/libsmb/cli_pipe_util.c b/source3/libsmb/cli_pipe_util.c deleted file mode 100644 index de1c832e44..0000000000 --- a/source3/libsmb/cli_pipe_util.c +++ /dev/null @@ -1,82 +0,0 @@ -/* - Unix SMB/CIFS implementation. - RPC pipe client utility functions - Copyright (C) Tim Potter 2001, - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -/** \defgroup rpc_client RPC Client routines - */ - -/* Opens a SMB connection to a named pipe */ - -struct cli_state *cli_pipe_initialise(struct cli_state *cli, char *system_name, - char *pipe_name, - struct ntuser_creds *creds) -{ - struct in_addr dest_ip; - struct nmb_name calling, called; - fstring dest_host; - extern pstring global_myname; - struct ntuser_creds anon; - - /* Initialise cli_state information */ - - if (!cli_initialise(cli)) { - return NULL; - } - - if (!creds) { - ZERO_STRUCT(anon); - anon.pwd.null_pwd = 1; - creds = &anon; - } - - cli_init_creds(cli, creds); - - /* Establish a SMB connection */ - - if (!resolve_srv_name(system_name, dest_host, &dest_ip)) { - return NULL; - } - - make_nmb_name(&called, dns_to_netbios_name(dest_host), 0x20); - make_nmb_name(&calling, dns_to_netbios_name(global_myname), 0); - - if (!cli_establish_connection(cli, dest_host, &dest_ip, &calling, - &called, "IPC$", "IPC", False, True)) { - return NULL; - } - - /* Open a NT session thingy */ - - if (!cli_nt_session_open(cli, pipe_name)) { - cli_shutdown(cli); - return NULL; - } - - return cli; -} - -/* Shut down a SMB connection to the SAMR pipe */ - -void cli_pipe_shutdown(struct cli_state *cli) -{ - if (cli->fd != -1) cli_ulogoff(cli); - cli_shutdown(cli); -} diff --git a/source3/libsmb/cli_reg.c b/source3/libsmb/cli_reg.c index c09ccabb29..aaf18882f7 100644 --- a/source3/libsmb/cli_reg.c +++ b/source3/libsmb/cli_reg.c @@ -25,15 +25,6 @@ #include "includes.h" -/* Opens a SMB connection to the WINREG pipe */ - -struct cli_state *cli_winreg_initialise(struct cli_state *cli, - char *system_name, - struct ntuser_creds *creds) -{ - return cli_pipe_initialise(cli, system_name, PIPE_WINREG, creds); -} - /* Shutdown a server */ NTSTATUS cli_reg_shutdown(struct cli_state * cli, TALLOC_CTX *mem_ctx, diff --git a/source3/libsmb/cli_samr.c b/source3/libsmb/cli_samr.c index f3560ede5d..9a332aa99e 100644 --- a/source3/libsmb/cli_samr.c +++ b/source3/libsmb/cli_samr.c @@ -24,14 +24,6 @@ #include "includes.h" -/* Opens a SMB connection to the SAMR pipe */ - -struct cli_state *cli_samr_initialise(struct cli_state *cli, char *system_name, - struct ntuser_creds *creds) -{ - return cli_pipe_initialise(cli, system_name, PIPE_SAMR, creds); -} - /* Connect to SAMR database */ NTSTATUS cli_samr_connect(struct cli_state *cli, TALLOC_CTX *mem_ctx, diff --git a/source3/libsmb/cli_spoolss.c b/source3/libsmb/cli_spoolss.c index 28f4f481fa..5e33e00c68 100644 --- a/source3/libsmb/cli_spoolss.c +++ b/source3/libsmb/cli_spoolss.c @@ -31,20 +31,6 @@ * @{ **/ -/** Opens a SMB connection and connects to the SPOOLSS pipe. - * - * @param cli Uninitialised client handle. - * @param system_name NETBIOS name of the machine to connect to. - * @param creds User credentials to connect as. - * @returns Initialised client handle. - */ -struct cli_state *cli_spoolss_initialise(struct cli_state *cli, - char *system_name, - struct ntuser_creds *creds) -{ - return cli_pipe_initialise(cli, system_name, PIPE_SPOOLSS, creds); -} - /********************************************************************** Initialize a new spoolss buff for use by a client rpc **********************************************************************/ diff --git a/source3/libsmb/cli_srvsvc.c b/source3/libsmb/cli_srvsvc.c index 9d33149540..b5b4478684 100644 --- a/source3/libsmb/cli_srvsvc.c +++ b/source3/libsmb/cli_srvsvc.c @@ -22,15 +22,6 @@ #include "includes.h" -/* Opens a SMB connection to the svrsvc pipe */ - -struct cli_state *cli_svrsvc_initialise(struct cli_state *cli, - char *system_name, - struct ntuser_creds *creds) -{ - return cli_pipe_initialise(cli, system_name, PIPE_SRVSVC, creds); -} - NTSTATUS cli_srvsvc_net_srv_get_info(struct cli_state *cli, TALLOC_CTX *mem_ctx, uint32 switch_value, SRV_INFO_CTR *ctr) diff --git a/source3/libsmb/cli_wkssvc.c b/source3/libsmb/cli_wkssvc.c index 2a84e6b698..756ff61e5b 100644 --- a/source3/libsmb/cli_wkssvc.c +++ b/source3/libsmb/cli_wkssvc.c @@ -24,24 +24,6 @@ #include "includes.h" /** - * Opens a SMB connection to the wkssvc pipe - * - * @param cli client structure (not yet initialised) - * @param system_name called rpc server name - * @param creds user credentials - * - * @return client structure with opened pipe - **/ - -struct cli_state *cli_wkssvc_initialise(struct cli_state *cli, - char *system_name, - struct ntuser_creds *creds) -{ - return cli_pipe_initialise(cli, system_name, PIPE_WKSSVC, creds); -} - - -/** * WksQueryInfo rpc call (like query for server's capabilities) * * @param initialised client structure with \PIPE\wkssvc opened diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index ec2c33f419..f41c3b7701 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -1027,152 +1027,6 @@ BOOL cli_connect(struct cli_state *cli, const char *host, struct in_addr *ip) return True; } -/**************************************************************************** -establishes a connection right up to doing tconX, password in cache. -****************************************************************************/ -BOOL cli_establish_connection(struct cli_state *cli, - char *dest_host, struct in_addr *dest_ip, - struct nmb_name *calling, struct nmb_name *called, - char *service, char *service_type, - BOOL do_shutdown, BOOL do_tcon) -{ - DEBUG(5,("cli_establish_connection: %s connecting to %s (%s) - %s [%s]\n", - nmb_namestr(calling), nmb_namestr(called), inet_ntoa(*dest_ip), - cli->user_name, cli->domain)); - - /* establish connection */ - - if ((!cli->initialised)) - { - return False; - } - - /* cli_establish_connection() can't handle spnego yet. Once we get rid of - pwd_cache and other horrors we can get rid of this */ - cli->use_spnego = False; - - if (cli->fd == -1) - { - if (!cli_connect(cli, dest_host, dest_ip)) - { - DEBUG(1,("cli_establish_connection: failed to connect to %s (%s)\n", - nmb_namestr(called), inet_ntoa(*dest_ip))); - return False; - } - } - - if (!cli_session_request(cli, calling, called)) - { - DEBUG(1,("failed session request\n")); - if (do_shutdown) - cli_shutdown(cli); - return False; - } - - if (!cli_negprot(cli)) - { - DEBUG(1,("failed negprot\n")); - if (do_shutdown) - cli_shutdown(cli); - return False; - } - - if (cli->pwd.cleartext || cli->pwd.null_pwd) - { - fstring passwd; - int pass_len; - - if (cli->pwd.null_pwd) - { - /* attempt null session */ - passwd[0] = 0; - pass_len = 1; - } - else - { - /* attempt clear-text session */ - pwd_get_cleartext(&(cli->pwd), passwd); - pass_len = strlen(passwd); - } - - /* attempt clear-text session */ - if (!cli_session_setup(cli, cli->user_name, - passwd, pass_len, - NULL, 0, - cli->domain)) - { - DEBUG(1,("failed session setup\n")); - if (do_shutdown) - { - cli_shutdown(cli); - } - return False; - } - if (do_tcon) - { - if (!cli_send_tconX(cli, service, service_type, - (char*)passwd, strlen(passwd))) - { - DEBUG(1,("failed tcon_X\n")); - if (do_shutdown) - { - cli_shutdown(cli); - } - return False; - } - } - } - else - { - /* attempt encrypted session */ - unsigned char nt_sess_pwd[24]; - unsigned char lm_sess_pwd[24]; - - /* creates (storing a copy of) and then obtains a 24 byte password OWF */ - pwd_make_lm_nt_owf(&(cli->pwd), cli->secblob.data); - pwd_get_lm_nt_owf(&(cli->pwd), lm_sess_pwd, nt_sess_pwd); - - /* attempt encrypted session */ - if (!cli_session_setup(cli, cli->user_name, - (char*)lm_sess_pwd, sizeof(lm_sess_pwd), - (char*)nt_sess_pwd, sizeof(nt_sess_pwd), - cli->domain)) - { - DEBUG(1,("failed session setup\n")); - if (do_shutdown) - cli_shutdown(cli); - return False; - } - - DEBUG(1,("session setup ok\n")); - - if (*cli->server_domain || *cli->server_os || *cli->server_type) - { - DEBUG(1,("Domain=[%s] OS=[%s] Server=[%s]\n", - cli->server_domain, - cli->server_os, - cli->server_type)); - } - - if (do_tcon) - { - if (!cli_send_tconX(cli, service, service_type, - (char*)nt_sess_pwd, sizeof(nt_sess_pwd))) - { - DEBUG(1,("failed tcon_X\n")); - if (do_shutdown) - cli_shutdown(cli); - return False; - } - } - } - - if (do_shutdown) - cli_shutdown(cli); - - return True; -} - /* Initialise client credentials for authenticated pipe access */ static void init_creds(struct ntuser_creds *creds, char* username, @@ -1230,7 +1084,7 @@ again: DEBUG(3,("Connecting to host=%s share=%s\n", dest_host, service)); if (!cli_connect(cli, dest_host, &ip)) { - DEBUG(1,("cli_establish_connection: failed to connect to %s (%s)\n", + DEBUG(1,("cli_full_connection: failed to connect to %s (%s)\n", nmb_namestr(&called), inet_ntoa(*dest_ip))); cli_shutdown(cli); return NT_STATUS_UNSUCCESSFUL; diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c index 7d1185d9a7..8b79788fed 100644 --- a/source3/libsmb/pwd_cache.c +++ b/source3/libsmb/pwd_cache.c @@ -24,7 +24,7 @@ Initialises a password structure. ****************************************************************************/ -void pwd_init(struct pwd_info *pwd) +static void pwd_init(struct pwd_info *pwd) { memset((char *)pwd->password , '\0', sizeof(pwd->password )); memset((char *)pwd->smb_lm_pwd, '\0', sizeof(pwd->smb_lm_pwd)); @@ -38,89 +38,21 @@ void pwd_init(struct pwd_info *pwd) } /**************************************************************************** - Returns NULL password flag. -****************************************************************************/ - -BOOL pwd_is_nullpwd(const struct pwd_info *pwd) -{ - return pwd->null_pwd; -} - -/**************************************************************************** - Compares two passwords. hmm, not as trivial as expected. hmm. -****************************************************************************/ - -BOOL pwd_compare(const struct pwd_info *pwd1, const struct pwd_info *pwd2) -{ - if (pwd1->cleartext && pwd2->cleartext) { - if (strequal(pwd1->password, pwd2->password)) - return True; - } - if (pwd1->null_pwd && pwd2->null_pwd) - return True; - - if (!pwd1->null_pwd && !pwd2->null_pwd && - !pwd1->cleartext && !pwd2->cleartext) { -#ifdef DEBUG_PASSWORD - DEBUG(100,("pwd compare: nt#\n")); - dump_data(100, pwd1->smb_nt_pwd, 16); - dump_data(100, pwd2->smb_nt_pwd, 16); -#endif - if (memcmp(pwd1->smb_nt_pwd, pwd2->smb_nt_pwd, 16) == 0) - return True; -#ifdef DEBUG_PASSWORD - DEBUG(100,("pwd compare: lm#\n")); - dump_data(100, pwd1->smb_lm_pwd, 16); - dump_data(100, pwd2->smb_lm_pwd, 16); -#endif - if (memcmp(pwd1->smb_lm_pwd, pwd2->smb_lm_pwd, 16) == 0) - return True; - } - return False; -} - -/**************************************************************************** - Reads a password. + Makes lm and nt hashed passwords. ****************************************************************************/ -void pwd_read(struct pwd_info *pwd, char *passwd_report, BOOL do_encrypt) +static void pwd_make_lm_nt_16(struct pwd_info *pwd, char *clr) { - /* grab a password */ - char *user_pass; + pstring dos_passwd; pwd_init(pwd); - user_pass = (char*)getpass(passwd_report); - - /* - * Do not assume that an empty string is a NULL password. - * If you do this will break the session key generation for - * and account with an emtpy password. If you wish to use - * a NULL password, use the -N option to smbclient and rpcclient - * --jerry - */ -#if 0 - if (user_pass == NULL || user_pass[0] == 0) - pwd_set_nullpwd(pwd); - else if (do_encrypt) -#endif - if (do_encrypt) - pwd_make_lm_nt_16(pwd, user_pass); - else - pwd_set_cleartext(pwd, user_pass); -} - -/**************************************************************************** - Stores a cleartext password. -****************************************************************************/ - -void pwd_set_nullpwd(struct pwd_info *pwd) -{ - pwd_init(pwd); + push_ascii_pstring(dos_passwd, clr); + nt_lm_owf_gen(dos_passwd, pwd->smb_nt_pwd, pwd->smb_lm_pwd); + pwd->null_pwd = False; pwd->cleartext = False; - pwd->null_pwd = True; - pwd->crypted = False; + pwd->crypted = False; } /**************************************************************************** @@ -151,29 +83,6 @@ void pwd_get_cleartext(struct pwd_info *pwd, char *clr) } /**************************************************************************** - Stores lm and nt hashed passwords. -****************************************************************************/ - -void pwd_set_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16]) -{ - pwd_init(pwd); - - if (lm_pwd) - memcpy(pwd->smb_lm_pwd, lm_pwd, 16); - else - memset((char *)pwd->smb_lm_pwd, '\0', 16); - - if (nt_pwd) - memcpy(pwd->smb_nt_pwd, nt_pwd, 16); - else - memset((char *)pwd->smb_nt_pwd, '\0', 16); - - pwd->null_pwd = False; - pwd->cleartext = False; - pwd->crypted = False; -} - -/**************************************************************************** Gets lm and nt hashed passwords. ****************************************************************************/ @@ -186,24 +95,6 @@ void pwd_get_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16]) } /**************************************************************************** - Makes lm and nt hashed passwords. -****************************************************************************/ - -void pwd_make_lm_nt_16(struct pwd_info *pwd, char *clr) -{ - pstring dos_passwd; - - pwd_init(pwd); - - push_ascii_pstring(dos_passwd, clr); - - nt_lm_owf_gen(dos_passwd, pwd->smb_nt_pwd, pwd->smb_lm_pwd); - pwd->null_pwd = False; - pwd->cleartext = False; - pwd->crypted = False; -} - -/**************************************************************************** Makes lm and nt OWF crypts. ****************************************************************************/ @@ -247,3 +138,13 @@ void pwd_get_lm_nt_owf(struct pwd_info *pwd, uchar lm_owf[24], uchar nt_owf[24]) if (nt_owf != NULL) memcpy(nt_owf, pwd->smb_nt_owf, 24); } + + + + + + + + + + diff --git a/source3/rpcclient/samsync.c b/source3/rpcclient/samsync.c index 14f7ed8953..0b30798070 100644 --- a/source3/rpcclient/samsync.c +++ b/source3/rpcclient/samsync.c @@ -396,51 +396,19 @@ static void usage(void) printf("\n"); } -/* Initialise client credentials for authenticated pipe access */ - -void init_rpcclient_creds(struct ntuser_creds *creds, char* username, - char* domain, char* password) -{ - ZERO_STRUCTP(creds); - - if (lp_encrypted_passwords()) { - pwd_make_lm_nt_16(&creds->pwd, password); - } else { - pwd_set_cleartext(&creds->pwd, password); - } - - fstrcpy(creds->user_name, username); - fstrcpy(creds->domain, domain); - - if (! *username) { - creds->pwd.null_pwd = True; - } -} - /* Connect to primary domain controller */ -static struct cli_state *init_connection(struct cli_state *cli, +static struct cli_state *init_connection(struct cli_state **cli, char *username, char *domain, char *password) { - struct ntuser_creds creds; extern pstring global_myname; struct in_addr *dest_ip; - struct nmb_name calling, called; int count; fstring dest_host; /* Initialise cli_state information */ - ZERO_STRUCTP(cli); - - if (!cli_initialise(cli)) { - return NULL; - } - - init_rpcclient_creds(&creds, username, domain, password); - cli_init_creds(cli, &creds); - /* Look up name of PDC controller */ if (!get_dc_list(True, lp_workgroup(), &dest_ip, &count)) { @@ -456,20 +424,15 @@ static struct cli_state *init_connection(struct cli_state *cli, return NULL; } - get_myname((*global_myname)?NULL:global_myname); - strupper(global_myname); - - make_nmb_name(&called, dns_to_netbios_name(dest_host), 0x20); - make_nmb_name(&calling, dns_to_netbios_name(global_myname), 0); - - /* Establish a SMB connection */ - - if (!cli_establish_connection(cli, dest_host, dest_ip, &calling, - &called, "IPC$", "IPC", False, True)) { + if (NT_STATUS_IS_OK(cli_full_connection(cli, global_myname, dest_host, + dest_ip, 0, + "IPC$", "IPC", + username, domain, + password, strlen(password)))) { + return *cli; + } else { return NULL; } - - return cli; } /* Main function */ @@ -477,7 +440,7 @@ static struct cli_state *init_connection(struct cli_state *cli, int main(int argc, char **argv) { BOOL do_sam_sync = False, do_sam_repl = False; - struct cli_state cli; + struct cli_state *cli; NTSTATUS result; int opt; pstring logfile; @@ -605,10 +568,10 @@ static struct cli_state *init_connection(struct cli_state *cli, return 1; if (do_sam_sync) - result = sam_sync(&cli, trust_passwd, do_smbpasswd_output, verbose); + result = sam_sync(cli, trust_passwd, do_smbpasswd_output, verbose); if (do_sam_repl) - result = sam_repl(&cli, trust_passwd, low_serial); + result = sam_repl(cli, trust_passwd, low_serial); if (!NT_STATUS_IS_OK(result)) { DEBUG(0, ("%s\n", nt_errstr(result))); diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c index 017f4035b0..62ab6357b4 100644 --- a/source3/utils/smbcacls.c +++ b/source3/utils/smbcacls.c @@ -42,6 +42,9 @@ enum acl_mode {SMB_ACL_SET, SMB_ACL_DELETE, SMB_ACL_MODIFY, SMB_ACL_ADD }; enum chown_mode {REQUEST_NONE, REQUEST_CHOWN, REQUEST_CHGRP}; enum exit_values {EXIT_OK, EXIT_FAILED, EXIT_PARSE_ERROR}; +extern pstring global_myname; +extern fstring global_myworkgroup; + struct perm_value { char *perm; uint32 mask; @@ -66,24 +69,25 @@ static struct perm_value standard_values[] = { { NULL, 0 }, }; -struct cli_state lsa_cli; -POLICY_HND pol; -struct ntuser_creds creds; -BOOL got_policy_hnd; +static struct cli_state *global_hack_cli; +static POLICY_HND pol; +static BOOL got_policy_hnd; + +static struct cli_state *connect_one(char *share); /* Open cli connection and policy handle */ static BOOL cacls_open_policy_hnd(void) { - creds.pwd.null_pwd = 1; - /* Initialise cli LSA connection */ - if (!lsa_cli.initialised && - !cli_lsa_initialise(&lsa_cli, server, &creds)) { - return False; + if (!global_hack_cli) { + global_hack_cli = connect_one("IPC$"); + if (!cli_nt_session_open (global_hack_cli, PIPE_LSARPC)) { + return False; + } } - + /* Open policy handle */ if (!got_policy_hnd) { @@ -91,7 +95,7 @@ static BOOL cacls_open_policy_hnd(void) /* Some systems don't support SEC_RIGHTS_MAXIMUM_ALLOWED, but NT sends 0x2000000 so we might as well do it too. */ - if (!NT_STATUS_IS_OK(cli_lsa_open_policy(&lsa_cli, lsa_cli.mem_ctx, True, + if (!NT_STATUS_IS_OK(cli_lsa_open_policy(global_hack_cli, global_hack_cli->mem_ctx, True, GENERIC_EXECUTE_ACCESS, &pol))) { return False; } @@ -116,7 +120,7 @@ static void SidToString(fstring str, DOM_SID *sid) /* Ask LSA to convert the sid to a name */ if (!cacls_open_policy_hnd() || - !NT_STATUS_IS_OK(cli_lsa_lookup_sids(&lsa_cli, lsa_cli.mem_ctx, + !NT_STATUS_IS_OK(cli_lsa_lookup_sids(global_hack_cli, global_hack_cli->mem_ctx, &pol, 1, sid, &domains, &names, &types)) || !domains || !domains[0] || !names || !names[0]) { @@ -143,7 +147,7 @@ static BOOL StringToSid(DOM_SID *sid, const char *str) } if (!cacls_open_policy_hnd() || - !NT_STATUS_IS_OK(cli_lsa_lookup_names(&lsa_cli, lsa_cli.mem_ctx, + !NT_STATUS_IS_OK(cli_lsa_lookup_names(global_hack_cli, global_hack_cli->mem_ctx, &pol, 1, &str, &sids, &types))) { result = False; @@ -700,80 +704,29 @@ static int cacl_set(struct cli_state *cli, char *filename, /***************************************************** return a connection to a server *******************************************************/ -struct cli_state *connect_one(char *share) +static struct cli_state *connect_one(char *share) { struct cli_state *c; - struct nmb_name called, calling; struct in_addr ip; - extern pstring global_myname; - - fstrcpy(server,share+2); - share = strchr_m(server,'\\'); - if (!share) return NULL; - *share = 0; - share++; - - zero_ip(&ip); - - make_nmb_name(&calling, global_myname, 0x0); - make_nmb_name(&called , server, 0x20); - - again: - zero_ip(&ip); - - /* have to open a new connection */ - if (!(c=cli_initialise(NULL)) || !cli_connect(c, server, &ip)) { - DEBUG(0,("Connection to %s failed\n", server)); - cli_shutdown(c); - return NULL; - } - - if (!cli_session_request(c, &calling, &called)) { - DEBUG(0,("session request to %s failed\n", called.name)); - cli_shutdown(c); - if (strcmp(called.name, "*SMBSERVER")) { - make_nmb_name(&called , "*SMBSERVER", 0x20); - goto again; - } - return NULL; - } - - DEBUG(4,(" session request ok\n")); - - if (!cli_negprot(c)) { - DEBUG(0,("protocol negotiation failed\n")); - cli_shutdown(c); - return NULL; - } - + zero_ip(&ip); + if (!got_pass) { char *pass = getpass("Password: "); if (pass) { pstrcpy(password, pass); + got_pass = True; } } - if (!cli_session_setup(c, username, - password, strlen(password), - password, strlen(password), - lp_workgroup())) { - DEBUG(0,("session setup failed: %s\n", cli_errstr(c))); - cli_shutdown(c); - return NULL; - } - - DEBUG(4,(" session setup ok\n")); - - if (!cli_send_tconX(c, share, "?????", - password, strlen(password)+1)) { - DEBUG(0,("tree connect failed: %s\n", cli_errstr(c))); - cli_shutdown(c); + if (NT_STATUS_IS_OK(cli_full_connection(&c, global_myname, server, + &ip, 0, + share, "?????", + username, global_myworkgroup, + password, strlen(password)))) { + return c; + } else { return NULL; } - - DEBUG(4,(" tconx ok\n")); - - return c; } @@ -811,12 +764,13 @@ You can string acls together with spaces, commas or newlines\n\ extern int optind; int opt; char *p; - struct cli_state *cli=NULL; enum acl_mode mode = SMB_ACL_SET; char *the_acl = NULL; enum chown_mode change_mode = REQUEST_NONE; int result; + struct cli_state *cli; + ctx=talloc_init(); setlinebuf(stdout); @@ -930,12 +884,20 @@ You can string acls together with spaces, commas or newlines\n\ /* Make connection to server */ + fstrcpy(server,share+2); + share = strchr_m(server,'\\'); + if (!share) return -1; + *share = 0; + share++; + if (!test_args) { cli = connect_one(share); if (!cli) { talloc_destroy(ctx); exit(EXIT_FAILED); } + } else { + exit(0); } all_string_sub(filename, "/", "\\", 0); @@ -960,3 +922,4 @@ You can string acls together with spaces, commas or newlines\n\ return result; } + |