From 07465761137adf756d771fa1f8592c294488e779 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 25 Jun 2002 08:57:24 +0000 Subject: Update cli_full_connection() to take a 'flags' paramater, and try to get a few more places to use it. Andrew Bartlett (This used to be commit 23689b0746d5ab030d8693abf71dd2e80ec1d7c7) --- source3/auth/auth_domain.c | 2 +- source3/client/smbspool.c | 68 ++++++--------------------------- source3/include/client.h | 4 ++ source3/libsmb/cliconnect.c | 41 ++++++++++++-------- source3/libsmb/trust_passwd.c | 3 +- source3/nsswitch/winbindd_cm.c | 2 +- source3/rpcclient/rpcclient.c | 2 +- source3/rpcclient/samsync.c | 2 +- source3/smbd/change_trust_pw.c | 10 +---- source3/utils/net.c | 4 +- source3/utils/smbcacls.c | 2 +- source3/utils/smbtree.c | 85 ++++++++---------------------------------- 12 files changed, 67 insertions(+), 158 deletions(-) diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c index ee486d3f30..9997507757 100644 --- a/source3/auth/auth_domain.c +++ b/source3/auth/auth_domain.c @@ -102,7 +102,7 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli, /* Attempt connection */ result = cli_full_connection(cli, global_myname, server, - &dest_ip, 0, "IPC$", "IPC", "", "", ""); + &dest_ip, 0, "IPC$", "IPC", "", "", "", 0); if (!NT_STATUS_IS_OK(result)) { release_server_mutex(); diff --git a/source3/client/smbspool.c b/source3/client/smbspool.c index 2a2d5cbaf5..b78d9d22a8 100644 --- a/source3/client/smbspool.c +++ b/source3/client/smbspool.c @@ -3,6 +3,7 @@ SMB backend for the Common UNIX Printing System ("CUPS") Copyright 1999 by Easy Software Products Copyright Andrew Tridgell 1994-1998 + Copyright Andrew Bartlett 2002 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -271,72 +272,25 @@ smb_connect(char *workgroup, /* I - Workgroup */ char *password) /* I - Password */ { struct cli_state *c; /* New connection */ - struct nmb_name called, /* NMB name of server */ - calling; /* NMB name of client */ - struct in_addr ip; /* IP address of server */ pstring myname; /* Client name */ - + NTSTATUS nt_status; /* * Get the names and addresses of the client and server... */ get_myname(myname); - - zero_ip(&ip); - - make_nmb_name(&calling, myname, 0x0); - make_nmb_name(&called, server, 0x20); - - /* - * Open a new connection to the SMB server... - */ - - if ((c = cli_initialise(NULL)) == NULL) - { - fputs("ERROR: cli_initialize() failed...\n", stderr); - return (NULL); - } - - if (!cli_connect(c, server, &ip)) - { - fputs("ERROR: cli_connect() failed...\n", stderr); - return (NULL); + + nt_status = cli_full_connection(&c, myname, server, NULL, 0, share, "?????", + username, lp_workgroup(), password, 0); + + if (NT_STATUS_IS_OK(nt_status)) { + return c; + } else { + fprintf(stderr, "ERROR: Connection failed with error %s\n", nt_errstr(nt_status)); + return NULL; } - if (!cli_session_request(c, &calling, &called)) - { - fputs("ERROR: cli_session_request() failed...\n", stderr); - return (NULL); - } - - if (!cli_negprot(c)) - { - fputs("ERROR: SMB protocol negotiation failed\n", stderr); - cli_shutdown(c); - return (NULL); - } - - /* - * Do password stuff... - */ - - if (!cli_session_setup(c, username, - password, strlen(password), - password, strlen(password), - workgroup)) - { - fprintf(stderr, "ERROR: SMB session setup failed: %s\n", cli_errstr(c)); - return (NULL); - } - - if (!cli_send_tconX(c, share, "?????", - password, strlen(password)+1)) - { - fprintf(stderr, "ERROR: SMB tree connect failed: %s\n", cli_errstr(c)); - cli_shutdown(c); - return (NULL); - } /* * Return the new connection... diff --git a/source3/include/client.h b/source3/include/client.h index 69c74200c1..711ae1fd19 100644 --- a/source3/include/client.h +++ b/source3/include/client.h @@ -155,4 +155,8 @@ struct cli_state { fstring pipe_name; }; +#define CLI_FULL_CONNECTION_DONT_SPNEGO 0x0001 +#define CLI_FULL_CONNECTION_USE_KERBEROS 0x0002 +#define CLI_FULL_CONNECTION_ANNONYMOUS_FALLBACK 0x0004 + #endif /* _CLIENT_H */ diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index cc9821dc29..c621d9a34e 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -2,6 +2,7 @@ Unix SMB/CIFS implementation. client connect/disconnect routines Copyright (C) Andrew Tridgell 1994-1998 + Copyright (C) Andrew Barteltt 2001-2002 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -1096,7 +1097,7 @@ static void init_creds(struct ntuser_creds *creds, char* username, @param dest_host The netbios name of the remote host @param dest_ip (optional) The the destination IP, NULL for name based lookup @param port (optional) The destination port (0 for default) - @param service The share to make the connection to. Should be 'unqualified' in any way. + @param service (optional) The share to make the connection to. Should be 'unqualified' in any way. @param service_type The 'type' of serivice. @param user Username, unix string @param domain User's domain @@ -1104,11 +1105,12 @@ static void init_creds(struct ntuser_creds *creds, char* username, */ NTSTATUS cli_full_connection(struct cli_state **output_cli, - const char *my_name, const char *dest_host, + const char *my_name, + const char *dest_host, struct in_addr *dest_ip, int port, char *service, char *service_type, char *user, char *domain, - char *password) + char *password, int flags) { struct ntuser_creds creds; NTSTATUS nt_status; @@ -1123,17 +1125,15 @@ NTSTATUS cli_full_connection(struct cli_state **output_cli, SMB_ASSERT("output_cli for cli_full_connection was NULL.\n"); } - *output_cli = NULL; - if (!my_name) my_name = global_myname; - make_nmb_name(&calling, my_name, 0x0); - make_nmb_name(&called , dest_host, 0x20); - if (!(cli = cli_initialise(NULL))) return NT_STATUS_NO_MEMORY; + make_nmb_name(&calling, my_name, 0x0); + make_nmb_name(&called , dest_host, 0x20); + if (cli_set_port(cli, port) != port) { cli_shutdown(cli); return NT_STATUS_UNSUCCESSFUL; @@ -1172,6 +1172,12 @@ again: return NT_STATUS_UNSUCCESSFUL; } + if (flags & CLI_FULL_CONNECTION_DONT_SPNEGO) { + cli->use_spnego = False; + } else if (flags & CLI_FULL_CONNECTION_USE_KERBEROS) { + cli->use_kerberos = True; + } + if (!cli_negprot(cli)) { DEBUG(1,("failed negprot\n")); nt_status = NT_STATUS_UNSUCCESSFUL; @@ -1182,18 +1188,23 @@ again: if (!cli_session_setup(cli, user, password, strlen(password)+1, password, strlen(password)+1, domain)) { - DEBUG(1,("failed session setup\n")); - nt_status = cli_nt_error(cli); - cli_shutdown(cli); - if (NT_STATUS_IS_OK(nt_status)) - nt_status = NT_STATUS_UNSUCCESSFUL; - return nt_status; + if (!(flags & CLI_FULL_CONNECTION_ANNONYMOUS_FALLBACK) + || cli_session_setup(cli, "", "", 0, + "", 0, domain)) { + } else { + nt_status = cli_nt_error(cli); + DEBUG(1,("failed session setup with %s\n", nt_errstr(nt_status))); + cli_shutdown(cli); + if (NT_STATUS_IS_OK(nt_status)) + nt_status = NT_STATUS_UNSUCCESSFUL; + return nt_status; + } } if (service) { if (!cli_send_tconX(cli, service, service_type, (char*)password, strlen(password)+1)) { - DEBUG(1,("failed tcon_X\n")); + DEBUG(1,("failed tcon_X with %s\n", nt_errstr(nt_status))); nt_status = cli_nt_error(cli); cli_shutdown(cli); if (NT_STATUS_IS_OK(nt_status)) { diff --git a/source3/libsmb/trust_passwd.c b/source3/libsmb/trust_passwd.c index fd98e8dca9..7491f15f52 100644 --- a/source3/libsmb/trust_passwd.c +++ b/source3/libsmb/trust_passwd.c @@ -77,7 +77,8 @@ NTSTATUS trust_pw_change_and_store_it(struct cli_state *cli, TALLOC_CTX *mem_ctx new_trust_passwd_hash); if (NT_STATUS_IS_OK(nt_status)) { - DEBUG(3,("%s : change_trust_account_password: Changed password.\n", timestring(False))); + DEBUG(3,("%s : trust_pw_change_and_store_it: Changed password.\n", + timestring(False))); /* * Return the result of trying to write the new password * back into the trust account file. diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c index bffa169ab1..0f36d3613c 100644 --- a/source3/nsswitch/winbindd_cm.c +++ b/source3/nsswitch/winbindd_cm.c @@ -351,7 +351,7 @@ static NTSTATUS cm_open_connection(const char *domain,const char *pipe_name, result = cli_full_connection(&(new_conn->cli), global_myname, new_conn->controller, &dc_ip, 0, "IPC$", "IPC", ipc_username, ipc_domain, - ipc_password); + ipc_password, 0); SAFE_FREE(ipc_username); SAFE_FREE(ipc_domain); diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c index 1e2b42233f..42fb71abee 100644 --- a/source3/rpcclient/rpcclient.c +++ b/source3/rpcclient/rpcclient.c @@ -757,7 +757,7 @@ static void usage(void) &server_ip, 0, "IPC$", "IPC", username, domain, - password); + password, 0); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(1,("Cannot connect to server. Error was %s\n", nt_errstr(nt_status))); diff --git a/source3/rpcclient/samsync.c b/source3/rpcclient/samsync.c index be5bc874be..5b64cbc47d 100644 --- a/source3/rpcclient/samsync.c +++ b/source3/rpcclient/samsync.c @@ -428,7 +428,7 @@ static struct cli_state *init_connection(struct cli_state **cli, dest_ip, 0, "IPC$", "IPC", username, domain, - password))) { + password, 0))) { return *cli; } else { return NULL; diff --git a/source3/smbd/change_trust_pw.c b/source3/smbd/change_trust_pw.c index 182995d7f4..0c468699b4 100644 --- a/source3/smbd/change_trust_pw.c +++ b/source3/smbd/change_trust_pw.c @@ -35,7 +35,6 @@ static NTSTATUS modify_trust_password( char *domain, char *remote_machine, { struct cli_state *cli; DOM_SID domain_sid; - struct in_addr dest_ip; NTSTATUS nt_status; /* @@ -47,16 +46,11 @@ static NTSTATUS modify_trust_password( char *domain, char *remote_machine, return NT_STATUS_UNSUCCESSFUL; } - if(!resolve_name( remote_machine, &dest_ip, 0x20)) { - DEBUG(0,("modify_trust_password: Can't resolve address for %s\n", remote_machine)); - return NT_STATUS_UNSUCCESSFUL; - } - if (!NT_STATUS_IS_OK(cli_full_connection(&cli, global_myname, remote_machine, - &dest_ip, 0, + NULL, 0, "IPC$", "IPC", "", "", - ""))) { + "", 0))) { DEBUG(0,("modify_trust_password: Connection to %s failed!\n", remote_machine)); return NT_STATUS_UNSUCCESSFUL; } diff --git a/source3/utils/net.c b/source3/utils/net.c index 6e5202a400..a3610d0907 100644 --- a/source3/utils/net.c +++ b/source3/utils/net.c @@ -120,7 +120,7 @@ NTSTATUS connect_to_ipc(struct cli_state **c, struct in_addr *server_ip, server_ip, opt_port, "IPC$", "IPC", opt_user_name, opt_workgroup, - opt_password); + opt_password, 0); if (NT_STATUS_IS_OK(nt_status)) { return nt_status; @@ -150,7 +150,7 @@ NTSTATUS connect_to_ipc_anonymous(struct cli_state **c, server_ip, opt_port, "IPC$", "IPC", "", "", - ""); + "", 0); if (NT_STATUS_IS_OK(nt_status)) { return nt_status; diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c index 7d0dd579fb..aa00eab42c 100644 --- a/source3/utils/smbcacls.c +++ b/source3/utils/smbcacls.c @@ -722,7 +722,7 @@ static struct cli_state *connect_one(char *share) &ip, 0, share, "?????", username, global_myworkgroup, - password))) { + password, 0))) { return c; } else { return NULL; diff --git a/source3/utils/smbtree.c b/source3/utils/smbtree.c index b80a27eb37..bcb460ee0b 100644 --- a/source3/utils/smbtree.c +++ b/source3/utils/smbtree.c @@ -87,81 +87,26 @@ static void add_name(const char *machine_name, uint32 server_type, DLIST_ADD(*name_list, new_name); } -/* Return a cli_state pointing at the IPC$ share for the given workgroup */ +/* Return a cli_state pointing at the IPC$ share for the given server */ -static struct cli_state *get_ipc_connect(char *server, +static struct cli_state *get_ipc_connect(char *server, struct in_addr *server_ip, struct user_auth_info *user_info) { - struct nmb_name calling, called; - struct in_addr server_ip; struct cli_state *cli; pstring myname; - - zero_ip(&server_ip); + NTSTATUS nt_status; get_myname(myname); - - make_nmb_name(&called, myname, 0x0); - make_nmb_name(&calling, server, 0x20); - - if (is_ipaddress(server)) - if (!resolve_name(server, &server_ip, 0x20)) - return False; - - again: - if (!(cli = cli_initialise(NULL))) { - DEBUG(4, ("Unable to initialise cli structure\n")); - goto error; - } - - if (!cli_connect(cli, server, &server_ip)) { - DEBUG(4, ("Unable to connect to %s\n", server)); - goto error; - } - - if (!cli_session_request(cli, &calling, &called)) { - cli_shutdown(cli); - if (!strequal(called.name, "*SMBSERVER")) { - make_nmb_name(&called , "*SMBSERVER", 0x20); - goto again; - } - DEBUG(4, ("Session request failed to %s\n", called.name)); - goto error; - } - - if (!cli_negprot(cli)) { - DEBUG(4, ("Negprot failed\n")); - goto error; - } - - if (!cli_session_setup(cli, user_info->username, user_info->password, - strlen(user_info->password), - user_info->password, - strlen(user_info->password), server) && - /* try an anonymous login if it failed */ - !cli_session_setup(cli, "", "", 1,"", 0, server)) { - DEBUG(4, ("Session setup failed\n")); - goto error; - } - - DEBUG(4,(" session setup ok\n")); - - if (!cli_send_tconX(cli, "IPC$", "?????", - user_info->password, - strlen(user_info->password)+1)) { - DEBUG(4, ("Tconx failed\n")); - goto error; + + nt_status = cli_full_connection(&cli, myname, server, server_ip, 0, "IPC$", "IPC", + user_info->username, lp_workgroup(), user_info->password, + CLI_FULL_CONNECTION_ANNONYMOUS_FALLBACK); + + if (NT_STATUS_IS_OK(nt_status)) { + return cli; + } else { + return NULL; } - - return cli; - - /* Clean up after error */ - - error: - if (cli && cli->initialised) - cli_shutdown(cli); - - return NULL; } /* Return the IP address and workgroup of a master browser on the @@ -223,7 +168,7 @@ static BOOL get_workgroups(struct user_auth_info *user_info) } } - if (!(cli = get_ipc_connect(inet_ntoa(server_ip), user_info))) + if (!(cli = get_ipc_connect(inet_ntoa(server_ip), &server_ip, user_info))) return False; if (!cli_NetServerEnum(cli, master_workgroup, @@ -248,7 +193,7 @@ static BOOL get_servers(char *workgroup, struct user_auth_info *user_info) return False; } - if (!(cli = get_ipc_connect(inet_ntoa(server_ip), user_info))) + if (!(cli = get_ipc_connect(inet_ntoa(server_ip), &server_ip, user_info))) return False; if (!cli_NetServerEnum(cli, workgroup, SV_TYPE_ALL, add_name, @@ -262,7 +207,7 @@ static BOOL get_shares(char *server_name, struct user_auth_info *user_info) { struct cli_state *cli; - if (!(cli = get_ipc_connect(server_name, user_info))) + if (!(cli = get_ipc_connect(server_name, NULL, user_info))) return False; if (!cli_RNetShareEnum(cli, add_name, &shares)) -- cgit