From ef6f8197a3071996591f74f6d7b9d36dbcb19dc7 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 26 Sep 2002 18:53:51 +0000 Subject: remove files not in HEAD (This used to be commit 9d9f7bbf87bf9a0e003e6da482615fe040d00852) --- docs/README.Win2kSP2 | 56 - docs/textdocs/BROWSING.txt | 559 --------- docs/textdocs/BUGS.txt | 135 --- docs/textdocs/DIAGNOSIS.txt | 321 ----- docs/textdocs/DNIX.txt | 69 -- docs/textdocs/GROUP-MAPPING-HOWTO.txt | 60 - docs/textdocs/INSTALL.sambatar | 33 - docs/textdocs/Imprints.txt | 47 - docs/textdocs/Macintosh_Clients.txt | 23 - docs/textdocs/NetBIOS.txt | 152 --- docs/textdocs/Passwords.txt | 46 - docs/textdocs/Printing.txt | 255 ---- docs/textdocs/README.sambatar | 23 - docs/textdocs/SCO.txt | 19 - docs/textdocs/SMBTAR.notes | 46 - docs/textdocs/Samba-OpenSSL.txt | 405 ------- docs/textdocs/Speed.txt | 338 ------ docs/textdocs/Speed2.txt | 57 - docs/textdocs/Tracing.txt | 93 -- docs/textdocs/UNIX-SMB.txt | 231 ---- docs/textdocs/Win95.txt | 74 -- docs/textdocs/WinNT.txt | 104 -- docs/textdocs/cifsntdomain.txt | 1498 ----------------------- docs/textdocs/outdated/NTDOMAIN.txt | 51 - docs/textdocs/outdated/PROJECTS | 88 -- docs/textdocs/security_level.txt | 100 -- docs/yodldocs/README-NOW | 14 - examples/VFS/block/Makefile | 0 examples/VFS/block/Makefile.in | 42 - examples/VFS/block/block.c | 440 ------- examples/VFS/block/samba-block.conf | 6 - examples/VFS/block/smb.conf | 13 - source3/include/sids.h | 39 - source3/libsmb/cli_dfs.c | 245 ---- source3/libsmb/cli_lsarpc.c | 1168 ------------------ source3/libsmb/cli_netlogon.c | 664 ---------- source3/libsmb/cli_pipe_util.c | 82 -- source3/libsmb/cli_reg.c | 102 -- source3/libsmb/cli_samr.c | 1294 -------------------- source3/libsmb/cli_spoolss.c | 2156 --------------------------------- source3/libsmb/cli_spoolss_notify.c | 223 ---- source3/libsmb/cli_srvsvc.c | 442 ------- source3/libsmb/cli_wkssvc.c | 93 -- source3/nsswitch/winbindd_proto.h | 143 --- source3/passdb/passgrp.c | 219 ---- source3/rpc_client/cli_login.c | 173 --- source3/rpc_client/msrpc_spoolss.c | 812 ------------- source3/rpc_client/ntclienttrust.c | 157 --- source3/smbd/ssl.c | 286 ----- 49 files changed, 13696 deletions(-) delete mode 100644 docs/README.Win2kSP2 delete mode 100644 docs/textdocs/BROWSING.txt delete mode 100644 docs/textdocs/BUGS.txt delete mode 100644 docs/textdocs/DIAGNOSIS.txt delete mode 100644 docs/textdocs/DNIX.txt delete mode 100644 docs/textdocs/GROUP-MAPPING-HOWTO.txt delete mode 100644 docs/textdocs/INSTALL.sambatar delete mode 100644 docs/textdocs/Imprints.txt delete mode 100644 docs/textdocs/Macintosh_Clients.txt delete mode 100644 docs/textdocs/NetBIOS.txt delete mode 100644 docs/textdocs/Passwords.txt delete mode 100644 docs/textdocs/Printing.txt delete mode 100644 docs/textdocs/README.sambatar delete mode 100644 docs/textdocs/SCO.txt delete mode 100644 docs/textdocs/SMBTAR.notes delete mode 100644 docs/textdocs/Samba-OpenSSL.txt delete mode 100644 docs/textdocs/Speed.txt delete mode 100644 docs/textdocs/Speed2.txt delete mode 100644 docs/textdocs/Tracing.txt delete mode 100644 docs/textdocs/UNIX-SMB.txt delete mode 100644 docs/textdocs/Win95.txt delete mode 100644 docs/textdocs/WinNT.txt delete mode 100644 docs/textdocs/cifsntdomain.txt delete mode 100644 docs/textdocs/outdated/NTDOMAIN.txt delete mode 100644 docs/textdocs/outdated/PROJECTS delete mode 100644 docs/textdocs/security_level.txt delete mode 100644 docs/yodldocs/README-NOW delete mode 100644 examples/VFS/block/Makefile delete mode 100644 examples/VFS/block/Makefile.in delete mode 100644 examples/VFS/block/block.c delete mode 100644 examples/VFS/block/samba-block.conf delete mode 100644 examples/VFS/block/smb.conf delete mode 100644 source3/include/sids.h delete mode 100644 source3/libsmb/cli_dfs.c delete mode 100644 source3/libsmb/cli_lsarpc.c delete mode 100644 source3/libsmb/cli_netlogon.c delete mode 100644 source3/libsmb/cli_pipe_util.c delete mode 100644 source3/libsmb/cli_reg.c delete mode 100644 source3/libsmb/cli_samr.c delete mode 100644 source3/libsmb/cli_spoolss.c delete mode 100644 source3/libsmb/cli_spoolss_notify.c delete mode 100644 source3/libsmb/cli_srvsvc.c delete mode 100644 source3/libsmb/cli_wkssvc.c delete mode 100644 source3/nsswitch/winbindd_proto.h delete mode 100644 source3/passdb/passgrp.c delete mode 100644 source3/rpc_client/cli_login.c delete mode 100644 source3/rpc_client/msrpc_spoolss.c delete mode 100644 source3/rpc_client/ntclienttrust.c delete mode 100644 source3/smbd/ssl.c diff --git a/docs/README.Win2kSP2 b/docs/README.Win2kSP2 deleted file mode 100644 index 49a8fbf4ae..0000000000 --- a/docs/README.Win2kSP2 +++ /dev/null @@ -1,56 +0,0 @@ -!== -!== README.Win2kSP2 -!== - -Author: Gerald (Jerry) Carter - -================================================================== - -There are several annoyances with Windows 2000 SP2. One of which -only appears when using a Samba server to host user profiles -to Windows 2000 SP2 clients in a Windows domain. This assumes -that Samba is a member of the domain, but the problem will -likely occur if it is not. - -In order to server profiles successfully to Windows 2000 SP2 -clients (when not operating as a PDC), Samba must have - - nt acl support = no - -added to the file share which houses the roaming profiles. -If this is not done, then the Windows 2000 SP2 client will -complain about not being able to access the profile (Access -Denied) and create multiple copies of it on disk (DOMAIN.user.001, -DOMAIN.user.002, etc...). See the smb.conf(5) man page -for more details on this option. Also note that the "nt acl support" -parameter was formally a global parameter in releases prior -to Samba 2.2.2. - -The following is a minimal profile share - - [profile] - path = /export/profile - create mask = 0600 - directory mask = 0700 - nt acl support = no - read only = no - -The reason for this bug is that the Win2k SP2 client copies -the security descriptor for the profile which contains -the Samba server's SID, and not the domain SID. The client -compares the SID for SAMBA\user and realizes it is -different that the one assigned to DOMAIN\user. Hence the reason -for the "access denied" message. - -By disabling the "nt acl support" parameter, Samba will send -the Win2k client a response to the QuerySecurityDescriptor -trans2 call which causes the client to set a default ACL -for the profile. This default ACL includes - - DOMAIN\user "Full Control" - - -NOTE : This bug does not occur when using winbind to -create accounts on the Samba host for Domain users. - - diff --git a/docs/textdocs/BROWSING.txt b/docs/textdocs/BROWSING.txt deleted file mode 100644 index 2ca41e5624..0000000000 --- a/docs/textdocs/BROWSING.txt +++ /dev/null @@ -1,559 +0,0 @@ -Author/s: Many (Thanks to Luke, Jeremy, Andrew, etc.) -Updated: July 5, 1998 -Status: Current - For VERY Advanced Users ONLY - -Summary: This describes how to configure Samba for improved browsing. -===================================================================== - -OVERVIEW: -========= - -SMB networking provides a mechanism by which clients can access a list -of machines in a network, a so-called "browse list". This list -contains machines that are ready to offer file and/or print services -to other machines within the network. Thus it does not include -machines which aren't currently able to do server tasks. The browse -list is heavily used by all SMB clients. Configuration of SMB -browsing has been problematic for some Samba users, hence this -document. - -Browsing will NOT work if name resolution from NetBIOS names to IP -addresses does not function correctly. Use of a WINS server is highly -recommended to aid the resolution of NetBIOS (SMB) names to IP addresses. -WINS allows remote segment clients to obtain NetBIOS name_type information -that can NOT be provided by any other means of name resolution. - -===================================================================== - -BROWSING -======== -Samba now fully supports browsing. The browsing is supported by nmbd -and is also controlled by options in the smb.conf file (see smb.conf(5)). - -Samba can act as a local browse master for a workgroup and the ability -for samba to support domain logons and scripts is now available. See -DOMAIN.txt for more information on domain logons. - -Samba can also act as a domain master browser for a workgroup. This -means that it will collate lists from local browse masters into a -wide area network server list. In order for browse clients to -resolve the names they may find in this list, it is recommended that -both samba and your clients use a WINS server. - -Note that you should NOT set Samba to be the domain master for a -workgroup that has the same name as an NT Domain: on each wide area -network, you must only ever have one domain master browser per workgroup, -regardless of whether it is NT, Samba or any other type of domain master -that is providing this service. - -[Note that nmbd can be configured as a WINS server, but it is not -necessary to specifically use samba as your WINS server. NTAS can -be configured as your WINS server. In a mixed NT server and -samba environment on a Wide Area Network, it is recommended that -you use the NT server's WINS server capabilities. In a samba-only -environment, it is recommended that you use one and only one nmbd -as your WINS server]. - -To get browsing to work you need to run nmbd as usual, but will need -to use the "workgroup" option in smb.conf to control what workgroup -Samba becomes a part of. - -Samba also has a useful option for a Samba server to offer itself for -browsing on another subnet. It is recommended that this option is only -used for 'unusual' purposes: announcements over the internet, for -example. See "remote announce" in the smb.conf man page. - -If something doesn't work then hopefully the log.nmb file will help -you track down the problem. Try a debug level of 2 or 3 for finding -problems. Also note that the current browse list usually gets stored -in text form in a file called browse.dat. - -Note that if it doesn't work for you, then you should still be able to -type the server name as \\SERVER in filemanager then hit enter and -filemanager should display the list of available shares. - -Some people find browsing fails because they don't have the global -"guest account" set to a valid account. Remember that the IPC$ -connection that lists the shares is done as guest, and thus you must -have a valid guest account. - -Also, a lot of people are getting bitten by the problem of too many -parameters on the command line of nmbd in inetd.conf. This trick is to -not use spaces between the option and the parameter (eg: -d2 instead -of -d 2), and to not use the -B and -N options. New versions of nmbd -are now far more likely to correctly find your broadcast and network -address, so in most cases these aren't needed. - -The other big problem people have is that their broadcast address, -netmask or IP address is wrong (specified with the "interfaces" option -in smb.conf) - - -BROWSING ACROSS SUBNETS -======================= - -With the release of Samba 1.9.17(alpha1 and above) Samba has been -updated to enable it to support the replication of browse lists -across subnet boundaries. New code and options have been added to -achieve this. This section describes how to set this feature up -in different settings. - -To see browse lists that span TCP/IP subnets (ie. networks separated -by routers that don't pass broadcast traffic) you must set up at least -one WINS server. The WINS server acts as a DNS for NetBIOS names, allowing -NetBIOS name to IP address translation to be done by doing a direct -query of the WINS server. This is done via a directed UDP packet on -port 137 to the WINS server machine. The reason for a WINS server is -that by default, all NetBIOS name to IP address translation is done -by broadcasts from the querying machine. This means that machines -on one subnet will not be able to resolve the names of machines on -another subnet without using a WINS server. - -Remember, for browsing across subnets to work correctly, all machines, -be they Windows 95, Windows NT, or Samba servers must have the IP address -of a WINS server given to them by a DHCP server, or by manual configuration -(for Win95 and WinNT, this is in the TCP/IP Properties, under Network -settings) for Samba this is in the smb.conf file. - -How does cross subnet browsing work ? -===================================== - -Cross subnet browsing is a complicated dance, containing multiple -moving parts. It has taken Microsoft several years to get the code -that achieves this correct, and Samba lags behind in some areas. -However, with the 1.9.17 release, Samba is capable of cross subnet -browsing when configured correctly. - -Consider a network set up as follows : - - (DMB) - N1_A N1_B N1_C N1_D N1_E - | | | | | - ------------------------------------------------------- - | subnet 1 | - +---+ +---+ - |R1 | Router 1 Router 2 |R2 | - +---+ +---+ - | | - | subnet 2 subnet 3 | - -------------------------- ------------------------------------ - | | | | | | | | - N2_A N2_B N2_C N2_D N3_A N3_B N3_C N3_D - (WINS) - -Consisting of 3 subnets (1, 2, 3) conneted by two routers -(R1, R2) - these do not pass broadcasts. Subnet 1 has 5 machines -on it, subnet 2 has 4 machines, subnet 3 has 4 machines. Assume -for the moment that all these machines are configured to be in the -same workgroup (for simplicities sake). Machine N1_C on subnet 1 -is configured as Domain Master Browser (ie. it will collate the -browse lists for the workgroup). Machine N2_D is configured as -WINS server and all the other machines are configured to register -their NetBIOS names with it. - -As all these machines are booted up, elections for master browsers -will take place on each of the three subnets. Assume that machine -N1_C wins on subnet 1, N2_B wins on subnet 2, and N3_D wins on -subnet 3 - these machines are known as local master browsers for -their particular subnet. N1_C has an advantage in winning as the -local master browser on subnet 1 as it is set up as Domain Master -Browser. - -On each of the three networks, machines that are configured to -offer sharing services will broadcast that they are offering -these services. The local master browser on each subnet will -receive these broadcasts and keep a record of the fact that -the machine is offering a service. This list of records is -the basis of the browse list. For this case, assume that -all the machines are configured to offer services so all machines -will be on the browse list. - -For each network, the local master browser on that network is -considered 'authoritative' for all the names it receives via -local broadcast. This is because a machine seen by the local -master browser via a local broadcast must be on the same -network as the local master browser and thus is a 'trusted' -and 'verifiable' resource. Machines on other networks that -the local master browsers learn about when collating their -browse lists have not been directly seen - these records are -called 'non-authoritative'. - -At this point the browse lists look as follows (these are -the machines you would see in your network neighborhood if -you looked in it on a particular network right now). - -Subnet Browse Master List ------- ------------- ---- -Subnet1 N1_C N1_A, N1_B, N1_C, N1_D, N1_E - -Subnet2 N2_B N2_A, N2_B, N2_C, N2_D - -Subnet3 N3_D N3_A, N3_B, N3_C, N3_D - -Note that at this point all the subnets are separate, no -machine is seen across any of the subnets. - -Now examine subnet 2. As soon as N2_B has become the local -master browser it looks for a Domain master browser to synchronize -its browse list with. It does this by querying the WINS server -(N2_D) for the IP address associated with the NetBIOS name -WORKGROUP<1B>. This name was registerd by the Domain master -browser (N1_C) with the WINS server as soon as it was booted. - -Once N2_B knows the address of the Domain master browser it -tells it that is the local master browser for subnet 2 by -sending a MasterAnnouncement packet as a UDP port 138 packet. -It then synchronizes with it by doing a NetServerEnum2 call. This -tells the Domain Master Browser to send it all the server -names it knows about. Once the domain master browser receives -the MasterAnnouncement packet it schedules a synchronization -request to the sender of that packet. After both synchronizations -are done the browse lists look like : - -Subnet Browse Master List ------- ------------- ---- -Subnet1 N1_C N1_A, N1_B, N1_C, N1_D, N1_E, - N2_A(*), N2_B(*), N2_C(*), N2_D(*) - -Subnet2 N2_B N2_A, N2_B, N2_C, N2_D - N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*) - -Subnet3 N3_D N3_A, N3_B, N3_C, N3_D - -Servers with a (*) after them are non-authoritative names. - -At this point users looking in their network neighborhood on -subnets 1 or 2 will see all the servers on both, users on -subnet 3 will still only see the servers on their own subnet. - -The same sequence of events that occured for N2_B now occurs -for the local master browser on subnet 3 (N3_D). When it -synchronizes browse lists with the domain master browser (N1_A) -it gets both the server entries on subnet 1, and those on -subnet 2. After N3_D has synchronized with N1_C and vica-versa -the browse lists look like. - -Subnet Browse Master List ------- ------------- ---- -Subnet1 N1_C N1_A, N1_B, N1_C, N1_D, N1_E, - N2_A(*), N2_B(*), N2_C(*), N2_D(*), - N3_A(*), N3_B(*), N3_C(*), N3_D(*) - -Subnet2 N2_B N2_A, N2_B, N2_C, N2_D - N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*) - -Subnet3 N3_D N3_A, N3_B, N3_C, N3_D - N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*), - N2_A(*), N2_B(*), N2_C(*), N2_D(*) - -Servers with a (*) after them are non-authoritative names. - -At this point users looking in their network neighborhood on -subnets 1 or 3 will see all the servers on all sunbets, users on -subnet 2 will still only see the servers on subnets 1 and 2, but not 3. - -Finally, the local master browser for subnet 2 (N2_B) will sync again -with the domain master browser (N1_C) and will recieve the missing -server entries. Finally - and as a steady state (if no machines -are removed or shut off) the browse lists will look like : - -Subnet Browse Master List ------- ------------- ---- -Subnet1 N1_C N1_A, N1_B, N1_C, N1_D, N1_E, - N2_A(*), N2_B(*), N2_C(*), N2_D(*), - N3_A(*), N3_B(*), N3_C(*), N3_D(*) - -Subnet2 N2_B N2_A, N2_B, N2_C, N2_D - N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*) - N3_A(*), N3_B(*), N3_C(*), N3_D(*) - -Subnet3 N3_D N3_A, N3_B, N3_C, N3_D - N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*), - N2_A(*), N2_B(*), N2_C(*), N2_D(*) - -Servers with a (*) after them are non-authoritative names. - -Synchronizations between the domain master browser and local -master browsers will continue to occur, but this should be a -steady state situation. - -If either router R1 or R2 fails the following will occur: - -1) Names of computers on each side of the inaccessible network fragments -will be maintained for as long as 36 minutes, in the network neighbourhood -lists. - -2) Attempts to connect to these inaccessible computers will fail, but the -names will not be removed from the network neighbourhood lists. - -3) If one of the fragments is cut off from the WINS server, it will only -be able to access servers on its local subnet, by using subnet-isolated -broadcast NetBIOS name resolution. The effects are similar to that of -losing access to a DNS server. - -Setting up a WINS server -======================== - -Either a Samba machine or a Windows NT Server machine may be set up -as a WINS server. To set a Samba machine to be a WINS server you must -add the following option to the smb.conf file on the selected machine : -in the [globals] section add the line - - wins support = yes - -Versions of Samba previous to 1.9.17 had this parameter default to -yes. If you have any older versions of Samba on your network it is -strongly suggested you upgrade to 1.9.17 or above, or at the very -least set the parameter to 'no' on all these machines. - -Machines with "wins support = yes" will keep a list of all NetBIOS -names registered with them, acting as a DNS for NetBIOS names. - -You should set up only ONE wins server. Do NOT set the -"wins support = yes" option on more than one Samba server. - -To set up a Windows NT Server as a WINS server you need to set up -the WINS service - see your NT documentation for details. Note that -Windows NT WINS Servers can replicate to each other, allowing more -than one to be set up in a complex subnet environment. As Microsoft -refuse to document these replication protocols Samba cannot currently -participate in these replications. It is possible in the future that -a Samba->Samba WINS replication protocol may be defined, in which -case more than one Samba machine could be set up as a WINS server -but currently only one Samba server should have the "wins support = yes" -parameter set. - -After the WINS server has been configured you must ensure that all -machines participating on the network are configured with the address -of this WINS server. If your WINS server is a Samba machine, fill in -the Samba machine IP address in the "Primary WINS Server" field of -the "Control Panel->Network->Protocols->TCP->WINS Server" dialogs -in Windows 95 or Windows NT. To tell a Samba server the IP address -of the WINS server add the following line to the [global] section of -all smb.conf files : - - wins server = - -where is either the DNS name of the WINS server -machine or its IP address. - -Note that this line MUST NOT BE SET in the smb.conf file of the Samba -server acting as the WINS server itself. If you set both the -"wins support = yes" option and the "wins server = " option then -nmbd will fail to start. - -There are two possible scenarios for setting up cross subnet browsing. -The first details setting up cross subnet browsing on a network containing -Windows 95, Samba and Windows NT machines that are not configured as -part of a Windows NT Domain. The second details setting up cross subnet -browsing on networks that contain NT Domains. - -Setting up Browsing in a WORKGROUP -================================== - -To set up cross subnet browsing on a network containing machines -in up to be in a WORKGROUP, not an NT Domain you need to set up one -Samba server to be the Domain Master Browser (note that this is *NOT* -the same as a Primary Domain Controller, although in an NT Domain the -same machine plays both roles). The role of a Domain master browser is -to collate the browse lists from local master browsers on all the -subnets that have a machine participating in the workgroup. Without -one machine configured as a domain master browser each subnet would -be an isolated workgroup, unable to see any machines on any other -subnet. It is the presense of a domain master browser that makes -cross subnet browsing possible for a workgroup. - -In an WORKGROUP environment the domain master browser must be a -Samba server, and there must only be one domain master browser per -workgroup name. To set up a Samba server as a domain master browser, -set the following option in the [global] section of the smb.conf file : - - domain master = yes - -The domain master browser should also preferrably be the local master -browser for its own subnet. In order to achieve this set the following -options in the [global] section of the smb.conf file : - - domain master = yes - local master = yes - preferred master = yes - os level = 65 - -The domain master browser may be the same machine as the WINS -server, if you require. - -Next, you should ensure that each of the subnets contains a -machine that can act as a local master browser for the -workgroup. Any NT machine should be able to do this, as will -Windows 95 machines (although these tend to get rebooted more -often, so it's not such a good idea to use these). To make a -Samba server a local master browser set the following -options in the [global] section of the smb.conf file : - - domain master = no - local master = yes - preferred master = yes - os level = 65 - -Do not do this for more than one Samba server on each subnet, -or they will war with each other over which is to be the local -master browser. - -The "local master" parameter allows Samba to act as a local master -browser. The "preferred master" causes nmbd to force a browser -election on startup and the "os level" parameter sets Samba high -enough so that it should win any browser elections. - -If you have an NT machine on the subnet that you wish to -be the local master browser then you can disable Samba from -becoming a local master browser by setting the following -options in the [global] section of the smb.conf file : - - domain master = no - local master = no - preferred master = no - os level = 0 - -Setting up Browsing in a DOMAIN -=============================== - -If you are adding Samba servers to a Windows NT Domain then -you must not set up a Samba server as a domain master browser. -By default, a Windows NT Primary Domain Controller for a Domain -name is also the Domain master browser for that name, and many -things will break if a Samba server registers the Domain master -browser NetBIOS name (DOMAIN<1B>) with WINS instead of the PDC. - -For subnets other than the one containing the Windows NT PDC -you may set up Samba servers as local master browsers as -described. To make a Samba server a local master browser set -the following options in the [global] section of the smb.conf -file : - - domain master = no - local master = yes - preferred master = yes - os level = 65 - -If you wish to have a Samba server fight the election with machines -on the same subnet you may set the "os level" parameter to lower -levels. By doing this you can tune the order of machines that -will become local master browsers if they are running. For -more details on this see the section "FORCING SAMBA TO BE THE MASTER" -below. - -If you have Windows NT machines that are members of the domain -on all subnets, and you are sure they will always be running then -you can disable Samba from taking part in browser elections and -ever becoming a local master browser by setting following options -in the [global] section of the smb.conf file : - - domain master = no - local master = no - preferred master = no - os level = 0 - -FORCING SAMBA TO BE THE MASTER -============================== - -Who becomes the "master browser" is determined by an election process -using broadcasts. Each election packet contains a number of parameters -which determine what precedence (bias) a host should have in the -election. By default Samba uses a very low precedence and thus loses -elections to just about anyone else. - -If you want Samba to win elections then just set the "os level" global -option in smb.conf to a higher number. It defaults to 0. Using 34 -would make it win all elections over every other system (except other -samba systems!) - -A "os level" of 2 would make it beat WfWg and Win95, but not NTAS. A -NTAS domain controller uses level 32. - -The maximum os level is 255 - -If you want samba to force an election on startup, then set the -"preferred master" global option in smb.conf to "yes". Samba will -then have a slight advantage over other potential master browsers -that are not preferred master browsers. Use this parameter with -care, as if you have two hosts (whether they are windows 95 or NT or -samba) on the same local subnet both set with "preferred master" to -"yes", then periodically and continually they will force an election -in order to become the local master browser. - -If you want samba to be a "domain master browser", then it is -recommended that you also set "preferred master" to "yes", because -samba will not become a domain master browser for the whole of your -LAN or WAN if it is not also a local master browser on its own -broadcast isolated subnet. - -It is possible to configure two samba servers to attempt to become -the domain master browser for a domain. The first server that comes -up will be the domain master browser. All other samba servers will -attempt to become the domain master browser every 5 minutes. They -will find that another samba server is already the domain master -browser and will fail. This provides automatic redundancy, should -the current domain master browser fail. - - -MAKING SAMBA THE DOMAIN MASTER -============================== - -The domain master is responsible for collating the browse lists of -multiple subnets so that browsing can occur between subnets. You can -make samba act as the domain master by setting "domain master = yes" -in smb.conf. By default it will not be a domain master. - -Note that you should NOT set Samba to be the domain master for a -workgroup that has the same name as an NT Domain. - -When samba is the domain master and the master browser it will listen -for master announcements (made roughly every twelve minutes) from local -master browsers on other subnets and then contact them to synchronise -browse lists. - -If you want samba to be the domain master then I suggest you also set -the "os level" high enough to make sure it wins elections, and set -"preferred master" to "yes", to get samba to force an election on -startup. - -Note that all your servers (including samba) and clients should be -using a WINS server to resolve NetBIOS names. If your clients are only -using broadcasting to resolve NetBIOS names, then two things will occur: - -a) your local master browsers will be unable to find a domain master - browser, as it will only be looking on the local subnet. - -b) if a client happens to get hold of a domain-wide browse list, and - a user attempts to access a host in that list, it will be unable to - resolve the NetBIOS name of that host. - -If, however, both samba and your clients are using a WINS server, then: - -a) your local master browsers will contact the WINS server and, as long as - samba has registered that it is a domain master browser with the WINS - server, your local master browser will receive samba's ip address - as its domain master browser. - -b) when a client receives a domain-wide browse list, and a user attempts - to access a host in that list, it will contact the WINS server to - resolve the NetBIOS name of that host. as long as that host has - registered its NetBIOS name with the same WINS server, the user will - be able to see that host. - -NOTE ABOUT BROADCAST ADDRESSES -============================== - -If your network uses a "0" based broadcast address (for example if it -ends in a 0) then you will strike problems. Windows for Workgroups -does not seem to support a 0's broadcast and you will probably find -that browsing and name lookups won't work. - - -MULTIPLE INTERFACES -=================== - -Samba now supports machines with multiple network interfaces. If you -have multiple interfaces then you will need to use the "interfaces" -option in smb.conf to configure them. See smb.conf(5) for details. - diff --git a/docs/textdocs/BUGS.txt b/docs/textdocs/BUGS.txt deleted file mode 100644 index 247998c6c7..0000000000 --- a/docs/textdocs/BUGS.txt +++ /dev/null @@ -1,135 +0,0 @@ -Contributor: Samba Team -Updated: June 27, 1997 - -Subject: This file describes how to report Samba bugs. -============================================================================ - ->> The email address for bug reports is samba@samba.org << - -Please take the time to read this file before you submit a bug -report. Also, please see if it has changed between releases, as we -may be changing the bug reporting mechanism at some time. - -Please also do as much as you can yourself to help track down the -bug. Samba is maintained by a dedicated group of people who volunteer -their time, skills and efforts. We receive far more mail about it than -we can possibly answer, so you have a much higher chance of an answer -and a fix if you send us a "developer friendly" bug report that lets -us fix it fast. - -Do not assume that if you post the bug to the comp.protocols.smb -newsgroup or the mailing list that we will read it. If you suspect that your -problem is not a bug but a configuration problem then it is better to send -it to the Samba mailing list, as there are (at last count) 5000 other users on -that list that may be able to help you. - -You may also like to look though the recent mailing list archives, -which are conveniently accessible on the Samba web pages -at http://samba.org/samba/ - - -GENERAL INFO ------------- - -Before submitting a bug report check your config for silly -errors. Look in your log files for obvious messages that tell you that -you've misconfigured something and run testparm to test your config -file for correct syntax. - -Have you run through DIAGNOSIS.txt? This is very important. - -If you include part of a log file with your bug report then be sure to -annotate it with exactly what you were doing on the client at the -time, and exactly what the results were. - - -DEBUG LEVELS ------------- - -If the bug has anything to do with Samba behaving incorrectly as a -server (like refusing to open a file) then the log files will probably -be very useful. Depending on the problem a log level of between 3 and -10 showing the problem may be appropriate. A higher level givesmore -detail, but may use too much disk space. - -To set the debug level use "log level =" in your smb.conf. You may -also find it useful to set the log level higher for just one machine -and keep separate logs for each machine. To do this use: - -log level = 10 -log file = /usr/local/samba/lib/log.%m -include = /usr/local/samba/lib/smb.conf.%m - -then create a file "/usr/local/samba/lib/smb.conf.machine" where -"machine" is the name of the client you wish to debug. In that file -put any smb.conf commands you want, for example "log level=" may be -useful. This also allows you to experiment with different security -systems, protocol levels etc on just one machine. - -The smb.conf entry "log level =" is synonymous with the entry -"debuglevel =" that has been used in older versions of Samba and -is being retained for backwards compatibility of smb.conf files. - -As the "log level =" value is increased you will record a significantly -increasing level of debugging information. For most debugging operations -you may not need a setting higher than 3. Nearly all bugs can be tracked -at a setting of 10, but be prepared for a VERY large volume of log data. - - -INTERNAL ERRORs ---------------- - -If you get a "INTERNAL ERROR" message in your log files it means that -Samba got an unexpected signal while running. It is probably a -segmentation fault and almost certainly means a bug in Samba (unless -you have faulty hardware or system software) - -If the message came from smbd then it will probably be accompanied by -a message which details the last SMB message received by smbd. This -info is often very useful in tracking down the problem so please -include it in your bug report. - -You should also detail how to reproduce the problem, if -possible. Please make this reasonably detailed. - -You may also find that a core file appeared in a "corefiles" -subdirectory of the directory where you keep your samba log -files. This file is the most useful tool for tracking down the bug. To -use it you do this: - -gdb smbd core - -adding appropriate paths to smbd and core so gdb can find them. If you -don't have gdb then try "dbx". Then within the debugger use the -command "where" to give a stack trace of where the problem -occurred. Include this in your mail. - -If you known any assembly language then do a "disass" of the routine -where the problem occurred (if its in a library routine then -disassemble the routine that called it) and try to work out exactly -where the problem is by looking at the surrounding code. Even if you -don't know assembly then incuding this info in the bug report can be -useful. - - -ATTACHING TO A RUNNING PROCESS ------------------------------- - -Unfortunately some unixes (in particular some recent linux kernels) -refuse to dump a core file if the task has changed uid (which smbd -does often). To debug with this sort of system you could try to attach -to the running process using "gdb smbd PID" where you get PID from -smbstatus. Then use "c" to continue and try to cause the core dump -using the client. The debugger should catch the fault and tell you -where it occurred. - - -PATCHES -------- - -The best sort of bug report is one that includes a fix! If you send us -patches please use "diff -u" format if your version of diff supports -it, otherwise use "diff -c4". Make sure your do the diff against a -clean version of the source and let me know exactly what version you -used. - diff --git a/docs/textdocs/DIAGNOSIS.txt b/docs/textdocs/DIAGNOSIS.txt deleted file mode 100644 index 2816610a9c..0000000000 --- a/docs/textdocs/DIAGNOSIS.txt +++ /dev/null @@ -1,321 +0,0 @@ -Contributor: Andrew Tridgell -Updated: November 1, 1999 - -Subject: DIAGNOSING YOUR SAMBA SERVER -=========================================================================== - -This file contains a list of tests you can perform to validate your -Samba server. It also tells you what the likely cause of the problem -is if it fails any one of these steps. If it passes all these tests -then it is probably working fine. - -You should do ALL the tests, in the order shown. I have tried to -carefully choose them so later tests only use capabilities verified in -the earlier tests. - -If you send me an email saying "it doesn't work" and you have not -followed this test procedure then you should not be surprised if I -ignore your email. - - -ASSUMPTIONS ------------ - -In all of the tests I assume you have a Samba server called BIGSERVER -and a PC called ACLIENT both in workgroup TESTGROUP. I also assume the -PC is running windows for workgroups with a recent copy of the -microsoft tcp/ip stack. Alternatively, your PC may be running Windows -95 or Windows NT (Workstation or Server). - -The procedure is similar for other types of clients. - -I also assume you know the name of an available share in your -smb.conf. I will assume this share is called "tmp". You can add a -"tmp" share like by adding the following to smb.conf: - -[tmp] - comment = temporary files - path = /tmp - read only = yes - - -THESE TESTS ASSUME VERSION 2.0.6 OR LATER OF THE SAMBA SUITE. SOME -COMMANDS SHOWN DID NOT EXIST IN EARLIER VERSIONS - -Please pay attention to the error messages you receive. If any error message -reports that your server is being unfriendly you should first check that you -IP name resolution is correctly set up. eg: Make sure your /etc/resolv.conf -file points to name servers that really do exist. - -Also, if you do not have DNS server access for name resolution please check -that the settings for your smb.conf file results in "dns proxy = no". The -best way to check this is with "testparm smb.conf" - - -TEST 1: -------- - -In the directory in which you store your smb.conf file, run the command -"testparm smb.conf". If it reports any errors then your smb.conf -configuration file is faulty. - -Note: Your smb.conf file may be located in: /etc - Or in: /usr/local/samba/lib - - -TEST 2: -------- - -run the command "ping BIGSERVER" from the PC and "ping ACLIENT" from -the unix box. If you don't get a valid response then your TCP/IP -software is not correctly installed. - -Note that you will need to start a "dos prompt" window on the PC to -run ping. - -If you get a message saying "host not found" or similar then your DNS -software or /etc/hosts file is not correctly setup. It is possible to -run samba without DNS entries for the server and client, but I assume -you do have correct entries for the remainder of these tests. - -Another reason why ping might fail is if your host is running firewall -software. You will need to relax the rules to let in the workstation -in question, perhaps by allowing access from another subnet (on Linux -this is done via the ipfwadm program.) - - -TEST 3: -------- - -Run the command "smbclient -L BIGSERVER" on the unix box. You -should get a list of available shares back. - -If you get a error message containing the string "Bad password" then -you probably have either an incorrect "hosts allow", "hosts deny" or -"valid users" line in your smb.conf, or your guest account is not -valid. Check what your guest account is using "testparm" and -temporarily remove any "hosts allow", "hosts deny", "valid users" or -"invalid users" lines. - -If you get a "connection refused" response then the smbd server may -not be running. If you installed it in inetd.conf then you probably edited -that file incorrectly. If you installed it as a daemon then check that -it is running, and check that the netbios-ssn port is in a LISTEN -state using "netstat -a". - -If you get a "session request failed" then the server refused the -connection. If it says "Your server software is being unfriendly" then -its probably because you have invalid command line parameters to smbd, -or a similar fatal problem with the initial startup of smbd. Also -check your config file (smb.conf) for syntax errors with "testparm" -and that the various directories where samba keeps its log and lock -files exist. - -There are a number of reasons for which smbd may refuse or decline -a session request. The most common of these involve one or more of -the following smb.conf file entries: - hosts deny = ALL - hosts allow = xxx.xxx.xxx.xxx/yy - bind interfaces only = Yes - -In the above, no allowance has been made for any session requests that -will automatically translate to the loopback adaptor address 127.0.0.1. -To solve this problem change these lines to: - hosts deny = ALL - hosts allow = xxx.xxx.xxx.xxx/yy 127. -Do NOT use the "bind interfaces only" parameter where you may wish to -use the samba password change facility, or where smbclient may need to -access local service for name resolution or for local resource -connections. (Note: the "bind interfaces only" parameter deficiency -where it will not allow connections to the loopback address will be -fixed soon). - -Another common cause of these two errors is having something already running -on port 139, such as Samba (ie: smbd is running from inetd already) or -something like Digital's Pathworks. Check your inetd.conf file before trying -to start smbd as a daemon, it can avoid a lot of frustration! - -And yet another possible cause for failure of TEST 3 is when the subnet mask -and / or broadcast address settings are incorrect. Please check that the -network interface IP Address / Broadcast Address / Subnet Mask settings are -correct and that Samba has correctly noted these in the log.nmb file. - -TEST 4: -------- - -Run the command "nmblookup -B BIGSERVER __SAMBA__". You should get the -IP address of your Samba server back. - -If you don't then nmbd is incorrectly installed. Check your inetd.conf -if you run it from there, or that the daemon is running and listening -to udp port 137. - -One common problem is that many inetd implementations can't take many -parameters on the command line. If this is the case then create a -one-line script that contains the right parameters and run that from -inetd. - - -TEST 5: -------- - -run the command "nmblookup -B ACLIENT '*'" - -You should get the PCs IP address back. If you don't then the client -software on the PC isn't installed correctly, or isn't started, or you -got the name of the PC wrong. - -If ACLIENT doesn't resolve via DNS then use the IP address of the -client in the above test. - - -TEST 6: -------- - -Run the command "nmblookup -d 2 '*'" - -This time we are trying the same as the previous test but are trying -it via a broadcast to the default broadcast address. A number of -Netbios/TCPIP hosts on the network should respond, although Samba may -not catch all of the responses in the short time it listens. You -should see "got a positive name query response" messages from several -hosts. - -If this doesn't give a similar result to the previous test then -nmblookup isn't correctly getting your broadcast address through its -automatic mechanism. In this case you should experiment use the -"interfaces" option in smb.conf to manually configure your IP -address, broadcast and netmask. - -If your PC and server aren't on the same subnet then you will need to -use the -B option to set the broadcast address to the that of the PCs -subnet. - -This test will probably fail if your subnet mask and broadcast address are -not correct. (Refer to TEST 3 notes above). - -TEST 7: -------- - -Run the command "smbclient //BIGSERVER/TMP". You should then be -prompted for a password. You should use the password of the account -you are logged into the unix box with. If you want to test with -another account then add the -U option to the end of -the command line. eg: smbclient //bigserver/tmp -Ujohndoe - -Note: It is possible to specify the password along with the username -as follows: - smbclient //bigserver/tmp -Ujohndoe%secret - -Once you enter the password you should get the "smb>" prompt. If you -don't then look at the error message. If it says "invalid network -name" then the service "tmp" is not correctly setup in your smb.conf. - -If it says "bad password" then the likely causes are: - -- you have shadow passords (or some other password system) but didn't -compile in support for them in smbd -- your "valid users" configuration is incorrect -- you have a mixed case password and you haven't enabled the "password -level" option at a high enough level -- the "path =" line in smb.conf is incorrect. Check it with testparm -- you enabled password encryption but didn't create the SMB encrypted -password file - -Once connected you should be able to use the commands "dir" "get" -"put" etc. Type "help " for instructions. You should -especially check that the amount of free disk space shown is correct -when you type "dir". - - -TEST 8: -------- - -On the PC type the command "net view \\BIGSERVER". You will need to do -this from within a "dos prompt" window. You should get back a list of -available shares on the server. - -If you get a "network name not found" or similar error then netbios -name resolution is not working. This is usually caused by a problem in -nmbd. To overcome it you could do one of the following (you only need -to choose one of them): - -- fixup the nmbd installation -- add the IP address of BIGSERVER to the "wins server" box in the -advanced tcp/ip setup on the PC. -- enable windows name resolution via DNS in the advanced section of -the tcp/ip setup -- add BIGSERVER to your lmhosts file on the PC. - -If you get a "invalid network name" or "bad password error" then the -same fixes apply as they did for the "smbclient -L" test above. In -particular, make sure your "hosts allow" line is correct (see the man -pages) - -Also, do not overlook that fact that when the workstation requests the -connection to the samba server it will attempt to connect using the -name with which you logged onto your Windows machine. You need to make -sure that an account exists on your Samba server with that exact same -name and password. - -If you get "specified computer is not receiving requests" or similar -it probably means that the host is not contactable via tcp services. -Check to see if the host is running tcp wrappers, and if so add an entry in -the hosts.allow file for your client (or subnet, etc.) - - -TEST 9: --------- - -Run the command "net use x: \\BIGSERVER\TMP". You should be prompted -for a password then you should get a "command completed successfully" -message. If not then your PC software is incorrectly installed or your -smb.conf is incorrect. make sure your "hosts allow" and other config -lines in smb.conf are correct. - -It's also possible that the server can't work out what user name to -connect you as. To see if this is the problem add the line "user = -USERNAME" to the [tmp] section of smb.conf where "USERNAME" is the -username corresponding to the password you typed. If you find this -fixes things you may need the username mapping option. - -TEST 10: --------- - -Run the command "nmblookup -M TESTGROUP" where TESTGROUP is the name -of the workgroup that your Samba server and Windows PCs belong to. You -should get back the IP address of the master browser for that -workgroup. - -If you don't then the election process has failed. Wait a minute to -see if it is just being slow then try again. If it still fails after -that then look at the browsing options you have set in smb.conf. Make -sure you have "preferred master = yes" to ensure that an election is -held at startup. - -TEST 11: --------- - -From file manager try to browse the server. Your samba server should -appear in the browse list of your local workgroup (or the one you -specified in smb.conf). You should be able to double click on the name -of the server and get a list of shares. If you get a "invalid -password" error when you do then you are probably running WinNT and it -is refusing to browse a server that has no encrypted password -capability and is in user level security mode. In this case either set -"security = server" AND "password server = Windows_NT_Machine" in your -smb.conf file, or enable encrypted passwords AFTER compiling in support -for encrypted passwords (refer to the Makefile). - - -Still having troubles? ----------------------- - -Try the mailing list or newsgroup, or use the tcpdump-smb utility to -sniff the problem. The official samba mailing list can be reached at -samba@samba.org. To find out more about samba and how to -subscribe to the mailing list check out the samba web page at - http://samba.org/samba - -Also look at the other docs in the Samba package! - diff --git a/docs/textdocs/DNIX.txt b/docs/textdocs/DNIX.txt deleted file mode 100644 index 51005e6ec8..0000000000 --- a/docs/textdocs/DNIX.txt +++ /dev/null @@ -1,69 +0,0 @@ -DNIX has a problem with seteuid() and setegid(). These routines are -needed for Samba to work correctly, but they were left out of the DNIX -C library for some reason. - -For this reason Samba by default defines the macro NO_EID in the DNIX -section of includes.h. This works around the problem in a limited way, -but it is far from ideal, some things still won't work right. - -To fix the problem properly you need to assemble the following two -functions and then either add them to your C library or link them into -Samba. - -put this in the file setegid.s: - - .globl _setegid -_setegid: - moveq #47,d0 - movl #100,a0 - moveq #1,d1 - movl 4(sp),a1 - trap #9 - bccs 1$ - jmp cerror -1$: - clrl d0 - rts - - -put this in the file seteuid.s: - - .globl _seteuid -_seteuid: - moveq #47,d0 - movl #100,a0 - moveq #0,d1 - movl 4(sp),a1 - trap #9 - bccs 1$ - jmp cerror -1$: - clrl d0 - rts - -after creating the above files you then assemble them using - -as seteuid.s -as setegid.s - -that should produce the files seteuid.o and setegid.o - -then you need to add these to the LIBSM line in the DNIX section of -the Samba Makefile. Your LIBSM line will then look something like this: - -LIBSM = setegid.o seteuid.o -ln - -You should then remove the line: - -#define NO_EID - -from the DNIX section of includes.h - -Then recompile and try it out! - -Note that this file was derived from an email from Peter Olsson -. I don't have DNIX myself, so you're probably better -off contacting Peter if you have problems. - -Andrew - diff --git a/docs/textdocs/GROUP-MAPPING-HOWTO.txt b/docs/textdocs/GROUP-MAPPING-HOWTO.txt deleted file mode 100644 index c266f56548..0000000000 --- a/docs/textdocs/GROUP-MAPPING-HOWTO.txt +++ /dev/null @@ -1,60 +0,0 @@ -Samba 3.0 prealpha guide to group mapping ---------------------------------------------------- - -Jean François Micouleau (jfm@samba.org) - -Starting with Samba 3.0 alpha 2, a new group mapping function is available. The -current method (likely to change) to manage the groups is a new command called -smbgroupedit. - -The first immediate reason to use the group mapping on a PDC, is that -the 'domain admin group' of smb.conf is now gone. This parameter was -used to give the listed users local admin rights on their -workstations. It was some magic stuff that simply worked but didn't -scale very well for complex setups. - -Let me explain how it works on NT/W2K, to have this magic fade away. -When installing NT/W2K on a computer, the installer program creates some users -and groups. Notably the 'Administrators' group, and gives to that group some -privileges like the ability to change the date and time or to kill any process -(or close too) running on the local machine. The 'Administrator' user is a -member of the 'Administrators' group, and thus 'inherit' the 'Administrators' -group privileges. If a 'joe' user is created and become a member of the -'Administrator' group, 'joe' has exactly the same rights as 'Administrator'. - -When a NT/W2K machine is joined to a domain, during that phase, the "Domain -Administrators' group of the PDC is added to the 'Administrators' group of the -workstation. Every members of the 'Domain Administrators' group 'inherit' the -rights of the 'Administrators' group when logging on the workstation. - - -You are now wondering how to make some of your samba PDC users members of the -'Domain Administrators' ? That's really easy. - -1) create a unix group (usually in /etc/group), let's call it domadm -2) add to this group the users that must be Administrators. For example if you -want joe,john and mary, your entry in /etc/group will look like: - - domadm:x:502:joe,john,mary - -3) map this domadm group to the 'domain admins' group by running the command: - - smbgroupedit -c "Domain Admins" -u domadm - -you're set, joe, john and mary are domain administrators ! - - - -Like the Domain Admins group, you can map any arbitrary Unix group to any NT -group. You can also make any Unix group a domain group. For example, on a domain -member machine (an NT/W2K or a samba server running winbind), you would like to -give access to a certain directory to some users who are member of a group on -your samba PDC. Flag that group as a domain group by running: - - smbgroupedit -a unixgroup -td - - -You can list the various groups in the mapping database like this - - smbgroupedit -v - diff --git a/docs/textdocs/INSTALL.sambatar b/docs/textdocs/INSTALL.sambatar deleted file mode 100644 index 413f54d3c6..0000000000 --- a/docs/textdocs/INSTALL.sambatar +++ /dev/null @@ -1,33 +0,0 @@ -Contributor: Ricky Poulten -Date: Unknown -Status: Current - -Subject: Using smbtar -============================================================================= - -Please see the readme and the man page for general info. - -1) Follow the samba installation instructions. - -2) If all goes well, test it out by creating a share on your PC (called -backup for example) then doing something like, - - ./smbtar -s mypc -t /dev/rmt/0ubn -x backup - -substituting whatever your tape drive is for the -t option, or set your -tape environmental variable. - -If all does not go well, feel free to mail the author (poultenr@logica.co.uk) -about bug reports / help / money / pizza / etc. - -3) Read the man page and the NOTES file for more information - -4) Work smbtar into your usual nightly backup scheme (presuming you -have one :-}). - - -NOTE: - -If you have problems with smbtar then it's probably best to contact the -author Ricky Poulten (poultenr@logica.co.uk). - diff --git a/docs/textdocs/Imprints.txt b/docs/textdocs/Imprints.txt deleted file mode 100644 index 4ea9782bd3..0000000000 --- a/docs/textdocs/Imprints.txt +++ /dev/null @@ -1,47 +0,0 @@ -================================================================== - - -Imprints (Installation Manager of Printer driver -Retreival and Installation for Samba) is a project to -implement a UNIX equivalent of the Windows NT APW. -It has been taken on in part by the Samba Team, VA Linux -Systems and Hewlett-Packard. The Imprints toolset seeks -to provide central repository for users and administrators -to locate, download, and install all variations Window -95/98/NT printer drivers on Samba print servers. - -The server portion of Imprints is composed of a database -server which contains information and locations of various -printer driver packages. This server can be queried over -standard HTTP get requests and should therefore be available -to most administrators behind firewalls. The server's -database consists of records containing data about each -known printer driver package. For example, each driver -record contains a URL from which the Imprints installation -client can download the package as well as a public key which -can be used to verify the package's integrity. - -Once downloaded, the installation client will attempt to -install the printer driver on the defined remote server -using the username and password provided by the administrator. -If the username/password pair can be authenticated by the -remote server (and has the appropriate authorization), then -the printer driver(s) is (are) installed and the new Printer -is created. - -From Samba's point of view, the process of creating a new -printer via the Imprints installation client is identical to -that of using the Windows NT APW. In fact, Imprints utilizes -Samba's rpcclient and smbclient tools to issue the same MS-RPC -and file copy operations as an NT client. This means that -Imprints can also be used to install printers on remote Windows -NT print servers. - -For more information on Imprints, visit the project homepage -at - - http://imprints.sourceforge.net/. - - - - diff --git a/docs/textdocs/Macintosh_Clients.txt b/docs/textdocs/Macintosh_Clients.txt deleted file mode 100644 index dfac97e1aa..0000000000 --- a/docs/textdocs/Macintosh_Clients.txt +++ /dev/null @@ -1,23 +0,0 @@ -> Are there any Macintosh clients for Samba? - -Yes. Thursby now have a CIFS Client / Server called DAVE - see -http://www.thursby.com/ - -They test it against Windows 95, Windows NT and samba for -compatibility issues. At the time of writing, DAVE was at version -1.0.1. The 1.0.0 to 1.0.1 update is available as a free download from -the Thursby web site (the speed of finder copies has been greatly -enhanced, and there are bug-fixes included). - -Alternatives - There are two free implementations of AppleTalk for -several kinds of UNIX machnes, and several more commercial ones. -These products allow you to run file services and print services -natively to Macintosh users, with no additional support required on -the Macintosh. The two free omplementations are Netatalk, -http://www.umich.edu/~rsug/netatalk/, and CAP, -http://www.cs.mu.oz.au/appletalk/atalk.html. What Samba offers MS -Windows users, these packages offer to Macs. For more info on these -packages, Samba, and Linux (and other UNIX-based systems) see -http://www.eats.com/linux_mac_win.html - - diff --git a/docs/textdocs/NetBIOS.txt b/docs/textdocs/NetBIOS.txt deleted file mode 100644 index ca0dcc84b7..0000000000 --- a/docs/textdocs/NetBIOS.txt +++ /dev/null @@ -1,152 +0,0 @@ -Contributor: lkcl - samba@samba.org - Copyright 1997 Luke Kenneth Casson Leighton -Date: March 1997 -Status: Current -Updated: 12jun97 - -Subject: Definition of NetBIOS Protocol and Name Resolution Modes -============================================================================= - -======= -NETBIOS -======= - -NetBIOS runs over the following tranports: TCP/IP; NetBEUI and IPX/SPX. -Samba only uses NetBIOS over TCP/IP. For details on the TCP/IP NetBIOS -Session Service NetBIOS Datagram Service, and NetBIOS Names, see -rfc1001.txt and rfc1002.txt. - -NetBEUI is a raw NetBIOS frame protocol implementation that allows NetBIOS -datagrams to be sent out over the 'wire' embedded within LLC frames. -NetBEUI is not required when using NetBIOS over TCP/IP protocols and it -is preferable NOT to install NetBEUI if it can be avoided. - -IPX/SPX is also not required when using NetBIOS over TCP/IP, and it is -preferable NOT to install the IPX/SPX transport unless you are using Novell -servers. At the very least, it is recommended that you do not install -'NetBIOS over IPX/SPX'. - -[When installing Windows 95, you will find that NetBEUI and IPX/SPX are -installed as the default protocols. This is because they are the simplest -to manage: no Windows 95 user-configuration is required]. - - -NetBIOS applications (such as samba) offer their services (for example, -SMB file and print sharing) on a NetBIOS name. They must claim this name -on the network before doing so. The NetBIOS session service will then -accept connections on the application's behalf (on the NetBIOS name -claimed by the application). A NetBIOS session between the application -and the client can then commence. - -NetBIOS names consist of 15 characters plus a 'type' character. This is -similar, in concept, to an IP address and a TCP port number, respectively. -A NetBIOS-aware application on a host will offer different services under -different NetBIOS name types, just as a host will offer different TCP/IP -services on different port numbers. - -NetBIOS names must be claimed on a network, and must be defended. The use -of NetBIOS names is most suitable on a single subnet; a Local Area Network -or a Wide Area Network. - -NetBIOS names are either UNIQUE or GROUP. Only one application can claim a -UNIQUE NetBIOS name on a network. - -There are two kinds of NetBIOS Name resolution: Broadcast and Point-to-Point. - - -================= -BROADCAST NetBIOS -================= - -Clients can claim names, and therefore offer services on successfully claimed -names, on their broadcast-isolated subnet. One way to get NetBIOS services -(such as browsing: see ftp.microsoft.com/drg/developr/CIFS/browdiff.txt; and -SMB file/print sharing: see cifs4.txt) working on a LAN or WAN is to make -your routers forward all broadcast packets from TCP/IP ports 137, 138 and 139. - -This, however, is not recommended. If you have a large LAN or WAN, you will -find that some of your hosts spend 95 percent of their time dealing with -broadcast traffic. [If you have IPX/SPX on your LAN or WAN, you will find -that this is already happening: a packet analyzer will show, roughly -every twelve minutes, great swathes of broadcast traffic!]. - - -============ -NBNS NetBIOS -============ - -rfc1001.txt describes, amongst other things, the implementation and use -of, a 'NetBIOS Name Service'. NT/AS offers 'Windows Internet Name Service' -which is fully rfc1001/2 compliant, but has had to take specific action -with certain NetBIOS names in order to make it useful. (for example, it -deals with the registration of <1c> <1d> <1e> names all in different ways. -I recommend the reading of the Microsoft WINS Server Help files for full -details). - -Samba also offers WINS server capabilities. Samba does not interact -with NT/AS (WINS replication), so if you have a mixed NT server and -Samba server environment, it is recommended that you use the NT server's -WINS capabilities, instead of samba's WINS server capabilities. - -The use of a WINS server cuts down on broadcast network traffic for -NetBIOS name resolution. It has the effect of pulling all the broadcast -isolated subnets together into a single NetBIOS scope, across your LAN -or WAN, while avoiding the use of TCP/IP broadcast packets. - -When you have a WINS server on your LAN, WINS clients will be able to -contact the WINS server to resolve NetBIOS names. Note that only those -WINS clients that have registered with the same WINS server will be -visible. The WINS server _can_ have static NetBIOS entries added to its -database (usually for security reasons you might want to consider putting -your domain controllers or other important servers as static entries, -but you should not rely on this as your sole means of security), but for -the most part, NetBIOS names are registered dynamically. - -[It is important to mention that samba's browsing capabilities (as a WINS -client) must have access to a WINS server. if you are using samba also -as a WINS server, then it will have a direct short-cut into the WINS -database. - -This provides some confusion for lots of people, and is worth mentioning -here: a Browse Server is NOT a WINS Server, even if these services are -implemented in the same application. A Browse Server _needs_ a WINS server -because a Browse Server is a WINS client, which is _not_ the same thing]. - -Clients can claim names, and therefore offer services on successfully claimed -names, on their broadcast-isolated subnet. One way to get NetBIOS services -(such as browsing: see ftp.microsoft.com/drg/developr/CIFS/browdiff.txt; and -SMB file/print sharing: see cifs6.txt) working on a LAN or WAN is to make -your routers forward all broadcast packets from TCP/IP ports 137, 138 and 139. -You will find, however, if you do this on a large LAN or a WAN, that your -network is completely swamped by NetBIOS and browsing packets, which is why -WINS was developed to minimise the necessity of broadcast traffic. - -WINS Clients therefore claim names from the WINS server. If the WINS -server allows them to register a name, the client's NetBIOS session service -can then offer services on this name. Other WINS clients will then -contact the WINS server to resolve a NetBIOS name. - - -======================= -Samba WINS Capabilities -======================= - -To configure samba as a WINS server, you must add "wins support = yes" to -the [global] section of your smb.conf file. This will enable WINS server -capabilities in nmbd. - -To configure samba as a WINS client, you must add "wins server = x.x.x.x" -to the [global] section of your smb.conf file, where x.x.x.x is the TCP/IP -address of your WINS server. The browsing capabilities in nmbd will then -register (and resolve) WAN-wide NetBIOS names with this WINS server. - -Note that if samba has "wins support = yes", then the browsing capabilities -will _not_ use the "wins server" option to resolve NetBIOS names: it will -go directly to the internal WINS database for NetBIOS name resolution. It -is therefore invalid to have both "wins support = yes" and -"wins server = x.x.x.x". Note, in particular, that if you configure the -"wins server" parameter to be the ip address of your samba server itself -(as might one intuitively think), that you will run into difficulties. -Do not use both parameters! - - diff --git a/docs/textdocs/Passwords.txt b/docs/textdocs/Passwords.txt deleted file mode 100644 index 25d4c816f0..0000000000 --- a/docs/textdocs/Passwords.txt +++ /dev/null @@ -1,46 +0,0 @@ -Contributor: Unknown -Date: Updated April 19th 1999. -Status: Current - -Subject: NOTE ABOUT PASSWORDS -============================================================================= - -Unix systems use a wide variety of methods for checking the validity -of a password. This is primarily controlled with the Makefile defines -mentioned in the Makefile. - -Also note that some clients (notably WfWg) uppercase the password -before sending it. The server tries the password as it receives it and -also after lowercasing it. - -The Samba server can also be configured to try different -upper/lowercase combinations. This is controlled by the [global] -parameter "password level". A level of N means to try all combinations -up to N uppercase characters in the password. A high value can chew a -fair bit of CPU time and can lower the security of your system. Do not -use this options unless you really need it - the time taken for -password checking can become so high that clients time out. - -If you do use the "password level" option then you might like to use --DUFC_CRYPT in your Makefile. On some machine this makes password -checking _much_ faster. This is also useful if you use the @group -syntax in the user= option. - -If your site uses AFS (the Andrew File System), you can use the AFS section -in the Makefile. This will first attempt to authenticate a username and -password to AFS. If that succeeds, then the associated AFS rights will be -granted. Otherwise, the password checking routine falls back to whatever -Unix password checking method you are using. Note that the AFS code is -only written and tested for AFS 3.3 and later. - - -SECURITY = SERVER or DOMAIN -=========================== - -Samba can use a remote server to do its username/password -validation. This allows you to have one central machine (for example a -NT box) control the passwords for the Unix box. - -See the section on "security =" in smb.conf(5) for details. - - diff --git a/docs/textdocs/Printing.txt b/docs/textdocs/Printing.txt deleted file mode 100644 index 2c50e5f4fe..0000000000 --- a/docs/textdocs/Printing.txt +++ /dev/null @@ -1,255 +0,0 @@ -Contributor: Unknown -Revised by: Patrick Powell -Date: August 11, 2000 -Status: Current - -Subject: Debugging Printing Problems -============================================================================= - -This is a short description of how to debug printing problems with -Samba. This describes how to debug problems with printing from a SMB -client to a Samba server, not the other way around. For the reverse -see the examples/printing directory. - -Please send enhancements to this file to samba@samba.org - -Ok, so you want to print to a Samba server from your PC. The first -thing you need to understand is that Samba does not actually do any -printing itself, it just acts as a middleman between your PC client -and your Unix printing subsystem. Samba receives the file from the PC -then passes the file to a external "print command". What print command -you use is up to you. - -The whole things is controlled using options in smb.conf. The most -relevant options (which you should look up in the smb.conf man page) -are: - [global] - print command - send a file to a spooler - lpq command - get spool queue status - lprm command - remove a job - [printers] - path = /var/spool/lpd/samba - -The following are nice to know about: - - queuepause command - stop a printer or print queue - queueresume command - start a printer or print queue - -Example: - print command = /usr/bin/lpr -r -P%p %s - lpq command = /usr/bin/lpq -P%p %s - lprm command = /usr/bin/lprm -P%p %j - queuepause command = /usr/sbin/lpc -P%p stop - queuepause command = /usr/sbin/lpc -P%p start - -Samba should set reasonable defaults for these depending on your -system type, but it isn't clairvoyant. It is not uncommon that you -have to tweak these for local conditions. The commands should -always have fully specified pathnames, as the smdb may not have -the correct PATH values. - -When you send a job to Samba to be printed, it will make a temporary -copy of it in the directory specified in the [printers] section. -and it should be periodically cleaned out. The lpr -r option -requests that the temporary copy be removed after printing; If -printing fails then you might find leftover files in this directory, -and it should be periodically cleaned out. Samba used the lpq -command to determine the "job number" assigned to your print job -by the spooler. - -The % are "macros" that get dynamically replaced with appropriate -values when they are used. The %s gets replaced with the name of the spool -file that Samba creates and the %p gets replaced with the name of the -printer. The %j gets replaced with the "job number" which comes from -the lpq output. - -DEBUGGING PRINTER PROBLEMS - -One way to debug printing problems is to start by replacing these -command with shell scripts that record the arguments and the contents -of the print file. A simple example of this kind of things might -be: - - print command = /tmp/saveprint %p %s - - #!/bin/saveprint - # we make sure that we are the right user - /usr/bin/id -p >/tmp/tmp.print - # we run the command and save the error messages - # replace the command with the one appropriate for your system - /usr/bin/lpr -r -P$1 $2 2>>&/tmp/tmp.print - -Then you print a file and try removing it. You may find that the -print queue needs to be stopped in order to see the queue status -and remove the job: - -h4: {42} % echo hi >/tmp/hi -h4: {43} % smbclient //localhost/lw4 -added interface ip=10.0.0.4 bcast=10.0.0.255 nmask=255.255.255.0 -Password: -Domain=[ASTART] OS=[Unix] Server=[Samba 2.0.7] -smb: \> print /tmp/hi -putting file /tmp/hi as hi-17534 (0.0 kb/s) (average 0.0 kb/s) -smb: \> queue -1049 3 hi-17534 -smb: \> cancel 1049 -Error cancelling job 1049 : code 0 -smb: \> cancel 1049 -Job 1049 cancelled -smb: \> queue -smb: \> exit - -The 'code 0' indicates that the job was removed. The comment -by the smbclient is a bit misleading on this. -You can observe the command output and then and look at the -/tmp/tmp.print file to see what the results are. You can quickly -find out if the problem is with your printing system. Often people -have problems with their /etc/printcap file or permissions on -various print queues. - -WHAT PRINTERS DO I HAVE - -You can use the 'testprns' program to check to see if the printer -name you are using is recognized by Samba. For example, you can -use: - - testprns printer /etc/printcap - -Samba can get its printcap information from a file or from a program. -You can try the following to see the format of the extracted -information: - - testprns -a printer /etc/printcap - - testprns -a printer '|/bin/cat printcap' - -SETTING UP PRINTCAP AND PRINT SERVERS - -You may need to set up some printcaps for your Samba system to use. -It is strongly recommended that you use the facilities provided by -the print spooler to set up queues and printcap information. - -Samba requires either a printcap or program to deliver printcap -information. This printcap information has the format: - - name|alias1|alias2...:option=value:... - -For almost all printing systems, the printer 'name' must be composed -only of alphanumeric or underscore '_' characters. Some systems also -allow hyphens ('-') as well. An alias is an alternative name for the -printer, and an alias with a space in it is used as a 'comment' -about the printer. The printcap format optionally uses a \ at the end of lines -to extend the printcap to multiple lines. - - -Here are some examples of printcap files: - -pr just printer name -pr|alias printer name and alias -pr|My Printer printer name, alias used as comment -pr:sh:\ Same as pr:sh:cm= testing - :cm= \ - testing -pr:sh Same as pr:sh:cm= testing - :cm= testing - -Samba reads the printcap information when first started. If you make -changes in the printcap information, then you must do the following: - -a) make sure that the print spooler is aware of these changes. - The LPRng system uses the 'lpc reread' command to do this. - -b) make sure that the spool queues, etc., exist and have the - correct permissions. The LPRng system uses the 'checkpc -f' - command to do this. - -c) You now should send a SIGHUP signal to the smbd server to have - it reread the printcap information. - -JOB SENT, NO OUTPUT - -This is the most frustrating part of printing. You may have sent the -job, verified that the job was forwarded, set up a wrapper around -the command to send the file, but there was no output from the printer. - -First, check to make sure that the job REALLY is getting to the -right print queue. If you are using a BSD or LPRng print spooler, -you can temporarily stop the printing of jobs. Jobs can still be -submitted, but they will not be printed. Use: - - lpc -Pprinter stop - -Now submit a print job and then use 'lpq -Pprinter' to see if the -job is in the print queue. If it is not in the print queue then -you will have to find out why it is not being accepted for printing. - -Next, you may want to check to see what the format of the job really -was. With the assistance of the system administrator you can view -the submitted jobs files. You may be surprised to find that these -are not in what you would expect to call a printable format. -You can use the UNIX 'file' utitily to determine what the job -format actually is: - - cd /var/spool/lpd/printer # spool directory of print jobs - ls # find job files - file dfA001myhost - -You should make sure that your printer supports this format OR that -your system administrator has installed a 'print filter' that will -convert the file to a format appropriate for your printer. - -JOB SENT, STRANGE OUTPUT - -Once you have the job printing, you can then start worrying about -making it print nicely. - -The most common problem is extra pages of output: banner pages -OR blank pages at the end. - -If you are getting banner pages, check and make sure that the -printcap option or printer option is configured for no banners. -If you have a printcap, this is the :sh (suppress header or banner -page) option. You should have the following in your printer. - - printer: ... :sh - -If you have this option and are still getting banner pages, there -is a strong chance that your printer is generating them for you -automatically. You should make sure that banner printing is disabled -for the printer. This usually requires using the printer setup software -or procedures supplied by the printer manufacturer. - -If you get an extra page of output, this could be due to problems -with your job format, or if you are generating PostScript jobs, -incorrect setting on your printer driver on the MicroSoft client. -For example, under Win95 there is a option: - - Printers|Printer Name|(Right Click)Properties|Postscript|Advanced| - -that allows you to choose if a Ctrl-D is appended to all jobs. -This is a very bad thing to do, as most spooling systems will -automatically add a ^D to the end of the job if it is detected as -PostScript. The multiple ^D may cause an additional page of output. - -RAW POSTSCRIPT PRINTED - -This is a problem that is usually caused by either the print spooling -system putting information at the start of the print job that makes -the printer think the job is a text file, or your printer simply -does not support PostScript. You may need to enable 'Automatic -Format Detection' on your printer. - -ADVANCED PRINTING - -Note that you can do some pretty magic things by using your -imagination with the "print command" option and some shell scripts. -Doing print accounting is easy by passing the %U option to a print -command shell script. You could even make the print command detect -the type of output and its size and send it to an appropriate -printer. - -DEBUGGING - -If the above debug tips don't help, then maybe you need to bring in -the bug guns, system tracing. See Tracing.txt in this directory. ------------------------------------------------------------------------------ diff --git a/docs/textdocs/README.sambatar b/docs/textdocs/README.sambatar deleted file mode 100644 index af7250c2a4..0000000000 --- a/docs/textdocs/README.sambatar +++ /dev/null @@ -1,23 +0,0 @@ -Contributor/s: Martin.Kraemer - and Ricky Poulten (ricky@logcam.co.uk) -Date: Unknown - circa 1994 -Status: Obsoleted - smbtar has been a stable part of Samba - since samba-1.9.13 - -Subject: Sambatar (now smbtar) -============================================================================= - -This is version 1.4 of my small extension to samba that allows PC shares -to be backed up directly to a UNIX tape. It only has been tested under -Solaris 2.3, Linux 1.1.59 and DG/UX 5.4r3.10 with version 1.9.13 of samba. - -See the file INSTALL for installation instructions, and -the man page and NOTES file for some basic usage. Please let me know if you -have any problems getting it to work under your flavour of Unix. - -This is only (yet another) intermediate version of sambatar. -This version also comes with an extra gift, zen.bas, written in -microsoft qbasic by a colleague. It is (apparently) based on a 70s -British sci-fi series known as Blake's 7. If you have any questions -about this program, or any suggestions (e.g. what about servillan.bas -?), feel free to mail the author (of zen.bas) greenm@lilhd.logica.com. diff --git a/docs/textdocs/SCO.txt b/docs/textdocs/SCO.txt deleted file mode 100644 index 7c01aa57c6..0000000000 --- a/docs/textdocs/SCO.txt +++ /dev/null @@ -1,19 +0,0 @@ -Contributor: Geza Makay -Date: Unknown -Status: Obsolete - Dates to SCO Unix v3.2.4 approx. - -Subject: TCP/IP Bug in SCO Unix -============================================================================ - -There is an annoying TCPIP bug in SCO Unix. This causes corruption when -transferring files with Samba. - -Geza Makay (makayg@math.u-szeged.hu) sends this information: - -The patch you need is UOD385 Connection Drivers SLS. It is available from -SCO (ftp.sco.com, directory SLS, files uod385a.Z and uod385a.ltr.Z). - -You do not need anything else but the above patch. It installs in seconds, -and corrected the Excel problem. We also had some other minor problems (not -only with Samba) that disappeared by installing this patch. - diff --git a/docs/textdocs/SMBTAR.notes b/docs/textdocs/SMBTAR.notes deleted file mode 100644 index 679d776f56..0000000000 --- a/docs/textdocs/SMBTAR.notes +++ /dev/null @@ -1,46 +0,0 @@ -Contributor: Unknown -Date: 1994 -Status: Mostly Current - refer man page - -Subject: Smbtar -============================================================================ - -Intro ------ - -sambatar is just a small extension to the smbclient program distributed with -samba. A basic front end shell script, smbtar, is provided as an interface -to the smbclient extensions. - -Extensions ----------- - -This release adds the following extensions to smbclient, - -tar [c|x] filename - creates or restores from a tar file. The tar file may be a tape -or a unix tar file. tar's behaviour is modified with the newer and tarmode -commands. - -tarmode [full|inc|reset|noreset] - With no arguments, tarmode prints the current tar mode (by default full, -noreset). In full mode, every file is backed up during a tar command. -In incremental, only files with the dos archive bit set are backed up. -The archive bit is reset if in reset mode, or left untouched if in noreset. -In reset mode, the share has to be writable, which makes sambatar even -less secure. An alternative might be to use tarmode inc noreset which -would implement an "expanding incremental" backup (which some may prefer -anyway). - -setmode filename - This is a "freebie" - nothing really to do with sambatar. This -is a crude attrib like command (only the other way around). Setmode string -is a combination of +-rhsa. So for example -rh would reset the read only -bit on filename. - -newer filename - This is in fact part of the 1.9.13 samba distribution, but comes -into its own with sambatar. This causes tar (or get, mget, etc) to -only copy files newer than the specified file name. Could be used -against the previous nights (or whatever) log file to implement incremental -backups. diff --git a/docs/textdocs/Samba-OpenSSL.txt b/docs/textdocs/Samba-OpenSSL.txt deleted file mode 100644 index e1b54b1a03..0000000000 --- a/docs/textdocs/Samba-OpenSSL.txt +++ /dev/null @@ -1,405 +0,0 @@ -Contributor: Christian Starkjohann -Date: May 29, 1998 -Status: - -Comment: Updated by Lutz Jaenicke -Date: July 16, 2001 - -Subject: Compiling and using samba with SSL support -============================================================================ - -What is SSL and SSLeay/OpenSSL? -=============================== -SSL (Secure Socket Layer) is a protocol for encrypted and authenticated data -transport. It is used by secure web servers for shopping malls, telebanking -and things like that. - -SSLeay is a free implementation of the SSL protocol. The successor of it is -OpenSSL, available from - - http://www.openssl.org/ - -The current version while these lines are written is 0.9.6b. In some countries -encryption is plagued by legal problems, even though things have relaxed a -lot in the last years. - -To compile samba with SSL support, you must first compile and install OpenSSL. -At least version 0.9.5 of OpenSSL is required. Version 0.9.6b is the latest -version and is strongly recommended. -OpenSSL consists of a library (which can be linked to other applications like -samba) and several utility programs needed for key generation, certification -etc. OpenSSL installs to /usr/local/ssl/ by default. - - -Compiling samba with OpenSSL -============================ -1. Get and install OpenSSL. The rest of this documentation assumes that you - have installed it at the default location, which is /usr/local/ssl/. -2. Call "configure" with the "--with-ssl" flag. If OpenSSL is not installed in - the default directory, you can use the "--with-sslinc" and "--with-ssllib" - flags to specify the location. -3. Compile and install as usual. - - -Configuring SSL in samba -======================== -Before you configure SSL, you should know the basics of cryptography and how -SSL relates to all of this. A basic introduction can be found further down in -this document. The following variables in the "[global]" section of the -configuration file are used to configure SSL: - -ssl = yes - This variable enables or disables the entire SSL mode. If it is set to - "no", the SSL enabled samba behaves exactly like the non-SSL samba. If set - to "yes", it depends on the variables "ssl hosts" and "ssl hosts resign" - whether an SSL connection will be required. -ssl hosts = -ssl hosts resign = 192.168. - These two variables define whether samba will go into SSL mode or not. If - none of them is defined, samba will allow only SSL connections. If the - "ssl hosts" variable lists hosts (by IP-address, IP-address range, net - group or name), only these hosts will be forced into SSL mode. If the - "ssl hosts resign" variable lists hosts, only these hosts will NOT be - forced into SSL mode. The syntax for these two variables is the same as - for the "hosts allow" and "hosts deny" pair of variables, only that the - subject of the decision is different: It's not the access right but - whether SSL is used or not. See the man page of smb.conf (section about - "allow hosts") for details. The above example requires SSL connections - from all hosts outside the local net (which is 192.168.*.*). -ssl CA certDir = /usr/local/ssl/certs - This variable defines where to look up the Certification Autorities. The - given directory should contain one file for each CA that samba will trust. - The file name must be the hash value over the "Distinguished Name" of the - CA. How this directory is set up is explained later in this document. All - files within the directory that don't fit into this naming scheme are - ignored. You don't need this variable if you don't verify client - certificates. -ssl CA certFile = /usr/local/ssl/certs/trustedCAs.pem - This variable is a second way to define the trusted CAs. The certificates - of the trusted CAs are collected in one big file and this variable points - to the file. You will probably only use one of the two ways to define your - CAs. The first choice is preferable if you have many CAs or want to be - flexible, the second is perferable if you only have one CA and want to - keep things simple (you won't need to create the hashed file names). You - don't need this variable if you don't verify client certificates. -ssl server cert = /usr/local/ssl/certs/samba.pem - This is the file containing the server's certificate. The server _must_ - have a certificate. The file may also contain the server's private key. - See later for how certificates and private keys are created. -ssl server key = /usr/local/ssl/private/samba.pem - This file contains the private key of the server. If this variable is not - defined, the key is looked up in the certificate file (it may be appended - to the certificate). The server _must_ have a private key and the - certificate _must_ match this private key. -ssl client cert = /usr/local/ssl/certs/smbclient.pem - The certificate in this file is used by smbclient if it exists. It's needed - if the server requires a client certificate. -ssl client key = /usr/local/ssl/private/smbclient.pem - This is the private key for smbclient. It's only needed if the client - should have a certificate. -ssl require clientcert = yes - If this variable is set to "yes", the server will not tolerate connections - from clients that don't have a valid certificate. The directory/file - given in "ssl CA certDir" and "ssl CA certFile" will be used to look up - the CAs that issued the client's certificate. If the certificate can't be - verified positively, the connection will be terminated. - If this variable is set to "no", clients don't need certificates. Contrary - to web applications you really _should_ require client certificates. In - the web environment the client's data is sensitive (credit card numbers) - and the server must prove to be trustworthy. In a file server environment - the server's data will be sensitive and the clients must prove to be - trustworthy. -ssl require servercert = yes - If this variable is set to "yes", the smbclient will request a certificate - from the server. Same as "ssl require clientcert" for the server. -ssl ciphers = ??? - This variable defines the ciphers that should be offered during SSL - negotiation. You should not set this variable unless you know what you do. -ssl version = ssl2or3 - This enumeration variable defines the versions of the SSL protocol that - will be used. "ssl2or3" allows dynamic negotiation of SSL v2 or v3, "ssl2" - results SSL v2, "ssl3" results in SSL v3 and "tls1" results in TLS v1. TLS - (Transport Layer Security) is the (proposed?) new standard for SSL. The - default value is "ssl2or3". -ssl compatibility = no - This variable defines whether SSLeay should be configured for bug - compatibility with other SSL implementations. This is probably not - desirable because currently no clients with SSL implementations other than - SSLeay exist. -ssl entropy file = - Specifies a file from which processes will read "random bytes" on startup. - In order to seed the internal pseudo random number generator, entropy - must be provided. On system with a /dev/urandom device file, the processes - will retrieve its entropy from the kernel. On systems without kernel - entropy support, a file can be supplied that will be read on startup - and that will be used to seed the PRNG. -ssl entropy bytes = 256 - Number of bytes that will be read from entropy file. If -1 is given, the - complete file will be read. -ssl egd socket = - Location of the communiation socket of an EGD or PRNGD daemon, from which - entropy can be retrieved. This option can be used instead of or together - with the "ssl entropy file" directive. 255bytes of entropy will be - retrieved from the daemon. - - -Running samba with OpenSSL -========================== -Samba is started as usual. The daemon will ask for the private key's pass -phrase before it goes to background if the private key has been encrypted. -If you start smbd from inetd, this won't work. Therefore you must not encrypt -your private key if you run smbd from inetd. - -Windows clients will try to connect to the SSL enabled samba daemon and they -will fail. This can fill your log with failed SSL negotiation messages. To -avoid this, you can either not run nmbd (if all clients use DNS to look up -the server), which will leave the Windows machine unaware of the server, or -list all (local) Windows machines in the "ssl hosts resign" variable. - - -About certificates -================== -Secure samba servers will not be set up for public use as it is the case with -secure web servers. Most installations will probably use it for distributed -offices that use parts of the internet for their intranet, for access to a -web server that's physically hosted by the provider or simply for teleworking. -All these applications work with a known group of users that can easily agree -on a certification authority. The CA can be operated by the company and the -policy for issuing certificates can be determined by the company. If samba is -configured to verify client certificates, it (currently) only verifies -whether a valid certificate exists. It does not verify any of the data within -the certificate (although it prints some of the data to the log file). - - -Which clients are available that support SSL? -============================================= -Currently there are only smbclient which is part of the samba package and -Sharity. Shariy versions newer than 0.14 in the beta branch and 1.01 in the -main branch can be compiled with SSLeay. Sharity is a CIFS/SMB client -implementation for Unix. It is a commercial product, but it is available in -source code and the demo-mode allows access to the first three layers of the -mounted directory hierarchy. Licenses for universities and students are free. -Sharity is available at - - http://www.obdev.at/Products/Sharity.html - - - -########################################################################### -Basics about Cryptography and SSL(eay) -########################################################################### - -There are many good introductions to cryptography. I assume that the reader -is familiar with the words "encryption", "digital signature" and RSA. If you -don't know these terms, please read the cryptography FAQ part 6 and 7, which -is posted to the usenet newsgroup sci.crypt. It is also available from - - ftp://rtfm.mit.edu/pub/usenet/news.answers/cryptography-faq -and - http://www.cis.ohio-state.edu/hypertext/faq/usenet/cryptography-faq - -I'll concentrate on the questions specific to SSL and samba here. - - -What is a certificate? -====================== -A certificate is issued by an issuer, usually a "Certification Authority" -(CA), who confirms something by issuing the certificate. The subject of this -confirmation depends on the CA's policy. CAs for secure web servers (used for -shopping malls etc.) usually only attest that the given public key belongs the -the given domain name. Company-wide CAs might attest that you are an employee -of the company, that you have permissions to use a server or whatever. - - -What is an X.509 certificate technically? -========================================= -Technically, the certificate is a block of data signed by the certificate -issuer (the CA). The relevant fields are: - - unique identifier (name) of the certificate issuer - - time range during that the certificate is valid - - unique identifier (name) of the certified subject - - public key of the certified subject - - the issuer's signature over all of the above -If this certificate should be verified, the verifier must have a table of the -names and public keys of trusted CAs. For simplicity, these tables are lists -of certificates issued by the respective CAs for themselves (self-signed -certificates). - - -What are the implications of this certificate structure? -======================================================== - - Because the certificate contains the subject's public key, the - certificate and the private key together are all that's needed to encrypt - and decrypt. - - To verify certificates, you need the certificates of all CAs you trust. - - The simplest form of a dummy-certificate is one that's signed by the - subject itself. - - A CA is needed. The client can't simply issue local certificates for - servers it trusts because the server determines which certificate it - presents. - - - -########################################################################### -Setting up files and directories for OpenSSL -########################################################################### - -The first thing you should do is to change your PATH environment variable to -include the bin directory of OpenSSL. E.g.: - - PATH=$PATH:/usr/local/ssl/bin - -If your system's kernel supports a /dev/urandom device, all OpenSSL operations -will automatically retrieve its entropy from it. If your system does not -support /dev/urandom, you may install an EGD/PRNGD daemon for entropy -supply or can generate seed from reading files (that should contain information -unpredictable/unknown to attackers). Use the "-rand" option to the openssl -commands to specify the entropy source (if /dev/urandom is not available). - -OpenSSL additionally keeps random seed in the $HOME/.rnd file. You can -initialize this file using: - - openssl rand -rand /tmp/rfile.txt > $HOME/.rnd - rm -f /tmp/rfile.txt # nobody must know!! - -or - - openssl rand -rand /path/to/egd-socket > $HOME/.rnd - -How to create a keypair -======================= -This is done with 'genrsa' for RSA keys and 'gendsa' for DSA keys. For an RSA -key with 1024 bits which is written to the file "key.pem" type: - - openssl genrsa -des3 -rand /path/to/source 1024 > key.pem - -You will be asked for a pass phrase to protect this key. If you don't want to -protect your private key with a pass phrase, just omit the parameter "-des3". -If you want a different key size, replace the parameter "1024". You really -should use a pass phrase. - -If you want to remove the pass phrase from a key use: - - openssl rsa -in key.pem -out newkey.pem - -And to add or change a pass phrase: - - openssl rsa -des3 -in key.pem -out newkey.pem - - -How to create a dummy certificate -================================= -If you still have your keypair in the file "key.pem", the command - - openssl req -new -x509 -key key.pem -out cert.pem - -will write a self-signed dummy certificate to the file "cert.pem". This can -be used for testing or if only encryption and no certification is needed. -Please bear in mind that encryption without authentication (certification) -can never be secure. It's open to (at least) "man-in-the-middle" attacks. - - -How to create a certificate signing request -=========================================== -You must not simply send your keypair to the CA for signing because it -contains the private key which _must_ be kept secret. A signing request -consists of your public key and some additional information you want to have -bound to that key by the certificate. If you operate a secure web server, -this additional information will (among other things) contain the URL of -your server in the field "Common Name". The certificate signing request is -created from the keypair with the following command (assuming that the key -pair is still in "key.pem"): - - openssl req -new -key key.pem -out csr.pem - -This command will ask you for the information which must be included in the -certificate and will write the signing request to the file "csr.pem". This -signing request is all the CA needs for signing, at least technically. Most -CAs will demand bureaucratic material and money, too. - - -How to set up a Certification Authority (CA) -============================================ -Being a certification authority requires a database that holds the CA's -keypair, the CA's certificate, a list of all signed certificates and other -information. This database is kept in a directory hierarchy below a -configurable starting point. The starting point must be configured in the -ssleay.conf file. This file is at /usr/local/ssl/lib/ssleay.conf if you have -not changed the default installation path. - -The first thing you should do is to edit this file according to your needs. -Let's assume that you want to hold the CA's database at the directory -"/usr/local/ssl/CA". Change the variable "dir" in section "CA_default" to -this path. You may also want to edit the default settings for some variables, -but the values given should be OK. This path is also contained in the shell -script CA.sh, which should be at "/usr/local/ssl/bin/CA.sh". Change the path -in the shell script: - - CATOP=/usr/local/ssl/CA - CAKEY=./cakey.pem # relative to $CATOP/ - CACERT=./cacert.pem # relative to $CATOP/private/ - -Then create the directory "/usr/local/ssl/CA" and make it writable for the -user that operates the CA. You should also initialize SSLeay as CA user (set -up the random number generator). Now you should call the shell script CA.sh -to set up the initial database: - - CA.sh -newca - -This command will ask you whether you want to use an existing certificate or -create one. Just press enter to create a new key pair and certificate. You -will be asked the usual questions for certificates: the country, state, city, -"Common Name", etc. Enter the appropriate values for the CA. When CA.sh -finishes, it has set up a bunch of directories and files. A CA must publish -it's certificate, which is in the file "/usr/local/ssl/CA/cacert.pem". - - -How to sign a certificate request -================================= -After setting up the CA stuff, you can start signing certificate requests. -Make sure that the SSLeay utilities know where the configuration file is. -The default is compiled in, if you don't use the default location, add the -parameter "-config ". Make also sure that the configuration file -contains the correct path to the CA database. If all this is set up properly, -you can sign the request in the file "csr.pem" with the command: - - openssl ca -policy policy_anything -days 365 -infiles csr.pem >cert.pem - -The resulting certificate (and additional information) will be in "cert.pem". -If you want the certificate to be valid for a period different from 365 days, -simply change the "-days" parameter. - - -How to install a new CA certificate -=================================== -Whereever a certificate must be checked, the CA's certificate must be -available. Let's take the common case where the client verifies the server's -certificate. The case where the server verfies the client's certificate works -the same way. The client receives the server's certificate, which contains -the "Distinguished Name" of the CA. To verify whether the signature in this -certificate is OK, it must look up the public key of that CA. Therefore each -client must hold a database of CAs, indexed by CA name. This database is best -kept in a directory where each file contains the certificate of one CA and is -named after the hashvalue (checksum) of the CA's name. This section describes -how such a database is managed technically. Whether or not to install (and -thereby trust) a CA is a totally different matter. - -The client must know the directory of the CA database. This can be configured. -There may also be a configuration option to set up a CA database file which -contains all CA certs in one file. Let's assume that the CA database is kept -in the directory "/usr/local/ssl/certs". The following example assumes that -the CA's certificate is in the file "cacert.pem" and the CA is known as -"myCA". To install the certificate, do the following: - - cp cacert.pem /usr/local/ssl/cers/myCA.pem - cd /usr/local/ssl/certs - ln -s myCA.pem `openssl x509 -noout -hash < myCA.pem`.0 - -The last command creates a link from the hashed name to the real file. - -From now on all certificates signed by the myCA authority will be accepted by -clients that use the directory "/usr/local/ssl/certs/" as their CA certificate -database. - - - diff --git a/docs/textdocs/Speed.txt b/docs/textdocs/Speed.txt deleted file mode 100644 index b82db8f8f4..0000000000 --- a/docs/textdocs/Speed.txt +++ /dev/null @@ -1,338 +0,0 @@ - -Subject: Samba performance issues -============================================================================ - -This file tries to outline the ways to improve the speed of a Samba server. - -COMPARISONS ------------ - -The Samba server uses TCP to talk to the client. Thus if you are -trying to see if it performs well you should really compare it to -programs that use the same protocol. The most readily available -programs for file transfer that use TCP are ftp or another TCP based -SMB server. - -If you want to test against something like a NT or WfWg server then -you will have to disable all but TCP on either the client or -server. Otherwise you may well be using a totally different protocol -(such as Netbeui) and comparisons may not be valid. - -Generally you should find that Samba performs similarly to ftp at raw -transfer speed. It should perform quite a bit faster than NFS, -although this very much depends on your system. - -Several people have done comparisons between Samba and Novell, NFS or -WinNT. In some cases Samba performed the best, in others the worst. I -suspect the biggest factor is not Samba vs some other system but the -hardware and drivers used on the various systems. Given similar -hardware Samba should certainly be competitive in speed with other -systems. - - -OPLOCKS -------- - -Oplocks are the way that SMB clients get permission from a server to -locally cache file operations. If a server grants an oplock -(opportunistic lock) then the client is free to assume that it is the -only one accessing the file and it will agressively cache file -data. With some oplock types the client may even cache file open/close -operations. This can give enormous performance benefits. - -With the release of Samba 1.9.18 we now correctly support opportunistic -locks. This is turned on by default, and can be turned off on a share- -by-share basis by setting the parameter : - -oplocks = False - -We recommend that you leave oplocks on however, as current benchmark -tests with NetBench seem to give approximately a 30% improvement in -speed with them on. This is on average however, and the actual -improvement seen can be orders of magnitude greater, depending on -what the client redirector is doing. - -Previous to Samba 1.9.18 there was a 'fake oplocks' option. This -option has been left in the code for backwards compatibility reasons -but it's use is now deprecated. A short summary of what the old -code did follows. - -LEVEL2 OPLOCKS --------------- - -With Samba 2.0.5 a new capability - level2 (read only) oplocks is -supported (although the option is off by default - see the smb.conf -man page for details). Turning on level2 oplocks (on a share-by-share basis) -by setting the parameter : - -level2 oplocks = true - -should speed concurrent access to files that are not commonly written -to, such as application serving shares (ie. shares that contain common -.EXE files - such as a Microsoft Office share) as it allows clients to -read-ahread cache copies of these files. - -Old 'fake oplocks' option - deprecated. ---------------------------------------- - -Samba can also fake oplocks, by granting a oplock whenever a client -asks for one. This is controlled using the smb.conf option "fake -oplocks". If you set "fake oplocks = yes" then you are telling the -client that it may agressively cache the file data for all opens. - -Enabling 'fake oplocks' on all read-only shares or shares that you know -will only be accessed from one client at a time you will see a big -performance improvement on many operations. If you enable this option -on shares where multiple clients may be accessing the files read-write -at the same time you can get data corruption. - -SOCKET OPTIONS --------------- - -There are a number of socket options that can greatly affect the -performance of a TCP based server like Samba. - -The socket options that Samba uses are settable both on the command -line with the -O option, or in the smb.conf file. - -The "socket options" section of the smb.conf manual page describes how -to set these and gives recommendations. - -Getting the socket options right can make a big difference to your -performance, but getting them wrong can degrade it by just as -much. The correct settings are very dependent on your local network. - -The socket option TCP_NODELAY is the one that seems to make the -biggest single difference for most networks. Many people report that -adding "socket options = TCP_NODELAY" doubles the read performance of -a Samba drive. The best explanation I have seen for this is that the -Microsoft TCP/IP stack is slow in sending tcp ACKs. - - -READ SIZE ---------- - -The option "read size" affects the overlap of disk reads/writes with -network reads/writes. If the amount of data being transferred in -several of the SMB commands (currently SMBwrite, SMBwriteX and -SMBreadbraw) is larger than this value then the server begins writing -the data before it has received the whole packet from the network, or -in the case of SMBreadbraw, it begins writing to the network before -all the data has been read from disk. - -This overlapping works best when the speeds of disk and network access -are similar, having very little effect when the speed of one is much -greater than the other. - -The default value is 16384, but very little experimentation has been -done yet to determine the optimal value, and it is likely that the best -value will vary greatly between systems anyway. A value over 65536 is -pointless and will cause you to allocate memory unnecessarily. - - -MAX XMIT --------- - -At startup the client and server negotiate a "maximum transmit" size, -which limits the size of nearly all SMB commands. You can set the -maximum size that Samba will negotiate using the "max xmit = " option -in smb.conf. Note that this is the maximum size of SMB request that -Samba will accept, but not the maximum size that the *client* will accept. -The client maximum receive size is sent to Samba by the client and Samba -honours this limit. - -It defaults to 65536 bytes (the maximum), but it is possible that some -clients may perform better with a smaller transmit unit. Trying values -of less than 2048 is likely to cause severe problems. - -In most cases the default is the best option. - - -LOCKING -------- - -By default Samba does not implement strict locking on each read/write -call (although it did in previous versions). If you enable strict -locking (using "strict locking = yes") then you may find that you -suffer a severe performance hit on some systems. - -The performance hit will probably be greater on NFS mounted -filesystems, but could be quite high even on local disks. - - -SHARE MODES ------------ - -Some people find that opening files is very slow. This is often -because of the "share modes" code needed to fully implement the dos -share modes stuff. You can disable this code using "share modes = -no". This will gain you a lot in opening and closing files but will -mean that (in some cases) the system won't force a second user of a -file to open the file read-only if the first has it open -read-write. For many applications that do their own locking this -doesn't matter, but for some it may. Most Windows applications -depend heavily on "share modes" working correctly and it is -recommended that the Samba share mode support be left at the -default of "on". - -The share mode code in Samba has been re-written in the 1.9.17 -release following tests with the Ziff-Davis NetBench PC Benchmarking -tool. It is now believed that Samba 1.9.17 implements share modes -similarly to Windows NT. - -NOTE: In the most recent versions of Samba there is an option to use -shared memory via mmap() to implement the share modes. This makes -things much faster. See the Makefile for how to enable this. - - -LOG LEVEL ---------- - -If you set the log level (also known as "debug level") higher than 2 -then you may suffer a large drop in performance. This is because the -server flushes the log file after each operation, which can be very -expensive. - - -WIDE LINKS ----------- - -The "wide links" option is now enabled by default, but if you disable -it (for better security) then you may suffer a performance hit in -resolving filenames. The performance loss is lessened if you have -"getwd cache = yes", which is now the default. - - -READ RAW --------- - -The "read raw" operation is designed to be an optimised, low-latency -file read operation. A server may choose to not support it, -however. and Samba makes support for "read raw" optional, with it -being enabled by default. - -In some cases clients don't handle "read raw" very well and actually -get lower performance using it than they get using the conventional -read operations. - -So you might like to try "read raw = no" and see what happens on your -network. It might lower, raise or not affect your performance. Only -testing can really tell. - - -WRITE RAW ---------- - -The "write raw" operation is designed to be an optimised, low-latency -file write operation. A server may choose to not support it, -however. and Samba makes support for "write raw" optional, with it -being enabled by default. - -Some machines may find "write raw" slower than normal write, in which -case you may wish to change this option. - -READ PREDICTION ---------------- - -Samba can do read prediction on some of the SMB commands. Read -prediction means that Samba reads some extra data on the last file it -read while waiting for the next SMB command to arrive. It can then -respond more quickly when the next read request arrives. - -This is disabled by default. You can enable it by using "read -prediction = yes". - -Note that read prediction is only used on files that were opened read -only. - -Read prediction should particularly help for those silly clients (such -as "Write" under NT) which do lots of very small reads on a file. - -Samba will not read ahead more data than the amount specified in the -"read size" option. It always reads ahead on 1k block boundaries. - - -MEMORY MAPPING --------------- - -Samba supports reading files via memory mapping them. One some -machines this can give a large boost to performance, on others it -makes not difference at all, and on some it may reduce performance. - -To enable you you have to recompile Samba with the -DUSE_MMAP option -on the FLAGS line of the Makefile. - -Note that memory mapping is only used on files opened read only, and -is not used by the "read raw" operation. Thus you may find memory -mapping is more effective if you disable "read raw" using "read raw = -no". - - -SLOW CLIENTS ------------- - -One person has reported that setting the protocol to COREPLUS rather -than LANMAN2 gave a dramatic speed improvement (from 10k/s to 150k/s). - -I suspect that his PC's (386sx16 based) were asking for more data than -they could chew. I suspect a similar speed could be had by setting -"read raw = no" and "max xmit = 2048", instead of changing the -protocol. Lowering the "read size" might also help. - - -SLOW LOGINS ------------ - -Slow logins are almost always due to the password checking time. Using -the lowest practical "password level" will improve things a lot. You -could also enable the "UFC crypt" option in the Makefile. - -CLIENT TUNING -------------- - -Often a speed problem can be traced to the client. The client (for -example Windows for Workgroups) can often be tuned for better TCP -performance. - -See your client docs for details. In particular, I have heard rumours -that the WfWg options TCPWINDOWSIZE and TCPSEGMENTSIZE can have a -large impact on performance. - -Also note that some people have found that setting DefaultRcvWindow in -the [MSTCP] section of the SYSTEM.INI file under WfWg to 3072 gives a -big improvement. I don't know why. - -My own experience wth DefaultRcvWindow is that I get much better -performance with a large value (16384 or larger). Other people have -reported that anything over 3072 slows things down enourmously. One -person even reported a speed drop of a factor of 30 when he went from -3072 to 8192. I don't know why. - -It probably depends a lot on your hardware, and the type of unix box -you have at the other end of the link. - - -MY RESULTS ----------- - -Some people want to see real numbers in a document like this, so here -they are. I have a 486sx33 client running WfWg 3.11 with the 3.11b -tcp/ip stack. It has a slow IDE drive and 20Mb of ram. It has a SMC -Elite-16 ISA bus ethernet card. The only WfWg tuning I've done is to -set DefaultRcvWindow in the [MSTCP] section of system.ini to 16384. My -server is a 486dx3-66 running Linux. It also has 20Mb of ram and a SMC -Elite-16 card. You can see my server config in the examples/tridge/ -subdirectory of the distribution. - -I get 490k/s on reading a 8Mb file with copy. -I get 441k/s writing the same file to the samba server. - -Of course, there's a lot more to benchmarks than 2 raw throughput -figures, but it gives you a ballpark figure. - -I've also tested Win95 and WinNT, and found WinNT gave me the best -speed as a samba client. The fastest client of all (for me) is -smbclient running on another linux box. Maybe I'll add those results -here someday ... - - diff --git a/docs/textdocs/Speed2.txt b/docs/textdocs/Speed2.txt deleted file mode 100644 index a8c3e7381f..0000000000 --- a/docs/textdocs/Speed2.txt +++ /dev/null @@ -1,57 +0,0 @@ -Contributor: Paul Cochrane -Organization: Dundee Limb Fitting Centre -Date: Fri, 10 Apr 1998 -Subject: Samba SPEED.TXT comment -============================================================================= - -This might be relevant to Client Tuning. I have been trying various methods -of getting win95 to talk to Samba quicker. The results I have come up with -are: - -1. Install the W2setup.exe file from www.microsoft.com. This is an -update for the winsock stack and utilities which improve performance. - -2. Configure the win95 TCPIP registry settings to give better -perfomance. I use a program called MTUSPEED.exe which I got off the -net. There are various other utilities of this type freely available. -The setting which give the best performance for me are: - -(a) MaxMTU Remove -(b) RWIN Remove -(c) MTUAutoDiscover Disable -(d) MTUBlackHoleDetect Disable -(e) Time To Live Enabled -(f) Time To Live - HOPS 32 -(g) NDI Cache Size 0 - -3. I tried virtually all of the items mentioned in the document and -the only one which made a difference to me was the socket options. It -turned out I was better off without any!!!!! - -In terms of overall speed of transfer, between various win95 clients -and a DX2-66 20MB server with a crappy NE2000 compatible and old IDE -drive (Kernel 2.0.30). The transfer rate was reasonable for 10 baseT. - -The figures are: Put Get -P166 client 3Com card: 420-440kB/s 500-520kB/s -P100 client 3Com card: 390-410kB/s 490-510kB/s -DX4-75 client NE2000: 370-380kB/s 330-350kB/s - -I based these test on transfer two files a 4.5MB text file and a 15MB -textfile. The results arn't bad considering the hardware Samba is -running on. It's a crap machine!!!! - -The updates mentioned in 1 and 2 brought up the transfer rates from -just over 100kB/s in some clients. - -A new client is a P333 connected via a 100MB/s card and hub. The -transfer rates from this were good: 450-500kB/s on put and 600+kB/s -on get. - -Looking at standard FTP throughput, Samba is a bit slower (100kB/s -upwards). I suppose there is more going on in the samba protocol, but -if it could get up to the rate of FTP the perfomance would be quite -staggering. - -Paul Cochrane - diff --git a/docs/textdocs/Tracing.txt b/docs/textdocs/Tracing.txt deleted file mode 100644 index 6cc1d69258..0000000000 --- a/docs/textdocs/Tracing.txt +++ /dev/null @@ -1,93 +0,0 @@ -Contributor: Andrew Tridgell -Date: Old -Status: Questionable - -Subject: How to trace samba system calls for debugging purposes -============================================================================= - -This file describes how to do a system call trace on Samba to work out -what its doing wrong. This is not for the faint of heart, but if you -are reading this then you are probably desperate. - -Actually its not as bad as the the above makes it sound, just don't -expect the output to be very pretty :-) - -Ok, down to business. One of the big advantages of unix systems is -that they nearly all come with a system trace utility that allows you -to monitor all system calls that a program is making. This is -extremely using for debugging and also helps when trying to work out -why something is slower than you expect. You can use system tracing -without any special compilation options. - -The system trace utility is called different things on different -systems. On Linux systems its called strace. Under SunOS 4 its called -trace. Under SVR4 style systems (including solaris) its called -truss. Under many BSD systems its called ktrace. - -The first thing you should do is read the man page for your native -system call tracer. In the discussion below I'll assume its called -strace as strace is the only portable system tracer (its available for -free for many unix types) and its also got some of the nicest -features. - -Next, try using strace on some simple commands. For example, "strace -ls" or "strace echo hello". - -You'll notice that it produces a LOT of output. It is showing you the -arguments to every system call that the program makes and the -result. Very little happens in a program without a system call so you -get lots of output. You'll also find that it produces a lot of -"preamble" stuff showing the loading of shared libraries etc. Ignore -this (unless its going wrong!) - -For example, the only line that really matters in the "strace echo -hello" output is: - -write(1, "hello\n", 6) = 6 - -all the rest is just setting up to run the program. - -Ok, now you're famialiar with strace. To use it on Samba you need to -strace the running smbd daemon. The way I tend ot use it is to first -login from my Windows PC to the Samba server, then use smbstatus to -find which process ID that client is attached to, then as root I do -"strace -p PID" to attach to that process. I normally redirect the -stderr output from this command to a file for later perusal. For -example, if I'm using a csh style shell: - - strace -f -p 3872 >& strace.out - -or with a sh style shell: - - strace -f -p 3872 > strace.out 2>&1 - -Note the "-f" option. This is only available on some systems, and -allows you to trace not just the current process, but any children it -forks. This is great for finding printing problems caused by the -"print command" being wrong. - -Once you are attached you then can do whatever it is on the client -that is causing problems and you will capture all the system calls -that smbd makes. - -So how do you interpret the results? Generally I search through the -output for strings that I know will appear when the problem -happens. For example, if I am having touble with permissions on a file -I would search for that files name in the strace output and look at -the surrounding lines. Another trick is to match up file descriptor -numbers and "follow" what happens to an open file until it is closed. - -Beyond this you will have to use your initiative. To give you an idea -of wehat you are looking for here is a piece of strace output that -shows that /dev/null is not world writeable, which causes printing to -fail with Samba: - -[pid 28268] open("/dev/null", O_RDWR) = -1 EACCES (Permission denied) -[pid 28268] open("/dev/null", O_WRONLY) = -1 EACCES (Permission denied) - -the process is trying to first open /dev/null read-write then -read-only. Both fail. This means /dev/null has incorrect permissions. - -Have fun! - -(please send updates/fixes to this file to samba@samba.org) diff --git a/docs/textdocs/UNIX-SMB.txt b/docs/textdocs/UNIX-SMB.txt deleted file mode 100644 index c3d7643cbc..0000000000 --- a/docs/textdocs/UNIX-SMB.txt +++ /dev/null @@ -1,231 +0,0 @@ -Contributor: Andrew Tridgell -Date: April 1995 - -Subject: Discussion of NetBIOS in a Unix World -============================================================================ - -This is a short document that describes some of the issues that -confront a SMB implementation on unix, and how Samba copes with -them. They may help people who are looking at unix<->PC -interoperability. - -It was written to help out a person who was writing a paper on unix to -PC connectivity. - - -Usernames -========= - -The SMB protocol has only a loose username concept. Early SMB -protocols (such as CORE and COREPLUS) have no username concept at -all. Even in later protocols clients often attempt operations -(particularly printer operations) without first validating a username -on the server. - -Unix security is based around username/password pairs. A unix box -should not allow clients to do any substantive operation without some -sort of validation. - -The problem mostly manifests itself when the unix server is in "share -level" security mode. This is the default mode as the alternative -"user level" security mode usually forces a client to connect to the -server as the same user for each connected share, which is -inconvenient in many sites. - -In "share level" security the client normally gives a username in the -"session setup" protocol, but does not supply an accompanying -password. The client then connects to resources using the "tree -connect" protocol, and supplies a password. The problem is that the -user on the PC types the username and the password in different -contexts, unaware that they need to go together to give access to the -server. The username is normally the one the user typed in when they -"logged onto" the PC (this assumes Windows for Workgroups). The -password is the one they chose when connecting to the disk or printer. - -The user often chooses a totally different username for their login as -for the drive connection. Often they also want to access different -drives as different usernames. The unix server needs some way of -divining the correct username to combine with each password. - -Samba tries to avoid this problem using several methods. These succeed -in the vast majority of cases. The methods include username maps, the -service%user syntax, the saving of session setup usernames for later -validation and the derivation of the username from the service name -(either directly or via the user= option). - -File Ownership -============== - -The commonly used SMB protocols have no way of saying "you can't do -that because you don't own the file". They have, in fact, no concept -of file ownership at all. - -This brings up all sorts of interesting problems. For example, when -you copy a file to a unix drive, and the file is world writeable but -owned by another user the file will transfer correctly but will -receive the wrong date. This is because the utime() call under unix -only succeeds for the owner of the file, or root, even if the file is -world writeable. For security reasons Samba does all file operations -as the validated user, not root, so the utime() fails. This can stuff -up shared development diectories as programs like "make" will not get -file time comparisons right. - -There are several possible solutions to this problem, including -username mapping, and forcing a specific username for particular -shares. - -Passwords -========= - -Many SMB clients uppercase passwords before sending them. I have no -idea why they do this. Interestingly WfWg uppercases the password only -if the server is running a protocol greater than COREPLUS, so -obviously it isn't just the data entry routines that are to blame. - -Unix passwords are case sensitive. So if users use mixed case -passwords they are in trouble. - -Samba can try to cope with this by either using the "password level" -option which causes Samba to try the offered password with up to the -specified number of case changes, or by using the "password server" -option which allows Samba to do its validation via another machine -(typically a WinNT server). - -Samba supports the password encryption method used by SMB -clients. Note that the use of password encryption in Microsoft -networking leads to password hashes that are "plain text equivalent". -This means that it is *VERY* important to ensure that the Samba -smbpasswd file containing these password hashes is only readable -by the root user. See the documentation ENCRYPTION.txt for more -details. - - -Locking -======= - -The locking calls available under a DOS/Windows environment are much -richer than those available in unix. This means a unix server (like -Samba) choosing to use the standard fcntl() based unix locking calls -to implement SMB locking has to improvise a bit. - -One major problem is that dos locks can be in a 32 bit (unsigned) -range. Unix locking calls are 32 bits, but are signed, giving only a 31 -bit range. Unfortunately OLE2 clients use the top bit to select a -locking range used for OLE semaphores. - -To work around this problem Samba compresses the 32 bit range into 31 -bits by appropriate bit shifting. This seems to work but is not -ideal. In a future version a separate SMB lockd may be added to cope -with the problem. - -It also doesn't help that many unix lockd daemons are very buggy and -crash at the slightest provocation. They normally go mostly unused in -a unix environment because few unix programs use byte range -locking. The stress of huge numbers of lock requests from dos/windows -clients can kill the daemon on some systems. - -The second major problem is the "opportunistic locking" requested by -some clients. If a client requests opportunistic locking then it is -asking the server to notify it if anyone else tries to do something on -the same file, at which time the client will say if it is willing to -give up its lock. Unix has no simple way of implementing -opportunistic locking, and currently Samba has no support for it. - -Deny Modes -========== - -When a SMB client opens a file it asks for a particular "deny mode" to -be placed on the file. These modes (DENY_NONE, DENY_READ, DENY_WRITE, -DENY_ALL, DENY_FCB and DENY_DOS) specify what actions should be -allowed by anyone else who tries to use the file at the same time. If -DENY_READ is placed on the file, for example, then any attempt to open -the file for reading should fail. - -Unix has no equivalent notion. To implement this Samba uses either lock -files based on the files inode and placed in a separate lock -directory or a shared memory implementation. The lock file method -is clumsy and consumes processing and file resources, -the shared memory implementation is vastly prefered and is turned on -by default for those systems that support it. - -Trapdoor UIDs -============= - -A SMB session can run with several uids on the one socket. This -happens when a user connects to two shares with different -usernames. To cope with this the unix server needs to switch uids -within the one process. On some unixes (such as SCO) this is not -possible. This means that on those unixes the client is restricted to -a single uid. - -Note that you can also get the "trapdoor uid" message for other -reasons. Please see the FAQ for details. - -Port numbers -============ - -There is a convention that clients on sockets use high "unprivilaged" -port numbers (>1000) and connect to servers on low "privilaged" port -numbers. This is enforced in Unix as non-root users can't open a -socket for listening on port numbers less than 1000. - -Most PC based SMB clients (such as WfWg and WinNT) don't follow this -convention completely. The main culprit is the netbios nameserving on -udp port 137. Name query requests come from a source port of 137. This -is a problem when you combine it with the common firewalling technique -of not allowing incoming packets on low port numbers. This means that -these clients can't query a netbios nameserver on the other side of a -low port based firewall. - -The problem is more severe with netbios node status queries. I've -found that WfWg, Win95 and WinNT3.5 all respond to netbios node status -queries on port 137 no matter what the source port was in the -request. This works between machines that are both using port 137, but -it means it's not possible for a unix user to do a node status request -to any of these OSes unless they are running as root. The answer comes -back, but it goes to port 137 which the unix user can't listen -on. Interestingly WinNT3.1 got this right - it sends node status -responses back to the source port in the request. - - -Protocol Complexity -=================== - -There are many "protocol levels" in the SMB protocol. It seems that -each time new functionality was added to a Microsoft operating system, -they added the equivalent functions in a new protocol level of the SMB -protocol to "externalise" the new capabilities. - -This means the protocol is very "rich", offering many ways of doing -each file operation. This means SMB servers need to be complex and -large. It also means it is very difficult to make them bug free. It is -not just Samba that suffers from this problem, other servers such as -WinNT don't support every variation of every call and it has almost -certainly been a headache for MS developers to support the myriad of -SMB calls that are available. - -There are about 65 "top level" operations in the SMB protocol (things -like SMBread and SMBwrite). Some of these include hundreds of -sub-functions (SMBtrans has at least 120 sub-functions, like -DosPrintQAdd and NetSessionEnum). All of them take several options -that can change the way they work. Many take dozens of possible -"information levels" that change the structures that need to be -returned. Samba supports all but 2 of the "top level" functions. It -supports only 8 (so far) of the SMBtrans sub-functions. Even NT -doesn't support them all. - -Samba currently supports up to the "NT LM 0.12" protocol, which is the -one preferred by Win95 and WinNT3.5. Luckily this protocol level has a -"capabilities" field which specifies which super-duper new-fangled -options the server suports. This helps to make the implementation of -this protocol level much easier. - -There is also a problem with the SMB specications. SMB is a X/Open -spec, but the X/Open book is far from ideal, and fails to cover many -important issues, leaving much to the imagination. Microsoft recently -renamed the SMB protocol CIFS (Common Internet File System) and have -published new specifications. These are far superior to the old -X/Open documents but there are still undocumented calls and features. -This specification is actively being worked on by a CIFS developers -mailing list hosted by Microsft. - diff --git a/docs/textdocs/Win95.txt b/docs/textdocs/Win95.txt deleted file mode 100644 index 69330c512d..0000000000 --- a/docs/textdocs/Win95.txt +++ /dev/null @@ -1,74 +0,0 @@ -Copyright (C) 1997 - Samba-Team -Contributed Date: August 20, 1997 -Last Update: August 20, 1997 - -Subject: Windows 95 and Samba Interoperability -=============================================================================== - -Password Handling: ------------------- -Microsoft periodically release updates to all their operating systems. Some of -these are welcomed while others cause us to change the way we do things. Few -people like change, particularly if the change is unexpected. The best advice -always is to read the documentation provided BEFORE applying an update. - -One of the recent Win95 updates (VRDRUPD.EXE) disables plain text (also called -clear text) password authentication. The effects of this updates are desirable -where MS Windows NT is providing the password authentication service. This -update is most undesirable where Samba must provide the authentication service -unless Samba has been specifically configured to use encrypted passwords _AND_ -has been linked with the libdes library. - -If the above conditions have not been complied with, and you are using Samba, -then Windows 95 clients will NOT be able to authenticate to a Samba server. - -To re-enable plain text password capabilities AFTER applying this update -you must create a new value in the Windows 95 registry. - -Either foillow the following procedure or just double click on the -file Win95_PlainPassword.reg for an easier way to do this. - -Procedure: -1) Launch the Registry Editor as follows: - Click on: /Start/Run - Type "regedit" and press enter. - -2) Double click on: HKEY_LOCAL_MACHINE - -3) Locate the following Key: - /HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/VxD/VNETSUP - -4) From the menu bar select Edit/New/DWORD Value - -5) Rename the entry from "New Value #1" to: - EnablePlainTextPassword - -6) Press Enter, then double click on the new entry. - A dialog box will pop up and enable you to set a value. - You must set this value to 1. - -------------------------------------------------------------------------------- - -Windows 95 Updates: -------------------- -When using Windows 95 OEM SR2 the following updates are recommended where Samba -is being used. Please NOTE that the above change will affect you once these -updates have been installed. - -There are more updates than the ones mentioned here. You are referred to the -Microsoft Web site for all currently available updates to your specific version -of Windows 95. - -Kernel Update: KRNLUPD.EXE -Ping Fix: PINGUPD.EXE -RPC Update: RPCRTUPD.EXE -TCP/IP Update: VIPUPD.EXE -Redirector Update: VRDRUPD.EXE - -Also, if using MS OutLook it is desirable to install the OLEUPD.EXE fix. This -fix may stop your machine from hanging for an extended period when exiting -OutLook and you may also notice a significant speedup when accessing network -neighborhood services. - -------------------------------------------------------------------------------- -The above password information was provided by: Jochen Huppertz diff --git a/docs/textdocs/WinNT.txt b/docs/textdocs/WinNT.txt deleted file mode 100644 index 5c72fb08aa..0000000000 --- a/docs/textdocs/WinNT.txt +++ /dev/null @@ -1,104 +0,0 @@ -Contributors: Various - Password Section - Copyright (C) 1997 - John H Terpstra - Printing Section - Copyright (C) 1997 - Matthew Harrell - Priting Info - Copyright (C) 1997 - Frank Varnavas -Updated: October 16, 1997 -Status: Current - -Subject: Samba and Windows NT Password Handling -============================================================================= - -There are some particular issues with Samba and Windows NT. - -Passwords: -========== -One of the most annoying problems with WinNT is that NT refuses to -connect to a server that is in user level security mode and that -doesn't support password encryption unless it first prompts the user -for a password. - -This means even if you have the same password on the NT box and the -Samba server you will get prompted for a password. Entering the -correct password will get you connected only if Windows NT can -communicate with Samba using a compatible mode of password security. - -All versions of Windows NT prior to 4.0 Service Pack 3 could negotiate -plain text (clear text) passwords. Windows NT 4.0 Service Pack 3 changed -this default behaviour so it now will only handle encrypted passwords. -The following registry entry change will re-enable clear text password -handling: - -Run regedt32.exe and locate the hive key entry: -HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\Rdr\Parameters\ - -Add the following value: - EnablePlainTextPassword:REG_DWORD=1 - -Alternatively, use the NT4_PlainPassword.reg file in this directory (either -by double clicking on it, or run regedt32.exe and select "Import Registry -File" from the "Registry" Menu). - -The other major ramification of this feature of NT is that it can't -browse a user level non-encrypted server unless it already has a -connection open. This is because there is no spot for a password -prompt in the browser window. It works fine if you already have a -drive mounted (for example, one auto mounted on startup). -===================================================================== - -Printing: -========= -When you mount a printer using the print manager in NT you may find -the following info from Matthew Harrell -useful: - ------------- - I noticed in your change-log you noted that some people were -still unable to use print manager under NT. If this is the same problem -that I encountered, it's caused by the length of time it takes NT to -determine if the printer is ready. - -The problem occurs when you double-click on a printer to connect it to -the NT machine. Because it's unable to determine if the printer is ready -in the short span of time it has, it assumes it isn't and gives some -strange error about not having enough resources (I forget what the error -is). A solution to this that seems to work fine for us is to click -once on the printer, look at the bottom of the window and wait until -it says it's ready, then clilck on "OK". - -By the way, this problem probably occurs in our group because the -Samba server doesn't actually have the printers - it queues them to -remote printers either on other machines or using their own network -cards. Because of this "middle layer", it takes an extra amount of -time for the NT machine to get verification that the printer queue -actually exists. - -I hope this helped in some way... - -===================================================================== -Printing Info: --------------- - -From: Frank Varnavas -Subject: RE: Samba as a print server - -When an NT client attempts to connect to a printer on a non-NT print -server the attempt is failed with an error, something like: - - "You have insufficient access to your computer to perform the - operation because a driver needs to be installed" - -This is because domain users must have 'Power User' status on the -desktop to connect to printers on a non-NT print server. - -This error occurs regardless of whether the driver in question is -already installed or not. What it really means is that the server is -a non-NT server and the client does not have permission to create -printers locally. Apparently when a connection to a non-NT print -server is made the printer is defined locally. Such an action can be -performed by either a local administrator or a Power User. -Unfortunately there is no way to limit the powers of a Power User, nor -is there any way to grant the Printer Creation right to another group. - -This permission policy is documented in PSS database WINNT, ID Q101874 - -Frank Varnavas (varnavas@ny.ubs.com) diff --git a/docs/textdocs/cifsntdomain.txt b/docs/textdocs/cifsntdomain.txt deleted file mode 100644 index 643b8957c9..0000000000 --- a/docs/textdocs/cifsntdomain.txt +++ /dev/null @@ -1,1498 +0,0 @@ -NT Domain Authentication ------------------------- - -Authors: - Luke Kenneth Casson Leighton (lkcl@switchboard.net) --------- - Paul Ashton (paul@argo.demon.co.uk) - - Duncan Stansfield (duncans@sco.com) - - Copyright (C) 1997 Luke Kenneth Casson Leighton - Copyright (C) 1997 Paul Ashton - Copyright (C) 1997 Duncan Stansfield - -Version: 0.024 (01Nov97) --------- - -Distribution: Unlimited and encouraged, for the purposes of implementation -------------- and comments. Feedback welcomed by the authors. - -Liability: Absolutely none accepted implicitly or explicitly, direct ----------- or consequentially, for use, abuse, misuse, lack of use, - misunderstandings, mistakes, omissions, mis-information for - anything in or not in, related to or not related to, or - pertaining to this document, or anything else that a lawyer - can think of or not think of. - -Warning: Please bear in mind that an incorrect implementation of this --------- protocol can cause NT workstation to fail irrevocably, for - which the authors accept no liability (see above). Please - contact your vendor if you have any problems. - -Sources: - Packet Traces from Netmonitor (Service Pack 1 and above) --------- - Paul Ashton and Luke Leighton's other "NT Domain" doc. - - CIFS documentation - cifs6.txt - - CIFS documentation - cifsrap2.txt - -Original: http://mailhost.cb1.com/~lkcl/cifsntdomain.txt. ---------- (Controlled copy maintained by lkcl@switchboard.net) - -Credits: - Paul Ashton: loads of work with Net Monitor; --------- understanding the NT authentication system; - reference implementation of the NT domain support on which - this document is originally based. - - Duncan Stansfield: low-level analysis of MSRPC Pipes. - - Linus Nordberg: producing c-code from Paul's crypto spec. - - Windows Sourcer development team - - -Contents: ---------- - - 1) Introduction - - 2) Structures and notes - - 2.1) Notes - 2.3) Enumerations - 2.3) Structures - - 3) Transact Named Pipe Header/Tail - - 3.1) MSRPC Pipes - 3.2) Header - 3.3) Tail - - 4) NTLSA Transact Named Pipe - - 4.1) LSA Open Policy - 4.2) LSA Query Info Policy - 4.3) LSA Enumerate Trusted Domains - 4.4) LSA Open Secret - 4.5) LSA Close - 4.6) LSA Lookup SIDS - 4.7) LSA Lookup Names - - 5) NETLOGON rpc Transact Named Pipe - - 5.1) LSA Request Challenge - 5.2) LSA Authenticate 2 - 5.3) LSA Server Password Set - 5.4) LSA SAM Logon - 5.5) LSA SAM Logoff - - 6) \\MAILSLOT\NET\NTLOGON - - 6.1) Query for PDC - 6.2) SAM Logon - - 7) SRVSVC Transact Named Pipe - - 7.1) Net Share Enum - 7.2) Net Server Get Info - - -Appendix: ---------- - - A1) Cryptographic side of NT Domain Authentication - - A1.1) Definitions - A1.2) Protocol - A1.3) Comments - - A2) SIDs and RIDs - - A2.1) Well-known SIDs - - A2.1.1) Universal well-known SIDs - A2.1.2) NT well-known SIDs - - A2.2) Well-known RIDS - - A2.2.1) Well-known RID users - A2.2.2) Well-known RID groups - A2.2.3) Well-known RID aliases - - - -1) Introduction ---------------- - - -This document contains information to provide an NT workstation with login -services, without the need for an NT server. - -It should be possible to select a domain instead of a workgroup (in the NT -workstation's TCP/IP settings) and after the obligatory reboot, type in a -username, password, select a domain and successfully log in. I would -appreciate any feedback on your experiences with this process, and any -comments, corrections and additions to this document. - - -The packets described here can be easily derived from (and are probably -better understood using) Netmon.exe. You will need to use the version -of Netmon that matches your system, in order to correctly decode the -NETLOGON, lsarpc and srvsvc Transact pipes. This document is derived from -NT Service Pack 1 and its corresponding version of Netmon. It is intended -that an annotated packet trace be produced, which will likely be more -instructive than this document. - -Also needed, to fully implement NT Domain Login Services, is the -document describing the cryptographic part of the NT authentication. -This document is available from comp.protocols.smb; from the ntsecurity.net -digest and from the samba digest, amongst other sources. - -A copy is available from: - -http://ntbugtraq.rc.on.ca/SCRIPTS/WA.EXE?A2=ind9708&L=ntbugtraq&O=A&P=2935 -http://mailhost.cb1.com/~lkcl/crypt.html - - -A c-code implementation, provided by Linus Nordberg -of this protocol is available from: - -http://samba.org/cgi-bin/mfs/01/digest/1997/97aug/0391.html -http://mailhost.cb1.com/~lkcl/crypt.txt - - -Also used to provide debugging information is the Check Build version of -NT workstation, and enabling full debugging in NETLOGON. This is -achieved by setting the following REG_SZ registry key to 0x1ffffff: - -HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters - -- Incorrect direct editing of the registry can cause your machine to fail. - Then again, so can incorrect implementation of this protocol. - See "Liability:" above. - - -Bear in mind that each packet over-the-wire will have its origin in an -API call. Therefore, there are likely to be structures, enumerations -and defines that are usefully documented elsewhere. - - -This document is by no means complete or authoritative. Missing sections -include, but are not limited to: - -- the meaning (and use by NT) of SIDs and RIDs. - -- mappings of RIDs to usernames (and vice-versa). - -- what a User ID is and what a Group ID is. - -- the exact meaning/definition of various magic constants or enumerations. - -- the reply error code and use of that error code when a workstation - becomes a member of a domain (to be described later). Failure to - return this error code will make the workstation report that it is - already a member of the domain. - -- the cryptographic side of the NetrServerPasswordSet command, which would - allow the workstation to change its password. This password is used to - generate the long-term session key. [It is possible to reject this - command, and keep the default workstation password]. - - -2) Notes and Structures ------------------------ - - -2.1) Notes ----------- - -- In the SMB Transact pipes, some "Structures", described here, appear to be - 4-byte aligned with the SMB header, at their start. Exactly which - "Structures" need aligning is not precisely known or documented. - -- In the UDP NTLOGON Mailslots, some "Structures", described here, appear to be - 2-byte aligned with the start of the mailslot, at their start. - -- Domain SID is of the format S-revision-version-auth1-auth2...authN. - e.g S-1-5-123-456-789-123-456. the 5 could be a sub-revision. - -- any undocumented buffer pointers must be non-zero if the string buffer it - refers to contains characters. exactly what value they should be is unknown. - 0x0000 0002 seems to do the trick to indicate that the buffer exists. a - NULL buffer pointer indicates that the string buffer is of zero length. - If the buffer pointer is NULL, then it is suspected that the structure it - refers to is NOT put into (or taken out of) the SMB data stream. This is - empirically derived from, for example, the LSA SAM Logon response packet, - where if the buffer pointer is NULL, the user information is not inserted - into the data stream. Exactly what happens with an array of buffer pointers - is not known, although an educated guess can be made. - -- an array of structures (a container) appears to have a count and a pointer. - if the count is zero, the pointer is also zero. no further data is put - into or taken out of the SMB data stream. if the count is non-zero, then - the pointer is also non-zero. immediately following the pointer is the - count again, followed by an array of container sub-structures. the count - appears a third time after the last sub-structure. - - -2.2) Enumerations ------------------ - -- MSRPC Header type. command number in the msrpc packet header - - MSRPC_Request: 0x00 - MSRPC_Response: 0x02 - MSRPC_Bind: 0x0B - MSRPC_BindAck: 0x0C - -- MSRPC Packet info. the meaning of these flags is undocumented - - FirstFrag: 0x01 - LastFrag: 0x02 - NotaFrag: 0x04 - RecRespond: 0x08 - NoMultiplex: 0x10 - NotForIdemp: 0x20 - NotforBcast: 0x40 - NoUuid: 0x80 - - -2.3) Structures ---------------- - -- sizeof VOID* is 32 bits. - -- sizeof char is 8 bits. - -- UTIME is 32 bits, indicating time in seconds since 01jan1970. documented - in cifs6.txt (section 3.5 page, page 30). - -- NTTIME is 64 bits. documented in cifs6.txt (section 3.5 page, page 30). - -- DOM_SID (domain SID structure) : - - UINT32 num of sub-authorities in domain SID - UINT8 SID revision number - UINT8 num of sub-authorities in domain SID - UINT8[6] 6 bytes for domain SID - Identifier Authority. - UINT16[n_subauths] domain SID sub-authorities - - Note: the domain SID is documented elsewhere. - -- STR (string) : - - char[] null-terminated string of ascii characters. - -- UNIHDR (unicode string header) : - - UINT16 length of unicode string - UINT16 max length of unicode string - UINT32 4 - undocumented. - -- UNIHDR2 (unicode string header plus buffer pointer) : - - UNIHDR unicode string header - VOID* undocumented buffer pointer - -- UNISTR (unicode string) : - - UINT16[] null-terminated string of unicode characters. - -- NAME (length-indicated unicode string) : - - UINT32 length of unicode string - UINT16[] null-terminated string of unicode characters. - -- UNISTR2 (aligned unicode string) : - - UINT8[] padding to get unicode string 4-byte aligned - with the start of the SMB header. - UINT32 max length of unicode string - UINT32 0 - undocumented - UINT32 length of unicode string - UINT16[] string of uncode characters. - -- OBJ_ATTR (object attributes) : - - UINT32 0x18 - length (in bytes) including the length field. - VOID* 0 - root directory (pointer) - VOID* 0 - object name (pointer) - UINT32 0 - attributes (undocumented) - VOID* 0 - security descriptior (pointer) - UINT32 0 - security quality of service - -- POL_HND (LSA policy handle) : - - char[20] policy handle - -- DOM_SID2 (domain SID structure, SIDS stored in unicode) : - - UINT32 5 - SID type - UINT32 0 - undocumented - UNIHDR2 domain SID unicode string header - UNISTR domain SID unicode string - - Note: there is a conflict between the unicode string header and the - unicode string itself as to which to use to indicate string - length. this will need to be resolved. - - Note: the SID type indicates, for example, an alias; a well-known group etc. - this is documented somewhere. - -- DOM_RID (domain RID structure) : - - UINT32 5 - well-known SID. 1 - user SID (see ShowACLs) - UINT32 5 - undocumented - UINT32 domain RID - UINT32 0 - domain index out of above reference domains - - -- LOG_INFO (server, account, client structure) : - - Note: logon server name starts with two '\' characters and is upper case. - - Note: account name is the logon client name from the LSA Request Challenge, - with a $ on the end of it, in upper case. - - VOID* undocumented buffer pointer - UNISTR2 logon server unicode string - UNISTR2 account name unicode string - UINT16 sec_chan - security channel type - UNISTR2 logon client machine unicode string - -- CLNT_SRV (server, client names structure) : - - Note: logon server name starts with two '\' characters and is upper case. - - VOID* undocumented buffer pointer - UNISTR2 logon server unicode string - VOID* undocumented buffer pointer - UNISTR2 logon client machine unicode string - -- CREDS (credentials + time stamp) - - char[8] credentials - UTIME time stamp - -- CLNT_INFO2 (server, client structure, client credentials) : - - Note: whenever this structure appears in a request, you must take a copy - of the client-calculated credentials received, because they will be - used in subsequent credential checks. the presumed intention is to - maintain an authenticated request/response trail. - - CLNT_SRV client and server names - UINT8[] ???? padding, for 4-byte alignment with SMB header. - VOID* pointer to client credentials. - CREDS client-calculated credentials + client time - -- CLNT_INFO (server, account, client structure, client credentials) : - - Note: whenever this structure appears in a request, you must take a copy - of the client-calculated credentials received, because they will be - used in subsequent credential checks. the presumed intention is to - maintain an authenticated request/response trail. - - LOG_INFO logon account info - CREDS client-calculated credentials + client time - -- ID_INFO_1 (id info structure, auth level 1) : - - VOID* ptr_id_info_1 - UNIHDR domain name unicode header - UINT32 param control - UINT64 logon ID - UNIHDR user name unicode header - UNIHDR workgroup name unicode header - char[16] arc4 LM OWF Password - char[16] arc4 NT OWF Password - UNISTR2 domain name unicode string - UNISTR2 user name unicode string - UNISTR2 workstation name unicode string - -- SAM_INFO (sam logon/logoff id info structure) : - - Note: presumably, the return credentials is supposedly for the server to - verify that the credential chain hasn't been compromised. - - CLNT_INFO2 client identification/authentication info - VOID* pointer to return credentials. - CRED return credentials - ignored. - UINT16 logon level - UINT16 switch value - - switch (switch_value) - case 1: - { - ID_INFO_1 id_info_1; - } - -- GID (group id info) : - - UINT32 group id - UINT32 user attributes (only used by NT 3.1 and 3.51) - -- DOM_REF (domain reference info) : - - VOID* undocumented buffer pointer. - UINT32 num referenced domains? - VOID* undocumented domain name buffer pointer. - UINT32 32 - max number of entries - UINT32 4 - num referenced domains? - - UNIHDR2 domain name unicode string header - UNIHDR2[num_ref_doms-1] referenced domain unicode string headers - - UNISTR domain name unicode string - DOM_SID[num_ref_doms] referenced domain SIDs - -- DOM_INFO (domain info, levels 3 and 5 are the same)) : - - UINT8[] ??? padding to get 4-byte alignment with start of SMB header - UINT16 domain name string length * 2 - UINT16 domain name string length * 2 - VOID* undocumented domain name string buffer pointer - VOID* undocumented domain SID string buffer pointer - UNISTR2 domain name (unicode string) - DOM_SID domain SID - -- USER_INFO (user logon info) : - - Note: it would be nice to know what the 16 byte user session key is for. - - NTTIME logon time - NTTIME logoff time - NTTIME kickoff time - NTTIME password last set time - NTTIME password can change time - NTTIME password must change time - - UNIHDR username unicode string header - UNIHDR user's full name unicode string header - UNIHDR logon script unicode string header - UNIHDR profile path unicode string header - UNIHDR home directory unicode string header - UNIHDR home directory drive unicode string header - - UINT16 logon count - UINT16 bad password count - - UINT32 User ID - UINT32 Group ID - UINT32 num groups - VOID* undocumented buffer pointer to groups. - - UINT32 user flags - char[16] user session key - - UNIHDR logon server unicode string header - UNIHDR logon domain unicode string header - VOID* undocumented logon domain id pointer - char[40] 40 undocumented padding bytes. future expansion? - - UINT32 0 - num_other_sids? - VOID* NULL - undocumented pointer to other domain SIDs. - - UNISTR2 username unicode string - UNISTR2 user's full name unicode string - UNISTR2 logon script unicode string - UNISTR2 profile path unicode string - UNISTR2 home directory unicode string - UNISTR2 home directory drive unicode string - - UINT32 num groups - GID[num_groups] group info - - UNISTR2 logon server unicode string - UNISTR2 logon domain unicode string - - DOM_SID domain SID - DOM_SID[num_sids] other domain SIDs? - -- SH_INFO_1_PTR (pointers to level 1 share info strings): - -Note: see cifsrap2.txt section5, page 10. - - 0 for shi1_type indicates a Disk. - 1 for shi1_type indicates a Print Queue. - 2 for shi1_type indicates a Device. - 3 for shi1_type indicates an IPC pipe. - 0x8000 0000 (top bit set in shi1_type) indicates a hidden share. - - VOID* shi1_netname - pointer to net name - UINT32 shi1_type - type of share. 0 - undocumented. - VOID* shi1_remark - pointer to comment. - -- SH_INFO_1_STR (level 1 share info strings) : - - UNISTR2 shi1_netname - unicode string of net name - UNISTR2 shi1_remark - unicode string of comment. - -- SHARE_INFO_1_CTR : - - share container with 0 entries: - - UINT32 0 - EntriesRead - UINT32 0 - Buffer - - share container with > 0 entries: - - UINT32 EntriesRead - UINT32 non-zero - Buffer - UINT32 EntriesRead - - SH_INFO_1_PTR[EntriesRead] share entry pointers - SH_INFO_1_STR[EntriesRead] share entry strings - - UINT8[] padding to get unicode string 4-byte - aligned with start of the SMB header. - UINT32 EntriesRead - UINT32 0 - padding - -- SERVER_INFO_101 : - -Note: see cifs6.txt section 6.4 - the fields described therein will be - of assistance here. for example, the type listed below is the - same as fServerType, which is described in 6.4.1. - - SV_TYPE_WORKSTATION 0x00000001 All workstations - SV_TYPE_SERVER 0x00000002 All servers - SV_TYPE_SQLSERVER 0x00000004 Any server running with SQL - server - SV_TYPE_DOMAIN_CTRL 0x00000008 Primary domain controller - SV_TYPE_DOMAIN_BAKCTRL 0x00000010 Backup domain controller - SV_TYPE_TIME_SOURCE 0x00000020 Server running the timesource - service - SV_TYPE_AFP 0x00000040 Apple File Protocol servers - SV_TYPE_NOVELL 0x00000080 Novell servers - SV_TYPE_DOMAIN_MEMBER 0x00000100 Domain Member - SV_TYPE_PRINTQ_SERVER 0x00000200 Server sharing print queue - SV_TYPE_DIALIN_SERVER 0x00000400 Server running dialin service. - SV_TYPE_XENIX_SERVER 0x00000800 Xenix server - SV_TYPE_NT 0x00001000 NT server - SV_TYPE_WFW 0x00002000 Server running Windows for - - SV_TYPE_SERVER_NT 0x00008000 Windows NT non DC server - SV_TYPE_POTENTIAL_BROWSER 0x00010000 Server that can run the browser - service - SV_TYPE_BACKUP_BROWSER 0x00020000 Backup browser server - SV_TYPE_MASTER_BROWSER 0x00040000 Master browser server - SV_TYPE_DOMAIN_MASTER 0x00080000 Domain Master Browser server - SV_TYPE_LOCAL_LIST_ONLY 0x40000000 Enumerate only entries marked - "local" - SV_TYPE_DOMAIN_ENUM 0x80000000 Enumerate Domains. The pszServer - and pszDomain parameters must be - NULL. - - UINT32 500 - platform_id - VOID* pointer to name - UINT32 5 - major version - UINT32 4 - minor version - UINT32 type (SV_TYPE_... bit field) - VOID* pointer to comment - - UNISTR2 sv101_name - unicode string of server name - UNISTR2 sv_101_comment - unicode string of server comment. - - UINT8[] padding to get unicode string 4-byte - aligned with start of the SMB header. - - - -3) MSRPC over Transact Named Pipe ---------------------------------- - -For details on the SMB Transact Named Pipe, see cifs6.txt - - -3.1) MSRPC Pipes ----------------- - -The MSRPC is conducted over an SMB Transact Pipe with a name of "\PIPE\". -You must first obtain a 16 bit file handle, by sending a SMBopenX with the -pipe name "\PIPE\srvsvc" for example. You can then perform an SMB Trans, -and must carry out an SMBclose on the file handle once you are finished. - -Trans Requests must be sent with two setup UINT16s, no UINT16 params (none -known about), and UINT8 data parameters sufficient to contain the MSRPC -header, and MSRPC data. The first UINT16 setup parameter must be either -0x0026 to indicate an RPC, or 0x0001 to indicate Set Named Pipe Handle -state. The second UINT16 parameter must be the file handle for the pipe, -obtained above. - -The Data section for an API Command of 0x0026 (RPC pipe) in the Trans -Request is the RPC Header, followed by the RPC Data. The Data section for -an API Command of 0x0001 (Set Named Pipe Handle state) is two bytes. The -only value seen for these two bytes is 0x00 0x43. - - -MSRPC Responses are sent as response data inside standard SMB Trans -responses, with the MSRPC Header, MSRPC Data and MSRPC tail. - - -It is suspected that the Trans Requests will need to be at least 2-byte -aligned (probably 4-byte). This is standard practice for SMBs. It is also -independent of the observed 4-byte alignments with the start of the MSRPC -header, including the 4-byte alignment between the MSRPC header and the -MSRPC data. - - -First, an SMBtconX connection is made to the IPC$ share. The connection -must be made using encrypted passwords, not clear-text. Then, an SMBopenX -is made on the pipe. Then, a Set Named Pipe Handle State must be sent, -after which the pipe is ready to accept API commands. Lastly, and SMBclose -is sent. - - -To be resolved: - - lkcl/01nov97 there appear to be two additional bytes after the null- - terminated \PIPE\ name for the RPC pipe. Values seen so far are - listed below: - - initial SMBopenX request: RPC API command 0x26 params: - - "\\PIPE\\lsarpc" 0x65 0x63; 0x72 0x70; 0x44 0x65; - "\\PIPE\\srvsvc" 0x73 0x76; 0x4E 0x00; 0x5C 0x43; - - -3.2) Header ------------ - -[section to be rewritten, following receipt of work by Duncan Stansfield] - - -Interesting note: if you set packed data representation to 0x0100 0000 -then all 4-byte and 2-byte word ordering is turned around! - -The start of each of the NTLSA and NETLOGON named pipes begins with: - -00 UINT8 5 - RPC major version -01 UINT8 0 - RPC minor version -02 UINT8 2 - RPC response packet -03 UINT8 3 - (FirstFrag bit-wise or with LastFrag) -04 UINT32 0x1000 0000 - packed data representation -08 UINT16 fragment length - data size (bytes) inc header and tail. -0A UINT16 0 - authentication length -0C UINT32 call identifier. matches 12th UINT32 of incoming RPC data. -10 UINT32 allocation hint - data size (bytes) minus header and tail. -14 UINT16 0 - presentation context identifier -16 UINT8 0 - cancel count -17 UINT8 in replies: 0 - reserved; in requests: opnum - see #defines. -18 ...... start of data (goes on for allocation_hint bytes) - - -RPC_Packet for request, response, bind and bind acknowledgement. -{ - - UINT8 versionmaj # reply same as request (0x05) - UINT8 versionmin # reply same as request (0x00) - UINT8 type # one of the MSRPC_Type enums - UINT8 flags # reply same as request (0x00 for Bind, 0x03 for Request) - UINT32 representation # reply same as request (0x00000010) - UINT16 fraglength # the length of the data section of the SMB trans packet - UINT16 authlength - UINT32 callid # call identifier. (e.g. 0x00149594) - - * stub USE TvPacket # the remainder of the packet depending on the "type" -} - - -# the interfaces are numbered. as yet I haven't seen more than one interface -# used on the same pipe name -# srvsvc -# abstract (0x4B324FC8, 0x01D31670, 0x475A7812, 0x88E16EBF, 0x00000003) -# transfer (0x8A885D04, 0x11C91CEB, 0x0008E89F, 0x6048102B, 0x00000002) -RPC_Iface RW -{ - UINT8 byte[16] # 16 bytes of number - UINT32 version # the interface number -} - - -# the remainder of the packet after the header if "type" was Bind -# in the response header, "type" should be BindAck -RPC_ReqBind RW -{ - UINT16 maxtsize # maximum transmission fragment size (0x1630) - UINT16 maxrsize # max receive fragment size (0x1630) - UINT32 assocgid # associated group id (0x0) - UINT32 numelements # the number of elements (0x1) - UINT16 contextid # presentation context identifier (0x0) - UINT8 numsyntaxes # the number of syntaxes (has always been 1?)(0x1) - UINT8[] # 4-byte alignment padding, against SMB header - - * abstractint USE RPC_Iface # num and vers. of interface client is using - * transferint USE RPC_Iface # num and vers. of interface to use for replies -} - - -RPC_Address RW -{ - UINT16 length # length of the string including null terminator - * port USE string # the string above in single byte, null terminated form -} - - -# the response to place after the header in the reply packet -RPC_ResBind RW -{ - UINT16 maxtsize # same as request - UINT16 maxrsize # same as request - UINT32 assocgid # zero - - * secondaddr USE RPC_Address # the address string, as described earlier - - UINT8[] # 4-byte alignment padding, against SMB header - - UINT8 numresults # the number of results (0x01) - - UINT8[] # 4-byte alignment padding, against SMB header - UINT16 result # result (0x00 = accept) - UINT16 reason # reason (0x00 = no reason specified) - - * transfersyntax USE RPC_Iface # the transfer syntax from the request -} - - -# the remainder of the packet after the header for every other other -# request -RPC_ReqNorm RW -{ - UINT32 allochint # the size of the stub data in bytes - UINT16 prescontext # presentation context identifier (0x0) - UINT16 opnum # operation number (0x15) - - * stub USE TvPacket # a packet dependent on the pipe name - # (probably the interface) and the op number) -} - - -# response to a request -RPC_ResNorm RW -{ - UINT32 allochint # size of the stub data in bytes - UINT16 prescontext # presentation context identifier (same as request) - UINT8 cancelcount # cancel count? (0x0) - UINT8 reserved # 0 - one byte padding - - * stub USE TvPacket # the remainder of the reply -} - - -3.3) Tail ---------- - -The end of each of the NTLSA and NETLOGON named pipes ends with: - - ...... end of data - UINT32 return code - - - -3.4 RPC Bind / Bind Ack ------------------------ - -RPC Binds are the process of associating an RPC pipe (e.g \PIPE\lsarpc) -with a "transfer syntax" (see RPC_Iface structure). The purpose for doing -this is unknown. - -Note: The RPC_ResBind SMB Transact request is sent with two uint16 setup - parameters. The first is 0x0026; the second is the file handle - returned by the SMBopenX Transact response. - -Note: The RPC_ResBind members maxtsize, maxrsize and assocgid are the - same in the response as the same members in the RPC_ReqBind. The - RPC_ResBind member transfersyntax is the same in the response as - the - -Note: The RPC_ResBind response member secondaddr contains the name - of what is presumed to be the service behind the RPC pipe. The - mapping identified so far is: - - initial SMBopenX request: RPC_ResBind response: - - "\\PIPE\\srvsvc" "\\PIPE\\ntsvcs" - "\\PIPE\\samr" "\\PIPE\\lsass" - "\\PIPE\\lsarpc" "\\PIPE\\lsass" - "\\PIPE\\wkssvc" "\\PIPE\\wksvcs" - "\\PIPE\\NETLOGON" "\\PIPE\\NETLOGON" - -Note: The RPC_Packet fraglength member in both the Bind Request and Bind - Acknowledgment must contain the length of the entire RPC data, - including the RPC_Packet header. - -Request: - - RPC_Packet - RPC_ReqBind - -Response: - - RPC_Packet - RPC_ResBind - - - -4) NTLSA Transact Named Pipe ----------------------------- - -The sequence of actions taken on this pipe are: - -- Establish a connection to the IPC$ share (SMBtconX). use encrypted passwords. -- Open an RPC Pipe with the name "\\PIPE\\lsarpc". Store the file handle. -- Using the file handle, send a Set Named Pipe Handle state to 0x4300. -- Send an LSA Open Policy request. Store the Policy Handle. -- Using the Policy Handle, send LSA Query Info Policy requests, etc. -- Using the Policy Handle, send an LSA Close. -- Close the IPC$ share. - - -Defines for this pipe, identifying the query are: - -- LSA Open Policy: 0x2c -- LSA Query Info Policy: 0x07 -- LSA Enumerate Trusted Domains: 0x0d -- LSA Open Secret: 0xff -- LSA Lookup SIDs: 0xfe -- LSA Lookup Names: 0xfd -- LSA Close: 0x00 - - -4.1) LSA Open Policy --------------------- - -Note: The policy handle can be anything you like. - -Request: - - VOID* buffer pointer - UNISTR2 server name - unicode string starting with two '\'s - OBJ_ATTR object attributes - UINT32 1 - desired access - -Response: - - POL_HND LSA policy handle - - return 0 - indicates success - - -4.2) LSA Query Info Policy --------------------------- - -Note: The info class in response must be the same as that in the request. - -Request: - - POL_HND LSA policy handle - UINT16 info class (also a policy handle?) - -Response: - - VOID* undocumented buffer pointer - UINT16 info class (same as info class in request). - - switch (info class) - case 3: - case 5: - { - DOM_INFO domain info, levels 3 and 5 (are the same). - } - - return 0 - indicates success - - -4.3) LSA Enumerate Trusted Domains ----------------------------------- - -Request: - - no extra data - -Response: - - UINT32 0 - enumeration context - UINT32 0 - entries read - UINT32 0 - trust information - - return 0x8000 001a - "no trusted domains" success code - - -4.4) LSA Open Secret --------------------- - -Request: - - no extra data - -Response: - - UINT32 0 - undocumented - UINT32 0 - undocumented - UINT32 0 - undocumented - UINT32 0 - undocumented - UINT32 0 - undocumented - - return 0x0C00 0034 - "no such secret" success code - - -4.5) LSA Close --------------- - -Request: - - POL_HND policy handle to be closed - -Response: - - POL_HND 0s - closed policy handle (all zeros) - - return 0 - indicates success - - -4.6) LSA Lookup SIDS --------------------- - -Note: num_entries in response must be same as num_entries in request. - -Request: - - POL_HND LSA policy handle - UINT32 num_entries - VOID* undocumented domain SID buffer pointer - VOID* undocumented domain name buffer pointer - VOID*[num_entries] undocumented domain SID pointers to be looked up. - DOM_SID[num_entries] domain SIDs to be looked up. - char[16] completely undocumented 16 bytes. - -Response: - - DOM_REF domain reference response - - UINT32 num_entries (listed above) - VOID* undocumented buffer pointer - - UINT32 num_entries (listed above) - DOM_SID2[num_entries] domain SIDs (from Request, listed above). - - UINT32 num_entries (listed above) - - return 0 - indicates success - - -4.7) LSA Lookup Names ---------------------- - -Note: num_entries in response must be same as num_entries in request. - -Request: - - POL_HND LSA policy handle - UINT32 num_entries - UINT32 num_entries - VOID* undocumented domain SID buffer pointer - VOID* undocumented domain name buffer pointer - NAME[num_entries] names to be looked up. - char[] undocumented bytes - falsely translated SID structure? - -Response: - - DOM_REF domain reference response - - UINT32 num_entries (listed above) - VOID* undocumented buffer pointer - - UINT32 num_entries (listed above) - DOM_RID[num_entries] domain SIDs (from Request, listed above). - - UINT32 num_entries (listed above) - - return 0 - indicates success - - - -5) NETLOGON rpc Transact Named Pipe ------------------------------------ - -The sequence of actions taken on this pipe are: - -- Establish a connection to the IPC$ share (SMBtconX). use encrypted passwords. -- Open an RPC Pipe with the name "\\PIPE\\NETLOGON". Store the file handle. -- Using the file handle, send a Set Named Pipe Handle state to 0x4300. -- Create Client Challenge. Send LSA Request Challenge. Store Server Challenge. -- Calculate Session Key. Send an LSA Auth 2 Challenge. Store Auth2 Challenge. -- Calc/Verify Client Creds. Send LSA Srv PW Set. Calc/Verify Server Creds. -- Calc/Verify Client Creds. Send LSA SAM Logon . Calc/Verify Server Creds. -- Calc/Verify Client Creds. Send LSA SAM Logoff. Calc/Verify Server Creds. -- Close the IPC$ share. - - -Defines for this pipe, identifying the query are: - -- LSA Request Challenge: 0x04 -- LSA Server Password Set: 0x06 -- LSA SAM Logon: 0x02 -- LSA SAM Logoff: 0x03 -- LSA Auth 2: 0x0f -- LSA Logon Control: 0x0e - - -5.1) LSA Request Challenge --------------------------- - -Note: logon server name starts with two '\' characters and is upper case. - -Note: logon client is the machine, not the user. - -Note: the initial LanManager password hash, against which the challenge - is issued, is the machine name itself (lower case). there will be - calls issued (LSA Server Password Set) which will change this, later. - refusing these calls allows you to always deal with the same password - (i.e the LM# of the machine name in lower case). - -Request: - - VOID* undocumented buffer pointer - UNISTR2 logon server unicode string - UNISTR2 logon client unicode string - char[8] client challenge - -Response: - - char[8] server challenge - - return 0 - indicates success - - - -5.2) LSA Authenticate 2 ------------------------ - -Note: in between request and response, calculate the client credentials, - and check them against the client-calculated credentials (this - process uses the previously received client credentials). - -Note: neg_flags in the response is the same as that in the request. - -Note: you must take a copy of the client-calculated credentials received - here, because they will be used in subsequent authentication packets. - -Request: - - LOG_INFO client identification info - - char[8] client-calculated credentials - UINT8[] padding to 4-byte align with start of SMB header. - UINT32 neg_flags - negotiated flags (usual value is 0x0000 01ff) - -Response: - - char[8] server credentials. - UINT32 neg_flags - same as neg_flags in request. - - return 0 - indicates success. failure value unknown. - - -5.3) LSA Server Password Set ----------------------------- - -Note: the new password is suspected to be a DES encryption using the old - password to generate the key. - -Note: in between request and response, calculate the client credentials, - and check them against the client-calculated credentials (this - process uses the previously received client credentials). - -Note: the server credentials are constructed from the client-calculated - credentials and the client time + 1 second. - -Note: you must take a copy of the client-calculated credentials received - here, because they will be used in subsequent authentication packets. - -Request: - - CLNT_INFO client identification/authentication info - char[] new password - undocumented. - -Response: - - CREDS server credentials. server time stamp appears to be ignored. - - return 0 - indicates success; 0xC000 006a indicates failure - - -5.4) LSA SAM Logon ------------------- - -Note: valid_user is True iff the username and password hash are valid for - the requested domain. - -Request: - - SAM_INFO sam_id structure - -Response: - - VOID* undocumented buffer pointer - CREDS server credentials. server time stamp appears to be ignored. - - if (valid_user) - { - UINT16 3 - switch value indicating USER_INFO structure. - VOID* non-zero - pointer to USER_INFO structure - USER_INFO user logon information - - UINT32 1 - Authoritative response; 0 - Non-Auth? - - return 0 - indicates success - } - else - { - UINT16 0 - switch value. value to indicate no user presumed. - VOID* 0x0000 0000 - indicates no USER_INFO structure. - - UINT32 1 - Authoritative response; 0 - Non-Auth? - - return 0xC000 0064 - NT_STATUS_NO_SUCH_USER. - } - - -5.5) LSA SAM Logoff --------------------- - -Note: presumably, the SAM_INFO structure is validated, and a (currently - undocumented) error code returned if the Logoff is invalid. - -Request: - - SAM_INFO sam_id structure - -Response: - - VOID* undocumented buffer pointer - CREDS server credentials. server time stamp appears to be ignored. - - return 0 - indicates success. undocumented failure indication. - - -6) \\MAILSLOT\NET\NTLOGON -------------------------- - -Note: mailslots will contain a response mailslot, to which the response - should be sent. the target NetBIOS name is REQUEST_NAME<20>, where - REQUEST_NAME is the name of the machine that sent the request. - - -6.1) Query for PDC ------------------- - -Note: NTversion, LMNTtoken, LM20token in response are the same as those - given in the request. - -Request: - - UINT16 0x0007 - Query for PDC - STR machine name - STR response mailslot - UINT8[] padding to 2-byte align with start of mailslot. - UNISTR machine name - UINT32 NTversion - UINT16 LMNTtoken - UINT16 LM20token - -Response: - - UINT16 0x000A - Respose to Query for PDC - STR machine name (in uppercase) - UINT8[] padding to 2-byte align with start of mailslot. - UNISTR machine name - UNISTR domain name - UINT32 NTversion (same as received in request) - UINT16 LMNTtoken (same as received in request) - UINT16 LM20token (same as received in request) - - -6.2) SAM Logon --------------- - -Note: machine name in response is preceded by two '\' characters. - -Note: NTversion, LMNTtoken, LM20token in response are the same as those - given in the request. - -Note: user name in the response is presumably the same as that in the request. - -Request: - - UINT16 0x0012 - SAM Logon - UINT16 request count - UNISTR machine name - UNISTR user name - STR response mailslot - UINT32 alloweable account - UINT32 domain SID size - char[sid_size] domain SID, of sid_size bytes. - UINT8[] ???? padding to 4? 2? -byte align with start of mailslot. - UINT32 NTversion - UINT16 LMNTtoken - UINT16 LM20token - -Response: - - UINT16 0x0013 - Response to SAM Logon - UNISTR machine name - UNISTR user name - workstation trust account - UNISTR domain name - UINT32 NTversion - UINT16 LMNTtoken - UINT16 LM20token - - - -7) SRVSVC Transact Named Pipe ------------------------------ - - -Defines for this pipe, identifying the query are: - -- Net Share Enum : 0x0f -- Net Server Get Info : 0x15 - - -7.1) Net Share Enum ------------------- - -Note: share level and switch value in the response are presumably the - same as those in the request. - -Note: cifsrap2.txt (section 5) may be of limited assistance here. - -Request: - - VOID* pointer (to server name?) - UNISTR2 server name - - UINT8[] padding to get unicode string 4-byte aligned - with the start of the SMB header. - - UINT32 share level - UINT32 switch value - - VOID* pointer to SHARE_INFO_1_CTR - SHARE_INFO_1_CTR share info with 0 entries - - UINT32 preferred maximum length (0xffff ffff) - -Response: - - UINT32 share level - UINT32 switch value - - VOID* pointer to SHARE_INFO_1_CTR - SHARE_INFO_1_CTR share info (only added if share info ptr is non-zero) - - return 0 - indicates success - - -7.2) Net Server Get Info ------------------- - -Note: level is the same value as in the request. - -Request: - - UNISTR2 server name - UINT32 switch level - -Response: - - UINT32 switch level - VOID* pointer to SERVER_INFO_101 - - SERVER_INFO_101 server info (only added if server info ptr is non-zero) - - return 0 - indicates success - - - -Appendix --------- - -A1) Cryptographic side of NT Domain Authentication --------------------------------------------------- - - -A1.1) Definitions ------------------ - -Add(A1,A2): Intel byte ordered addition of corresponding 4 byte words -in arrays A1 and A2 - -E(K,D): DES ECB encryption of 8 byte data D using 7 byte key K - -lmowf(): Lan man hash - -ntowf(): NT hash - -PW: md4(machine_password) == md4(lsadump $machine.acc) == -pwdump(machine$) (initially) == md4(lmowf(unicode(machine))) - -ARC4(K,Lk,D,Ld): ARC4 encryption of data D of length Ld with key K of -length Lk - -v[m..n(,l)]: subset of v from bytes m to n, optionally padded with -zeroes to length l - -Cred(K,D): E(K[7..7,7],E(K[0..6],D)) computes a credential - -Time(): 4 byte current time - -Cc,Cs: 8 byte client and server challenges Rc,Rs: 8 byte client and -server credentials - - -A1.2) Protocol --------------- - -C->S ReqChal,Cc S->C Cs - -C & S compute session key Ks = E(PW[9..15],E(PW[0..6],Add(Cc,Cs))) - -C: Rc = Cred(Ks,Cc) C->S Authenticate,Rc S: Rs = Cred(Ks,Cs), -assert(Rc == Cred(Ks,Cc)) S->C Rs C: assert(Rs == Cred(Ks,Cs)) - -On joining the domain the client will optionally attempt to change its -password and the domain controller may refuse to update it depending -on registry settings. This will also occur weekly afterwards. - -C: Tc = Time(), Rc' = Cred(Ks,Rc+Tc) C->S ServerPasswordSet,Rc',Tc, -arc4(Ks[0..7,16],lmowf(randompassword()) C: Rc = Cred(Ks,Rc+Tc+1) S: -assert(Rc' == Cred(Ks,Rc+Tc)), Ts = Time() S: Rs' = Cred(Ks,Rs+Tc+1) -S->C Rs',Ts C: assert(Rs' == Cred(Ks,Rs+Tc+1)) S: Rs = Rs' - -User: U with password P wishes to login to the domain (incidental data -such as workstation and domain omitted) - -C: Tc = Time(), Rc' = Cred(Ks,Rc+Tc) C->S NetLogonSamLogon,Rc',Tc,U, -arc4(Ks[0..7,16],16,ntowf(P),16), arc4(Ks[0..7,16],16,lmowf(P),16) S: -assert(Rc' == Cred(Ks,Rc+Tc)) assert(passwords match those in SAM) S: -Ts = Time() - -S->C Cred(Ks,Cred(Ks,Rc+Tc+1)),userinfo(logon script,UID,SIDs,etc) C: -assert(Rs == Cred(Ks,Cred(Rc+Tc+1)) C: Rc = Cred(Ks,Rc+Tc+1) - - -A1.3) Comments --------------- - -On first joining the domain the session key could be computed by -anyone listening in on the network as the machine password has a well -known value. Until the machine is rebooted it will use this session -key to encrypt NT and LM one way functions of passwords which are -password equivalents. Any user who logs in before the machine has been -rebooted a second time will have their password equivalent exposed. Of -course the new machine password is exposed at this time anyway. - -None of the returned user info such as logon script, profile path and -SIDs *appear* to be protected by anything other than the TCP checksum. - -The server time stamps appear to be ignored. - -The client sends a ReturnAuthenticator in the SamLogon request which I -can't find a use for. However its time is used as the timestamp -returned by the server. - -The password OWFs should NOT be sent over the network reversibly -encrypted. They should be sent using ARC4(Ks,md4(owf)) with the server -computing the same function using the owf values in the SAM. - - -A2) SIDs and RIDs ------------------ - -SIDs and RIDs are well documented elsewhere. - -A SID is an NT Security ID (see DOM_SID structure). They are of the form: - - S-revision-NN-SubAuth1-SubAuth2-SubAuth3... - S-revision-0xNNNNNNNNNNNN-SubAuth1-SubAuth2-SubAuth3... - -currently, the SID revision is 1. -The Sub-Authorities are known as Relative IDs (RIDs). - - -A2.1) Well-known SIDs ---------------------- - - -A2.1.1) Universal well-known SIDs ---------------------------------- - - Null SID S-1-0-0 - World S-1-1-0 - Local S-1-2-0 - Creator Owner ID S-1-3-0 - Creator Group ID S-1-3-1 - Creator Owner Server ID S-1-3-2 - Creator Group Server ID S-1-3-3 - - (Non-unique IDs) S-1-4 - - -A2.1.2) NT well-known SIDs --------------------------- - - NT Authority S-1-5 - Dialup S-1-5-1 - - Network S-1-5-2 - Batch S-1-5-3 - Interactive S-1-5-4 - Service S-1-5-6 - AnonymousLogon S-1-5-7 (aka null logon session) - Proxy S-1-5-8 - ServerLogon S-1-5-8 (aka domain controller account) - - (Logon IDs) S-1-5-5-X-Y - - (NT non-unique IDs) S-1-5-0x15-... - - (Built-in domain) s-1-5-0x20 - - - -A2.2) Well-known RIDS ---------------------- - -A RID is a sub-authority value, as part of either a SID, or in the case -of Group RIDs, part of the DOM_GID structure, in the USER_INFO_1 -structure, in the LSA SAM Logon response. - - -A2.2.1) Well-known RID users ----------------------------- - - DOMAIN_USER_RID_ADMIN 0x0000 01F4 - DOMAIN_USER_RID_GUEST 0x0000 01F5 - - - -A2.2.2) Well-known RID groups ----------------------------- - - DOMAIN_GROUP_RID_ADMINS 0x0000 0200 - DOMAIN_GROUP_RID_USERS 0x0000 0201 - DOMAIN_GROUP_RID_GUESTS 0x0000 0202 - - - -A2.2.3) Well-known RID aliases ------------------------------- - - DOMAIN_ALIAS_RID_ADMINS 0x0000 0220 - DOMAIN_ALIAS_RID_USERS 0x0000 0221 - DOMAIN_ALIAS_RID_GUESTS 0x0000 0222 - DOMAIN_ALIAS_RID_POWER_USERS 0x0000 0223 - - DOMAIN_ALIAS_RID_ACCOUNT_OPS 0x0000 0224 - DOMAIN_ALIAS_RID_SYSTEM_OPS 0x0000 0225 - DOMAIN_ALIAS_RID_PRINT_OPS 0x0000 0226 - DOMAIN_ALIAS_RID_BACKUP_OPS 0x0000 0227 - - DOMAIN_ALIAS_RID_REPLICATOR 0x0000 0228 - - diff --git a/docs/textdocs/outdated/NTDOMAIN.txt b/docs/textdocs/outdated/NTDOMAIN.txt deleted file mode 100644 index 8408acb979..0000000000 --- a/docs/textdocs/outdated/NTDOMAIN.txt +++ /dev/null @@ -1,51 +0,0 @@ -!== -!== NTDOMAIN.txt for Samba release 2.0.4 18 May 1999 -!== -Contributor: Luke Kenneth Casson Leighton (samba-bugs@samba.org) - Copyright (C) 1997 Luke Kenneth Casson Leighton -Created: October 20, 1997 -Updated: February 25, 1999 (Jerry Carter) - -Subject: NT Domain Logons -=========================================================================== - -As of 1.9.18alpha1, Samba supports logins for NT 3.51 and 4.0 Workstations, -without the need, use or intervention of NT Server. This document describes -how to set this up. Over the continued development of the 1.9.18alpha -series, this process (and therefore this document) should become simpler. - -One useful thing to do is to get this version of Samba up and running -with Win95 profiles, as you would for the current stable version of -Samba (currently at 1.9.17p4), and is fully documented. You will need -to set up encrypted passwords. Even if you don't have any Win95 machines, -using your Samba Server to store the profile for one of your NT Workstation -users is a good test that you have 1.9.18alpha1 correctly configured *prior* -to attempting NT Domain Logons. - -The support is still experimental, so should be used at your own risk. - -NT is not as robust as you might have been led to believe: during the -development of the Domain Logon Support, one person reported having to -reinstall NT from scratch: their workstation had become totally unuseable. - -[further reports on ntsec@iss.net by independent administrators showing - similar symptoms lead us to believe that the SAM database file may be - corruptible. this _is_ recoverable (or, at least the machine is accessible), - by deleting the SAM file, under which circumstances all user account details - are lost, but at least the Administrator can log in with a blank password. - this is *not* possible except if the NT system is installed in a FAT - partition.] - -This *has* been reported to the NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM digest. - -========================================================================== -Please note that Samba 2.0 does not **officially** support domain logons -for Windows NT clients. Of course, domain logon support for Windows 9x -clients is complete and official. These are two different issues. - -Samba's capability to act as a Primary Domain Controller for Windows NT -domains is not advertised as it is not completed yet. For more information -regarding how to obtain the latest development (HEAD branch) source code -and what features are available, please refer to the NT Domain FAQ on-line -at the Samba web site under the documentation page. - diff --git a/docs/textdocs/outdated/PROJECTS b/docs/textdocs/outdated/PROJECTS deleted file mode 100644 index 3008bea430..0000000000 --- a/docs/textdocs/outdated/PROJECTS +++ /dev/null @@ -1,88 +0,0 @@ - Samba Projects Directory - ======================== - - ->>>>> NOTE: THIS FILE IS NOW VERY OUT OF DATE <<<<< - - -This is a list of who's working on what in Samba. It's not guaranteed -to be uptodate or accurate but I hope it will help us getting -coordinated. - -If you are working on something to do with Samba and you aren't here -then please let me know! Also, if you are listed below and you have -any corrections or updates then please let me know. - -Email contact: -samba-bugs@samba.org - -======================================================================== -Documentation and FAQ - -Docs and FAQ files for the Samba suite of software. - -Contact samba-bugs@samba.org with the diffs. These are urgently -required. - -The FAQ is being added to on an ad hoc basis, see the web pages for info. - -Mark Preston was working on a set of formatted docs for Samba. Is this -still happening? Contact mpreston@sghms.ac.uk - -Status last updated 2nd October 1996 -======================================================================== - -======================================================================== -Netbeui support - -This aimed to produce patches so that Samba can be used with clients -that do not have TCP/IP. It will try to remain as portable as possible. -Contact Brian.Onn@Canada.Sun.COM (Brian Onn) Unfortunately it died, and -although a lot of people have expressed interest nobody has come forward -to do it. The Novell port (see Samba web pages) includes NetBEUI -functionality in a proprietrary library which should still be helpful as -we have the interfaces. Alan Cox (a.cox@li.org) has the information -required to write the state machine if someone is going to do the work. - -Status last updated 2nd October 1996 -======================================================================== - -======================================================================== -Smbfs - -A mountable smb filesystem for Linux using the userfs userspace filesystem - -Contact lendecke@namu01.gwdg.de (Volker Lendecke) - -This works really well, and is measurably more efficient than commercial -client software. It is now part of the Linux kernel. Long filename support -is in use. - -Status last updated June 1997 -======================================================================== - -======================================================================== -Admin Tool - -Aims to produce a nice smb.conf editor and other useful tools for -administering a Samba system. - -Contact: Steve Brown (steve@unicorn.dungeon.com) - -In the design phase. - -Status last updated 4th September 1994 -======================================================================== - - -======================================================================== -Lanman Client. - -Contact: john@amanda.xs4all.nl (John Stewart) - -Aims to produce a reliable LANMAN Client implementation for LINUX, -and possibly other variations of UNIX. Project ably started by -Tor Lillqvist; tml@hemuli.tte.vtt.fi - -Status last updated 17th January 1995 -======================================================================== diff --git a/docs/textdocs/security_level.txt b/docs/textdocs/security_level.txt deleted file mode 100644 index f4e0df7139..0000000000 --- a/docs/textdocs/security_level.txt +++ /dev/null @@ -1,100 +0,0 @@ -Contributor: Andrew Tridgell -Updated: June 27, 1997 -Status: Current - -Subject: Description of SMB security levels. -=========================================================================== - -Samba supports the following options to the global smb.conf parameter -"security =": - share, user, server - -Note: Samba-2.0.0 now adds the "domain" security mode. Please refer to -the smb.conf man page for usage information and to the document -docs/textdocs/DOMAIN_MEMBER.txt for further background details. - -Of the above, "security = server" means that Samba reports to clients that -it is running in "user mode" but actually passes off all authentication -requests to another "user mode" server. This requires an additional -parameter "password server =" that points to the real authentication server. -That real authentication server can be another Samba server or can be a -Windows NT server, the later natively capable of encrypted password support. - -Below is a more complete description of security levels. -=========================================================================== - -A SMB server tells the client at startup what "security level" it is -running. There are two options "share level" and "user level". Which -of these two the client receives affects the way the client then tries -to authenticate itself. It does not directly affect (to any great -extent) the way the Samba server does security. I know this is -strange, but it fits in with the client/server approach of SMB. In SMB -everything is initiated and controlled by the client, and the server -can only tell the client what is available and whether an action is -allowed. - -I'll describe user level security first, as its simpler. In user level -security the client will send a "session setup" command directly after -the protocol negotiation. This contains a username and password. The -server can either accept or reject that username/password -combination. Note that at this stage the server has no idea what -share the client will eventually try to connect to, so it can't base -the "accept/reject" on anything other than: - -- the username/password -- the machine that the client is coming from - -If the server accepts the username/password then the client expects to -be able to mount any share (using a "tree connection") without -specifying a password. It expects that all access rights will be as -the username/password specified in the "session setup". - -It is also possible for a client to send multiple "session setup" -requests. When the server responds it gives the client a "uid" to use -as an authentication tag for that username/password. The client can -maintain multiple authentication contexts in this way (WinDD is an -example of an application that does this) - - -Ok, now for share level security. In share level security the client -authenticates itself separately for each share. It will send a -password along with each "tree connection" (share mount). It does not -explicitly send a username with this operation. The client is -expecting a password to be associated with each share, independent of -the user. This means that samba has to work out what username the -client probably wants to use. It is never explicitly sent the -username. Some commercial SMB servers such as NT actually associate -passwords directly with shares in share level security, but samba -always uses the unix authentication scheme where it is a -username/password that is authenticated, not a "share/password". - -Many clients send a "session setup" even if the server is in share -level security. They normally send a valid username but no -password. Samba records this username in a list of "possible -usernames". When the client then does a "tree connection" it also adds -to this list the name of the share they try to connect to (useful for -home directories) and any users listed in the "user =" smb.conf -line. The password is then checked in turn against these "possible -usernames". If a match is found then the client is authenticated as -that user. - -Finally "server level" security. In server level security the samba -server reports to the client that it is in user level security. The -client then does a "session setup" as described earlier. The samba -server takes the username/password that the client sends and attempts -to login to the "password server" by sending exactly the same -username/password that it got from the client. If that server is in -user level security and accepts the password then samba accepts the -clients connection. This allows the samba server to use another SMB -server as the "password server". - -You should also note that at the very start of all this, where the -server tells the client what security level it is in, it also tells -the client if it supports encryption. If it does then it supplies the -client with a random "cryptkey". The client will then send all -passwords in encrypted form. You have to compile samba with encryption -enabled to support this feature, and you have to maintain a separate -smbpasswd file with SMB style encrypted passwords. It is -cryptographically impossible to translate from unix style encryption -to SMB style encryption, although there are some fairly simple management -schemes by which the two could be kept in sync. diff --git a/docs/yodldocs/README-NOW b/docs/yodldocs/README-NOW deleted file mode 100644 index 592d38c135..0000000000 --- a/docs/yodldocs/README-NOW +++ /dev/null @@ -1,14 +0,0 @@ -!== -!== Notice of change of documentation format -!== - -Samba is no longer using yodl as the source markup -language for our documentation. As of release 2.2.0, -we are using DocBook V4.1 exclusively (assuming you are not -counting the ASCII files yet to be converted). - -Please see ../docbook/docbook.txt for more information -on this. - -jerry carter -SAMBA Team diff --git a/examples/VFS/block/Makefile b/examples/VFS/block/Makefile deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/examples/VFS/block/Makefile.in b/examples/VFS/block/Makefile.in deleted file mode 100644 index 3126dfa3b8..0000000000 --- a/examples/VFS/block/Makefile.in +++ /dev/null @@ -1,42 +0,0 @@ -MAKEFILE = Makefile.vfs - -include $(MAKEFILE) - -CC = @CC@ -LIBTOOL = libtool -CFLAGS = @CFLAGS@ $(VFS_CFLAGS) -CPPFLAGS = @CPPFLAGS@ $(VFS_CPPFLAGS) -LDFLAGS = @LDFLAGS@ $(VFS_LDFLAGS) -LDSHFLAGS = -shared -srcdir = @builddir@ -FLAGS = $(CFLAGS) -Iinclude -I$(srcdir)/include -I$(srcdir)/ubiqx -I$(srcdir)/smbwrapper -I. $(CPPFLAGS) -I$(srcdir) - -# Default target - -default: $(VFS_OBJS) - -# if file doesn't exist try to create one; -# it is possible that some variables will be -# defined correctly -Makefile.vfs: - @echo -ne "VFS_OBJS\t= " > $(MAKEFILE); \ - for i in *.c; do \ - echo -n $$i" " | sed -e 's/\(.*\)\.c\(.*\)/\1\.so\2/g' >> $(MAKEFILE); \ - done; \ - echo -ne "\nVFS_CFLAGS\t= \nVFS_CPPFLAGS\t= \nVFS_LDFLAGS\t= \n" >> $(MAKEFILE) - make - -# Pattern rules - -%.so: %.lo - $(LIBTOOL) $(CC) $(LDSHFLAGS) $(LDFLAGS) -o $@ $< - -%.lo: %.c - $(LIBTOOL) $(CC) $(FLAGS) -c $< - -# Misc targets - -clean: - rm -rf .libs - rm -f core *~ *% *.bak \ - $(VFS_OBJS) $(VFS_OBJS:.so=.o) $(VFS_OBJS:.so=.lo) diff --git a/examples/VFS/block/block.c b/examples/VFS/block/block.c deleted file mode 100644 index 9478b75f0f..0000000000 --- a/examples/VFS/block/block.c +++ /dev/null @@ -1,440 +0,0 @@ -/* - * - * Block access from links to dev mount points specified in PARAMCONF file - * - * Copyright (C) Ronald Kuetemeier, 2001 - * Copyright (C) Alexander Bokovoy, 2002 - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -#include "config.h" -#include -#include -#include -#include -#include -#include -#include -#include - - -#ifdef HAVE_UTIME_H -#include -#endif -#ifdef HAVE_DIRENT_H -#include -#endif -#include -#ifdef HAVE_FCNTL_H -#include -#endif - - -#include -#include - - - -static DIR *block_opendir(connection_struct *conn, char *fname); -static int block_connect(connection_struct *conn, const char *service, const char *user); -static void block_disconnect(connection_struct *conn); - -static struct smb_vfs_handle_struct *block_handle; - -/* VFS operations */ - - -static struct vfs_ops default_vfs_ops; /* For passthrough operation */ - -static vfs_op_tuple block_vfs_ops[] = { - - /* Disk operations */ - - {block_connect, SMB_VFS_OP_CONNECT, SMB_VFS_LAYER_TRANSPARENT}, - {block_disconnect, SMB_VFS_OP_DISCONNECT, SMB_VFS_LAYER_TRANSPARENT}, - - /* Directory operations */ - - {block_opendir, SMB_VFS_OP_OPENDIR, SMB_VFS_LAYER_TRANSPARENT}, - - {NULL, SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP} -}; - - -#ifndef PARAMCONF -#define PARAMCONF "/etc/samba-block.conf" -#endif - -extern BOOL pm_process(char *FileName, BOOL (*sfunc)(char *), BOOL(*pfunc)(char * , char *)); - -//functions - -static BOOL enter_pblock_mount(char *dir); -static BOOL get_section(char *sect); -static BOOL get_parameter_value(char *param, char *value); -static BOOL load_param(void); -static BOOL search(struct stat *stat_buf); -static BOOL dir_search(char *link, char *dir); -static BOOL enter_pblock_dir(char *dir); - - - -typedef struct block_dir -{ - dev_t st_dev; - int str_len; - char *dir_name; - struct block_dir *next; -} block_dir; - - -static char *params[] = {"mount_point","dir_name"}; -enum { MOUNT_POINT , DIR_NAME }; - -static struct block_dir *pblock_mountp = NULL; -static struct block_dir *pblock_dir = NULL; - - - -/* - * Load the conf file into a table - */ - -static BOOL load_param(void) -{ - - if ((pm_process(PARAMCONF,&get_section,&get_parameter_value)) == TRUE) - { - return TRUE; - - } - return FALSE; -} - - - -/* - * Enter the key and data into the list - * - */ - -static BOOL enter_pblock_mount(char *dir) -{ - struct stat stat_buf; - static struct block_dir *tmp_pblock; - - - if((stat(dir,&stat_buf)) != 0) - { - return FALSE; - } - - if(pblock_mountp == NULL) - { - pblock_mountp = calloc(1, sizeof(block_dir)); - if( pblock_mountp == NULL) - { - return FALSE; - } - tmp_pblock = pblock_mountp; - tmp_pblock->next = NULL; - - }else - { - tmp_pblock->next = calloc(1, sizeof(block_dir)); - if(tmp_pblock->next == NULL) - { - return FALSE; - } - tmp_pblock = tmp_pblock->next; - tmp_pblock->next = NULL; - - } - - - tmp_pblock->st_dev = stat_buf.st_dev; - tmp_pblock->dir_name = strdup(dir); - - - return TRUE; - -} - - -/* - * Enter the key and data into the list - * - */ - -static BOOL enter_pblock_dir(char *dir) -{ - static struct block_dir *tmp_pblock; - - - if(pblock_dir == NULL) - { - pblock_dir = calloc(1, sizeof(block_dir)); - if( pblock_dir == NULL) - { - return FALSE; - } - tmp_pblock = pblock_dir; - tmp_pblock->next = NULL; - - }else - { - tmp_pblock->next = calloc(1, sizeof(block_dir)); - if(tmp_pblock->next == NULL) - { - return FALSE; - } - tmp_pblock = tmp_pblock->next; - tmp_pblock->next = NULL; - - } - - - tmp_pblock->dir_name = strdup(dir); - tmp_pblock->str_len = strlen(dir); - - - return TRUE; - -} - - - - -/* - * Function callback for config section names - */ - -static BOOL get_section(char *sect) -{ - return TRUE; -} - - - -/* - * Function callback for config parameter value pairs - * - */ - -static BOOL get_parameter_value(char *param, char *value) -{ - int i = 0, maxargs = sizeof(params) / sizeof(char *); - - - for( i= 0; i < maxargs; i++) - { - if (strcmp(param,params[i]) == 0) - { - switch(i) - { - case MOUNT_POINT : - enter_pblock_mount(value); - break; - case DIR_NAME : - enter_pblock_dir(value); - break; - default : - break; - } - } - } - - return TRUE; - -} - - - - -/* VFS initialisation function. Return initialised vfs_op_tuple array - back to SAMBA. */ - -vfs_op_tuple *vfs_init(int *vfs_version, struct vfs_ops *def_vfs_ops, - struct smb_vfs_handle_struct *vfs_handle) -{ - *vfs_version = SMB_VFS_INTERFACE_VERSION; - - memcpy(&default_vfs_ops, def_vfs_ops, sizeof(struct vfs_ops)); - - block_handle = vfs_handle; - - return block_vfs_ops; -} - - -/* VFS finalization function. */ -void vfs_done(connection_struct *conn) -{ -} - - -/* - * VFS connect and param file loading - */ - -static int block_connect(connection_struct *conn, const char *service, const char *user) -{ - if((load_param()) == FALSE) - { - - return -1; - - } - - DEBUG(0,("%s connecting \n",conn->user)); - - return (default_vfs_ops.connect(conn, service,user)); -} - -/* - * Free allocated structures and disconnect - * - */ - - -static void block_disconnect(struct connection_struct *conn) -{ - - struct block_dir *tmp_pblock = (pblock_mountp == NULL ? pblock_dir : pblock_mountp); - struct block_dir *free_pblock = NULL; - - while(tmp_pblock != NULL) - { - free(tmp_pblock->dir_name); - free_pblock = tmp_pblock; - tmp_pblock = tmp_pblock->next; - free(free_pblock); - - if(tmp_pblock == NULL && pblock_dir != NULL) - { - tmp_pblock = (pblock_mountp == NULL ? pblock_dir : NULL); - pblock_dir = NULL; - - } - - } - - - - default_vfs_ops.disconnect(conn); -} - -/* - * VFS opendir - */ - -static DIR *block_opendir(struct connection_struct *conn, char *fname) -{ - - char *dir_name = NULL; - struct stat stat_buf; - - dir_name = alloca((strlen(conn->origpath) + strlen(fname) + 2) * sizeof(char)); - - pstrcpy(dir_name,conn->origpath); - pstrcat(dir_name, "/"); - strncat(dir_name, fname, strcspn(fname,"/")); - - if((lstat(dir_name,&stat_buf)) == 0) - { - if((S_ISLNK(stat_buf.st_mode)) == 1) - { - stat(dir_name,&stat_buf); - if((search(&stat_buf) || dir_search(dir_name, fname) ) == TRUE) - { - DEBUG(0,("%s used link to blocked dir: %s \n", conn->user, dir_name)); - errno = EACCES; - return NULL; - } - } - } - - return (default_vfs_ops.opendir(conn, fname)); -} - - -/* - * Find mount point to block in list - */ - -static BOOL search(struct stat *stat_buf) -{ - struct block_dir *tmp_pblock = pblock_mountp; - - while(tmp_pblock != NULL) - { - - if(tmp_pblock->st_dev == stat_buf->st_dev) - { - return TRUE; - } - tmp_pblock = tmp_pblock->next; - } - - return FALSE; - -} - -/* - * Find dir in list to block id the starting point is link from a share - */ - -static BOOL dir_search(char *link, char *dir) -{ - char buf[PATH_MAX +1], *ext_path; - int len = 0; - struct block_dir *tmp_pblock = pblock_dir; - - if((len = readlink(link,buf,sizeof(buf))) == -1) - { - return TRUE; - - }else - { - buf[len] = '\0'; - } - - - if((ext_path = strchr(dir,'/')) != NULL) - { - pstrcat(buf,&ext_path[1]); - len = strlen(buf); - } - - while(tmp_pblock != NULL) - { - if(len < tmp_pblock->str_len) - { - tmp_pblock = tmp_pblock->next; - continue; - } - - if((strstr(buf,tmp_pblock->dir_name)) != NULL) - { - return TRUE; - } - tmp_pblock = tmp_pblock->next; - } - - - return FALSE; - -} diff --git a/examples/VFS/block/samba-block.conf b/examples/VFS/block/samba-block.conf deleted file mode 100644 index 7a137980b7..0000000000 --- a/examples/VFS/block/samba-block.conf +++ /dev/null @@ -1,6 +0,0 @@ -[ blocked ] -mount_point = / -mount_point = /boot -mount_point = /proc -dir_name = /usr/local/src/samba -dir_name = /usr/bin diff --git a/examples/VFS/block/smb.conf b/examples/VFS/block/smb.conf deleted file mode 100644 index 368155f1f8..0000000000 --- a/examples/VFS/block/smb.conf +++ /dev/null @@ -1,13 +0,0 @@ -[homes] - comment = Home Directories - vfs object = /usr/local/samba/lib/block.so - browseable = yes - writable = yes - - - - - - - - diff --git a/source3/include/sids.h b/source3/include/sids.h deleted file mode 100644 index 860d96b193..0000000000 --- a/source3/include/sids.h +++ /dev/null @@ -1,39 +0,0 @@ -/* - Unix SMB/CIFS implementation. - SMB parameters and setup - Copyright (C) Andrew Tridgell 1992-2000 - Copyright (C) Luke Kenneth Casson Leighton 1996-2000 - Copyright (C) Elrond 2000 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#ifndef _SIDS_H -#define _SIDS_H - -extern DOM_SID global_sam_sid; -extern fstring global_sam_name; - -extern DOM_SID global_member_sid; - -extern DOM_SID global_sid_S_1_5_32; /* local well-known domain */ -extern DOM_SID global_sid_S_1_1; /* Global Domain */ -extern DOM_SID global_sid_NULL; - -extern const DOM_SID *global_sid_everyone; -extern const DOM_SID *global_sid_system; /* SYSTEM */ -extern const DOM_SID *global_sid_builtin; - -#endif /* _SIDS_H */ diff --git a/source3/libsmb/cli_dfs.c b/source3/libsmb/cli_dfs.c deleted file mode 100644 index 7fc27b9c3b..0000000000 --- a/source3/libsmb/cli_dfs.c +++ /dev/null @@ -1,245 +0,0 @@ -/* - Unix SMB/CIFS implementation. - RPC pipe client - Copyright (C) Tim Potter 2000-2001, - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -/* Query DFS support */ - -NTSTATUS cli_dfs_exist(struct cli_state *cli, TALLOC_CTX *mem_ctx, - BOOL *dfs_exists) -{ - prs_struct qbuf, rbuf; - DFS_Q_DFS_EXIST q; - DFS_R_DFS_EXIST r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - - init_dfs_q_dfs_exist(&q); - - if (!dfs_io_q_dfs_exist("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, DFS_EXIST, &qbuf, &rbuf)) { - goto done; - } - - /* Unmarshall response */ - - if (!dfs_io_r_dfs_exist("", &r, &rbuf, 0)) { - goto done; - } - - /* Return result */ - - *dfs_exists = (r.status != 0); - - result = NT_STATUS_OK; - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -NTSTATUS cli_dfs_add(struct cli_state *cli, TALLOC_CTX *mem_ctx, - char *entrypath, char *servername, char *sharename, - char *comment, uint32 flags) -{ - prs_struct qbuf, rbuf; - DFS_Q_DFS_ADD q; - DFS_R_DFS_ADD r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - - init_dfs_q_dfs_add(&q, entrypath, servername, sharename, comment, - flags); - - if (!dfs_io_q_dfs_add("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, DFS_ADD, &qbuf, &rbuf)) { - goto done; - } - - /* Unmarshall response */ - - if (!dfs_io_r_dfs_add("", &r, &rbuf, 0)) { - goto done; - } - - /* Return result */ - - result = werror_to_ntstatus(r.status); - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -NTSTATUS cli_dfs_remove(struct cli_state *cli, TALLOC_CTX *mem_ctx, - char *entrypath, char *servername, char *sharename) -{ - prs_struct qbuf, rbuf; - DFS_Q_DFS_REMOVE q; - DFS_R_DFS_REMOVE r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - - init_dfs_q_dfs_remove(&q, entrypath, servername, sharename); - - if (!dfs_io_q_dfs_remove("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, DFS_REMOVE, &qbuf, &rbuf)) { - goto done; - } - - /* Unmarshall response */ - - if (!dfs_io_r_dfs_remove("", &r, &rbuf, 0)) { - goto done; - } - - /* Return result */ - - result = werror_to_ntstatus(r.status); - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -NTSTATUS cli_dfs_get_info(struct cli_state *cli, TALLOC_CTX *mem_ctx, - char *entrypath, char *servername, char *sharename, - uint32 info_level, DFS_INFO_CTR *ctr) - -{ - prs_struct qbuf, rbuf; - DFS_Q_DFS_GET_INFO q; - DFS_R_DFS_GET_INFO r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - - init_dfs_q_dfs_get_info(&q, entrypath, servername, sharename, - info_level); - - if (!dfs_io_q_dfs_get_info("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, DFS_GET_INFO, &qbuf, &rbuf)) { - goto done; - } - - /* Unmarshall response */ - - if (!dfs_io_r_dfs_get_info("", &r, &rbuf, 0)) { - goto done; - } - - /* Return result */ - - result = werror_to_ntstatus(r.status); - *ctr = r.ctr; - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/* Enumerate dfs shares */ - -NTSTATUS cli_dfs_enum(struct cli_state *cli, TALLOC_CTX *mem_ctx, - uint32 info_level, DFS_INFO_CTR *ctr) -{ - prs_struct qbuf, rbuf; - DFS_Q_DFS_ENUM q; - DFS_R_DFS_ENUM r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - - init_dfs_q_dfs_enum(&q, info_level, ctr); - - if (!dfs_io_q_dfs_enum("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, DFS_ENUM, &qbuf, &rbuf)) { - goto done; - } - - /* Unmarshall response */ - - r.ctr = ctr; - - if (!dfs_io_r_dfs_enum("", &r, &rbuf, 0)) { - goto done; - } - - /* Return result */ - - result = werror_to_ntstatus(r.status); - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} diff --git a/source3/libsmb/cli_lsarpc.c b/source3/libsmb/cli_lsarpc.c deleted file mode 100644 index 7dfee46fae..0000000000 --- a/source3/libsmb/cli_lsarpc.c +++ /dev/null @@ -1,1168 +0,0 @@ -/* - Unix SMB/CIFS implementation. - RPC pipe client - Copyright (C) Tim Potter 2000-2001, - Copyright (C) Andrew Tridgell 1992-1997,2000, - Copyright (C) Luke Kenneth Casson Leighton 1996-1997,2000, - Copyright (C) Paul Ashton 1997,2000, - Copyright (C) Elrond 2000, - Copyright (C) Rafal Szczesniak 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -/** @defgroup lsa LSA - Local Security Architecture - * @ingroup rpc_client - * - * @{ - **/ - -/** - * @file cli_lsarpc.c - * - * RPC client routines for the LSA RPC pipe. LSA means "local - * security authority", which is half of a password database. - **/ - -/** Open a LSA policy handle - * - * @param cli Handle on an initialised SMB connection */ - -NTSTATUS cli_lsa_open_policy(struct cli_state *cli, TALLOC_CTX *mem_ctx, - BOOL sec_qos, uint32 des_access, POLICY_HND *pol) -{ - prs_struct qbuf, rbuf; - LSA_Q_OPEN_POL q; - LSA_R_OPEN_POL r; - LSA_SEC_QOS qos; - NTSTATUS result; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Initialise input parameters */ - - if (sec_qos) { - init_lsa_sec_qos(&qos, 2, 1, 0); - init_q_open_pol(&q, '\\', 0, des_access, &qos); - } else { - init_q_open_pol(&q, '\\', 0, des_access, NULL); - } - - /* Marshall data and send request */ - - if (!lsa_io_q_open_pol("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, LSA_OPENPOLICY, &qbuf, &rbuf)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Unmarshall response */ - - if (!lsa_io_r_open_pol("", &r, &rbuf, 0)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Return output parameters */ - - if (NT_STATUS_IS_OK(result = r.status)) { - *pol = r.pol; -#ifdef __INSURE__ - pol->marker = malloc(1); -#endif - } - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/** Open a LSA policy handle - * - * @param cli Handle on an initialised SMB connection - */ - -NTSTATUS cli_lsa_open_policy2(struct cli_state *cli, TALLOC_CTX *mem_ctx, - BOOL sec_qos, uint32 des_access, POLICY_HND *pol) -{ - prs_struct qbuf, rbuf; - LSA_Q_OPEN_POL2 q; - LSA_R_OPEN_POL2 r; - LSA_SEC_QOS qos; - NTSTATUS result; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Initialise input parameters */ - - if (sec_qos) { - init_lsa_sec_qos(&qos, 2, 1, 0); - init_q_open_pol2(&q, cli->srv_name_slash, 0, des_access, - &qos); - } else { - init_q_open_pol2(&q, cli->srv_name_slash, 0, des_access, - NULL); - } - - /* Marshall data and send request */ - - if (!lsa_io_q_open_pol2("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, LSA_OPENPOLICY2, &qbuf, &rbuf)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Unmarshall response */ - - if (!lsa_io_r_open_pol2("", &r, &rbuf, 0)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Return output parameters */ - - if (NT_STATUS_IS_OK(result = r.status)) { - *pol = r.pol; -#ifdef __INSURE__ - pol->marker = (char *)malloc(1); -#endif - } - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/** Close a LSA policy handle */ - -NTSTATUS cli_lsa_close(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol) -{ - prs_struct qbuf, rbuf; - LSA_Q_CLOSE q; - LSA_R_CLOSE r; - NTSTATUS result; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - - init_lsa_q_close(&q, pol); - - if (!lsa_io_q_close("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, LSA_CLOSE, &qbuf, &rbuf)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Unmarshall response */ - - if (!lsa_io_r_close("", &r, &rbuf, 0)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Return output parameters */ - - if (NT_STATUS_IS_OK(result = r.status)) { -#ifdef __INSURE__ - SAFE_FREE(pol->marker); -#endif - *pol = r.pol; - } - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/** Lookup a list of sids */ - -NTSTATUS cli_lsa_lookup_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, int num_sids, DOM_SID *sids, - char ***domains, char ***names, uint32 **types) -{ - prs_struct qbuf, rbuf; - LSA_Q_LOOKUP_SIDS q; - LSA_R_LOOKUP_SIDS r; - DOM_R_REF ref; - LSA_TRANS_NAME_ENUM t_names; - NTSTATUS result; - int i; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - - init_q_lookup_sids(mem_ctx, &q, pol, num_sids, sids, 1); - - if (!lsa_io_q_lookup_sids("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, LSA_LOOKUPSIDS, &qbuf, &rbuf)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Unmarshall response */ - - ZERO_STRUCT(ref); - ZERO_STRUCT(t_names); - - r.dom_ref = &ref; - r.names = &t_names; - - if (!lsa_io_r_lookup_sids("", &r, &rbuf, 0)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - result = r.status; - - if (!NT_STATUS_IS_OK(result) && - NT_STATUS_V(result) != NT_STATUS_V(STATUS_SOME_UNMAPPED)) { - - /* An actual error occured */ - - goto done; - } - - /* Return output parameters */ - - if (r.mapped_count == 0) { - result = NT_STATUS_NONE_MAPPED; - goto done; - } - - if (!((*domains) = (char **)talloc(mem_ctx, sizeof(char *) * - num_sids))) { - DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - if (!((*names) = (char **)talloc(mem_ctx, sizeof(char *) * - num_sids))) { - DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - if (!((*types) = (uint32 *)talloc(mem_ctx, sizeof(uint32) * - num_sids))) { - DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - for (i = 0; i < num_sids; i++) { - fstring name, dom_name; - uint32 dom_idx = t_names.name[i].domain_idx; - - /* Translate optimised name through domain index array */ - - if (dom_idx != 0xffffffff) { - - rpcstr_pull_unistr2_fstring( - dom_name, &ref.ref_dom[dom_idx].uni_dom_name); - rpcstr_pull_unistr2_fstring( - name, &t_names.uni_name[i]); - - (*names)[i] = talloc_strdup(mem_ctx, name); - (*domains)[i] = talloc_strdup(mem_ctx, dom_name); - (*types)[i] = t_names.name[i].sid_name_use; - - if (((*names)[i] == NULL) || ((*domains)[i] == NULL)) { - DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - } else { - (*names)[i] = NULL; - (*types)[i] = SID_NAME_UNKNOWN; - } - } - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/** Lookup a list of names */ - -NTSTATUS cli_lsa_lookup_names(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, int num_names, - const char **names, DOM_SID **sids, - uint32 **types) -{ - prs_struct qbuf, rbuf; - LSA_Q_LOOKUP_NAMES q; - LSA_R_LOOKUP_NAMES r; - DOM_R_REF ref; - NTSTATUS result; - int i; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - - init_q_lookup_names(mem_ctx, &q, pol, num_names, names); - - if (!lsa_io_q_lookup_names("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, LSA_LOOKUPNAMES, &qbuf, &rbuf)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Unmarshall response */ - - ZERO_STRUCT(ref); - r.dom_ref = &ref; - - if (!lsa_io_r_lookup_names("", &r, &rbuf, 0)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - result = r.status; - - if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) != - NT_STATUS_V(STATUS_SOME_UNMAPPED)) { - - /* An actual error occured */ - - goto done; - } - - /* Return output parameters */ - - if (r.mapped_count == 0) { - result = NT_STATUS_NONE_MAPPED; - goto done; - } - - if (!((*sids = (DOM_SID *)talloc(mem_ctx, sizeof(DOM_SID) * - num_names)))) { - DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - if (!((*types = (uint32 *)talloc(mem_ctx, sizeof(uint32) * - num_names)))) { - DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - for (i = 0; i < num_names; i++) { - DOM_RID2 *t_rids = r.dom_rid; - uint32 dom_idx = t_rids[i].rid_idx; - uint32 dom_rid = t_rids[i].rid; - DOM_SID *sid = &(*sids)[i]; - - /* Translate optimised sid through domain index array */ - - if (dom_idx != 0xffffffff) { - - sid_copy(sid, &ref.ref_dom[dom_idx].ref_dom.sid); - - if (dom_rid != 0xffffffff) { - sid_append_rid(sid, dom_rid); - } - - (*types)[i] = t_rids[i].type; - } else { - ZERO_STRUCTP(sid); - (*types)[i] = SID_NAME_UNKNOWN; - } - } - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/** Query info policy - * - * @param domain_sid - returned remote server's domain sid */ - -NTSTATUS cli_lsa_query_info_policy(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, uint16 info_class, - fstring domain_name, DOM_SID *domain_sid) -{ - prs_struct qbuf, rbuf; - LSA_Q_QUERY_INFO q; - LSA_R_QUERY_INFO r; - NTSTATUS result; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - - init_q_query(&q, pol, info_class); - - if (!lsa_io_q_query("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, LSA_QUERYINFOPOLICY, &qbuf, &rbuf)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Unmarshall response */ - - if (!lsa_io_r_query("", &r, &rbuf, 0)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - if (!NT_STATUS_IS_OK(result = r.status)) { - goto done; - } - - /* Return output parameters */ - - ZERO_STRUCTP(domain_sid); - domain_name[0] = '\0'; - - switch (info_class) { - - case 3: - if (r.dom.id3.buffer_dom_name != 0) { - unistr2_to_ascii(domain_name, - &r.dom.id3. - uni_domain_name, - sizeof (fstring) - 1); - } - - if (r.dom.id3.buffer_dom_sid != 0) { - *domain_sid = r.dom.id3.dom_sid.sid; - } - - break; - - case 5: - - if (r.dom.id5.buffer_dom_name != 0) { - unistr2_to_ascii(domain_name, &r.dom.id5. - uni_domain_name, - sizeof (fstring) - 1); - } - - if (r.dom.id5.buffer_dom_sid != 0) { - *domain_sid = r.dom.id5.dom_sid.sid; - } - - break; - - default: - DEBUG(3, ("unknown info class %d\n", info_class)); - break; - } - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/** - * Enumerate list of trusted domains - * - * @param cli client state (cli_state) structure of the connection - * @param mem_ctx memory context - * @param pol opened lsa policy handle - * @param enum_ctx enumeration context ie. index of first returned domain entry - * @param pref_num_domains preferred max number of entries returned in one response - * @param num_domains total number of trusted domains returned by response - * @param domain_names returned trusted domain names - * @param domain_sids returned trusted domain sids - * - * @return nt status code of response - **/ - -NTSTATUS cli_lsa_enum_trust_dom(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, uint32 *enum_ctx, - uint32 *pref_num_domains, uint32 *num_domains, - char ***domain_names, DOM_SID **domain_sids) -{ - prs_struct qbuf, rbuf; - LSA_Q_ENUM_TRUST_DOM q; - LSA_R_ENUM_TRUST_DOM r; - NTSTATUS result; - int i; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - - init_q_enum_trust_dom(&q, pol, *enum_ctx, *pref_num_domains); - - if (!lsa_io_q_enum_trust_dom("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, LSA_ENUMTRUSTDOM, &qbuf, &rbuf)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Unmarshall response */ - - if (!lsa_io_r_enum_trust_dom("", &r, &rbuf, 0)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - result = r.status; - - if (!NT_STATUS_IS_OK(result) && - !NT_STATUS_EQUAL(result, NT_STATUS_NO_MORE_ENTRIES) && - !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) { - - /* An actual error ocured */ - - goto done; - } - - /* Return output parameters */ - - if (r.num_domains) { - - /* Allocate memory for trusted domain names and sids */ - - *domain_names = (char **)talloc(mem_ctx, sizeof(char *) * - r.num_domains); - - if (!*domain_names) { - DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n")); - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - *domain_sids = (DOM_SID *)talloc(mem_ctx, sizeof(DOM_SID) * - r.num_domains); - if (!domain_sids) { - DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n")); - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Copy across names and sids */ - - for (i = 0; i < r.num_domains; i++) { - fstring tmp; - - unistr2_to_ascii(tmp, &r.uni_domain_name[i], - sizeof(tmp) - 1); - (*domain_names)[i] = talloc_strdup(mem_ctx, tmp); - sid_copy(&(*domain_sids)[i], &r.domain_sid[i].sid); - } - } - - *num_domains = r.num_domains; - *enum_ctx = r.enum_context; - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/** Enumerate privileges*/ - -NTSTATUS cli_lsa_enum_privilege(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, uint32 *enum_context, uint32 pref_max_length, - uint32 *count, char ***privs_name, uint32 **privs_high, uint32 **privs_low) -{ - prs_struct qbuf, rbuf; - LSA_Q_ENUM_PRIVS q; - LSA_R_ENUM_PRIVS r; - NTSTATUS result; - int i; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - - init_q_enum_privs(&q, pol, *enum_context, pref_max_length); - - if (!lsa_io_q_enum_privs("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, LSA_ENUM_PRIVS, &qbuf, &rbuf)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Unmarshall response */ - - if (!lsa_io_r_enum_privs("", &r, &rbuf, 0)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - if (!NT_STATUS_IS_OK(result = r.status)) { - goto done; - } - - /* Return output parameters */ - - *enum_context = r.enum_context; - *count = r.count; - - if (!((*privs_name = (char **)talloc(mem_ctx, sizeof(char *) * r.count)))) { - DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n")); - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - if (!((*privs_high = (uint32 *)talloc(mem_ctx, sizeof(uint32) * r.count)))) { - DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n")); - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - if (!((*privs_low = (uint32 *)talloc(mem_ctx, sizeof(uint32) * r.count)))) { - DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n")); - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - for (i = 0; i < r.count; i++) { - fstring name; - - rpcstr_pull_unistr2_fstring( name, &r.privs[i].name); - - (*privs_name)[i] = talloc_strdup(mem_ctx, name); - - (*privs_high)[i] = r.privs[i].luid_high; - (*privs_low)[i] = r.privs[i].luid_low; - } - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/** Get privilege name */ - -NTSTATUS cli_lsa_get_dispname(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, char *name, uint16 lang_id, uint16 lang_id_sys, - fstring description, uint16 *lang_id_desc) -{ - prs_struct qbuf, rbuf; - LSA_Q_PRIV_GET_DISPNAME q; - LSA_R_PRIV_GET_DISPNAME r; - NTSTATUS result; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - - init_lsa_priv_get_dispname(&q, pol, name, lang_id, lang_id_sys); - - if (!lsa_io_q_priv_get_dispname("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, LSA_PRIV_GET_DISPNAME, &qbuf, &rbuf)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Unmarshall response */ - - if (!lsa_io_r_priv_get_dispname("", &r, &rbuf, 0)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - if (!NT_STATUS_IS_OK(result = r.status)) { - goto done; - } - - /* Return output parameters */ - - rpcstr_pull_unistr2_fstring(description , &r.desc); - *lang_id_desc = r.lang_id; - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/** Enumerate list of SIDs */ - -NTSTATUS cli_lsa_enum_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, uint32 *enum_ctx, uint32 pref_max_length, - uint32 *num_sids, DOM_SID **sids) -{ - prs_struct qbuf, rbuf; - LSA_Q_ENUM_ACCOUNTS q; - LSA_R_ENUM_ACCOUNTS r; - NTSTATUS result; - int i; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - - init_lsa_q_enum_accounts(&q, pol, *enum_ctx, pref_max_length); - - if (!lsa_io_q_enum_accounts("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, LSA_ENUM_ACCOUNTS, &qbuf, &rbuf)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Unmarshall response */ - - if (!lsa_io_r_enum_accounts("", &r, &rbuf, 0)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - result = r.status; - - if (!NT_STATUS_IS_OK(result = r.status)) { - goto done; - } - - if (r.sids.num_entries==0) - goto done; - - /* Return output parameters */ - - *sids = (DOM_SID *)talloc(mem_ctx, sizeof(DOM_SID) * r.sids.num_entries); - if (!*sids) { - DEBUG(0, ("(cli_lsa_enum_sids): out of memory\n")); - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Copy across names and sids */ - - for (i = 0; i < r.sids.num_entries; i++) { - sid_copy(&(*sids)[i], &r.sids.sid[i].sid); - } - - *num_sids= r.sids.num_entries; - *enum_ctx = r.enum_context; - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/** Open a LSA user handle - * - * @param cli Handle on an initialised SMB connection */ - -NTSTATUS cli_lsa_open_account(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *dom_pol, DOM_SID *sid, uint32 des_access, - POLICY_HND *user_pol) -{ - prs_struct qbuf, rbuf; - LSA_Q_OPENACCOUNT q; - LSA_R_OPENACCOUNT r; - NTSTATUS result; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Initialise input parameters */ - - init_lsa_q_open_account(&q, dom_pol, sid, des_access); - - /* Marshall data and send request */ - - if (!lsa_io_q_open_account("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, LSA_OPENACCOUNT, &qbuf, &rbuf)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Unmarshall response */ - - if (!lsa_io_r_open_account("", &r, &rbuf, 0)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Return output parameters */ - - if (NT_STATUS_IS_OK(result = r.status)) { - *user_pol = r.pol; - } - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/** Enumerate user privileges - * - * @param cli Handle on an initialised SMB connection */ - -NTSTATUS cli_lsa_enum_privsaccount(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, uint32 *count, LUID_ATTR **set) -{ - prs_struct qbuf, rbuf; - LSA_Q_ENUMPRIVSACCOUNT q; - LSA_R_ENUMPRIVSACCOUNT r; - NTSTATUS result; - int i; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Initialise input parameters */ - - init_lsa_q_enum_privsaccount(&q, pol); - - /* Marshall data and send request */ - - if (!lsa_io_q_enum_privsaccount("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, LSA_ENUMPRIVSACCOUNT, &qbuf, &rbuf)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Unmarshall response */ - - if (!lsa_io_r_enum_privsaccount("", &r, &rbuf, 0)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Return output parameters */ - - if (!NT_STATUS_IS_OK(result = r.status)) { - goto done; - } - - if (r.count == 0) - goto done; - - if (!((*set = (LUID_ATTR *)talloc(mem_ctx, sizeof(LUID_ATTR) * r.count)))) { - DEBUG(0, ("(cli_lsa_enum_privsaccount): out of memory\n")); - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - for (i=0; imem_ctx, MARSHALL); - prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL); - - /* create and send a MSRPC command with api NET_REQCHAL */ - - DEBUG(4,("new_cli_net_req_chal: LSA Request Challenge from %s to %s: %s\n", - global_myname, cli->desthost, credstr(clnt_chal->data))); - - /* store the parameters */ - init_q_req_chal(&q, cli->srv_name_slash, global_myname, clnt_chal); - - /* Marshall data and send request */ - - if (!net_io_q_req_chal("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, NET_REQCHAL, &qbuf, &rbuf)) { - goto done; - } - - /* Unmarhall response */ - - if (!net_io_r_req_chal("", &r, &rbuf, 0)) { - goto done; - } - - result = r.status; - - /* Return result */ - - if (NT_STATUS_IS_OK(result)) { - memcpy(srv_chal, r.srv_chal.data, sizeof(srv_chal->data)); - } - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/**************************************************************************** -LSA Authenticate 2 - -Send the client credential, receive back a server credential. -Ensure that the server credential returned matches the session key -encrypt of the server challenge originally received. JRA. -****************************************************************************/ - -NTSTATUS new_cli_net_auth2(struct cli_state *cli, - uint16 sec_chan, - uint32 neg_flags, DOM_CHAL *srv_chal) -{ - prs_struct qbuf, rbuf; - NET_Q_AUTH_2 q; - NET_R_AUTH_2 r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - extern pstring global_myname; - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL); - prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL); - - /* create and send a MSRPC command with api NET_AUTH2 */ - - DEBUG(4,("new_cli_net_auth2: srv:%s acct:%s sc:%x mc: %s chal %s neg: %x\n", - cli->srv_name_slash, cli->mach_acct, sec_chan, global_myname, - credstr(cli->clnt_cred.challenge.data), neg_flags)); - - /* store the parameters */ - init_q_auth_2(&q, cli->srv_name_slash, cli->mach_acct, - sec_chan, global_myname, &cli->clnt_cred.challenge, - neg_flags); - - /* turn parameters into data stream */ - - if (!net_io_q_auth_2("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, NET_AUTH2, &qbuf, &rbuf)) { - goto done; - } - - /* Unmarshall response */ - - if (!net_io_r_auth_2("", &r, &rbuf, 0)) { - goto done; - } - - result = r.status; - - if (NT_STATUS_IS_OK(result)) { - UTIME zerotime; - - /* - * Check the returned value using the initial - * server received challenge. - */ - - zerotime.time = 0; - if (cred_assert( &r.srv_chal, cli->sess_key, srv_chal, - zerotime) == 0) { - - /* - * Server replied with bad credential. Fail. - */ - DEBUG(0,("new_cli_net_auth2: server %s replied with bad credential (bad machine \ -password ?).\n", cli->desthost )); - result = NT_STATUS_ACCESS_DENIED; - goto done; - } - } - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/* Initialize domain session credentials */ - -NTSTATUS new_cli_nt_setup_creds(struct cli_state *cli, - uint16 sec_chan, - const unsigned char mach_pwd[16]) -{ - DOM_CHAL clnt_chal; - DOM_CHAL srv_chal; - UTIME zerotime; - NTSTATUS result; - - /******************* Request Challenge ********************/ - - generate_random_buffer(clnt_chal.data, 8, False); - - /* send a client challenge; receive a server challenge */ - result = new_cli_net_req_chal(cli, &clnt_chal, &srv_chal); - - if (!NT_STATUS_IS_OK(result)) { - DEBUG(0,("new_cli_nt_setup_creds: request challenge failed\n")); - return result; - } - - /**************** Long-term Session key **************/ - - /* calculate the session key */ - cred_session_key(&clnt_chal, &srv_chal, mach_pwd, - cli->sess_key); - memset((char *)cli->sess_key+8, '\0', 8); - - /******************* Authenticate 2 ********************/ - - /* calculate auth-2 credentials */ - zerotime.time = 0; - cred_create(cli->sess_key, &clnt_chal, zerotime, - &cli->clnt_cred.challenge); - - /* - * Send client auth-2 challenge. - * Receive an auth-2 challenge response and check it. - */ - - result = new_cli_net_auth2(cli, sec_chan, 0x000001ff, - &srv_chal); - if (!NT_STATUS_IS_OK(result)) { - DEBUG(1,("cli_nt_setup_creds: auth2 challenge failed %s\n", - nt_errstr(result))); - } - - return result; -} - -/* Logon Control 2 */ - -NTSTATUS cli_netlogon_logon_ctrl2(struct cli_state *cli, TALLOC_CTX *mem_ctx, - uint32 query_level) -{ - prs_struct qbuf, rbuf; - NET_Q_LOGON_CTRL2 q; - NET_R_LOGON_CTRL2 r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Initialise input parameters */ - - init_net_q_logon_ctrl2(&q, cli->srv_name_slash, query_level); - - /* Marshall data and send request */ - - if (!net_io_q_logon_ctrl2("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, NET_LOGON_CTRL2, &qbuf, &rbuf)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Unmarshall response */ - - if (!net_io_r_logon_ctrl2("", &r, &rbuf, 0)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - result = r.status; - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/**************************************************************************** -Generate the next creds to use. Yuck - this is a cut&paste from another -file. They should be combined at some stage. )-: -****************************************************************************/ - -static void gen_next_creds( struct cli_state *cli, DOM_CRED *new_clnt_cred) -{ - /* - * Create the new client credentials. - */ - - cli->clnt_cred.timestamp.time = time(NULL); - - memcpy(new_clnt_cred, &cli->clnt_cred, sizeof(*new_clnt_cred)); - - /* Calculate the new credentials. */ - cred_create(cli->sess_key, &(cli->clnt_cred.challenge), - new_clnt_cred->timestamp, &(new_clnt_cred->challenge)); - -} - -/* Sam synchronisation */ - -NTSTATUS cli_netlogon_sam_sync(struct cli_state *cli, TALLOC_CTX *mem_ctx, DOM_CRED *ret_creds, - uint32 database_id, uint32 *num_deltas, - SAM_DELTA_HDR **hdr_deltas, - SAM_DELTA_CTR **deltas) -{ - prs_struct qbuf, rbuf; - NET_Q_SAM_SYNC q; - NET_R_SAM_SYNC r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - DOM_CRED clnt_creds; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Initialise input parameters */ - - gen_next_creds(cli, &clnt_creds); - - init_net_q_sam_sync(&q, cli->srv_name_slash, cli->clnt_name_slash + 2, - &clnt_creds, ret_creds, database_id); - - /* Marshall data and send request */ - - if (!net_io_q_sam_sync("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, NET_SAM_SYNC, &qbuf, &rbuf)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Unmarshall response */ - - if (!net_io_r_sam_sync("", cli->sess_key, &r, &rbuf, 0)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Return results */ - - result = r.status; - *num_deltas = r.num_deltas2; - *hdr_deltas = r.hdr_deltas; - *deltas = r.deltas; - - memcpy(ret_creds, &r.srv_creds, sizeof(*ret_creds)); - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/* Sam synchronisation */ - -NTSTATUS cli_netlogon_sam_deltas(struct cli_state *cli, TALLOC_CTX *mem_ctx, - uint32 database_id, UINT64_S seqnum, - uint32 *num_deltas, - SAM_DELTA_HDR **hdr_deltas, - SAM_DELTA_CTR **deltas) -{ - prs_struct qbuf, rbuf; - NET_Q_SAM_DELTAS q; - NET_R_SAM_DELTAS r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - DOM_CRED clnt_creds; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Initialise input parameters */ - - gen_next_creds(cli, &clnt_creds); - - init_net_q_sam_deltas(&q, cli->srv_name_slash, - cli->clnt_name_slash + 2, &clnt_creds, - database_id, seqnum); - - /* Marshall data and send request */ - - if (!net_io_q_sam_deltas("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, NET_SAM_DELTAS, &qbuf, &rbuf)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Unmarshall response */ - - if (!net_io_r_sam_deltas("", cli->sess_key, &r, &rbuf, 0)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Return results */ - - result = r.status; - *num_deltas = r.num_deltas2; - *hdr_deltas = r.hdr_deltas; - *deltas = r.deltas; - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/* Logon domain user */ - -NTSTATUS cli_netlogon_sam_logon(struct cli_state *cli, TALLOC_CTX *mem_ctx, - char *username, char *password, - int logon_type) -{ - prs_struct qbuf, rbuf; - NET_Q_SAM_LOGON q; - NET_R_SAM_LOGON r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - DOM_CRED clnt_creds, dummy_rtn_creds; - extern pstring global_myname; - NET_ID_INFO_CTR ctr; - NET_USER_INFO_3 user; - int validation_level = 3; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Initialise input parameters */ - - gen_next_creds(cli, &clnt_creds); - - q.validation_level = validation_level; - - memset(&dummy_rtn_creds, '\0', sizeof(dummy_rtn_creds)); - dummy_rtn_creds.timestamp.time = time(NULL); - - ctr.switch_value = logon_type; - - switch (logon_type) { - case INTERACTIVE_LOGON_TYPE: { - unsigned char lm_owf_user_pwd[16], nt_owf_user_pwd[16]; - - nt_lm_owf_gen(password, nt_owf_user_pwd, lm_owf_user_pwd); - - init_id_info1(&ctr.auth.id1, lp_workgroup(), - 0, /* param_ctrl */ - 0xdead, 0xbeef, /* LUID? */ - username, cli->clnt_name_slash, - cli->sess_key, lm_owf_user_pwd, - nt_owf_user_pwd); - - break; - } - case NET_LOGON_TYPE: { - uint8 chal[8]; - unsigned char local_lm_response[24]; - unsigned char local_nt_response[24]; - - generate_random_buffer(chal, 8, False); - - SMBencrypt(password, chal, local_lm_response); - SMBNTencrypt(password, chal, local_nt_response); - - init_id_info2(&ctr.auth.id2, lp_workgroup(), - 0, /* param_ctrl */ - 0xdead, 0xbeef, /* LUID? */ - username, cli->clnt_name_slash, chal, - local_lm_response, 24, local_nt_response, 24); - break; - } - default: - DEBUG(0, ("switch value %d not supported\n", - ctr.switch_value)); - goto done; - } - - init_sam_info(&q.sam_id, cli->srv_name_slash, global_myname, - &clnt_creds, &dummy_rtn_creds, logon_type, - &ctr); - - /* Marshall data and send request */ - - if (!net_io_q_sam_logon("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, NET_SAMLOGON, &qbuf, &rbuf)) { - goto done; - } - - /* Unmarshall response */ - - r.user = &user; - - if (!net_io_r_sam_logon("", &r, &rbuf, 0)) { - goto done; - } - - /* Return results */ - - result = r.status; - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - - -/** - * Logon domain user with an 'network' SAM logon - * - * @param info3 Pointer to a NET_USER_INFO_3 already allocated by the caller. - **/ - -NTSTATUS cli_netlogon_sam_network_logon(struct cli_state *cli, TALLOC_CTX *mem_ctx, - const char *username, const char *domain, const char *workstation, - const uint8 chal[8], - DATA_BLOB lm_response, DATA_BLOB nt_response, - NET_USER_INFO_3 *info3) - -{ - prs_struct qbuf, rbuf; - NET_Q_SAM_LOGON q; - NET_R_SAM_LOGON r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - DOM_CRED clnt_creds, dummy_rtn_creds; - NET_ID_INFO_CTR ctr; - extern pstring global_myname; - int validation_level = 3; - char *workstation_name_slash; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - workstation_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", workstation); - - if (!workstation_name_slash) { - DEBUG(0, ("talloc_asprintf failed!\n")); - return NT_STATUS_NO_MEMORY; - } - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Initialise input parameters */ - - gen_next_creds(cli, &clnt_creds); - - q.validation_level = validation_level; - - memset(&dummy_rtn_creds, '\0', sizeof(dummy_rtn_creds)); - dummy_rtn_creds.timestamp.time = time(NULL); - - ctr.switch_value = NET_LOGON_TYPE; - - init_id_info2(&ctr.auth.id2, domain, - 0, /* param_ctrl */ - 0xdead, 0xbeef, /* LUID? */ - username, workstation_name_slash, (const uchar*)chal, - lm_response.data, lm_response.length, nt_response.data, nt_response.length); - - init_sam_info(&q.sam_id, cli->srv_name_slash, global_myname, - &clnt_creds, &dummy_rtn_creds, NET_LOGON_TYPE, - &ctr); - - /* Marshall data and send request */ - - if (!net_io_q_sam_logon("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, NET_SAMLOGON, &qbuf, &rbuf)) { - goto done; - } - - /* Unmarshall response */ - - r.user = info3; - - if (!net_io_r_sam_logon("", &r, &rbuf, 0)) { - goto done; - } - - /* Return results */ - - result = r.status; - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/*************************************************************************** -LSA Server Password Set. -****************************************************************************/ - -NTSTATUS cli_net_srv_pwset(struct cli_state *cli, TALLOC_CTX *mem_ctx, - char* machine_name, uint8 hashed_mach_pwd[16]) -{ - prs_struct rbuf; - prs_struct qbuf; - DOM_CRED new_clnt_cred; - NET_Q_SRV_PWSET q_s; - uint16 sec_chan_type = 2; - NTSTATUS nt_status; - char *mach_acct; - - gen_next_creds( cli, &new_clnt_cred); - - prs_init(&qbuf , 1024, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* create and send a MSRPC command with api NET_SRV_PWSET */ - - mach_acct = talloc_asprintf(mem_ctx, "%s$", machine_name); - - if (!mach_acct) { - DEBUG(0,("talloc_asprintf failed!\n")); - nt_status = NT_STATUS_NO_MEMORY; - goto done; - } - - DEBUG(4,("cli_net_srv_pwset: srv:%s acct:%s sc: %d mc: %s clnt %s %x\n", - cli->srv_name_slash, mach_acct, sec_chan_type, machine_name, - credstr(new_clnt_cred.challenge.data), new_clnt_cred.timestamp.time)); - - /* store the parameters */ - init_q_srv_pwset(&q_s, cli->srv_name_slash, cli->sess_key, - mach_acct, sec_chan_type, machine_name, - &new_clnt_cred, (char *)hashed_mach_pwd); - - /* turn parameters into data stream */ - if(!net_io_q_srv_pwset("", &q_s, &qbuf, 0)) { - DEBUG(0,("cli_net_srv_pwset: Error : failed to marshall NET_Q_SRV_PWSET struct.\n")); - nt_status = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* send the data on \PIPE\ */ - if (rpc_api_pipe_req(cli, NET_SRVPWSET, &qbuf, &rbuf)) - { - NET_R_SRV_PWSET r_s; - - if (!net_io_r_srv_pwset("", &r_s, &rbuf, 0)) { - nt_status = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - nt_status = r_s.status; - - if (!NT_STATUS_IS_OK(r_s.status)) - { - /* report error code */ - DEBUG(0,("cli_net_srv_pwset: %s\n", nt_errstr(nt_status))); - goto done; - } - - /* Update the credentials. */ - if (!clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred), &(r_s.srv_cred))) - { - /* - * Server replied with bad credential. Fail. - */ - DEBUG(0,("cli_net_srv_pwset: server %s replied with bad credential (bad machine \ -password ?).\n", cli->desthost )); - nt_status = NT_STATUS_UNSUCCESSFUL; - } - } - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return nt_status; -} - diff --git a/source3/libsmb/cli_pipe_util.c b/source3/libsmb/cli_pipe_util.c deleted file mode 100644 index de1c832e44..0000000000 --- a/source3/libsmb/cli_pipe_util.c +++ /dev/null @@ -1,82 +0,0 @@ -/* - Unix SMB/CIFS implementation. - RPC pipe client utility functions - Copyright (C) Tim Potter 2001, - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -/** \defgroup rpc_client RPC Client routines - */ - -/* Opens a SMB connection to a named pipe */ - -struct cli_state *cli_pipe_initialise(struct cli_state *cli, char *system_name, - char *pipe_name, - struct ntuser_creds *creds) -{ - struct in_addr dest_ip; - struct nmb_name calling, called; - fstring dest_host; - extern pstring global_myname; - struct ntuser_creds anon; - - /* Initialise cli_state information */ - - if (!cli_initialise(cli)) { - return NULL; - } - - if (!creds) { - ZERO_STRUCT(anon); - anon.pwd.null_pwd = 1; - creds = &anon; - } - - cli_init_creds(cli, creds); - - /* Establish a SMB connection */ - - if (!resolve_srv_name(system_name, dest_host, &dest_ip)) { - return NULL; - } - - make_nmb_name(&called, dns_to_netbios_name(dest_host), 0x20); - make_nmb_name(&calling, dns_to_netbios_name(global_myname), 0); - - if (!cli_establish_connection(cli, dest_host, &dest_ip, &calling, - &called, "IPC$", "IPC", False, True)) { - return NULL; - } - - /* Open a NT session thingy */ - - if (!cli_nt_session_open(cli, pipe_name)) { - cli_shutdown(cli); - return NULL; - } - - return cli; -} - -/* Shut down a SMB connection to the SAMR pipe */ - -void cli_pipe_shutdown(struct cli_state *cli) -{ - if (cli->fd != -1) cli_ulogoff(cli); - cli_shutdown(cli); -} diff --git a/source3/libsmb/cli_reg.c b/source3/libsmb/cli_reg.c deleted file mode 100644 index aaf18882f7..0000000000 --- a/source3/libsmb/cli_reg.c +++ /dev/null @@ -1,102 +0,0 @@ -/* - Unix SMB/CIFS implementation. - RPC Pipe client - - Copyright (C) Andrew Tridgell 1992-1998, - Copyright (C) Luke Kenneth Casson Leighton 1996-1998, - Copyright (C) Paul Ashton 1997-1998. - Copyright (C) Jeremy Allison 1999. - Copyright (C) Simo Sorce 2001 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -/* Shutdown a server */ - -NTSTATUS cli_reg_shutdown(struct cli_state * cli, TALLOC_CTX *mem_ctx, - const char *msg, uint32 timeout, uint16 flags) -{ - prs_struct qbuf; - prs_struct rbuf; - REG_Q_SHUTDOWN q_s; - REG_R_SHUTDOWN r_s; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - if (msg == NULL) return NT_STATUS_INVALID_PARAMETER; - - ZERO_STRUCT (q_s); - ZERO_STRUCT (r_s); - - prs_init(&qbuf , MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - - init_reg_q_shutdown(&q_s, msg, timeout, flags); - - if (!reg_io_q_shutdown("", &q_s, &qbuf, 0) || - !rpc_api_pipe_req(cli, REG_SHUTDOWN, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if(reg_io_r_shutdown("", &r_s, &rbuf, 0)) - result = r_s.status; - -done: - prs_mem_free(&rbuf); - prs_mem_free(&qbuf); - - return result; -} - - -/* Abort a server shutdown */ - -NTSTATUS cli_reg_abort_shutdown(struct cli_state * cli, TALLOC_CTX *mem_ctx) -{ - prs_struct rbuf; - prs_struct qbuf; - REG_Q_ABORT_SHUTDOWN q_s; - REG_R_ABORT_SHUTDOWN r_s; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - ZERO_STRUCT (q_s); - ZERO_STRUCT (r_s); - - prs_init(&qbuf , MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - - init_reg_q_abort_shutdown(&q_s); - - if (!reg_io_q_abort_shutdown("", &q_s, &qbuf, 0) || - !rpc_api_pipe_req(cli, REG_ABORT_SHUTDOWN, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (reg_io_r_abort_shutdown("", &r_s, &rbuf, 0)) - result = r_s.status; - -done: - prs_mem_free(&rbuf); - prs_mem_free(&qbuf ); - - return result; -} diff --git a/source3/libsmb/cli_samr.c b/source3/libsmb/cli_samr.c deleted file mode 100644 index 91577b3325..0000000000 --- a/source3/libsmb/cli_samr.c +++ /dev/null @@ -1,1294 +0,0 @@ -/* - Unix SMB/CIFS implementation. - RPC pipe client - Copyright (C) Tim Potter 2000-2001, - Copyright (C) Andrew Tridgell 1992-1997,2000, - Copyright (C) Luke Kenneth Casson Leighton 1996-1997,2000, - Copyright (C) Paul Ashton 1997,2000, - Copyright (C) Elrond 2000. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -/* Connect to SAMR database */ - -NTSTATUS cli_samr_connect(struct cli_state *cli, TALLOC_CTX *mem_ctx, - uint32 access_mask, POLICY_HND *connect_pol) -{ - prs_struct qbuf, rbuf; - SAMR_Q_CONNECT q; - SAMR_R_CONNECT r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - - init_samr_q_connect(&q, cli->desthost, access_mask); - - if (!samr_io_q_connect("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SAMR_CONNECT, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (!samr_io_r_connect("", &r, &rbuf, 0)) - goto done; - - /* Return output parameters */ - - if (NT_STATUS_IS_OK(result = r.status)) { - *connect_pol = r.connect_pol; -#ifdef __INSURE__ - connect_pol->marker = malloc(1); -#endif - } - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/* Close SAMR handle */ - -NTSTATUS cli_samr_close(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *connect_pol) -{ - prs_struct qbuf, rbuf; - SAMR_Q_CLOSE_HND q; - SAMR_R_CLOSE_HND r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - - init_samr_q_close_hnd(&q, connect_pol); - - if (!samr_io_q_close_hnd("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SAMR_CLOSE_HND, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (!samr_io_r_close_hnd("", &r, &rbuf, 0)) - goto done; - - /* Return output parameters */ - - if (NT_STATUS_IS_OK(result = r.status)) { -#ifdef __INSURE__ - SAFE_FREE(connect_pol->marker); -#endif - *connect_pol = r.pol; - } - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/* Open handle on a domain */ - -NTSTATUS cli_samr_open_domain(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *connect_pol, uint32 access_mask, - const DOM_SID *domain_sid, POLICY_HND *domain_pol) -{ - prs_struct qbuf, rbuf; - SAMR_Q_OPEN_DOMAIN q; - SAMR_R_OPEN_DOMAIN r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - - init_samr_q_open_domain(&q, connect_pol, access_mask, domain_sid); - - if (!samr_io_q_open_domain("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SAMR_OPEN_DOMAIN, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (!samr_io_r_open_domain("", &r, &rbuf, 0)) - goto done; - - /* Return output parameters */ - - if (NT_STATUS_IS_OK(result = r.status)) { - *domain_pol = r.domain_pol; -#ifdef __INSURE__ - domain_pol->marker = malloc(1); -#endif - } - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/* Open handle on a user */ - -NTSTATUS cli_samr_open_user(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *domain_pol, uint32 access_mask, - uint32 user_rid, POLICY_HND *user_pol) -{ - prs_struct qbuf, rbuf; - SAMR_Q_OPEN_USER q; - SAMR_R_OPEN_USER r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - - init_samr_q_open_user(&q, domain_pol, access_mask, user_rid); - - if (!samr_io_q_open_user("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SAMR_OPEN_USER, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (!samr_io_r_open_user("", &r, &rbuf, 0)) - goto done; - - /* Return output parameters */ - - if (NT_STATUS_IS_OK(result = r.status)) { - *user_pol = r.user_pol; -#ifdef __INSURE__ - user_pol->marker = malloc(1); -#endif - } - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/* Open handle on a group */ - -NTSTATUS cli_samr_open_group(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *domain_pol, uint32 access_mask, - uint32 group_rid, POLICY_HND *group_pol) -{ - prs_struct qbuf, rbuf; - SAMR_Q_OPEN_GROUP q; - SAMR_R_OPEN_GROUP r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - - init_samr_q_open_group(&q, domain_pol, access_mask, group_rid); - - if (!samr_io_q_open_group("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SAMR_OPEN_GROUP, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (!samr_io_r_open_group("", &r, &rbuf, 0)) - goto done; - - /* Return output parameters */ - - if (NT_STATUS_IS_OK(result = r.status)) { - *group_pol = r.pol; -#ifdef __INSURE__ - group_pol->marker = malloc(1); -#endif - } - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/* Query user info */ - -NTSTATUS cli_samr_query_userinfo(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *user_pol, uint16 switch_value, - SAM_USERINFO_CTR **ctr) -{ - prs_struct qbuf, rbuf; - SAMR_Q_QUERY_USERINFO q; - SAMR_R_QUERY_USERINFO r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - - init_samr_q_query_userinfo(&q, user_pol, switch_value); - - if (!samr_io_q_query_userinfo("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SAMR_QUERY_USERINFO, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (!samr_io_r_query_userinfo("", &r, &rbuf, 0)) - goto done; - - /* Return output parameters */ - - result = r.status; - *ctr = r.ctr; - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/* Query group info */ - -NTSTATUS cli_samr_query_groupinfo(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *group_pol, uint32 info_level, - GROUP_INFO_CTR *ctr) -{ - prs_struct qbuf, rbuf; - SAMR_Q_QUERY_GROUPINFO q; - SAMR_R_QUERY_GROUPINFO r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - - init_samr_q_query_groupinfo(&q, group_pol, info_level); - - if (!samr_io_q_query_groupinfo("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SAMR_QUERY_GROUPINFO, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - r.ctr = ctr; - - if (!samr_io_r_query_groupinfo("", &r, &rbuf, 0)) - goto done; - - /* Return output parameters */ - - result = r.status; - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/* Query user groups */ - -NTSTATUS cli_samr_query_usergroups(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *user_pol, uint32 *num_groups, - DOM_GID **gid) -{ - prs_struct qbuf, rbuf; - SAMR_Q_QUERY_USERGROUPS q; - SAMR_R_QUERY_USERGROUPS r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - - init_samr_q_query_usergroups(&q, user_pol); - - if (!samr_io_q_query_usergroups("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SAMR_QUERY_USERGROUPS, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (!samr_io_r_query_usergroups("", &r, &rbuf, 0)) - goto done; - - /* Return output parameters */ - - if (NT_STATUS_IS_OK(result = r.status)) { - *num_groups = r.num_entries; - *gid = r.gid; - } - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/* Query user aliases */ - -NTSTATUS cli_samr_query_useraliases(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *user_pol, uint32 num_sids, DOM_SID2 *sid, - uint32 *num_aliases, uint32 **als_rids) -{ - prs_struct qbuf, rbuf; - SAMR_Q_QUERY_USERALIASES q; - SAMR_R_QUERY_USERALIASES r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - unsigned int ptr=1; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - - init_samr_q_query_useraliases(&q, user_pol, num_sids, &ptr, sid); - - if (!samr_io_q_query_useraliases("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SAMR_QUERY_USERALIASES, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (!samr_io_r_query_useraliases("", &r, &rbuf, 0)) - goto done; - - /* Return output parameters */ - - if (NT_STATUS_IS_OK(result = r.status)) { - *num_aliases = r.num_entries; - *als_rids = r.rid; - } - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/* Query user groups */ - -NTSTATUS cli_samr_query_groupmem(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *group_pol, uint32 *num_mem, - uint32 **rid, uint32 **attr) -{ - prs_struct qbuf, rbuf; - SAMR_Q_QUERY_GROUPMEM q; - SAMR_R_QUERY_GROUPMEM r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - - init_samr_q_query_groupmem(&q, group_pol); - - if (!samr_io_q_query_groupmem("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SAMR_QUERY_GROUPMEM, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (!samr_io_r_query_groupmem("", &r, &rbuf, 0)) - goto done; - - /* Return output parameters */ - - if (NT_STATUS_IS_OK(result = r.status)) { - *num_mem = r.num_entries; - *rid = r.rid; - *attr = r.attr; - } - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/* Enumerate domain groups */ - -NTSTATUS cli_samr_enum_dom_groups(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, uint32 *start_idx, - uint32 size, struct acct_info **dom_groups, - uint32 *num_dom_groups) -{ - prs_struct qbuf, rbuf; - SAMR_Q_ENUM_DOM_GROUPS q; - SAMR_R_ENUM_DOM_GROUPS r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - uint32 name_idx, i; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - - init_samr_q_enum_dom_groups(&q, pol, *start_idx, size); - - if (!samr_io_q_enum_dom_groups("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SAMR_ENUM_DOM_GROUPS, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (!samr_io_r_enum_dom_groups("", &r, &rbuf, 0)) - goto done; - - /* Return output parameters */ - - result = r.status; - - if (!NT_STATUS_IS_OK(result) && - NT_STATUS_V(result) != NT_STATUS_V(STATUS_MORE_ENTRIES)) - goto done; - - *num_dom_groups = r.num_entries2; - - if (!((*dom_groups) = (struct acct_info *) - talloc(mem_ctx, sizeof(struct acct_info) * *num_dom_groups))) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - memset(*dom_groups, 0, sizeof(struct acct_info) * *num_dom_groups); - - name_idx = 0; - - for (i = 0; i < *num_dom_groups; i++) { - - (*dom_groups)[i].rid = r.sam[i].rid; - - if (r.sam[i].hdr_name.buffer) { - unistr2_to_ascii((*dom_groups)[i].acct_name, - &r.uni_grp_name[name_idx], - sizeof(fstring) - 1); - name_idx++; - } - - *start_idx = r.next_idx; - } - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/* Enumerate domain groups */ - -NTSTATUS cli_samr_enum_als_groups(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, uint32 *start_idx, - uint32 size, struct acct_info **dom_groups, - uint32 *num_dom_groups) -{ - prs_struct qbuf, rbuf; - SAMR_Q_ENUM_DOM_ALIASES q; - SAMR_R_ENUM_DOM_ALIASES r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - uint32 name_idx, i; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - - init_samr_q_enum_dom_aliases(&q, pol, *start_idx, size); - - if (!samr_io_q_enum_dom_aliases("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SAMR_ENUM_DOM_ALIASES, &qbuf, &rbuf)) { - goto done; - } - - /* Unmarshall response */ - - if (!samr_io_r_enum_dom_aliases("", &r, &rbuf, 0)) { - goto done; - } - - /* Return output parameters */ - - result = r.status; - - if (!NT_STATUS_IS_OK(result) && - NT_STATUS_V(result) != NT_STATUS_V(STATUS_MORE_ENTRIES)) { - goto done; - } - - *num_dom_groups = r.num_entries2; - - if (!((*dom_groups) = (struct acct_info *) - talloc(mem_ctx, sizeof(struct acct_info) * *num_dom_groups))) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - memset(*dom_groups, 0, sizeof(struct acct_info) * *num_dom_groups); - - name_idx = 0; - - for (i = 0; i < *num_dom_groups; i++) { - - (*dom_groups)[i].rid = r.sam[i].rid; - - if (r.sam[i].hdr_name.buffer) { - unistr2_to_ascii((*dom_groups)[i].acct_name, - &r.uni_grp_name[name_idx], - sizeof(fstring) - 1); - name_idx++; - } - - *start_idx = r.next_idx; - } - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/* Query alias members */ - -NTSTATUS cli_samr_query_aliasmem(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *alias_pol, uint32 *num_mem, - DOM_SID **sids) -{ - prs_struct qbuf, rbuf; - SAMR_Q_QUERY_ALIASMEM q; - SAMR_R_QUERY_ALIASMEM r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - uint32 i; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - - init_samr_q_query_aliasmem(&q, alias_pol); - - if (!samr_io_q_query_aliasmem("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SAMR_QUERY_ALIASMEM, &qbuf, &rbuf)) { - goto done; - } - - /* Unmarshall response */ - - if (!samr_io_r_query_aliasmem("", &r, &rbuf, 0)) { - goto done; - } - - /* Return output parameters */ - - if (!NT_STATUS_IS_OK(result = r.status)) { - goto done; - } - - *num_mem = r.num_sids; - - if (!(*sids = talloc(mem_ctx, sizeof(DOM_SID) * *num_mem))) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - for (i = 0; i < *num_mem; i++) { - (*sids)[i] = r.sid[i].sid; - } - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/* Open handle on an alias */ - -NTSTATUS cli_samr_open_alias(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *domain_pol, uint32 access_mask, - uint32 alias_rid, POLICY_HND *alias_pol) -{ - prs_struct qbuf, rbuf; - SAMR_Q_OPEN_ALIAS q; - SAMR_R_OPEN_ALIAS r; - NTSTATUS result; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - - init_samr_q_open_alias(&q, domain_pol, access_mask, alias_rid); - - if (!samr_io_q_open_alias("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SAMR_OPEN_ALIAS, &qbuf, &rbuf)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Unmarshall response */ - - if (!samr_io_r_open_alias("", &r, &rbuf, 0)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Return output parameters */ - - if (NT_STATUS_IS_OK(result = r.status)) { - *alias_pol = r.pol; -#ifdef __INSURE__ - alias_pol->marker = malloc(1); -#endif - } - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/* Query domain info */ - -NTSTATUS cli_samr_query_dom_info(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *domain_pol, uint16 switch_value, - SAM_UNK_CTR *ctr) -{ - prs_struct qbuf, rbuf; - SAMR_Q_QUERY_DOMAIN_INFO q; - SAMR_R_QUERY_DOMAIN_INFO r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - - init_samr_q_query_dom_info(&q, domain_pol, switch_value); - - if (!samr_io_q_query_dom_info("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SAMR_QUERY_DOMAIN_INFO, &qbuf, &rbuf)) { - goto done; - } - - /* Unmarshall response */ - - r.ctr = ctr; - - if (!samr_io_r_query_dom_info("", &r, &rbuf, 0)) { - goto done; - } - - /* Return output parameters */ - - if (!NT_STATUS_IS_OK(result = r.status)) { - goto done; - } - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/* Query display info */ - -NTSTATUS cli_samr_query_dispinfo(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *domain_pol, uint32 *start_idx, - uint16 switch_value, uint32 *num_entries, - uint32 max_entries, SAM_DISPINFO_CTR *ctr) -{ - prs_struct qbuf, rbuf; - SAMR_Q_QUERY_DISPINFO q; - SAMR_R_QUERY_DISPINFO r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - - init_samr_q_query_dispinfo(&q, domain_pol, switch_value, - *start_idx, max_entries); - - if (!samr_io_q_query_dispinfo("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SAMR_QUERY_DISPINFO, &qbuf, &rbuf)) { - goto done; - } - - /* Unmarshall response */ - - r.ctr = ctr; - - if (!samr_io_r_query_dispinfo("", &r, &rbuf, 0)) { - goto done; - } - - /* Return output parameters */ - - result = r.status; - - if (!NT_STATUS_IS_OK(result) && - NT_STATUS_V(result) != NT_STATUS_V(STATUS_MORE_ENTRIES)) { - goto done; - } - - *num_entries = r.num_entries; - *start_idx += r.num_entries; /* No next_idx in this structure! */ - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/* Lookup rids. Note that NT4 seems to crash if more than ~1000 rids are - looked up in one packet. */ - -NTSTATUS cli_samr_lookup_rids(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *domain_pol, uint32 flags, - uint32 num_rids, uint32 *rids, - uint32 *num_names, char ***names, - uint32 **name_types) -{ - prs_struct qbuf, rbuf; - SAMR_Q_LOOKUP_RIDS q; - SAMR_R_LOOKUP_RIDS r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - uint32 i; - - if (num_rids > 1000) { - DEBUG(2, ("cli_samr_lookup_rids: warning: NT4 can crash if " - "more than ~1000 rids are looked up at once.\n")); - } - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - - init_samr_q_lookup_rids(mem_ctx, &q, domain_pol, flags, - num_rids, rids); - - if (!samr_io_q_lookup_rids("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SAMR_LOOKUP_RIDS, &qbuf, &rbuf)) { - goto done; - } - - /* Unmarshall response */ - - if (!samr_io_r_lookup_rids("", &r, &rbuf, 0)) { - goto done; - } - - /* Return output parameters */ - - if (!NT_STATUS_IS_OK(result = r.status)) { - goto done; - } - - if (r.num_names1 == 0) { - *num_names = 0; - *names = NULL; - goto done; - } - - *num_names = r.num_names1; - *names = talloc(mem_ctx, sizeof(char *) * r.num_names1); - *name_types = talloc(mem_ctx, sizeof(uint32) * r.num_names1); - - for (i = 0; i < r.num_names1; i++) { - fstring tmp; - - unistr2_to_ascii(tmp, &r.uni_name[i], sizeof(tmp) - 1); - (*names)[i] = talloc_strdup(mem_ctx, tmp); - (*name_types)[i] = r.type[i]; - } - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/* Lookup names */ - -NTSTATUS cli_samr_lookup_names(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *domain_pol, uint32 flags, - uint32 num_names, const char **names, - uint32 *num_rids, uint32 **rids, - uint32 **rid_types) -{ - prs_struct qbuf, rbuf; - SAMR_Q_LOOKUP_NAMES q; - SAMR_R_LOOKUP_NAMES r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - uint32 i; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - - init_samr_q_lookup_names(mem_ctx, &q, domain_pol, flags, - num_names, names); - - if (!samr_io_q_lookup_names("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SAMR_LOOKUP_NAMES, &qbuf, &rbuf)) { - goto done; - } - - /* Unmarshall response */ - - if (!samr_io_r_lookup_names("", &r, &rbuf, 0)) { - goto done; - } - - /* Return output parameters */ - - if (!NT_STATUS_IS_OK(result = r.status)) { - goto done; - } - - if (r.num_rids1 == 0) { - *num_rids = 0; - goto done; - } - - *num_rids = r.num_rids1; - *rids = talloc(mem_ctx, sizeof(uint32) * r.num_rids1); - *rid_types = talloc(mem_ctx, sizeof(uint32) * r.num_rids1); - - for (i = 0; i < r.num_rids1; i++) { - (*rids)[i] = r.rids[i]; - (*rid_types)[i] = r.types[i]; - } - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/* Create a domain user */ - -NTSTATUS cli_samr_create_dom_user(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *domain_pol, const char *acct_name, - uint32 acb_info, uint32 unknown, - POLICY_HND *user_pol, uint32 *rid) -{ - prs_struct qbuf, rbuf; - SAMR_Q_CREATE_USER q; - SAMR_R_CREATE_USER r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - - init_samr_q_create_user(&q, domain_pol, acct_name, acb_info, unknown); - - if (!samr_io_q_create_user("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SAMR_CREATE_USER, &qbuf, &rbuf)) { - goto done; - } - - /* Unmarshall response */ - - if (!samr_io_r_create_user("", &r, &rbuf, 0)) { - goto done; - } - - /* Return output parameters */ - - if (!NT_STATUS_IS_OK(result = r.status)) { - goto done; - } - - if (user_pol) - *user_pol = r.user_pol; - - if (rid) - *rid = r.user_rid; - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/* Set userinfo */ - -NTSTATUS cli_samr_set_userinfo(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *user_pol, uint16 switch_value, - uchar sess_key[16], SAM_USERINFO_CTR *ctr) -{ - prs_struct qbuf, rbuf; - SAMR_Q_SET_USERINFO q; - SAMR_R_SET_USERINFO r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - - q.ctr = ctr; - - init_samr_q_set_userinfo(&q, user_pol, sess_key, switch_value, - ctr->info.id); - - if (!samr_io_q_set_userinfo("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SAMR_SET_USERINFO, &qbuf, &rbuf)) { - goto done; - } - - /* Unmarshall response */ - - if (!samr_io_r_set_userinfo("", &r, &rbuf, 0)) { - goto done; - } - - /* Return output parameters */ - - if (!NT_STATUS_IS_OK(result = r.status)) { - goto done; - } - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/* Set userinfo2 */ - -NTSTATUS cli_samr_set_userinfo2(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *user_pol, uint16 switch_value, - uchar sess_key[16], SAM_USERINFO_CTR *ctr) -{ - prs_struct qbuf, rbuf; - SAMR_Q_SET_USERINFO2 q; - SAMR_R_SET_USERINFO2 r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - - init_samr_q_set_userinfo2(&q, user_pol, sess_key, switch_value, ctr); - - if (!samr_io_q_set_userinfo2("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SAMR_SET_USERINFO2, &qbuf, &rbuf)) { - goto done; - } - - /* Unmarshall response */ - - if (!samr_io_r_set_userinfo2("", &r, &rbuf, 0)) { - goto done; - } - - /* Return output parameters */ - - if (!NT_STATUS_IS_OK(result = r.status)) { - goto done; - } - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/* Delete domain user */ - -NTSTATUS cli_samr_delete_dom_user(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *user_pol) -{ - prs_struct qbuf, rbuf; - SAMR_Q_DELETE_DOM_USER q; - SAMR_R_DELETE_DOM_USER r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - - init_samr_q_delete_dom_user(&q, user_pol); - - if (!samr_io_q_delete_dom_user("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SAMR_DELETE_DOM_USER, &qbuf, &rbuf)) { - goto done; - } - - /* Unmarshall response */ - - if (!samr_io_r_delete_dom_user("", &r, &rbuf, 0)) { - goto done; - } - - /* Return output parameters */ - - result = r.status; - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/* Query user security object */ - -NTSTATUS cli_samr_query_sec_obj(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *user_pol, uint16 switch_value, - TALLOC_CTX *ctx, SEC_DESC_BUF **sec_desc_buf) -{ - prs_struct qbuf, rbuf; - SAMR_Q_QUERY_SEC_OBJ q; - SAMR_R_QUERY_SEC_OBJ r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - - init_samr_q_query_sec_obj(&q, user_pol, switch_value); - - if (!samr_io_q_query_sec_obj("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SAMR_QUERY_SEC_OBJECT, &qbuf, &rbuf)) { - goto done; - } - - /* Unmarshall response */ - - if (!samr_io_r_query_sec_obj("", &r, &rbuf, 0)) { - goto done; - } - - /* Return output parameters */ - - result = r.status; - *sec_desc_buf=dup_sec_desc_buf(ctx, r.buf); - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/* Get domain password info */ - -NTSTATUS cli_samr_get_dom_pwinfo(struct cli_state *cli, TALLOC_CTX *mem_ctx, - uint16 *unk_0, uint16 *unk_1, uint16 *unk_2) -{ - prs_struct qbuf, rbuf; - SAMR_Q_GET_DOM_PWINFO q; - SAMR_R_GET_DOM_PWINFO r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - - init_samr_q_get_dom_pwinfo(&q, cli->desthost); - - if (!samr_io_q_get_dom_pwinfo("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SAMR_GET_DOM_PWINFO, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (!samr_io_r_get_dom_pwinfo("", &r, &rbuf, 0)) - goto done; - - /* Return output parameters */ - - result = r.status; - - if (NT_STATUS_IS_OK(result)) { - if (unk_0) - *unk_0 = r.unk_0; - if (unk_1) - *unk_1 = r.unk_1; - if (unk_2) - *unk_2 = r.unk_2; - } - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} diff --git a/source3/libsmb/cli_spoolss.c b/source3/libsmb/cli_spoolss.c deleted file mode 100644 index 18e17758d6..0000000000 --- a/source3/libsmb/cli_spoolss.c +++ /dev/null @@ -1,2156 +0,0 @@ -/* - Unix SMB/CIFS implementation. - RPC pipe client - - Copyright (C) Gerald Carter 2001-2002, - Copyright (C) Tim Potter 2000-2002, - Copyright (C) Andrew Tridgell 1994-2000, - Copyright (C) Luke Kenneth Casson Leighton 1996-2000, - Copyright (C) Jean-Francois Micouleau 1999-2000. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -/** @defgroup spoolss SPOOLSS - NT printing routines - * @ingroup rpc_client - * - * @{ - **/ - -/********************************************************************** - Initialize a new spoolss buff for use by a client rpc -**********************************************************************/ -static void init_buffer(NEW_BUFFER *buffer, uint32 size, TALLOC_CTX *ctx) -{ - buffer->ptr = (size != 0); - buffer->size = size; - buffer->string_at_end = size; - prs_init(&buffer->prs, size, ctx, MARSHALL); - buffer->struct_start = prs_offset(&buffer->prs); -} - -/********************************************************************* - Decode various spoolss rpc's and info levels - ********************************************************************/ - -/********************************************************************** -**********************************************************************/ -static void decode_printer_info_0(TALLOC_CTX *mem_ctx, NEW_BUFFER *buffer, - uint32 returned, PRINTER_INFO_0 **info) -{ - uint32 i; - PRINTER_INFO_0 *inf; - - inf=(PRINTER_INFO_0 *)talloc(mem_ctx, returned*sizeof(PRINTER_INFO_0)); - - buffer->prs.data_offset=0; - - for (i=0; iprs.data_offset=0; - - for (i=0; iprs.data_offset=0; - - for (i=0; iprs.data_offset=0; - - for (i=0; iprs, 0); - - for (i=0; iprs, 0); - - for (i=0; iprs.data_offset=0; - - for (i=0; iprs.data_offset=0; - - for (i=0; iprs.data_offset=0; - - for (i=0; iprs, 0); - - smb_io_driverdir_1("", buffer, inf, 0); - - *info=inf; -} - -/** Return a handle to the specified printer or print server. - * - * @param cli Pointer to client state structure which is open - * on the SPOOLSS pipe. - * - * @param mem_ctx Pointer to an initialised talloc context. - * - * @param printername The name of the printer or print server to be - * opened in UNC format. - * - * @param datatype Specifies the default data type for the printer. - * - * @param access_required The access rights requested on the printer or - * print server. - * - * @param station The UNC name of the requesting workstation. - * - * @param username The name of the user requesting the open. - * - * @param pol Returned policy handle. - */ - -/********************************************************************************* - Win32 API - OpenPrinter() - ********************************************************************************/ - -WERROR cli_spoolss_open_printer_ex(struct cli_state *cli, TALLOC_CTX *mem_ctx, - char *printername, char *datatype, uint32 access_required, - char *station, char *username, POLICY_HND *pol) -{ - prs_struct qbuf, rbuf; - SPOOL_Q_OPEN_PRINTER_EX q; - SPOOL_R_OPEN_PRINTER_EX r; - WERROR result = W_ERROR(ERRgeneral); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Initialise input parameters */ - - make_spoolss_q_open_printer_ex(&q, printername, datatype, - access_required, station, username); - - /* Marshall data and send request */ - - if (!spoolss_io_q_open_printer_ex("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SPOOLSS_OPENPRINTEREX, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (!spoolss_io_r_open_printer_ex("", &r, &rbuf, 0)) - goto done; - - /* Return output parameters */ - - result = r.status; - - if (W_ERROR_IS_OK(result)) - *pol = r.handle; - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/** Close a printer handle - * - * @param cli Pointer to client state structure which is open - * on the SPOOLSS pipe. - * - * @param mem_ctx Pointer to an initialised talloc context. - * - * @param pol Policy handle of printer or print server to close. - */ -/********************************************************************************* - Win32 API - ClosePrinter() - ********************************************************************************/ - -WERROR cli_spoolss_close_printer(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol) -{ - prs_struct qbuf, rbuf; - SPOOL_Q_CLOSEPRINTER q; - SPOOL_R_CLOSEPRINTER r; - WERROR result = W_ERROR(ERRgeneral); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Initialise input parameters */ - - make_spoolss_q_closeprinter(&q, pol); - - /* Marshall data and send request */ - - if (!spoolss_io_q_closeprinter("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SPOOLSS_CLOSEPRINTER, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (!spoolss_io_r_closeprinter("", &r, &rbuf, 0)) - goto done; - - /* Return output parameters */ - - result = r.status; - - if (W_ERROR_IS_OK(result)) - *pol = r.handle; - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/** Enumerate printers on a print server. - * - * @param cli Pointer to client state structure which is open - * on the SPOOLSS pipe. - * @param mem_ctx Pointer to an initialised talloc context. - * - * @param offered Buffer size offered in the request. - * @param needed Number of bytes needed to complete the request. - * may be NULL. - * - * @param flags Selected from PRINTER_ENUM_* flags. - * @param level Request information level. - * - * @param num_printers Pointer to number of printers returned. May be - * NULL. - * @param ctr Return structure for printer information. May - * be NULL. - */ -/********************************************************************************* - Win32 API - EnumPrinters() - ********************************************************************************/ - -WERROR cli_spoolss_enum_printers(struct cli_state *cli, TALLOC_CTX *mem_ctx, - uint32 offered, uint32 *needed, - uint32 flags, uint32 level, - uint32 *num_printers, PRINTER_INFO_CTR *ctr) -{ - prs_struct qbuf, rbuf; - SPOOL_Q_ENUMPRINTERS q; - SPOOL_R_ENUMPRINTERS r; - NEW_BUFFER buffer; - WERROR result = W_ERROR(ERRgeneral); - fstring server; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost); - strupper (server); - - /* Initialise input parameters */ - - init_buffer(&buffer, offered, mem_ctx); - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - make_spoolss_q_enumprinters(&q, flags, server, level, &buffer, - offered); - - /* Marshall data and send request */ - - if (!spoolss_io_q_enumprinters("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SPOOLSS_ENUMPRINTERS, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (spoolss_io_r_enumprinters("", &r, &rbuf, 0)) { - if (needed) - *needed = r.needed; - } - - result = r.status; - - /* Return output parameters */ - - if (!W_ERROR_IS_OK(r.status)) - goto done; - - if (num_printers) - *num_printers = r.returned; - - if (!ctr) - goto done; - - switch (level) { - case 0: - decode_printer_info_0(mem_ctx, r.buffer, r.returned, - &ctr->printers_0); - break; - case 1: - decode_printer_info_1(mem_ctx, r.buffer, r.returned, - &ctr->printers_1); - break; - case 2: - decode_printer_info_2(mem_ctx, r.buffer, r.returned, - &ctr->printers_2); - break; - case 3: - decode_printer_info_3(mem_ctx, r.buffer, r.returned, - &ctr->printers_3); - break; - } - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/********************************************************************************* - Win32 API - EnumPorts() - ********************************************************************************/ -/** Enumerate printer ports on a print server. - * - * @param cli Pointer to client state structure which is open - * on the SPOOLSS pipe. - * @param mem_ctx Pointer to an initialised talloc context. - * - * @param offered Buffer size offered in the request. - * @param needed Number of bytes needed to complete the request. - * May be NULL. - * - * @param level Requested information level. - * - * @param num_ports Pointer to number of ports returned. May be NULL. - * @param ctr Pointer to structure holding port information. - * May be NULL. - */ - -WERROR cli_spoolss_enum_ports(struct cli_state *cli, TALLOC_CTX *mem_ctx, - uint32 offered, uint32 *needed, - uint32 level, int *num_ports, PORT_INFO_CTR *ctr) -{ - prs_struct qbuf, rbuf; - SPOOL_Q_ENUMPORTS q; - SPOOL_R_ENUMPORTS r; - NEW_BUFFER buffer; - WERROR result = W_ERROR(ERRgeneral); - fstring server; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost); - strupper (server); - - /* Initialise input parameters */ - - init_buffer(&buffer, offered, mem_ctx); - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - make_spoolss_q_enumports(&q, server, level, &buffer, offered); - - /* Marshall data and send request */ - - if (!spoolss_io_q_enumports("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SPOOLSS_ENUMPORTS, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (spoolss_io_r_enumports("", &r, &rbuf, 0)) { - if (needed) - *needed = r.needed; - } - - result = r.status; - - /* Return output parameters */ - - if (!W_ERROR_IS_OK(result)) - goto done; - - if (num_ports) - *num_ports = r.returned; - - if (!ctr) - goto done; - - switch (level) { - case 1: - decode_port_info_1(mem_ctx, r.buffer, r.returned, - &ctr->port.info_1); - break; - case 2: - decode_port_info_2(mem_ctx, r.buffer, r.returned, - &ctr->port.info_2); - break; - } - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/********************************************************************************* - Win32 API - GetPrinter() - ********************************************************************************/ - -WERROR cli_spoolss_getprinter(struct cli_state *cli, TALLOC_CTX *mem_ctx, - uint32 offered, uint32 *needed, - POLICY_HND *pol, uint32 level, - PRINTER_INFO_CTR *ctr) -{ - prs_struct qbuf, rbuf; - SPOOL_Q_GETPRINTER q; - SPOOL_R_GETPRINTER r; - NEW_BUFFER buffer; - WERROR result = W_ERROR(ERRgeneral); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise input parameters */ - - init_buffer(&buffer, offered, mem_ctx); - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - make_spoolss_q_getprinter(mem_ctx, &q, pol, level, &buffer, offered); - - /* Marshall data and send request */ - - if (!spoolss_io_q_getprinter("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SPOOLSS_GETPRINTER, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (!spoolss_io_r_getprinter("", &r, &rbuf, 0)) - goto done; - - if (needed) - *needed = r.needed; - - /* Return output parameters */ - - result = r.status; - - if (W_ERROR_IS_OK(result)) { - switch (level) { - case 0: - decode_printer_info_0(mem_ctx, r.buffer, 1, &ctr->printers_0); - break; - case 1: - decode_printer_info_1(mem_ctx, r.buffer, 1, &ctr->printers_1); - break; - case 2: - decode_printer_info_2(mem_ctx, r.buffer, 1, &ctr->printers_2); - break; - case 3: - decode_printer_info_3(mem_ctx, r.buffer, 1, &ctr->printers_3); - break; - } - } - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/********************************************************************************* - Win32 API - SetPrinter() - ********************************************************************************/ -/** Set printer info - * - * @param cli Pointer to client state structure which is open - * on the SPOOLSS pipe. - * @param mem_ctx Pointer to an initialised talloc context. - * - * @param pol Policy handle on printer to set info. - * @param level Information level to set. - * @param ctr Pointer to structure holding printer information. - * @param command Specifies the action performed. See - * http://msdn.microsoft.com/library/default.asp?url=/library/en-us/gdi/prntspol_13ua.asp - * for details. - * - */ - -WERROR cli_spoolss_setprinter(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, uint32 level, - PRINTER_INFO_CTR *ctr, uint32 command) -{ - prs_struct qbuf, rbuf; - SPOOL_Q_SETPRINTER q; - SPOOL_R_SETPRINTER r; - WERROR result = W_ERROR(ERRgeneral); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise input parameters */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - make_spoolss_q_setprinter(mem_ctx, &q, pol, level, ctr, command); - - /* Marshall data and send request */ - - if (!spoolss_io_q_setprinter("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SPOOLSS_SETPRINTER, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (!spoolss_io_r_setprinter("", &r, &rbuf, 0)) - goto done; - - result = r.status; - -done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/********************************************************************************* - Win32 API - GetPrinterDriver() - ********************************************************************************/ -/** Get installed printer drivers for a given printer - * - * @param cli Pointer to client state structure which is open - * on the SPOOLSS pipe. - * - * @param mem_ctx Pointer to an initialised talloc context. - * - * @param offered Buffer size offered in the request. - * @param needed Number of bytes needed to complete the request. - * may be NULL. - * - * @param pol Pointer to an open policy handle for the printer - * opened with cli_spoolss_open_printer_ex(). - * @param level Requested information level. - * @param env The print environment or archictecture. This is - * "Windows NT x86" for NT4. - * @param ctr Returned printer driver information. - */ - -WERROR cli_spoolss_getprinterdriver(struct cli_state *cli, - TALLOC_CTX *mem_ctx, - uint32 offered, uint32 *needed, - POLICY_HND *pol, uint32 level, - char *env, PRINTER_DRIVER_CTR *ctr) -{ - prs_struct qbuf, rbuf; - SPOOL_Q_GETPRINTERDRIVER2 q; - SPOOL_R_GETPRINTERDRIVER2 r; - NEW_BUFFER buffer; - WERROR result = W_ERROR(ERRgeneral); - fstring server; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - fstrcpy (server, cli->desthost); - strupper (server); - - /* Initialise input parameters */ - - init_buffer(&buffer, offered, mem_ctx); - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - make_spoolss_q_getprinterdriver2(&q, pol, env, level, 2, 2, - &buffer, offered); - - /* Marshall data and send request */ - - if (!spoolss_io_q_getprinterdriver2 ("", &q, &qbuf, 0) || - !rpc_api_pipe_req (cli, SPOOLSS_GETPRINTERDRIVER2, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (spoolss_io_r_getprinterdriver2 ("", &r, &rbuf, 0)) { - if (needed) - *needed = r.needed; - } - - result = r.status; - - /* Return output parameters */ - - if (!W_ERROR_IS_OK(result)) - goto done; - - if (!ctr) - goto done; - - switch (level) { - case 1: - decode_printer_driver_1(mem_ctx, r.buffer, 1, &ctr->info1); - break; - case 2: - decode_printer_driver_2(mem_ctx, r.buffer, 1, &ctr->info2); - break; - case 3: - decode_printer_driver_3(mem_ctx, r.buffer, 1, &ctr->info3); - break; - } - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/********************************************************************************* - Win32 API - EnumPrinterDrivers() - ********************************************************************************/ -/********************************************************************** - * Get installed printer drivers for a given printer - */ -WERROR cli_spoolss_enumprinterdrivers (struct cli_state *cli, - TALLOC_CTX *mem_ctx, - uint32 offered, uint32 *needed, - uint32 level, char *env, - uint32 *num_drivers, - PRINTER_DRIVER_CTR *ctr) -{ - prs_struct qbuf, rbuf; - SPOOL_Q_ENUMPRINTERDRIVERS q; - SPOOL_R_ENUMPRINTERDRIVERS r; - NEW_BUFFER buffer; - WERROR result = W_ERROR(ERRgeneral); - fstring server; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost); - strupper (server); - - /* Initialise input parameters */ - - init_buffer(&buffer, offered, mem_ctx); - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Write the request */ - - make_spoolss_q_enumprinterdrivers(&q, server, env, level, &buffer, - offered); - - /* Marshall data and send request */ - - if (!spoolss_io_q_enumprinterdrivers ("", &q, &qbuf, 0) || - !rpc_api_pipe_req (cli, SPOOLSS_ENUMPRINTERDRIVERS, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (!spoolss_io_r_enumprinterdrivers ("", &r, &rbuf, 0)) - goto done; - - if (needed) - *needed = r.needed; - - if (num_drivers) - *num_drivers = r.returned; - - result = r.status; - - /* Return output parameters */ - - if (W_ERROR_IS_OK(result) && (r.returned != 0)) { - *num_drivers = r.returned; - - switch (level) { - case 1: - decode_printer_driver_1(mem_ctx, r.buffer, r.returned, &ctr->info1); - break; - case 2: - decode_printer_driver_2(mem_ctx, r.buffer, r.returned, &ctr->info2); - break; - case 3: - decode_printer_driver_3(mem_ctx, r.buffer, r.returned, &ctr->info3); - break; - } - } - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - - -/********************************************************************************* - Win32 API - GetPrinterDriverDirectory() - ********************************************************************************/ -/********************************************************************** - * Get installed printer drivers for a given printer - */ -WERROR cli_spoolss_getprinterdriverdir (struct cli_state *cli, - TALLOC_CTX *mem_ctx, - uint32 offered, uint32 *needed, - uint32 level, char *env, - DRIVER_DIRECTORY_CTR *ctr) -{ - prs_struct qbuf, rbuf; - SPOOL_Q_GETPRINTERDRIVERDIR q; - SPOOL_R_GETPRINTERDRIVERDIR r; - NEW_BUFFER buffer; - WERROR result = W_ERROR(ERRgeneral); - fstring server; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost); - strupper (server); - - /* Initialise input parameters */ - - init_buffer(&buffer, offered, mem_ctx); - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Write the request */ - - make_spoolss_q_getprinterdriverdir(&q, server, env, level, &buffer, - offered); - - /* Marshall data and send request */ - - if (!spoolss_io_q_getprinterdriverdir ("", &q, &qbuf, 0) || - !rpc_api_pipe_req (cli, SPOOLSS_GETPRINTERDRIVERDIRECTORY, - &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (spoolss_io_r_getprinterdriverdir ("", &r, &rbuf, 0)) { - if (needed) - *needed = r.needed; - } - - /* Return output parameters */ - - result = r.status; - - if (W_ERROR_IS_OK(result)) { - switch (level) { - case 1: - decode_printerdriverdir_1(mem_ctx, r.buffer, 1, - &ctr->info1); - break; - } - } - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/********************************************************************************* - Win32 API - AddPrinterDriver() - ********************************************************************************/ -/********************************************************************** - * Install a printer driver - */ -WERROR cli_spoolss_addprinterdriver (struct cli_state *cli, - TALLOC_CTX *mem_ctx, uint32 level, - PRINTER_DRIVER_CTR *ctr) -{ - prs_struct qbuf, rbuf; - SPOOL_Q_ADDPRINTERDRIVER q; - SPOOL_R_ADDPRINTERDRIVER r; - WERROR result = W_ERROR(ERRgeneral); - fstring server; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost); - strupper (server); - - /* Initialise input parameters */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Write the request */ - - make_spoolss_q_addprinterdriver (mem_ctx, &q, server, level, ctr); - - /* Marshall data and send request */ - - if (!spoolss_io_q_addprinterdriver ("", &q, &qbuf, 0) || - !rpc_api_pipe_req (cli, SPOOLSS_ADDPRINTERDRIVER, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (!spoolss_io_r_addprinterdriver ("", &r, &rbuf, 0)) - goto done; - - /* Return output parameters */ - - result = r.status; - -done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/********************************************************************************* - Win32 API - AddPrinter() - ********************************************************************************/ -/********************************************************************** - * Install a printer - */ -WERROR cli_spoolss_addprinterex (struct cli_state *cli, TALLOC_CTX *mem_ctx, - uint32 level, PRINTER_INFO_CTR*ctr) -{ - prs_struct qbuf, rbuf; - SPOOL_Q_ADDPRINTEREX q; - SPOOL_R_ADDPRINTEREX r; - WERROR result = W_ERROR(ERRgeneral); - fstring server, - client, - user; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - slprintf (client, sizeof(fstring)-1, "\\\\%s", cli->desthost); - strupper (client); - slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost); - strupper (server); - fstrcpy (user, cli->user_name); - - /* Initialise input parameters */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Write the request */ - - make_spoolss_q_addprinterex (mem_ctx, &q, server, client, user, - level, ctr); - - /* Marshall data and send request */ - - if (!spoolss_io_q_addprinterex ("", &q, &qbuf, 0) || - !rpc_api_pipe_req (cli, SPOOLSS_ADDPRINTEREX, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (!spoolss_io_r_addprinterex ("", &r, &rbuf, 0)) - goto done; - - /* Return output parameters */ - - result = r.status; - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/********************************************************************************* - Win32 API - DeltePrinterDriver() - ********************************************************************************/ -/********************************************************************** - * Delete a Printer Driver from the server (does not remove - * the driver files - */ -WERROR cli_spoolss_deleteprinterdriver (struct cli_state *cli, - TALLOC_CTX *mem_ctx, char *arch, - char *driver) -{ - prs_struct qbuf, rbuf; - SPOOL_Q_DELETEPRINTERDRIVER q; - SPOOL_R_DELETEPRINTERDRIVER r; - WERROR result = W_ERROR(ERRgeneral); - fstring server; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - - /* Initialise input parameters */ - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost); - strupper (server); - - /* Write the request */ - - make_spoolss_q_deleteprinterdriver(mem_ctx, &q, server, arch, driver); - - /* Marshall data and send request */ - - if (!spoolss_io_q_deleteprinterdriver ("", &q, &qbuf, 0) || - !rpc_api_pipe_req (cli,SPOOLSS_DELETEPRINTERDRIVER , &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (!spoolss_io_r_deleteprinterdriver ("", &r, &rbuf, 0)) - goto done; - - /* Return output parameters */ - - result = r.status; - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/********************************************************************************* - Win32 API - GetPrinterProcessorDirectory() - ********************************************************************************/ - -WERROR cli_spoolss_getprintprocessordirectory(struct cli_state *cli, - TALLOC_CTX *mem_ctx, - uint32 offered, uint32 *needed, - char *name, char *environment, - fstring procdir) -{ - prs_struct qbuf, rbuf; - SPOOL_Q_GETPRINTPROCESSORDIRECTORY q; - SPOOL_R_GETPRINTPROCESSORDIRECTORY r; - int level = 1; - WERROR result = W_ERROR(ERRgeneral); - NEW_BUFFER buffer; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Initialise input parameters */ - - init_buffer(&buffer, offered, mem_ctx); - - make_spoolss_q_getprintprocessordirectory( - &q, name, environment, level, &buffer, offered); - - /* Marshall data and send request */ - - if (!spoolss_io_q_getprintprocessordirectory("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SPOOLSS_GETPRINTPROCESSORDIRECTORY, - &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (!spoolss_io_r_getprintprocessordirectory("", &r, &rbuf, 0)) - goto done; - - /* Return output parameters */ - - result = r.status; - - if (needed) - *needed = r.needed; - - if (W_ERROR_IS_OK(result)) - fstrcpy(procdir, "Not implemented!"); - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/** Add a form to a printer. - * - * @param cli Pointer to client state structure which is open - * on the SPOOLSS pipe. - * @param mem_ctx Pointer to an initialised talloc context. - * - * @param handle Policy handle opened with cli_spoolss_open_printer_ex - * or cli_spoolss_addprinterex. - * @param level Form info level to add - should always be 1. - * @param form A pointer to the form to be added. - * - */ - -WERROR cli_spoolss_addform(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *handle, uint32 level, FORM *form) -{ - prs_struct qbuf, rbuf; - SPOOL_Q_ADDFORM q; - SPOOL_R_ADDFORM r; - WERROR result = W_ERROR(ERRgeneral); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Initialise input parameters */ - - make_spoolss_q_addform(&q, handle, level, form); - - /* Marshall data and send request */ - - if (!spoolss_io_q_addform("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SPOOLSS_ADDFORM, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (!spoolss_io_r_addform("", &r, &rbuf, 0)) - goto done; - - /* Return output parameters */ - - result = r.status; - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/** Set a form on a printer. - * - * @param cli Pointer to client state structure which is open - * on the SPOOLSS pipe. - * @param mem_ctx Pointer to an initialised talloc context. - * - * @param handle Policy handle opened with cli_spoolss_open_printer_ex - * or cli_spoolss_addprinterex. - * @param level Form info level to set - should always be 1. - * @param form A pointer to the form to be set. - * - */ - -WERROR cli_spoolss_setform(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *handle, uint32 level, char *form_name, - FORM *form) -{ - prs_struct qbuf, rbuf; - SPOOL_Q_SETFORM q; - SPOOL_R_SETFORM r; - WERROR result = W_ERROR(ERRgeneral); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Initialise input parameters */ - - make_spoolss_q_setform(&q, handle, level, form_name, form); - - /* Marshall data and send request */ - - if (!spoolss_io_q_setform("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SPOOLSS_SETFORM, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (!spoolss_io_r_setform("", &r, &rbuf, 0)) - goto done; - - /* Return output parameters */ - - result = r.status; - - if (!W_ERROR_IS_OK(result)) - goto done; - - - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/** Get a form on a printer. - * - * @param cli Pointer to client state structure which is open - * on the SPOOLSS pipe. - * @param mem_ctx Pointer to an initialised talloc context. - * - * @param handle Policy handle opened with cli_spoolss_open_printer_ex - * or cli_spoolss_addprinterex. - * @param formname Name of the form to get - * @param level Form info level to get - should always be 1. - * - */ - -WERROR cli_spoolss_getform(struct cli_state *cli, TALLOC_CTX *mem_ctx, - uint32 offered, uint32 *needed, - POLICY_HND *handle, char *formname, uint32 level, - FORM_1 *form) -{ - prs_struct qbuf, rbuf; - SPOOL_Q_GETFORM q; - SPOOL_R_GETFORM r; - WERROR result = W_ERROR(ERRgeneral); - NEW_BUFFER buffer; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - init_buffer(&buffer, offered, mem_ctx); - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Initialise input parameters */ - - make_spoolss_q_getform(&q, handle, formname, level, &buffer, offered); - - /* Marshall data and send request */ - - if (!spoolss_io_q_getform("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SPOOLSS_GETFORM, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (!spoolss_io_r_getform("", &r, &rbuf, 0)) - goto done; - - /* Return output parameters */ - - result = r.status; - - if (needed) - *needed = r.needed; - - if (W_ERROR_IS_OK(result)) - smb_io_form_1("", r.buffer, form, 0); - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/** Delete a form on a printer. - * - * @param cli Pointer to client state structure which is open - * on the SPOOLSS pipe. - * @param mem_ctx Pointer to an initialised talloc context. - * - * @param handle Policy handle opened with cli_spoolss_open_printer_ex - * or cli_spoolss_addprinterex. - * @param form The name of the form to delete. - * - */ - -WERROR cli_spoolss_deleteform(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *handle, char *form_name) -{ - prs_struct qbuf, rbuf; - SPOOL_Q_DELETEFORM q; - SPOOL_R_DELETEFORM r; - WERROR result = W_ERROR(ERRgeneral); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Initialise input parameters */ - - make_spoolss_q_deleteform(&q, handle, form_name); - - /* Marshall data and send request */ - - if (!spoolss_io_q_deleteform("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SPOOLSS_DELETEFORM, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (!spoolss_io_r_deleteform("", &r, &rbuf, 0)) - goto done; - - /* Return output parameters */ - - result = r.status; - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -static void decode_forms_1(TALLOC_CTX *mem_ctx, NEW_BUFFER *buffer, - uint32 num_forms, FORM_1 **forms) -{ - int i; - - *forms = (FORM_1 *)talloc(mem_ctx, num_forms * sizeof(FORM_1)); - buffer->prs.data_offset = 0; - - for (i = 0; i < num_forms; i++) - smb_io_form_1("", buffer, &((*forms)[i]), 0); -} - -/** Enumerate forms - * - * @param cli Pointer to client state structure which is open - * on the SPOOLSS pipe. - * @param mem_ctx Pointer to an initialised talloc context. - * - * @param offered Buffer size offered in the request. - * @param needed Number of bytes needed to complete the request. - * may be NULL. - * or cli_spoolss_addprinterex. - * @param level Form info level to get - should always be 1. - * @param handle Open policy handle - * - */ - -WERROR cli_spoolss_enumforms(struct cli_state *cli, TALLOC_CTX *mem_ctx, - uint32 offered, uint32 *needed, - POLICY_HND *handle, int level, uint32 *num_forms, - FORM_1 **forms) -{ - prs_struct qbuf, rbuf; - SPOOL_Q_ENUMFORMS q; - SPOOL_R_ENUMFORMS r; - WERROR result = W_ERROR(ERRgeneral); - NEW_BUFFER buffer; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - init_buffer(&buffer, offered, mem_ctx); - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Initialise input parameters */ - - make_spoolss_q_enumforms(&q, handle, level, &buffer, offered); - - /* Marshall data and send request */ - - if (!spoolss_io_q_enumforms("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SPOOLSS_ENUMFORMS, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (!spoolss_io_r_enumforms("", &r, &rbuf, 0)) - goto done; - - /* Return output parameters */ - - result = r.status; - - if (needed) - *needed = r.needed; - - if (num_forms) - *num_forms = r.numofforms; - - decode_forms_1(mem_ctx, r.buffer, *num_forms, forms); - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -static void decode_jobs_1(TALLOC_CTX *mem_ctx, NEW_BUFFER *buffer, - uint32 num_jobs, JOB_INFO_1 **jobs) -{ - uint32 i; - - *jobs = (JOB_INFO_1 *)talloc(mem_ctx, num_jobs * sizeof(JOB_INFO_1)); - buffer->prs.data_offset = 0; - - for (i = 0; i < num_jobs; i++) - smb_io_job_info_1("", buffer, &((*jobs)[i]), 0); -} - -static void decode_jobs_2(TALLOC_CTX *mem_ctx, NEW_BUFFER *buffer, - uint32 num_jobs, JOB_INFO_2 **jobs) -{ - uint32 i; - - *jobs = (JOB_INFO_2 *)talloc(mem_ctx, num_jobs * sizeof(JOB_INFO_2)); - buffer->prs.data_offset = 0; - - for (i = 0; i < num_jobs; i++) - smb_io_job_info_2("", buffer, &((*jobs)[i]), 0); -} - -/* Enumerate jobs */ - -WERROR cli_spoolss_enumjobs(struct cli_state *cli, TALLOC_CTX *mem_ctx, - uint32 offered, uint32 *needed, - POLICY_HND *hnd, uint32 level, uint32 firstjob, - uint32 num_jobs, uint32 *returned, JOB_INFO_CTR *ctr) -{ - prs_struct qbuf, rbuf; - SPOOL_Q_ENUMJOBS q; - SPOOL_R_ENUMJOBS r; - WERROR result = W_ERROR(ERRgeneral); - NEW_BUFFER buffer; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - init_buffer(&buffer, offered, mem_ctx); - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Initialise input parameters */ - - make_spoolss_q_enumjobs(&q, hnd, firstjob, num_jobs, level, &buffer, - offered); - - /* Marshall data and send request */ - - if (!spoolss_io_q_enumjobs("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SPOOLSS_ENUMJOBS, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (!spoolss_io_r_enumjobs("", &r, &rbuf, 0)) - goto done; - - /* Return output parameters */ - - result = r.status; - - if (needed) - *needed = r.needed; - - if (!W_ERROR_IS_OK(r.status)) - goto done; - - *returned = r.returned; - - switch(level) { - case 1: - decode_jobs_1(mem_ctx, r.buffer, r.returned, - ctr->job.job_info_1); - break; - case 2: - decode_jobs_2(mem_ctx, r.buffer, r.returned, - ctr->job.job_info_2); - break; - default: - DEBUG(3, ("unsupported info level %d", level)); - break; - } - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/* Set job */ - -WERROR cli_spoolss_setjob(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *hnd, uint32 jobid, uint32 level, - uint32 command) -{ - prs_struct qbuf, rbuf; - SPOOL_Q_SETJOB q; - SPOOL_R_SETJOB r; - WERROR result = W_ERROR(ERRgeneral); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Initialise input parameters */ - - make_spoolss_q_setjob(&q, hnd, jobid, level, command); - - /* Marshall data and send request */ - - if (!spoolss_io_q_setjob("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SPOOLSS_SETJOB, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (!spoolss_io_r_setjob("", &r, &rbuf, 0)) - goto done; - - /* Return output parameters */ - - result = r.status; - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/* Get job */ - -WERROR cli_spoolss_getjob(struct cli_state *cli, TALLOC_CTX *mem_ctx, - uint32 offered, uint32 *needed, - POLICY_HND *hnd, uint32 jobid, uint32 level, - JOB_INFO_CTR *ctr) -{ - prs_struct qbuf, rbuf; - SPOOL_Q_GETJOB q; - SPOOL_R_GETJOB r; - WERROR result = W_ERROR(ERRgeneral); - NEW_BUFFER buffer; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - init_buffer(&buffer, offered, mem_ctx); - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Initialise input parameters */ - - make_spoolss_q_getjob(&q, hnd, jobid, level, &buffer, offered); - - /* Marshall data and send request */ - - if (!spoolss_io_q_getjob("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SPOOLSS_GETJOB, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (!spoolss_io_r_getjob("", &r, &rbuf, 0)) - goto done; - - /* Return output parameters */ - - result = r.status; - - if (needed) - *needed = r.needed; - - if (!W_ERROR_IS_OK(r.status)) - goto done; - - switch(level) { - case 1: - decode_jobs_1(mem_ctx, r.buffer, 1, ctr->job.job_info_1); - break; - case 2: - decode_jobs_2(mem_ctx, r.buffer, 1, ctr->job.job_info_2); - break; - default: - DEBUG(3, ("unsupported info level %d", level)); - break; - } - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/* Startpageprinter. Sent to notify the spooler when a page is about to be - sent to a printer. */ - -WERROR cli_spoolss_startpageprinter(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *hnd) -{ - prs_struct qbuf, rbuf; - SPOOL_Q_STARTPAGEPRINTER q; - SPOOL_R_STARTPAGEPRINTER r; - WERROR result = W_ERROR(ERRgeneral); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Initialise input parameters */ - - make_spoolss_q_startpageprinter(&q, hnd); - - /* Marshall data and send request */ - - if (!spoolss_io_q_startpageprinter("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SPOOLSS_STARTPAGEPRINTER, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (!spoolss_io_r_startpageprinter("", &r, &rbuf, 0)) - goto done; - - /* Return output parameters */ - - result = r.status; - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/* Endpageprinter. Sent to notify the spooler when a page has finished - being sent to a printer. */ - -WERROR cli_spoolss_endpageprinter(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *hnd) -{ - prs_struct qbuf, rbuf; - SPOOL_Q_ENDPAGEPRINTER q; - SPOOL_R_ENDPAGEPRINTER r; - WERROR result = W_ERROR(ERRgeneral); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Initialise input parameters */ - - make_spoolss_q_endpageprinter(&q, hnd); - - /* Marshall data and send request */ - - if (!spoolss_io_q_endpageprinter("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SPOOLSS_ENDPAGEPRINTER, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (!spoolss_io_r_endpageprinter("", &r, &rbuf, 0)) - goto done; - - /* Return output parameters */ - - result = r.status; - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/* Startdocprinter. Sent to notify the spooler that a document is about - to be spooled for printing. */ - -WERROR cli_spoolss_startdocprinter(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *hnd, char *docname, - char *outputfile, char *datatype, - uint32 *jobid) -{ - prs_struct qbuf, rbuf; - SPOOL_Q_STARTDOCPRINTER q; - SPOOL_R_STARTDOCPRINTER r; - WERROR result = W_ERROR(ERRgeneral); - uint32 level = 1; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Initialise input parameters */ - - make_spoolss_q_startdocprinter(&q, hnd, level, docname, outputfile, - datatype); - - /* Marshall data and send request */ - - if (!spoolss_io_q_startdocprinter("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SPOOLSS_STARTDOCPRINTER, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (!spoolss_io_r_startdocprinter("", &r, &rbuf, 0)) - goto done; - - /* Return output parameters */ - - result = r.status; - - if (W_ERROR_IS_OK(result)) - *jobid = r.jobid; - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/* Enddocprinter. Sent to notify the spooler that a document has finished - being spooled. */ - -WERROR cli_spoolss_enddocprinter(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *hnd) -{ - prs_struct qbuf, rbuf; - SPOOL_Q_ENDDOCPRINTER q; - SPOOL_R_ENDDOCPRINTER r; - WERROR result = W_ERROR(ERRgeneral); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Initialise input parameters */ - - make_spoolss_q_enddocprinter(&q, hnd); - - /* Marshall data and send request */ - - if (!spoolss_io_q_enddocprinter("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SPOOLSS_ENDDOCPRINTER, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (!spoolss_io_r_enddocprinter("", &r, &rbuf, 0)) - goto done; - - /* Return output parameters */ - - result = r.status; - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/* Get printer data */ - -WERROR cli_spoolss_getprinterdata(struct cli_state *cli, TALLOC_CTX *mem_ctx, - uint32 offered, uint32 *needed, - POLICY_HND *hnd, char *valuename, - uint32 *data_type, char **data, - uint32 *data_size) -{ - prs_struct qbuf, rbuf; - SPOOL_Q_GETPRINTERDATA q; - SPOOL_R_GETPRINTERDATA r; - WERROR result = W_ERROR(ERRgeneral); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Initialise input parameters */ - - make_spoolss_q_getprinterdata(&q, hnd, valuename, offered); - - /* Marshall data and send request */ - - if (!spoolss_io_q_getprinterdata("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SPOOLSS_GETPRINTERDATA, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (!spoolss_io_r_getprinterdata("", &r, &rbuf, 0)) - goto done; - - result = r.status; - - if (needed) - *needed = r.needed; - - if (!W_ERROR_IS_OK(r.status)) - goto done; - - /* Return output parameters */ - - if (data_type) - *data_type = r.type; - - if (data) { - *data = (char *)talloc(mem_ctx, r.needed); - memcpy(*data, r.data, r.needed); - } - - if (data_size) - *data_size = r.needed; - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/* Set printer data */ - -WERROR cli_spoolss_setprinterdata(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *hnd, char *value, - uint32 data_type, char *data, - uint32 data_size) -{ - prs_struct qbuf, rbuf; - SPOOL_Q_SETPRINTERDATA q; - SPOOL_R_SETPRINTERDATA r; - WERROR result = W_ERROR(ERRgeneral); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Initialise input parameters */ - - make_spoolss_q_setprinterdata(&q, hnd, value, data, data_size); - - /* Marshall data and send request */ - - if (!spoolss_io_q_setprinterdata("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SPOOLSS_SETPRINTERDATA, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (!spoolss_io_r_setprinterdata("", &r, &rbuf, 0)) - goto done; - - result = r.status; - - if (!W_ERROR_IS_OK(r.status)) - goto done; - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/* Enum printer data */ - -WERROR cli_spoolss_enumprinterdata(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *hnd, uint32 ndx, - uint32 value_offered, uint32 data_offered, - uint32 *value_needed, uint32 *data_needed, - char **value, uint32 *data_type, char **data, - uint32 *data_size) -{ - prs_struct qbuf, rbuf; - SPOOL_Q_ENUMPRINTERDATA q; - SPOOL_R_ENUMPRINTERDATA r; - WERROR result = W_ERROR(ERRgeneral); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Initialise input parameters */ - - make_spoolss_q_enumprinterdata(&q, hnd, ndx, value_offered, data_offered); - - /* Marshall data and send request */ - - if (!spoolss_io_q_enumprinterdata("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SPOOLSS_ENUMPRINTERDATA, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (!spoolss_io_r_enumprinterdata("", &r, &rbuf, 0)) - goto done; - - result = r.status; - - if (!W_ERROR_IS_OK(r.status)) - goto done; - - /* Return data */ - - if (value_needed) - *value_needed = r.realvaluesize; - - if (data_needed) - *data_needed = r.realdatasize; - - if (data_type) - *data_type = r.type; - - if (value) { - fstring the_value; - - rpcstr_pull(the_value, r.value, sizeof(the_value), -1, - STR_TERMINATE); - - *value = talloc_strdup(mem_ctx, the_value); - } - - if (data) - *data = talloc_memdup(mem_ctx, r.data, r.realdatasize); - - if (data_size) - *data_size = r.realdatasize; - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/* Write data to printer */ - -WERROR cli_spoolss_writeprinter(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *hnd, uint32 data_size, char *data, - uint32 *num_written) -{ - prs_struct qbuf, rbuf; - SPOOL_Q_WRITEPRINTER q; - SPOOL_R_WRITEPRINTER r; - WERROR result = W_ERROR(ERRgeneral); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Initialise input parameters */ - - make_spoolss_q_writeprinter(&q, hnd, data_size, data); - - /* Marshall data and send request */ - - if (!spoolss_io_q_writeprinter("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SPOOLSS_WRITEPRINTER, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (!spoolss_io_r_writeprinter("", &r, &rbuf, 0)) - goto done; - - result = r.status; - - if (!W_ERROR_IS_OK(r.status)) - goto done; - - if (num_written) - *num_written = r.buffer_written; - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/* Delete printer data */ - -WERROR cli_spoolss_deleteprinterdata(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *hnd, char *valuename) -{ - prs_struct qbuf, rbuf; - SPOOL_Q_DELETEPRINTERDATA q; - SPOOL_R_DELETEPRINTERDATA r; - WERROR result = W_ERROR(ERRgeneral); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Initialise input parameters */ - - make_spoolss_q_deleteprinterdata(&q, hnd, valuename); - - /* Marshall data and send request */ - - if (!spoolss_io_q_deleteprinterdata("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SPOOLSS_DELETEPRINTERDATA, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (!spoolss_io_r_deleteprinterdata("", &r, &rbuf, 0)) - goto done; - - result = r.status; - - if (!W_ERROR_IS_OK(r.status)) - goto done; - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/** @} **/ diff --git a/source3/libsmb/cli_spoolss_notify.c b/source3/libsmb/cli_spoolss_notify.c deleted file mode 100644 index 922b0fbb1d..0000000000 --- a/source3/libsmb/cli_spoolss_notify.c +++ /dev/null @@ -1,223 +0,0 @@ -/* - Unix SMB/CIFS implementation. - RPC pipe client - - Copyright (C) Gerald Carter 2001-2002, - Copyright (C) Tim Potter 2000-2002, - Copyright (C) Andrew Tridgell 1994-2000, - Copyright (C) Luke Kenneth Casson Leighton 1996-2000, - Copyright (C) Jean-Francois Micouleau 1999-2000. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -/* - * SPOOLSS Client RPC's used by servers as the notification - * back channel. - */ - -/* Send a ReplyOpenPrinter request. This rpc is made by the printer - server to the printer client in response to a rffpcnex request. - The rrfpcnex request names a printer and a handle (the printerlocal - value) and this rpc establishes a back-channel over which printer - notifications are performed. */ - -WERROR cli_spoolss_reply_open_printer(struct cli_state *cli, TALLOC_CTX *mem_ctx, - char *printer, uint32 printerlocal, uint32 type, - POLICY_HND *handle) -{ - prs_struct qbuf, rbuf; - SPOOL_Q_REPLYOPENPRINTER q; - SPOOL_R_REPLYOPENPRINTER r; - WERROR result = W_ERROR(ERRgeneral); - - /* Initialise input parameters */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - make_spoolss_q_replyopenprinter(&q, printer, printerlocal, type); - - /* Marshall data and send request */ - - if (!spoolss_io_q_replyopenprinter("", &q, &qbuf, 0) || - !rpc_api_pipe_req (cli, SPOOLSS_REPLYOPENPRINTER, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (!spoolss_io_r_replyopenprinter("", &r, &rbuf, 0)) - goto done; - - /* Return result */ - - memcpy(handle, &r.handle, sizeof(r.handle)); - result = r.status; - -done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/* Close a back-channel notification connection */ - -WERROR cli_spoolss_reply_close_printer(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *handle) -{ - prs_struct qbuf, rbuf; - SPOOL_Q_REPLYCLOSEPRINTER q; - SPOOL_R_REPLYCLOSEPRINTER r; - WERROR result = W_ERROR(ERRgeneral); - - /* Initialise input parameters */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - make_spoolss_q_reply_closeprinter(&q, handle); - - /* Marshall data and send request */ - - if (!spoolss_io_q_replycloseprinter("", &q, &qbuf, 0) || - !rpc_api_pipe_req (cli, SPOOLSS_REPLYCLOSEPRINTER, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (!spoolss_io_r_replycloseprinter("", &r, &rbuf, 0)) - goto done; - - /* Return result */ - - result = r.status; - -done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/********************************************************************* - This SPOOLSS_ROUTERREPLYPRINTER function is used to send a change - notification event when the registration **did not** use - SPOOL_NOTIFY_OPTION_TYPE structure to specify the events to monitor. - Also see cli_spolss_reply_rrpcn() - *********************************************************************/ - -WERROR cli_spoolss_routerreplyprinter(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, uint32 condition, uint32 change_id) -{ - prs_struct qbuf, rbuf; - SPOOL_Q_ROUTERREPLYPRINTER q; - SPOOL_R_ROUTERREPLYPRINTER r; - WERROR result = W_ERROR(ERRgeneral); - - /* Initialise input parameters */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - make_spoolss_q_routerreplyprinter(&q, pol, condition, change_id); - - /* Marshall data and send request */ - - if (!spoolss_io_q_routerreplyprinter("", &q, &qbuf, 0) || - !rpc_api_pipe_req (cli, SPOOLSS_ROUTERREPLYPRINTER, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (!spoolss_io_r_routerreplyprinter("", &r, &rbuf, 0)) - goto done; - - /* Return output parameters */ - - result = r.status; - -done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -/********************************************************************* - This SPOOLSS_REPLY_RRPCN function is used to send a change - notification event when the registration **did** use - SPOOL_NOTIFY_OPTION_TYPE structure to specify the events to monitor - Also see cli_spoolss_routereplyprinter() - *********************************************************************/ - -WERROR cli_spoolss_rrpcn(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, uint32 notify_data_len, - SPOOL_NOTIFY_INFO_DATA *notify_data, - uint32 change_low, uint32 change_high) -{ - prs_struct qbuf, rbuf; - SPOOL_Q_REPLY_RRPCN q; - SPOOL_R_REPLY_RRPCN r; - WERROR result = W_ERROR(ERRgeneral); - SPOOL_NOTIFY_INFO notify_info; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - ZERO_STRUCT(notify_info); - - /* Initialise input parameters */ - - notify_info.version = 0x2; - notify_info.flags = 0x00020000; /* ?? */ - notify_info.count = notify_data_len; - notify_info.data = notify_data; - - /* create and send a MSRPC command with api */ - /* store the parameters */ - - make_spoolss_q_reply_rrpcn(&q, pol, change_low, change_high, - ¬ify_info); - - /* Marshall data and send request */ - - if(!spoolss_io_q_reply_rrpcn("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SPOOLSS_RRPCN, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if(!spoolss_io_r_reply_rrpcn("", &r, &rbuf, 0)) - goto done; - - if (r.unknown0 == 0x00080000) - DEBUG(8,("cli_spoolss_reply_rrpcn: I think the spooler resonded that the notification was ignored.\n")); - - result = r.status; - -done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} diff --git a/source3/libsmb/cli_srvsvc.c b/source3/libsmb/cli_srvsvc.c deleted file mode 100644 index 2dc12d726c..0000000000 --- a/source3/libsmb/cli_srvsvc.c +++ /dev/null @@ -1,442 +0,0 @@ -/* - Unix SMB/CIFS implementation. - NT Domain Authentication SMB / MSRPC client - Copyright (C) Andrew Tridgell 1994-2000 - Copyright (C) Luke Kenneth Casson Leighton 1996-2000 - Copyright (C) Tim Potter 2001 - Copyright (C) Jim McDonough 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -NTSTATUS cli_srvsvc_net_srv_get_info(struct cli_state *cli, - TALLOC_CTX *mem_ctx, - uint32 switch_value, SRV_INFO_CTR *ctr) -{ - prs_struct qbuf, rbuf; - SRV_Q_NET_SRV_GET_INFO q; - SRV_R_NET_SRV_GET_INFO r; - NTSTATUS result; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Initialise input parameters */ - - init_srv_q_net_srv_get_info(&q, cli->srv_name_slash, switch_value); - - /* Marshall data and send request */ - - if (!srv_io_q_net_srv_get_info("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SRV_NET_SRV_GET_INFO, &qbuf, &rbuf)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Unmarshall response */ - - r.ctr = ctr; - - if (!srv_io_r_net_srv_get_info("", &r, &rbuf, 0)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - result = werror_to_ntstatus(r.status); - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -WERROR cli_srvsvc_net_share_enum(struct cli_state *cli, TALLOC_CTX *mem_ctx, - uint32 info_level, SRV_SHARE_INFO_CTR *ctr, - int preferred_len, ENUM_HND *hnd) -{ - prs_struct qbuf, rbuf; - SRV_Q_NET_SHARE_ENUM q; - SRV_R_NET_SHARE_ENUM r; - WERROR result = W_ERROR(ERRgeneral); - int i; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Initialise input parameters */ - - init_srv_q_net_share_enum( - &q, cli->srv_name_slash, info_level, preferred_len, hnd); - - /* Marshall data and send request */ - - if (!srv_io_q_net_share_enum("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SRV_NET_SHARE_ENUM_ALL, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (!srv_io_r_net_share_enum("", &r, &rbuf, 0)) - goto done; - - result = r.status; - - if (!W_ERROR_IS_OK(result)) - goto done; - - /* Oh yuck yuck yuck - we have to copy all the info out of the - SRV_SHARE_INFO_CTR in the SRV_R_NET_SHARE_ENUM as when we do a - prs_mem_free() it will all be invalidated. The various share - info structures suck badly too. This really is gross. */ - - ZERO_STRUCTP(ctr); - - ctr->info_level = info_level; - ctr->num_entries = r.ctr.num_entries; - - switch(info_level) { - case 1: - ctr->share.info1 = (SRV_SHARE_INFO_1 *)talloc( - mem_ctx, sizeof(SRV_SHARE_INFO_1) * ctr->num_entries); - - memset(ctr->share.info1, 0, sizeof(SRV_SHARE_INFO_1)); - - for (i = 0; i < ctr->num_entries; i++) { - SRV_SHARE_INFO_1 *info1 = &ctr->share.info1[i]; - char *s; - - /* Copy pointer crap */ - - memcpy(&info1->info_1, &r.ctr.share.info1[i].info_1, - sizeof(SH_INFO_1)); - - /* Duplicate strings */ - - s = unistr2_tdup(mem_ctx, &r.ctr.share.info1[i].info_1_str.uni_netname); - if (s) - init_unistr2(&info1->info_1_str.uni_netname, s, strlen(s) + 1); - - s = unistr2_tdup(mem_ctx, &r.ctr.share.info1[i].info_1_str.uni_remark); - if (s) - init_unistr2(&info1->info_1_str.uni_remark, s, strlen(s) + 1); - - } - - break; - case 2: - ctr->share.info2 = (SRV_SHARE_INFO_2 *)talloc( - mem_ctx, sizeof(SRV_SHARE_INFO_2) * ctr->num_entries); - - memset(ctr->share.info2, 0, sizeof(SRV_SHARE_INFO_2)); - - for (i = 0; i < ctr->num_entries; i++) { - SRV_SHARE_INFO_2 *info2 = &ctr->share.info2[i]; - char *s; - - /* Copy pointer crap */ - - memcpy(&info2->info_2, &r.ctr.share.info2[i].info_2, - sizeof(SH_INFO_2)); - - /* Duplicate strings */ - - s = unistr2_tdup(mem_ctx, &r.ctr.share.info2[i].info_2_str.uni_netname); - if (s) - init_unistr2(&info2->info_2_str.uni_netname, s, strlen(s) + 1); - - s = unistr2_tdup(mem_ctx, &r.ctr.share.info2[i].info_2_str.uni_remark); - if (s) - init_unistr2(&info2->info_2_str.uni_remark, s, strlen(s) + 1); - - s = unistr2_tdup(mem_ctx, &r.ctr.share.info2[i].info_2_str.uni_path); - if (s) - init_unistr2(&info2->info_2_str.uni_path, s, strlen(s) + 1); - - s = unistr2_tdup(mem_ctx, &r.ctr.share.info2[i].info_2_str.uni_passwd); - if (s) - init_unistr2(&info2->info_2_str.uni_passwd, s, strlen(s) + 1); - } - break; - } - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -WERROR cli_srvsvc_net_share_del(struct cli_state *cli, TALLOC_CTX *mem_ctx, - const char *sharename) -{ - prs_struct qbuf, rbuf; - SRV_Q_NET_SHARE_DEL q; - SRV_R_NET_SHARE_DEL r; - WERROR result = W_ERROR(ERRgeneral); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Initialise input parameters */ - - init_srv_q_net_share_del(&q, cli->srv_name_slash, sharename); - - /* Marshall data and send request */ - - if (!srv_io_q_net_share_del("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SRV_NET_SHARE_DEL, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (!srv_io_r_net_share_del("", &r, &rbuf, 0)) - goto done; - - result = r.status; - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -WERROR cli_srvsvc_net_share_add(struct cli_state *cli, TALLOC_CTX *mem_ctx, - char *netname, uint32 type, char *remark, - uint32 perms, uint32 max_uses, uint32 num_uses, - char *path, char *passwd) -{ - prs_struct qbuf, rbuf; - SRV_Q_NET_SHARE_ADD q; - SRV_R_NET_SHARE_ADD r; - WERROR result = W_ERROR(ERRgeneral); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - init_srv_q_net_share_add(&q,cli->srv_name_slash, netname, type, remark, - perms, max_uses, num_uses, path, passwd); - - /* Marshall data and send request */ - - if (!srv_io_q_net_share_add("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SRV_NET_SHARE_ADD, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (!srv_io_r_net_share_add("", &r, &rbuf, 0)) - goto done; - - result = r.status; - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -WERROR cli_srvsvc_net_remote_tod(struct cli_state *cli, TALLOC_CTX *mem_ctx, - char *server, TIME_OF_DAY_INFO *tod) -{ - prs_struct qbuf, rbuf; - SRV_Q_NET_REMOTE_TOD q; - SRV_R_NET_REMOTE_TOD r; - WERROR result = W_ERROR(ERRgeneral); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Initialise input parameters */ - - init_srv_q_net_remote_tod(&q, cli->srv_name_slash); - - /* Marshall data and send request */ - - if (!srv_io_q_net_remote_tod("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SRV_NET_REMOTE_TOD, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - r.tod = tod; - - if (!srv_io_r_net_remote_tod("", &r, &rbuf, 0)) - goto done; - - result = r.status; - - if (!W_ERROR_IS_OK(result)) - goto done; - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -WERROR cli_srvsvc_net_file_enum(struct cli_state *cli, TALLOC_CTX *mem_ctx, - uint32 file_level, char *user_name, - SRV_FILE_INFO_CTR *ctr, int preferred_len, - ENUM_HND *hnd) -{ - prs_struct qbuf, rbuf; - SRV_Q_NET_FILE_ENUM q; - SRV_R_NET_FILE_ENUM r; - WERROR result = W_ERROR(ERRgeneral); - int i; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Initialise input parameters */ - - init_srv_q_net_file_enum(&q, cli->srv_name_slash, NULL, user_name, - file_level, ctr, preferred_len, hnd); - - /* Marshall data and send request */ - - if (!srv_io_q_net_file_enum("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SRV_NET_FILE_ENUM, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (!srv_io_r_net_file_enum("", &r, &rbuf, 0)) - goto done; - - result = r.status; - - if (!W_ERROR_IS_OK(result)) - goto done; - - /* copy the data over to the ctr */ - - ZERO_STRUCTP(ctr); - - ctr->switch_value = file_level; - - ctr->num_entries = ctr->num_entries2 = r.ctr.num_entries; - - switch(file_level) { - case 3: - ctr->file.info3 = (SRV_FILE_INFO_3 *)talloc( - mem_ctx, sizeof(SRV_FILE_INFO_3) * ctr->num_entries); - - memset(ctr->file.info3, 0, - sizeof(SRV_FILE_INFO_3) * ctr->num_entries); - - for (i = 0; i < r.ctr.num_entries; i++) { - SRV_FILE_INFO_3 *info3 = &ctr->file.info3[i]; - char *s; - - /* Copy pointer crap */ - - memcpy(&info3->info_3, &r.ctr.file.info3[i].info_3, - sizeof(FILE_INFO_3)); - - /* Duplicate strings */ - - s = unistr2_tdup(mem_ctx, &r.ctr.file.info3[i].info_3_str.uni_path_name); - if (s) - init_unistr2(&info3->info_3_str.uni_path_name, s, strlen(s) + 1); - - s = unistr2_tdup(mem_ctx, &r.ctr.file.info3[i].info_3_str.uni_user_name); - if (s) - init_unistr2(&info3->info_3_str.uni_user_name, s, strlen(s) + 1); - - } - - break; - } - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - -WERROR cli_srvsvc_net_file_close(struct cli_state *cli, TALLOC_CTX *mem_ctx, - uint32 file_id) -{ - prs_struct qbuf, rbuf; - SRV_Q_NET_FILE_CLOSE q; - SRV_R_NET_FILE_CLOSE r; - WERROR result = W_ERROR(ERRgeneral); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Initialise input parameters */ - - init_srv_q_net_file_close(&q, cli->srv_name_slash, file_id); - - /* Marshall data and send request */ - - if (!srv_io_q_net_file_close("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, SRV_NET_FILE_CLOSE, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (!srv_io_r_net_file_close("", &r, &rbuf, 0)) - goto done; - - result = r.status; - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - return result; -} diff --git a/source3/libsmb/cli_wkssvc.c b/source3/libsmb/cli_wkssvc.c deleted file mode 100644 index 97b948bf62..0000000000 --- a/source3/libsmb/cli_wkssvc.c +++ /dev/null @@ -1,93 +0,0 @@ -/* - Unix SMB/CIFS implementation. - NT Domain Authentication SMB / MSRPC client - Copyright (C) Andrew Tridgell 1994-2000 - Copyright (C) Luke Kenneth Casson Leighton 1996-2000 - Copyright (C) Tim Potter 2001 - Copytight (C) Rafal Szczesniak 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -/** - * WksQueryInfo rpc call (like query for server's capabilities) - * - * @param initialised client structure with \PIPE\wkssvc opened - * @param mem_ctx memory context assigned to this rpc binding - * @param wks100 WksQueryInfo structure - * - * @return NTSTATUS of rpc call - */ - -NTSTATUS cli_wks_query_info(struct cli_state *cli, TALLOC_CTX *mem_ctx, - WKS_INFO_100 *wks100) -{ - prs_struct buf; - prs_struct rbuf; - WKS_Q_QUERY_INFO q_o; - WKS_R_QUERY_INFO r_o; - - if (cli == NULL || wks100 == NULL) - return NT_STATUS_UNSUCCESSFUL; - - /* init rpc parse structures */ - prs_init(&buf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - DEBUG(4, ("WksQueryInfo\n")); - - /* init query structure with rpc call arguments */ - init_wks_q_query_info(&q_o, cli->desthost, 100); - - /* marshall data */ - if (!wks_io_q_query_info("", &q_o, &buf, 0)) { - prs_mem_free(&buf); - prs_mem_free(&rbuf); - return NT_STATUS_UNSUCCESSFUL; - } - - /* actual rpc call over \PIPE\wkssvc */ - if (!rpc_api_pipe_req(cli, WKS_QUERY_INFO, &buf, &rbuf)) { - prs_mem_free(&buf); - prs_mem_free(&rbuf); - return NT_STATUS_UNSUCCESSFUL; - } - - prs_mem_free(&buf); - - r_o.wks100 = wks100; - - /* get call results from response buffer */ - if (!wks_io_r_query_info("", &r_o, &rbuf, 0)) { - prs_mem_free(&rbuf); - return NT_STATUS_UNSUCCESSFUL; - } - - /* check returnet status code */ - if (NT_STATUS_IS_ERR(r_o.status)) { - /* report the error */ - DEBUG(0,("WKS_R_QUERY_INFO: %s\n", nt_errstr(r_o.status))); - prs_mem_free(&rbuf); - return r_o.status; - } - - /* do clean up */ - prs_mem_free(&rbuf); - - return NT_STATUS_OK; -} - diff --git a/source3/nsswitch/winbindd_proto.h b/source3/nsswitch/winbindd_proto.h deleted file mode 100644 index 4d4dbbb06b..0000000000 --- a/source3/nsswitch/winbindd_proto.h +++ /dev/null @@ -1,143 +0,0 @@ -#ifndef _WINBINDD_PROTO_H_ -#define _WINBINDD_PROTO_H_ - -/* This file is automatically generated with "make proto". DO NOT EDIT */ - - -/* The following definitions come from nsswitch/winbindd.c */ - -void winbind_process_packet(struct winbindd_cli_state *state); -void winbind_client_read(struct winbindd_cli_state *state); -int winbind_setup_common(void); - -/* The following definitions come from nsswitch/winbindd_ads.c */ - -ADS_STATUS ads_do_search_retry(ADS_STRUCT *ads, const char *bind_path, int scope, - const char *exp, - const char **attrs, void **res); -ADS_STATUS ads_search_retry(ADS_STRUCT *ads, void **res, - const char *exp, - const char **attrs); -ADS_STATUS ads_search_retry_dn(ADS_STRUCT *ads, void **res, - const char *dn, - const char **attrs); - -/* The following definitions come from nsswitch/winbindd_cache.c */ - -void wcache_flush_cache(void); -void winbindd_check_cache_size(time_t t); -struct cache_entry *centry_start(struct winbindd_domain *domain, NTSTATUS status); - -/* The following definitions come from nsswitch/winbindd_cm.c */ - -CLI_POLICY_HND *cm_get_lsa_handle(char *domain); -CLI_POLICY_HND *cm_get_sam_handle(char *domain); -CLI_POLICY_HND *cm_get_sam_dom_handle(char *domain, DOM_SID *domain_sid); -CLI_POLICY_HND *cm_get_sam_user_handle(char *domain, DOM_SID *domain_sid, - uint32 user_rid); -CLI_POLICY_HND *cm_get_sam_group_handle(char *domain, DOM_SID *domain_sid, - uint32 group_rid); -NTSTATUS cm_get_netlogon_cli(char *domain, unsigned char *trust_passwd, - struct cli_state **cli); -void winbindd_cm_status(void); - -/* The following definitions come from nsswitch/winbindd_dual.c */ - -int dual_select_setup(fd_set *fds, int maxfd); -void dual_select(fd_set *fds); -void dual_send_request(struct winbindd_cli_state *state); -void do_dual_daemon(void); - -/* The following definitions come from nsswitch/winbindd_group.c */ - -enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state); -enum winbindd_result winbindd_getgrgid(struct winbindd_cli_state *state); -enum winbindd_result winbindd_setgrent(struct winbindd_cli_state *state); -enum winbindd_result winbindd_endgrent(struct winbindd_cli_state *state); -enum winbindd_result winbindd_getgrent(struct winbindd_cli_state *state); -enum winbindd_result winbindd_list_groups(struct winbindd_cli_state *state); -enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state); - -/* The following definitions come from nsswitch/winbindd_idmap.c */ - -BOOL winbindd_idmap_get_uid_from_sid(DOM_SID *sid, uid_t *uid); -BOOL winbindd_idmap_get_gid_from_sid(DOM_SID *sid, gid_t *gid); -BOOL winbindd_idmap_get_uid_from_rid(const char *dom_name, uint32 rid, uid_t *uid); -BOOL winbindd_idmap_get_gid_from_rid(const char *dom_name, uint32 rid, gid_t *gid); -BOOL get_sid_from_id(int id, DOM_SID *sid, BOOL isgroup); -BOOL winbindd_idmap_get_sid_from_uid(uid_t uid, DOM_SID *sid); -BOOL winbindd_idmap_get_sid_from_gid(gid_t gid, DOM_SID *sid); -BOOL winbindd_idmap_get_rid_from_uid(uid_t uid, uint32 *user_rid, - struct winbindd_domain **domain); -BOOL winbindd_idmap_get_rid_from_gid(gid_t gid, uint32 *group_rid, - struct winbindd_domain **domain); -BOOL winbindd_idmap_init(void); -BOOL winbindd_idmap_close(void); -void winbindd_idmap_status(void); - -/* The following definitions come from nsswitch/winbindd_misc.c */ - -enum winbindd_result winbindd_check_machine_acct(struct winbindd_cli_state *state); -enum winbindd_result winbindd_list_trusted_domains(struct winbindd_cli_state - *state); -enum winbindd_result winbindd_show_sequence(struct winbindd_cli_state *state); -enum winbindd_result winbindd_ping(struct winbindd_cli_state - *state); -enum winbindd_result winbindd_info(struct winbindd_cli_state *state); -enum winbindd_result winbindd_interface_version(struct winbindd_cli_state *state); -enum winbindd_result winbindd_domain_name(struct winbindd_cli_state *state); - -/* The following definitions come from nsswitch/winbindd_pam.c */ - -enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state) ; -enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state) ; -enum winbindd_result winbindd_pam_chauthtok(struct winbindd_cli_state *state); - -/* The following definitions come from nsswitch/winbindd_rpc.c */ - - -/* The following definitions come from nsswitch/winbindd_sid.c */ - -enum winbindd_result winbindd_lookupsid(struct winbindd_cli_state *state); -enum winbindd_result winbindd_lookupname(struct winbindd_cli_state *state); -enum winbindd_result winbindd_sid_to_uid(struct winbindd_cli_state *state); -enum winbindd_result winbindd_sid_to_gid(struct winbindd_cli_state *state); -enum winbindd_result winbindd_uid_to_sid(struct winbindd_cli_state *state); -enum winbindd_result winbindd_gid_to_sid(struct winbindd_cli_state *state); - -/* The following definitions come from nsswitch/winbindd_user.c */ - -enum winbindd_result winbindd_getpwnam(struct winbindd_cli_state *state) ; -enum winbindd_result winbindd_getpwuid(struct winbindd_cli_state *state); -enum winbindd_result winbindd_setpwent(struct winbindd_cli_state *state); -enum winbindd_result winbindd_endpwent(struct winbindd_cli_state *state); -enum winbindd_result winbindd_getpwent(struct winbindd_cli_state *state); -enum winbindd_result winbindd_list_users(struct winbindd_cli_state *state); - -/* The following definitions come from nsswitch/winbindd_util.c */ - -struct winbindd_domain *domain_list(void); -void free_domain_list(void); -void rescan_trusted_domains(void); -BOOL init_domain_list(void); -struct winbindd_domain *find_domain_from_name(const char *domain_name); -struct winbindd_domain *find_domain_from_sid(DOM_SID *sid); -BOOL winbindd_lookup_sid_by_name(struct winbindd_domain *domain, - const char *name, DOM_SID *sid, - enum SID_NAME_USE *type); -BOOL winbindd_lookup_name_by_sid(DOM_SID *sid, - fstring dom_name, - fstring name, - enum SID_NAME_USE *type); -void free_getent_state(struct getent_state *state); -BOOL winbindd_param_init(void); -BOOL check_domain_env(char *domain_env, char *domain); -BOOL parse_domain_user(const char *domuser, fstring domain, fstring user); -void fill_domain_username(fstring name, const char *domain, const char *user); - -/* The following definitions come from nsswitch/winbindd_wins.c */ - -enum winbindd_result winbindd_wins_byip(struct winbindd_cli_state *state); -enum winbindd_result winbindd_wins_byname(struct winbindd_cli_state *state); - -#endif /* _WINBINDD_PROTO_H_ */ diff --git a/source3/passdb/passgrp.c b/source3/passdb/passgrp.c deleted file mode 100644 index f73591793f..0000000000 --- a/source3/passdb/passgrp.c +++ /dev/null @@ -1,219 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Password and authentication handling - Copyright (C) Jeremy Allison 1996-1998 - Copyright (C) Luke Kenneth Casson Leighton 1996-1998 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_PASSDB - -/* - * NOTE. All these functions are abstracted into a structure - * that points to the correct function for the selected database. JRA. - * - * the API does NOT fill in the gaps if you set an API function - * to NULL: it will deliberately attempt to call the NULL function. - * - */ - -static struct passgrp_ops *pwgrp_ops; - -/*************************************************************** - Initialise the passgrp operations. -***************************************************************/ - -BOOL initialise_passgrp_db(void) -{ - if (pwgrp_ops) - { - return True; - } - -#ifdef WITH_NISPLUS - pwgrp_ops = nisplus_initialise_password_grp(); -#elif defined(WITH_LDAP) - pwgrp_ops = ldap_initialize_password_grp(); -#else - pwgrp_ops = file_initialise_password_grp(); -#endif - - return (pwgrp_ops != NULL); -} - -/* - * Functions that return/manipulate a struct smb_passwd. - */ - -/************************************************************************ - Utility function to search smb passwd by rid. -*************************************************************************/ - -struct smb_passwd *iterate_getsmbgrprid(uint32 user_rid, - uint32 **grps, int *num_grps, - uint32 **alss, int *num_alss) -{ - return iterate_getsmbgrpuid(pwdb_user_rid_to_uid(user_rid), - grps, num_grps, alss, num_alss); -} - -/************************************************************************ - Utility function to search smb passwd by uid. use this if your database - does not have search facilities. -*************************************************************************/ - -struct smb_passwd *iterate_getsmbgrpuid(uid_t smb_userid, - uint32 **grps, int *num_grps, - uint32 **alss, int *num_alss) -{ - struct smb_passwd *pwd = NULL; - void *fp = NULL; - - DEBUG(10, ("search by smb_userid: %x\n", (int)smb_userid)); - - /* Open the smb password database - not for update. */ - fp = startsmbgrpent(False); - - if (fp == NULL) - { - DEBUG(0, ("unable to open smb passgrp database.\n")); - return NULL; - } - - while ((pwd = getsmbgrpent(fp, grps, num_grps, alss, num_alss)) != NULL && pwd->smb_userid != smb_userid) - ; - - if (pwd != NULL) - { - DEBUG(10, ("found by smb_userid: %x\n", (int)smb_userid)); - } - - endsmbgrpent(fp); - return pwd; -} - -/************************************************************************ - Utility function to search smb passwd by name. use this if your database - does not have search facilities. -*************************************************************************/ - -struct smb_passwd *iterate_getsmbgrpnam(char *name, - uint32 **grps, int *num_grps, - uint32 **alss, int *num_alss) -{ - struct smb_passwd *pwd = NULL; - void *fp = NULL; - - DEBUG(10, ("search by name: %s\n", name)); - - /* Open the passgrp file - not for update. */ - fp = startsmbgrpent(False); - - if (fp == NULL) - { - DEBUG(0, ("unable to open smb passgrp database.\n")); - return NULL; - } - - while ((pwd = getsmbgrpent(fp, grps, num_grps, alss, num_alss)) != NULL && !strequal(pwd->smb_name, name)) - ; - - if (pwd != NULL) - { - DEBUG(10, ("found by name: %s\n", name)); - } - - endsmbgrpent(fp); - return pwd; -} - -/*************************************************************** - Start to enumerate the smb or sam passwd list. Returns a void pointer - to ensure no modification outside this module. - - Note that currently it is being assumed that a pointer returned - from this function may be used to enumerate struct sam_passwd - entries as well as struct smb_passwd entries. This may need - to change. JRA. - -****************************************************************/ - -void *startsmbgrpent(BOOL update) -{ - return pwgrp_ops->startsmbgrpent(update); -} - -/*************************************************************** - End enumeration of the smb or sam passwd list. - - Note that currently it is being assumed that a pointer returned - from this function may be used to enumerate struct sam_passwd - entries as well as struct smb_passwd entries. This may need - to change. JRA. - -****************************************************************/ - -void endsmbgrpent(void *vp) -{ - pwgrp_ops->endsmbgrpent(vp); -} - -/************************************************************************* - Routine to return the next entry in the smb passwd list. - *************************************************************************/ - -struct smb_passwd *getsmbgrpent(void *vp, - uint32 **grps, int *num_grps, - uint32 **alss, int *num_alss) -{ - return pwgrp_ops->getsmbgrpent(vp, grps, num_grps, alss, num_alss); -} - -/************************************************************************ - Routine to search smb passwd by name. -*************************************************************************/ - -struct smb_passwd *getsmbgrpnam(char *name, - uint32 **grps, int *num_grps, - uint32 **alss, int *num_alss) -{ - return pwgrp_ops->getsmbgrpnam(name, grps, num_grps, alss, num_alss); -} - -/************************************************************************ - Routine to search smb passwd by user rid. -*************************************************************************/ - -struct smb_passwd *getsmbgrprid(uint32 user_rid, - uint32 **grps, int *num_grps, - uint32 **alss, int *num_alss) -{ - return pwgrp_ops->getsmbgrprid(user_rid, grps, num_grps, alss, num_alss); -} - -/************************************************************************ - Routine to search smb passwd by uid. -*************************************************************************/ - -struct smb_passwd *getsmbgrpuid(uid_t smb_userid, - uint32 **grps, int *num_grps, - uint32 **alss, int *num_alss) -{ - return pwgrp_ops->getsmbgrpuid(smb_userid, grps, num_grps, alss, num_alss); -} diff --git a/source3/rpc_client/cli_login.c b/source3/rpc_client/cli_login.c deleted file mode 100644 index 7b5bf90c5d..0000000000 --- a/source3/rpc_client/cli_login.c +++ /dev/null @@ -1,173 +0,0 @@ -/* - Unix SMB/CIFS implementation. - NT Domain Authentication SMB / MSRPC client - Copyright (C) Andrew Tridgell 1994-1997 - Copyright (C) Luke Kenneth Casson Leighton 1996-1997 - Copyright (C) Jeremy Allison 1999. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -extern fstring global_myworkgroup; -extern pstring global_myname; - -/**************************************************************************** -Initialize domain session credentials. -****************************************************************************/ - -NTSTATUS cli_nt_setup_creds(struct cli_state *cli, unsigned char mach_pwd[16]) -{ - NTSTATUS result; - DOM_CHAL clnt_chal; - DOM_CHAL srv_chal; - - UTIME zerotime; - - /******************* Request Challenge ********************/ - - generate_random_buffer( clnt_chal.data, 8, False); - - /* send a client challenge; receive a server challenge */ - if (!cli_net_req_chal(cli, &clnt_chal, &srv_chal)) - { - DEBUG(0,("cli_nt_setup_creds: request challenge failed\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - /**************** Long-term Session key **************/ - - /* calculate the session key */ - cred_session_key(&clnt_chal, &srv_chal, (char *)mach_pwd, cli->sess_key); - memset((char *)cli->sess_key+8, '\0', 8); - - /******************* Authenticate 2 ********************/ - - /* calculate auth-2 credentials */ - zerotime.time = 0; - cred_create(cli->sess_key, &clnt_chal, zerotime, &(cli->clnt_cred.challenge)); - - /* - * Send client auth-2 challenge. - * Receive an auth-2 challenge response and check it. - */ - - result = cli_net_auth2(cli, (lp_server_role() == ROLE_DOMAIN_MEMBER) ? - SEC_CHAN_WKSTA : SEC_CHAN_BDC, 0x000001ff, &srv_chal); - - if (!NT_STATUS_IS_OK(result)) - { - DEBUG(0,("cli_nt_setup_creds: auth2 challenge failed\n")); - return result; - } - - return NT_STATUS_OK; -} - -/**************************************************************************** -NT login - interactive. -*NEVER* use this code. This method of doing a logon (sending the cleartext -password equivalents, protected by the session key) is inherently insecure -given the current design of the NT Domain system. JRA. - ****************************************************************************/ -NTSTATUS cli_nt_login_interactive(struct cli_state *cli, char *domain, char *username, - uint32 smb_userid_low, char *password, - NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3) -{ - uchar lm_owf_user_pwd[16]; - uchar nt_owf_user_pwd[16]; - NTSTATUS ret; - - DEBUG(5,("cli_nt_login_interactive: %d\n", __LINE__)); - - nt_lm_owf_gen(password, nt_owf_user_pwd, lm_owf_user_pwd); - -#ifdef DEBUG_PASSWORD - - DEBUG(100,("nt owf of user password: ")); - dump_data(100, (char *)lm_owf_user_pwd, 16); - - DEBUG(100,("nt owf of user password: ")); - dump_data(100, (char *)nt_owf_user_pwd, 16); - -#endif - - DEBUG(5,("cli_nt_login_interactive: %d\n", __LINE__)); - - /* indicate an "interactive" login */ - ctr->switch_value = INTERACTIVE_LOGON_TYPE; - - /* Create the structure needed for SAM logon. */ - init_id_info1(&ctr->auth.id1, domain, 0, - smb_userid_low, 0, - username, cli->clnt_name_slash, - (char *)cli->sess_key, lm_owf_user_pwd, nt_owf_user_pwd); - - /* Ensure we overwrite all the plaintext password - equivalents. */ - memset(lm_owf_user_pwd, '\0', sizeof(lm_owf_user_pwd)); - memset(nt_owf_user_pwd, '\0', sizeof(nt_owf_user_pwd)); - - /* Send client sam-logon request - update credentials on success. */ - ret = cli_net_sam_logon(cli, ctr, user_info3); - - memset(ctr->auth.id1.lm_owf.data, '\0', sizeof(lm_owf_user_pwd)); - memset(ctr->auth.id1.nt_owf.data, '\0', sizeof(nt_owf_user_pwd)); - - return ret; -} - -/**************************************************************************** -NT login - network. -*ALWAYS* use this call to validate a user as it does not expose plaintext -password equivalents over the network. JRA. -****************************************************************************/ - -NTSTATUS cli_nt_login_network(struct cli_state *cli, - const auth_usersupplied_info *user_info, - uchar chal[8], - uint32 smb_userid_low, NET_ID_INFO_CTR *ctr, - NET_USER_INFO_3 *user_info3) -{ - DEBUG(5,("cli_nt_login_network: %d\n", __LINE__)); - /* indicate a "network" login */ - ctr->switch_value = NET_LOGON_TYPE; - - /* Create the structure needed for SAM logon. */ - init_id_info2(&ctr->auth.id2, user_info->domain.str, 0, smb_userid_low, 0, - user_info->smb_name.str, - /* Send our cleint's workstaion name if we have it, otherwise ours */ - ((user_info->wksta_name.len > 0) ? - user_info->wksta_name.str : - cli->clnt_name_slash), - chal, - user_info->lm_resp.data, user_info->lm_resp.length, - user_info->nt_resp.data, user_info->nt_resp.length); - - /* Send client sam-logon request - update credentials on success. */ - return cli_net_sam_logon(cli, ctr, user_info3); -} - -/**************************************************************************** -NT Logoff. -****************************************************************************/ -BOOL cli_nt_logoff(struct cli_state *cli, NET_ID_INFO_CTR *ctr) -{ - DEBUG(5,("cli_nt_logoff: %d\n", __LINE__)); - - /* Send client sam-logoff request - update credentials on success. */ - return cli_net_sam_logoff(cli, ctr); -} diff --git a/source3/rpc_client/msrpc_spoolss.c b/source3/rpc_client/msrpc_spoolss.c deleted file mode 100644 index 56c70730ba..0000000000 --- a/source3/rpc_client/msrpc_spoolss.c +++ /dev/null @@ -1,812 +0,0 @@ -/* - Unix SMB/CIFS implementation. - NT Domain Authentication SMB / MSRPC client - Copyright (C) Andrew Tridgell 1994-2000 - Copyright (C) Luke Kenneth Casson Leighton 1996-2000 - Copyright (C) Jean-Francois Micouleau 1999-2000 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" -#include "nterr.h" -#include "rpc_parse.h" -#include "rpcclient.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_RPC_CLI - -#define DEBUG_TESTING - -extern FILE* out_hnd; - -extern struct user_creds *usr_creds; - -/******************************************************************** -initialize a spoolss NEW_BUFFER. -********************************************************************/ -void init_buffer(NEW_BUFFER *buffer, uint32 size, TALLOC_CTX *ctx) -{ - buffer->ptr = (size!=0)? 1:0; - buffer->size=size; - buffer->string_at_end=size; - prs_init(&buffer->prs, size, ctx, MARSHALL); - buffer->struct_start = prs_offset(&buffer->prs); -} - -static void decode_printer_info_0(NEW_BUFFER *buffer, uint32 returned, - PRINTER_INFO_0 **info) -{ - uint32 i; - PRINTER_INFO_0 *inf; - - inf=(PRINTER_INFO_0 *)malloc(returned*sizeof(PRINTER_INFO_0)); - - buffer->prs.data_offset=0; - - for (i=0; iprs.data_offset=0; - - for (i=0; iprs.data_offset=0; - - for (i=0; iprs.data_offset=0; - - for (i=0; iprs.data_offset=0; - - for (i=0; iprs.data_offset=0; - - for (i=0; iprs.data_offset=0; - - for (i=0; iprs, 0); - - new_smb_io_driverdir_1("", buffer, info, 0); - -/* *info=inf;*/ -} - -/********************************************************************** - Decode a PORT_INFO_1 struct from a NEW_BUFFER -**********************************************************************/ -void decode_port_info_1(NEW_BUFFER *buffer, uint32 returned, - PORT_INFO_1 **info) -{ - uint32 i; - PORT_INFO_1 *inf; - - inf=(PORT_INFO_1*)malloc(returned*sizeof(PORT_INFO_1)); - - prs_set_offset(&buffer->prs, 0); - - for (i=0; iprs, 0); - - for (i=0; iport.info_1); - break; - case 2: - decode_port_info_2(&buffer, returned, &ctr->port.info_2); - break; - default: - DEBUG(0,("Unable to decode unknown PORT_INFO_%d\n", level)); - break; - } - - display_port_info_ctr(out_hnd, ACTION_HEADER , level, returned, ctr); - display_port_info_ctr(out_hnd, ACTION_ENUMERATE, level, returned, ctr); - display_port_info_ctr(out_hnd, ACTION_FOOTER , level, returned, ctr); - } - if (mem_ctx) - talloc_destroy(mem_ctx); - - - - return True; -} - -/**************************************************************************** -nt spoolss query -****************************************************************************/ -uint32 msrpc_spoolss_getprinterdata( const char* printer_name, - const char* station, - const char* user_name, - const char* value_name, - uint32 *type, - NEW_BUFFER *buffer, - void *fn) -{ - POLICY_HND hnd; - NTSTATUS status; - uint32 needed; - uint32 size; - char *data; - UNISTR2 uni_val_name; - TALLOC_CTX *mem_ctx = NULL; - - DEBUG(4,("spoolgetdata - printer: %s server: %s user: %s value: %s\n", - printer_name, station, user_name, value_name)); - - if(!spoolss_open_printer_ex( printer_name, 0, 0, station, user_name, - &hnd)) - { - return NT_STATUS_ACCESS_DENIED; - } - - init_unistr2(&uni_val_name, value_name, 0); - size = 0; - data = NULL; - - if ((mem_ctx=talloc_init()) == NULL) - { - DEBUG(0,("msrpc_spoolss_getprinterdata: talloc_init failed!\n")); - return False; - } - init_buffer(buffer, size, mem_ctx); - - status = spoolss_getprinterdata(&hnd, &uni_val_name, size, type, &size, - (unsigned char *)data, &needed); - - if (status == ERROR_INSUFFICIENT_BUFFER) - { - size = needed; - init_buffer(buffer, size, mem_ctx); - data = prs_data_p(&buffer->prs); - status = spoolss_getprinterdata(&hnd, &uni_val_name, - size, type, &size, - (unsigned char *)data, &needed); - } - - if (mem_ctx) - talloc_destroy(mem_ctx); - - if (status != NT_STATUS_OK) - { - if (!spoolss_closeprinter(&hnd)) - return NT_STATUS_ACCESS_DENIED; - return status; - } - -#if 0 - if (fn != NULL) - fn(printer_name, station, level, returned, *ctr); -#endif - - return status; -} - -/**************************************************************************** -nt spoolss query -****************************************************************************/ -BOOL msrpc_spoolss_enum_jobs( const char* printer_name, - const char* station, const char* user_name, - uint32 level, - void ***ctr, JOB_INFO_FN(fn)) -{ - POLICY_HND hnd; - NTSTATUS status; - NEW_BUFFER buffer; - uint32 needed; - uint32 returned; - uint32 firstjob=0; - uint32 numofjobs=0xffff; - TALLOC_CTX *mem_ctx = NULL; - - DEBUG(4,("spoolopen - printer: %s server: %s user: %s\n", - printer_name, station, user_name)); - - if(!spoolss_open_printer_ex( printer_name, 0, 0, station, user_name, &hnd)) - return False; - - if ((mem_ctx=talloc_init()) == NULL) - { - DEBUG(0,("msrpc_spoolss_enum_jobs: talloc_init failed!\n")); - return False; - } - init_buffer(&buffer, 0, mem_ctx); - status = spoolss_enum_jobs(&hnd, firstjob, numofjobs, level, - &buffer, 0, &needed, &returned); - - if (status == ERROR_INSUFFICIENT_BUFFER) - { - init_buffer(&buffer, needed, mem_ctx); - status = spoolss_enum_jobs( &hnd, firstjob, numofjobs, level, - &buffer, needed, &needed, &returned); - } - - if (mem_ctx) - talloc_destroy(mem_ctx); - - if (status!=NT_STATUS_OK) { - if (!spoolss_closeprinter(&hnd)) - return False; - return False; - } - - if (fn != NULL) - fn(printer_name, station, level, returned, *ctr); - - return True; -} - - -/**************************************************************************** -nt spoolss query -****************************************************************************/ -BOOL msrpc_spoolss_enum_printerdata( const char* printer_name, - const char* station, const char* user_name ) -{ - POLICY_HND hnd; - NTSTATUS status; - uint32 idx; - uint32 valuelen; - uint16 *value; - uint32 rvaluelen; - uint32 type; - uint32 datalen; - uint8 *data; - uint32 rdatalen; - uint32 maxvaluelen; - uint32 maxdatalen; - - DEBUG(4,("msrpc_spoolss_enum_printerdata - printer: %s\n", printer_name)); - - if(!spoolss_open_printer_ex( printer_name, 0, 0, station, user_name, &hnd)) - return False; - - - idx=0; - valuelen=0; - rvaluelen=0; - type=0; - datalen=0; - rdatalen=0; - - status = spoolss_enum_printerdata(&hnd, idx, &valuelen, value, - &rvaluelen, &type, &datalen, - data, &rdatalen); - - DEBUG(4,("spoolenum_printerdata - got size: biggest value:[%d], biggest data:[%d]\n", rvaluelen, rdatalen)); - - maxvaluelen=valuelen=rvaluelen; - maxdatalen=datalen=rdatalen; - - value=(uint16 *)malloc(valuelen*sizeof(uint16)); - data=(uint8 *)malloc(datalen*sizeof(uint8)); - - display_printer_enumdata(out_hnd, ACTION_HEADER, idx, valuelen, - value, rvaluelen, type, datalen, data, rdatalen); - - do { - valuelen=maxvaluelen; - datalen=maxdatalen; - - status = spoolss_enum_printerdata(&hnd, idx, &valuelen, - value, &rvaluelen, &type, - &datalen, data, &rdatalen); - display_printer_enumdata(out_hnd, ACTION_ENUMERATE, idx, - valuelen, value, rvaluelen, type, - datalen, data, rdatalen); - idx++; - - } while (status != 0x0103); /* NO_MORE_ITEMS */ - - display_printer_enumdata(out_hnd, ACTION_FOOTER, idx, valuelen, - value, rvaluelen, type, datalen, data, rdatalen); - - - if (status!=NT_STATUS_OK) { - /* - * the check on this if statement is redundant - * since is the status is bad we're going to - * return False anyways. The caller will be - * unable to determine if there really was a problem - * with the spoolss_closeprinter() call --jerry - */ - spoolss_closeprinter(&hnd); - return False; - } - - return True; -} - -/**************************************************************************** -nt spoolss query -****************************************************************************/ -BOOL msrpc_spoolss_getprinter( const char* printer_name, const uint32 level, - const char* station, const char* user_name, - PRINTER_INFO_CTR ctr) -{ - POLICY_HND hnd; - NTSTATUS status=0; - NEW_BUFFER buffer; - uint32 needed=1000; - TALLOC_CTX *mem_ctx = NULL; - - DEBUG(4,("spoolenum_getprinter - printer: %s\n", printer_name)); - - if(!spoolss_open_printer_ex( printer_name, "", PRINTER_ALL_ACCESS, station, user_name, &hnd)) - return False; - - if ((mem_ctx=talloc_init()) == NULL) - { - DEBUG(0,("msrpc_spoolss_getprinter: talloc_init failed!\n")); - return False; - } - init_buffer(&buffer, needed, mem_ctx); - - status = spoolss_getprinter(&hnd, level, &buffer, needed, &needed); - - if (status==ERROR_INSUFFICIENT_BUFFER) { - init_buffer(&buffer, needed, mem_ctx); - status = spoolss_getprinter(&hnd, level, &buffer, needed, &needed); - } - - report(out_hnd, "\tstatus:[%d (%x)]\n", status, status); - - if (status!=NT_STATUS_OK) - { - if (mem_ctx) - talloc_destroy(mem_ctx); - return False; - } - - switch (level) { - case 0: - decode_printer_info_0(&buffer, 1, &(ctr.printers_0)); - break; - case 1: - decode_printer_info_1(&buffer, 1, &(ctr.printers_1)); - break; - case 2: - decode_printer_info_2(&buffer, 1, &(ctr.printers_2)); - break; - case 3: - decode_printer_info_3(&buffer, 1, &(ctr.printers_3)); - break; - } - - display_printer_info_ctr(out_hnd, ACTION_HEADER , level, 1, ctr); - display_printer_info_ctr(out_hnd, ACTION_ENUMERATE, level, 1, ctr); - display_printer_info_ctr(out_hnd, ACTION_FOOTER , level, 1, ctr); - - if (mem_ctx) - talloc_destroy(mem_ctx); - - if (status!=NT_STATUS_OK) { - if (!spoolss_closeprinter(&hnd)) - return False; - return False; - } - - return True; -} - -/**************************************************************************** -nt spoolss query -****************************************************************************/ -BOOL msrpc_spoolss_getprinterdriver( const char* printer_name, - const char *environment, const uint32 level, - const char* station, const char* user_name, - PRINTER_DRIVER_CTR ctr) -{ - POLICY_HND hnd; - NTSTATUS status=0; - NEW_BUFFER buffer; - uint32 needed; - TALLOC_CTX *mem_ctx = NULL; - - DEBUG(4,("msrpc_spoolss_enum_getprinterdriver - printer: %s\n", printer_name)); - - if(!spoolss_open_printer_ex( printer_name, "", PRINTER_ALL_ACCESS, station, user_name, &hnd)) - return False; - - if ((mem_ctx=talloc_init()) == NULL) - { - DEBUG(0,("msrpc_spoolss_getprinterdriver: talloc_init failed!\n")); - return False; - } - init_buffer(&buffer, 0, mem_ctx); - - status = spoolss_getprinterdriver(&hnd, environment, level, &buffer, 0, &needed); - - if (status==ERROR_INSUFFICIENT_BUFFER) { - init_buffer(&buffer, needed, mem_ctx); - status = spoolss_getprinterdriver(&hnd, environment, level, &buffer, needed, &needed); - } - - /* report(out_hnd, "\tstatus:[%d (%x)]\n", status, status); */ - - if (status!=NT_STATUS_OK) - { - if (mem_ctx) - talloc_destroy(mem_ctx); - return False; - } - - switch (level) { - case 1: - decode_printer_driver_1(&buffer, 1, &(ctr.info1)); - break; - case 2: - decode_printer_driver_2(&buffer, 1, &(ctr.info2)); - break; - case 3: - decode_printer_driver_3(&buffer, 1, &(ctr.info3)); - break; - } - - display_printer_driver_ctr(out_hnd, ACTION_HEADER , level, 1, ctr); - display_printer_driver_ctr(out_hnd, ACTION_ENUMERATE, level, 1, ctr); - display_printer_driver_ctr(out_hnd, ACTION_FOOTER , level, 1, ctr); - - if (mem_ctx) - talloc_destroy(mem_ctx); - - if (status!=NT_STATUS_OK) { - if (!spoolss_closeprinter(&hnd)) - return False; - return False; - } - - return True; -} - -/**************************************************************************** -nt spoolss query -****************************************************************************/ -BOOL msrpc_spoolss_enumprinterdrivers( const char* srv_name, - const char *environment, const uint32 level, - PRINTER_DRIVER_CTR ctr) -{ - NTSTATUS status=0; - NEW_BUFFER buffer; - uint32 needed; - uint32 returned; - TALLOC_CTX *mem_ctx = NULL; - - DEBUG(4,("msrpc_spoolss_enum_enumprinterdrivers - server: %s\n", srv_name)); - - if ((mem_ctx=talloc_init()) == NULL) - { - DEBUG(0,("msrpc_spoolss_enumprinterdrivers: talloc_init failed!\n")); - return False; - } - init_buffer(&buffer, 0, mem_ctx); - - status = spoolss_enum_printerdrivers(srv_name, environment, - level, &buffer, 0, &needed, &returned); - - if (status == ERROR_INSUFFICIENT_BUFFER) - { - init_buffer(&buffer, needed, mem_ctx); - status = spoolss_enum_printerdrivers( srv_name, environment, - level, &buffer, needed, &needed, &returned); - } - - report(out_hnd, "\tstatus:[%d (%x)]\n", status, status); - - if (status!=NT_STATUS_OK) - { - if (mem_ctx) - talloc_destroy(mem_ctx); - return False; - } - - switch (level) - { - case 1: - decode_printer_driver_1(&buffer, returned, &(ctr.info1)); - break; - case 2: - decode_printer_driver_2(&buffer, returned, &(ctr.info2)); - break; - case 3: - decode_printer_driver_3(&buffer, returned, &(ctr.info3)); - break; - } - - display_printer_driver_ctr(out_hnd, ACTION_HEADER , level, returned, ctr); - display_printer_driver_ctr(out_hnd, ACTION_ENUMERATE, level, returned, ctr); - display_printer_driver_ctr(out_hnd, ACTION_FOOTER , level, returned, ctr); - - if (mem_ctx) - talloc_destroy(mem_ctx); - - return True; -} - -/**************************************************************************** -nt spoolss query -****************************************************************************/ -BOOL msrpc_spoolss_getprinterdriverdir(char* srv_name, char* env_name, uint32 level, DRIVER_DIRECTORY_CTR ctr) -{ - NTSTATUS status; - NEW_BUFFER buffer; - uint32 needed; - TALLOC_CTX *mem_ctx = NULL; - - if ((mem_ctx=talloc_init()) == NULL) - { - DEBUG(0,("msrpc_spoolss_getprinterdriverdir: talloc_init failed!\n")); - return False; - } - init_buffer(&buffer, 0, mem_ctx); - - /* send a NULL buffer first */ - status=spoolss_getprinterdriverdir(srv_name, env_name, level, &buffer, 0, &needed); - - if (status==ERROR_INSUFFICIENT_BUFFER) { - init_buffer(&buffer, needed, mem_ctx); - status=spoolss_getprinterdriverdir(srv_name, env_name, level, &buffer, needed, &needed); - } - - report(out_hnd, "\tstatus:[%d (%x)]\n", status, status); - - if (status!=NT_STATUS_OK) - { - if (mem_ctx) - talloc_destroy(mem_ctx); - return False; - } - - switch (level) { - case 1: - decode_printerdriverdir_info_1(&buffer, &(ctr.driver.info_1)); - break; - } - - display_printerdriverdir_info_ctr(out_hnd, ACTION_HEADER , level, ctr); - display_printerdriverdir_info_ctr(out_hnd, ACTION_ENUMERATE, level, ctr); - display_printerdriverdir_info_ctr(out_hnd, ACTION_FOOTER , level, ctr); - - if (mem_ctx) - talloc_destroy(mem_ctx); - - return True; -} diff --git a/source3/rpc_client/ntclienttrust.c b/source3/rpc_client/ntclienttrust.c deleted file mode 100644 index 284fd491f8..0000000000 --- a/source3/rpc_client/ntclienttrust.c +++ /dev/null @@ -1,157 +0,0 @@ -/* - Unix SMB/CIFS implementation. - NT Domain Authentication SMB / MSRPC client - Copyright (C) Andrew Tridgell 1994-1997 - Copyright (C) Luke Kenneth Casson Leighton 1996-1997 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - - -/************************************************************************ - check workstation trust account status - ************************************************************************/ -BOOL trust_account_check(struct in_addr dest_ip, char *dest_host, - char *hostname, char *domain, fstring mach_acct, - fstring new_mach_pwd) -{ - pstring tmp; - fstring mach_pwd; - struct cli_state cli_trust; - uchar lm_owf_mach_pwd[16]; - uchar nt_owf_mach_pwd[16]; - uchar lm_sess_pwd[24]; - uchar nt_sess_pwd[24]; - - BOOL right_error_code = False; - uint8 err_cls; - uint32 err_num; - - char *start_mach_pwd; - char *change_mach_pwd; - - /* initial machine password */ - fstrcpy(mach_pwd, hostname); - strlower(mach_pwd); - - slprintf(tmp, sizeof(tmp) - 1,"Enter Workstation Trust Account password for [%s].\nDefault is [%s].\nPassword:", - mach_acct, mach_pwd); - - start_mach_pwd = (char*)getpass(tmp); - - if (start_mach_pwd[0] != 0) - { - fstrcpy(mach_pwd, start_mach_pwd); - } - - slprintf(tmp, sizeof(tmp)-1, "Enter new Workstation Trust Account password for [%s]\nPress Return to leave at old value.\nNew Password:", - mach_acct); - - change_mach_pwd = (char*)getpass(tmp); - - if (change_mach_pwd[0] != 0) - { - fstrcpy(new_mach_pwd, change_mach_pwd); - } - else - { - DEBUG(1,("trust_account_check: password change not requested\n")); - change_mach_pwd[0] = 0; - } - - DEBUG(1,("initialise cli_trust connection\n")); - - if (!cli_initialise(&cli_trust)) - { - DEBUG(1,("cli_initialise failed for cli_trust\n")); - return False; - } - - DEBUG(1,("server connect for cli_trust\n")); - - if (!server_connect_init(&cli_trust, hostname, dest_ip, dest_host)) - { - cli_error(&cli_trust, &err_cls, &err_num, NULL); - DEBUG(1,("server_connect_init failed (%s)\n", cli_errstr(&cli_trust))); - - cli_shutdown(&cli_trust); - return False; - } - - DEBUG(1,("server connect cli_trust succeeded\n")); - - nt_lm_owf_gen(mach_pwd, nt_owf_mach_pwd, lm_owf_mach_pwd); - - DEBUG(5,("generating nt owf from initial machine pwd: %s\n", mach_pwd)); - -#ifdef DEBUG_PASSWORD - DEBUG(100,("client cryptkey: ")); - dump_data(100, cli_trust.cryptkey, sizeof(cli_trust.cryptkey)); -#endif - - SMBencrypt(nt_owf_mach_pwd, cli_trust.cryptkey, nt_sess_pwd); - -#ifdef DEBUG_PASSWORD - DEBUG(100,("nt_owf_mach_pwd: ")); - dump_data(100, nt_owf_mach_pwd, sizeof(lm_owf_mach_pwd)); - DEBUG(100,("nt_sess_pwd: ")); - dump_data(100, nt_sess_pwd, sizeof(nt_sess_pwd)); -#endif - - SMBencrypt(lm_owf_mach_pwd, cli_trust.cryptkey, lm_sess_pwd); - -#ifdef DEBUG_PASSWORD - DEBUG(100,("lm_owf_mach_pwd: ")); - dump_data(100, lm_owf_mach_pwd, sizeof(lm_owf_mach_pwd)); - DEBUG(100,("lm_sess_pwd: ")); - dump_data(100, lm_sess_pwd, sizeof(lm_sess_pwd)); -#endif - - right_error_code = False; - - if (cli_session_setup(&cli_trust, mach_acct, - nt_owf_mach_pwd, sizeof(nt_owf_mach_pwd), - nt_owf_mach_pwd, sizeof(nt_owf_mach_pwd), domain)) - { - DEBUG(0,("cli_session_setup: NO ERROR! AAAGH! BUG IN SERVER DETECTED!!!\n")); - cli_shutdown(&cli_trust); - - return False; - } - - cli_error(&cli_trust, &err_cls, &err_num, NULL); - - if (err_num == (0xC0000000 | NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT)) - { - DEBUG(1,("cli_send_tconX: valid workstation trust account exists\n")); - right_error_code = True; - } - - if (err_num == (0xC0000000 | NT_STATUS_NO_SUCH_USER)) - { - DEBUG(1,("cli_send_tconX: workstation trust account does not exist\n")); - right_error_code = False; - } - - if (!right_error_code) - { - DEBUG(1,("server_validate failed (%s)\n", cli_errstr(&cli_trust))); - } - - cli_shutdown(&cli_trust); - return right_error_code; -} diff --git a/source3/smbd/ssl.c b/source3/smbd/ssl.c deleted file mode 100644 index 7fcb48a954..0000000000 --- a/source3/smbd/ssl.c +++ /dev/null @@ -1,286 +0,0 @@ -/* - Unix SMB/CIFS implementation. - SSLeay utility functions - Copyright (C) Christian Starkjohann 1998 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -/* - * since includes.h pulls in config.h which is were WITH_SSL will be - * defined, we want to include includes.h before testing for WITH_SSL - * RJS 26-Jan-1999 - */ - -#include "includes.h" - -#ifdef WITH_SSL /* should always be defined if this module is compiled */ - -#include -#include - -BOOL sslEnabled; -SSL *ssl = NULL; -int sslFd = -1; -static SSL_CTX *sslContext = NULL; -extern int DEBUGLEVEL; - -static int ssl_verify_cb(int ok, X509_STORE_CTX *ctx) -{ -char buffer[256]; - - X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), - buffer, sizeof(buffer)); - if(ok){ - DEBUG(0, ("SSL: Certificate OK: %s\n", buffer)); - }else{ - switch (ctx->error){ - case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: - DEBUG(0, ("SSL: Cert error: CA not known: %s\n", buffer)); - break; - case X509_V_ERR_CERT_NOT_YET_VALID: - DEBUG(0, ("SSL: Cert error: Cert not yet valid: %s\n", buffer)); - break; - case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: - DEBUG(0, ("SSL: Cert error: illegal \'not before\' field: %s\n", - buffer)); - break; - case X509_V_ERR_CERT_HAS_EXPIRED: - DEBUG(0, ("SSL: Cert error: Cert expired: %s\n", buffer)); - break; - case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: - DEBUG(0, ("SSL: Cert error: invalid \'not after\' field: %s\n", - buffer)); - break; - default: - DEBUG(0, ("SSL: Cert error: unknown error %d in %s\n", ctx->error, - buffer)); - break; - } - } - return ok; -} - -static RSA *ssl_temp_rsa_cb(SSL *ssl, int is_export, int keylength) -{ -static RSA *rsa = NULL; - - if(rsa == NULL) - rsa = RSA_generate_key(keylength, RSA_F4, NULL, NULL); - return rsa; -} - -/* This is called before we fork. It should ask the user for the pass phrase - * if necessary. Error output can still go to stderr because the process - * has a terminal. - */ -int sslutil_init(int isServer) -{ -int err, entropybytes; -char *certfile, *keyfile, *ciphers, *cacertDir, *cacertFile; -char *egdsocket, *entropyfile; - - SSL_load_error_strings(); - SSLeay_add_ssl_algorithms(); - egdsocket = lp_ssl_egdsocket(); - if (egdsocket != NULL && *egdsocket != 0) - RAND_egd(egdsocket); - entropyfile = lp_ssl_entropyfile(); - entropybytes = lp_ssl_entropybytes(); - if (entropyfile != NULL && *entropyfile != 0) - RAND_load_file(entropyfile, entropybytes); - switch(lp_ssl_version()){ - case SMB_SSL_V2: sslContext = SSL_CTX_new(SSLv2_method()); break; - case SMB_SSL_V3: sslContext = SSL_CTX_new(SSLv3_method()); break; - default: - case SMB_SSL_V23: sslContext = SSL_CTX_new(SSLv23_method()); break; - case SMB_SSL_TLS1: sslContext = SSL_CTX_new(TLSv1_method()); break; - } - if(sslContext == NULL){ - err = ERR_get_error(); - fprintf(stderr, "SSL: Error allocating context: %s\n", - ERR_error_string(err, NULL)); - exit(1); - } - if(lp_ssl_compatibility()){ - SSL_CTX_set_options(sslContext, SSL_OP_ALL); - } - certfile = isServer ? lp_ssl_server_cert() : lp_ssl_client_cert(); - if((certfile == NULL || *certfile == 0) && isServer){ - fprintf(stderr, "SSL: No cert file specified in config file!\n"); - fprintf(stderr, "The server MUST have a certificate!\n"); - exit(1); - } - keyfile = isServer ? lp_ssl_server_privkey() : lp_ssl_client_privkey(); - if(keyfile == NULL || *keyfile == 0) - keyfile = certfile; - if(certfile != NULL && *certfile != 0){ - if(!SSL_CTX_use_certificate_chain_file(sslContext, certfile)){ - err = ERR_get_error(); - fprintf(stderr, "SSL: error reading certificate from file %s: %s\n", - certfile, ERR_error_string(err, NULL)); - exit(1); - } - if(!SSL_CTX_use_PrivateKey_file(sslContext, keyfile, SSL_FILETYPE_PEM)){ - err = ERR_get_error(); - fprintf(stderr, "SSL: error reading private key from file %s: %s\n", - keyfile, ERR_error_string(err, NULL)); - exit(1); - } - if(!SSL_CTX_check_private_key(sslContext)){ - err = ERR_get_error(); - fprintf(stderr, "SSL: Private key does not match public key in cert!\n"); - exit(1); - } - } - cacertDir = lp_ssl_cacertdir(); - cacertFile = lp_ssl_cacertfile(); - if(cacertDir != NULL && *cacertDir == 0) - cacertDir = NULL; - if(cacertFile != NULL && *cacertFile == 0) - cacertFile = NULL; - if(!SSL_CTX_load_verify_locations(sslContext, cacertFile, cacertDir)){ - err = ERR_get_error(); - if (cacertFile || cacertDir) { - fprintf(stderr, "SSL: Error error setting CA cert locations: %s\n", - ERR_error_string(err, NULL)); - fprintf(stderr, "trying default locations.\n"); - } - cacertFile = cacertDir = NULL; - if(!SSL_CTX_set_default_verify_paths(sslContext)){ - err = ERR_get_error(); - fprintf(stderr, "SSL: Error error setting default CA cert location: %s\n", - ERR_error_string(err, NULL)); - exit(1); - } - } - SSL_CTX_set_tmp_rsa_callback(sslContext, ssl_temp_rsa_cb); - if((ciphers = lp_ssl_ciphers()) != NULL && *ciphers != 0) - SSL_CTX_set_cipher_list(sslContext, ciphers); - if((isServer && lp_ssl_reqClientCert()) || (!isServer && lp_ssl_reqServerCert())){ - SSL_CTX_set_verify(sslContext, - SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, ssl_verify_cb); - }else{ - SSL_CTX_set_verify(sslContext, SSL_VERIFY_NONE, ssl_verify_cb); - } -#if 1 /* don't know what this is good for, but s_server in SSLeay does it, too */ - if(isServer){ - SSL_CTX_set_client_CA_list(sslContext, SSL_load_client_CA_file(certfile)); - } -#endif - return 0; -} - -int sslutil_accept(int fd) -{ -int err; - - if(ssl != NULL){ - DEBUG(0, ("SSL: internal error: more than one SSL connection (server)\n")); - return -1; - } - if((ssl = SSL_new(sslContext)) == NULL){ - err = ERR_get_error(); - DEBUG(0, ("SSL: Error allocating handle: %s\n", - ERR_error_string(err, NULL))); - return -1; - } - SSL_set_fd(ssl, fd); - sslFd = fd; - if(SSL_accept(ssl) <= 0){ - err = ERR_get_error(); - DEBUG(0, ("SSL: Error accepting on socket: %s\n", - ERR_error_string(err, NULL))); - return -1; - } - DEBUG(0, ("SSL: negotiated cipher: %s\n", SSL_get_cipher(ssl))); - return 0; -} - -int sslutil_fd_is_ssl(int fd) -{ - return fd == sslFd; -} - -int sslutil_connect(int fd) -{ -int err; - - if(ssl != NULL){ - DEBUG(0, ("SSL: internal error: more than one SSL connection (client)\n")); - return -1; - } - if((ssl = SSL_new(sslContext)) == NULL){ - err = ERR_get_error(); - DEBUG(0, ("SSL: Error allocating handle: %s\n", - ERR_error_string(err, NULL))); - return -1; - } - SSL_set_fd(ssl, fd); - sslFd = fd; - if(SSL_connect(ssl) <= 0){ - err = ERR_get_error(); - DEBUG(0, ("SSL: Error conencting socket: %s\n", - ERR_error_string(err, NULL))); - return -1; - } - DEBUG(0, ("SSL: negotiated cipher: %s\n", SSL_get_cipher(ssl))); - return 0; -} - -int sslutil_disconnect(int fd) -{ - if(fd == sslFd && ssl != NULL){ - SSL_free(ssl); - ssl = NULL; - sslFd = -1; - } - return 0; -} - -int sslutil_negotiate_ssl(int fd, int msg_type) -{ -unsigned char buf[5] = {0x83, 0, 0, 1, 0x81}; -char *reqHosts, *resignHosts; - - reqHosts = lp_ssl_hosts(); - resignHosts = lp_ssl_hosts_resign(); - if(!allow_access(resignHosts, reqHosts, get_socket_name(fd), get_socket_addr(fd))){ - sslEnabled = False; - return 0; - } - if(msg_type != 0x81){ /* first packet must be a session request */ - DEBUG( 0, ( "Client %s did not use session setup; access denied\n", - client_addr() ) ); - if (!send_smb(fd, (char *)buf)) - DEBUG(0, ("sslutil_negotiate_ssl: send_smb failed.\n")); - return -1; - } - buf[4] = 0x8e; /* negative session response: use SSL */ - if (!send_smb(fd, (char *)buf)) { - DEBUG(0,("sslutil_negotiate_ssl: send_smb failed.\n")); - return -1; - } - if(sslutil_accept(fd) != 0){ - DEBUG( 0, ( "Client %s failed SSL negotiation!\n", client_addr() ) ); - return -1; - } - return 1; -} - -#else /* WITH_SSL */ - void ssl_dummy(void); - void ssl_dummy(void) {;} /* So some compilers don't complain. */ -#endif /* WITH_SSL */ -- cgit