From 0d44ff9a765f2e89be8b0ee99ec7c907e7c225c3 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Mon, 29 Nov 1999 21:47:14 +0000 Subject: attempting to resolve the issue that multiple servers often specified in parameters to connect to \PIPE\NETLOGON. (This used to be commit d1986ade30bdcac1f49707221a3e5a5ae597ce62) --- source3/include/proto.h | 10 +++---- source3/lib/util_array.c | 13 -------- source3/libsmb/clienttrust.c | 3 +- source3/rpc_client/cli_connect.c | 42 ++++++++++++++++++++++++++ source3/rpc_client/cli_login.c | 28 ++++++++++++++---- source3/rpc_server/srv_spoolss.c | 34 ++++++++++----------- source3/rpcclient/cmd_netlogon.c | 9 ++++-- source3/smbd/password.c | 64 +++++++--------------------------------- 8 files changed, 105 insertions(+), 98 deletions(-) (limited to 'source3') diff --git a/source3/include/proto.h b/source3/include/proto.h index 8a0fb3d083..b29565f4b2 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -491,8 +491,6 @@ void* add_copy_to_array(uint32 *len, void ***array, const void *item, void* add_item_to_array(uint32 *len, void ***array, void *item); void free_char_array(uint32 num_entries, char **entries); char* add_chars_to_array(uint32 *len, char ***array, const char *name); -void free_con_array(uint32 num_entries, struct cli_connection **entries); -struct cli_connection* add_con_to_array(uint32 *len, struct cli_connection ***array, struct cli_connection *con); void free_uint32_array(uint32 num_entries, uint32 **entries); uint32* add_uint32s_to_array(uint32 *len, uint32 ***array, const uint32 *name); void free_unistr_array(uint32 num_entries, UNISTR2 **entries); @@ -1801,6 +1799,7 @@ BOOL cli_connection_getsrv(const char* srv_name, const char* pipe_name, BOOL cli_connection_get(const POLICY_HND *pol, struct cli_connection **con); BOOL cli_pol_link(POLICY_HND *to, const POLICY_HND *from); BOOL cli_get_con_sesskey(struct cli_connection *con, uchar sess_key[16]); +BOOL cli_con_get_srvname(struct cli_connection *con, char *srv_name); BOOL cli_get_sesskey(const POLICY_HND *pol, uchar sess_key[16]); BOOL cli_get_sesskey_srv(const char* srv_name, uchar sess_key[16]); void cli_con_gen_next_creds(struct cli_connection *con, @@ -1827,10 +1826,11 @@ BOOL event_readeventlog(POLICY_HND *hnd, /*The following definitions come from rpc_client/cli_login.c */ -uint32 cli_nt_setup_creds( const char* srv_name, const char* myhostname, +uint32 cli_nt_setup_creds( char* servers, const char* myhostname, const char* trust_acct, unsigned char trust_pwd[16], - uint16 sec_chan); + uint16 sec_chan, + char *srv_name); BOOL cli_nt_srv_pwset(const char* srv_name, const char* myhostname, const char* trust_acct, unsigned char *new_hashof_trust_pwd, @@ -1849,7 +1849,7 @@ BOOL cli_nt_login_network(const char* srv_name, const char* myhostname, NET_USER_INFO_3 *user_info3); BOOL cli_nt_logoff(const char* srv_name, const char* myhostname, NET_ID_INFO_CTR *ctr); -BOOL net_sam_sync(const char* srv_name, const char* myhostname, +BOOL net_sam_sync(char* servers, const char* myhostname, const char* trust_acct, uchar trust_passwd[16], SAM_DELTA_HDR hdr_deltas[MAX_SAM_DELTAS], diff --git a/source3/lib/util_array.c b/source3/lib/util_array.c index 71f7046d62..62be3f17bd 100644 --- a/source3/lib/util_array.c +++ b/source3/lib/util_array.c @@ -91,19 +91,6 @@ char* add_chars_to_array(uint32 *len, char ***array, const char *name) } -void free_con_array(uint32 num_entries, struct cli_connection **entries) -{ - void(*fn)(void*) = (void(*)(void*))&cli_connection_free; - free_void_array(num_entries, (void**)entries, *fn); -} - -struct cli_connection* add_con_to_array(uint32 *len, struct cli_connection ***array, struct cli_connection *con) -{ - return (struct cli_connection*)add_item_to_array(len, - (void***)array, (void*)con); - -} - static uint32 *uint32_dup(const uint32* from) { if (from != NULL) diff --git a/source3/libsmb/clienttrust.c b/source3/libsmb/clienttrust.c index b223750529..d9d3392d0b 100644 --- a/source3/libsmb/clienttrust.c +++ b/source3/libsmb/clienttrust.c @@ -57,7 +57,8 @@ static BOOL modify_trust_password( char *domain, char *remote_machine, make_nmb_name(&called , remote_machine, 0x20, scope); if (cli_nt_setup_creds(srv_name, global_myname, trust_acct, - orig_trust_passwd_hash, sec_chan) != 0x0) + orig_trust_passwd_hash, sec_chan, + srv_name) != 0x0) { return False; } diff --git a/source3/rpc_client/cli_connect.c b/source3/rpc_client/cli_connect.c index fc6f5c8c44..6b7fba41c5 100644 --- a/source3/rpc_client/cli_connect.c +++ b/source3/rpc_client/cli_connect.c @@ -50,6 +50,20 @@ void init_connections(void) num_cons = 0; } +static void free_con_array(uint32 num_entries, struct cli_connection **entries) +{ + void(*fn)(void*) = (void(*)(void*))&cli_connection_free; + free_void_array(num_entries, (void**)entries, *fn); +} + +static struct cli_connection* add_con_to_array(uint32 *len, + struct cli_connection ***array, + struct cli_connection *con) +{ + return (struct cli_connection*)add_item_to_array(len, + (void***)array, (void*)con); + +} void free_connections(void) { free_con_array(num_cons, con_list); @@ -286,11 +300,39 @@ policy handle. ****************************************************************************/ BOOL cli_get_con_sesskey(struct cli_connection *con, uchar sess_key[16]) { + if (con == NULL) + { + return False; + } memcpy(sess_key, con->cli->sess_key, sizeof(con->cli->sess_key)); return True; } +/**************************************************************************** +get a user session key associated with a connection associated with a +policy handle. +****************************************************************************/ +BOOL cli_con_get_srvname(struct cli_connection *con, char *srv_name) +{ + if (con == NULL) + { + return False; + } + + if (strnequal("\\\\", con->cli->desthost, 2)) + { + fstrcpy(srv_name, con->cli->desthost); + } + else + { + fstrcpy(srv_name, "\\\\"); + fstrcat(srv_name, con->cli->desthost); + } + + return True; +} + /**************************************************************************** get a user session key associated with a connection associated with a policy handle. diff --git a/source3/rpc_client/cli_login.c b/source3/rpc_client/cli_login.c index 6bb9fed063..832731d92d 100644 --- a/source3/rpc_client/cli_login.c +++ b/source3/rpc_client/cli_login.c @@ -29,10 +29,11 @@ extern int DEBUGLEVEL; Initialize domain session credentials. ****************************************************************************/ -uint32 cli_nt_setup_creds( const char* srv_name, const char* myhostname, +uint32 cli_nt_setup_creds( char* servers, const char* myhostname, const char* trust_acct, unsigned char trust_pwd[16], - uint16 sec_chan) + uint16 sec_chan, + char *srv_name) { DOM_CHAL clnt_chal; DOM_CHAL srv_chal; @@ -41,12 +42,25 @@ uint32 cli_nt_setup_creds( const char* srv_name, const char* myhostname, uint8 sess_key[16]; DOM_CRED clnt_cred; + /******************* make connection **********************/ + struct cli_connection *con = NULL; + + if (!cli_connection_init_list(servers, PIPE_NETLOGON, &con)) + { + return False; + } + + if (!cli_con_get_srvname(con, srv_name)) + { + return False; + } + /******************* Request Challenge ********************/ generate_random_buffer( clnt_chal.data, 8, False); /* send a client challenge; receive a server challenge */ - ret = cli_net_req_chal(srv_name, myhostname, &clnt_chal, &srv_chal); + ret = cli_net_req_chal(servers, myhostname, &clnt_chal, &srv_chal); if (ret != 0) { DEBUG(1,("cli_nt_setup_creds: request challenge failed\n")); @@ -233,7 +247,7 @@ BOOL cli_nt_logoff(const char* srv_name, const char* myhostname, /**************************************************************************** NT SAM database sync ****************************************************************************/ -BOOL net_sam_sync(const char* srv_name, const char* myhostname, +BOOL net_sam_sync(char* servers, const char* myhostname, const char* trust_acct, uchar trust_passwd[16], SAM_DELTA_HDR hdr_deltas[MAX_SAM_DELTAS], @@ -241,15 +255,17 @@ BOOL net_sam_sync(const char* srv_name, const char* myhostname, uint32 *num_deltas) { BOOL res = True; + fstring srv_name; *num_deltas = 0; DEBUG(5,("Attempting SAM sync with PDC: %s\n", srv_name)); - res = res ? cli_nt_setup_creds( srv_name, myhostname, + res = res ? cli_nt_setup_creds( servers, myhostname, trust_acct, - trust_passwd, SEC_CHAN_BDC) == 0x0 : False; + trust_passwd, SEC_CHAN_BDC, + srv_name) == 0x0 : False; memset(trust_passwd, 0, 16); diff --git a/source3/rpc_server/srv_spoolss.c b/source3/rpc_server/srv_spoolss.c index 1f9d8a19d5..a3760587cd 100755 --- a/source3/rpc_server/srv_spoolss.c +++ b/source3/rpc_server/srv_spoolss.c @@ -50,7 +50,7 @@ static struct uint32 document_lastwritten; pstring document_name; pstring job_name; - PRINTER_HND printer_hnd; + POLICY_HND printer_hnd; BOOL printer_type; union { @@ -82,7 +82,7 @@ void init_printer_hnd(void) /**************************************************************************** create a unique printer handle ****************************************************************************/ -static void create_printer_hnd(PRINTER_HND *hnd) +static void create_printer_hnd(POLICY_HND *hnd) { static uint32 prt_hnd_low = 0; static uint32 prt_hnd_high = 0; @@ -103,15 +103,15 @@ static void create_printer_hnd(PRINTER_HND *hnd) /**************************************************************************** clear an handle ****************************************************************************/ -static void clear_handle(PRINTER_HND *hnd) +static void clear_handle(POLICY_HND *hnd) { - bzero(hnd->data, PRINTER_HND_SIZE); + bzero(hnd->data, POLICY_HND_SIZE); } /**************************************************************************** find first available printer slot. creates a printer handle for you. ****************************************************************************/ -static BOOL open_printer_hnd(PRINTER_HND *hnd) +static BOOL open_printer_hnd(POLICY_HND *hnd) { int i; @@ -135,7 +135,7 @@ static BOOL open_printer_hnd(PRINTER_HND *hnd) /**************************************************************************** find printer index by handle ****************************************************************************/ -static int find_printer_index_by_hnd(PRINTER_HND *hnd) +static int find_printer_index_by_hnd(POLICY_HND *hnd) { int i; @@ -156,7 +156,7 @@ static int find_printer_index_by_hnd(PRINTER_HND *hnd) /**************************************************************************** set printer handle type. ****************************************************************************/ -static BOOL set_printer_hnd_accesstype(PRINTER_HND *hnd, uint32 access_required) +static BOOL set_printer_hnd_accesstype(POLICY_HND *hnd, uint32 access_required) { int pnum = find_printer_index_by_hnd(hnd); @@ -182,7 +182,7 @@ static BOOL set_printer_hnd_accesstype(PRINTER_HND *hnd, uint32 access_required) /**************************************************************************** set printer handle type. ****************************************************************************/ -static BOOL set_printer_hnd_printertype(PRINTER_HND *hnd, char *printername) +static BOOL set_printer_hnd_printertype(POLICY_HND *hnd, char *printername) { int pnum = find_printer_index_by_hnd(hnd); @@ -225,7 +225,7 @@ static BOOL set_printer_hnd_printertype(PRINTER_HND *hnd, char *printername) /**************************************************************************** set printer handle printername. ****************************************************************************/ -static BOOL set_printer_hnd_printername(PRINTER_HND *hnd, char *printername) +static BOOL set_printer_hnd_printername(POLICY_HND *hnd, char *printername) { int pnum = find_printer_index_by_hnd(hnd); char *back; @@ -301,7 +301,7 @@ static BOOL set_printer_hnd_printername(PRINTER_HND *hnd, char *printername) /**************************************************************************** return the snum of a printer corresponding to an handle ****************************************************************************/ -static BOOL get_printer_snum(PRINTER_HND *hnd, int *number) +static BOOL get_printer_snum(POLICY_HND *hnd, int *number) { int snum; int pnum = find_printer_index_by_hnd(hnd); @@ -350,7 +350,7 @@ static BOOL get_printer_snum(PRINTER_HND *hnd, int *number) /******************************************************************** ********************************************************************/ -static BOOL handle_is_printserver(PRINTER_HND *handle) +static BOOL handle_is_printserver(POLICY_HND *handle) { int pnum=find_printer_index_by_hnd(handle); @@ -372,7 +372,7 @@ static BOOL handle_is_printserver(PRINTER_HND *handle) /******************************************************************** ********************************************************************/ /* -static BOOL handle_is_printer(PRINTER_HND *handle) +static BOOL handle_is_printer(POLICY_HND *handle) { return (!handle_is_printserver(handle)); } @@ -538,7 +538,7 @@ static BOOL getprinterdata_printer_server(fstring value, uint32 size, uint32 *ty /******************************************************************** ********************************************************************/ -static BOOL getprinterdata_printer(PRINTER_HND *handle, fstring value, uint32 size, uint32 *type, +static BOOL getprinterdata_printer(POLICY_HND *handle, fstring value, uint32 size, uint32 *type, uint32 *numeric_data, uint8 **data, uint32 *needed ) { NT_PRINTER_INFO_LEVEL printer; @@ -1315,7 +1315,7 @@ static void construct_notify_jobs_info(print_queue_struct *queue, SPOOL_NOTIFY_I * fill a notify_info struct with info asked * ********************************************************************/ -static void printserver_notify_info(PRINTER_HND *hnd, SPOOL_NOTIFY_INFO *info, connection_struct *conn) +static void printserver_notify_info(POLICY_HND *hnd, SPOOL_NOTIFY_INFO *info, connection_struct *conn) { int snum; int pnum=find_printer_index_by_hnd(hnd); @@ -1348,7 +1348,7 @@ static void printserver_notify_info(PRINTER_HND *hnd, SPOOL_NOTIFY_INFO *info, c * fill a notify_info struct with info asked * ********************************************************************/ -static void printer_notify_info(PRINTER_HND *hnd, SPOOL_NOTIFY_INFO *info, connection_struct *conn) +static void printer_notify_info(POLICY_HND *hnd, SPOOL_NOTIFY_INFO *info, connection_struct *conn) { int snum; int pnum=find_printer_index_by_hnd(hnd); @@ -2458,7 +2458,7 @@ static void api_spoolss_writeprinter(pipes_struct *p, prs_struct *data, * called from the spoolss dispatcher * ********************************************************************/ -static void control_printer(PRINTER_HND handle, uint32 command, connection_struct *conn) +static void control_printer(POLICY_HND handle, uint32 command, connection_struct *conn) { int pnum; int snum; @@ -2489,7 +2489,7 @@ static void control_printer(PRINTER_HND handle, uint32 command, connection_struc * called by spoolss_api_setprinter * when updating a printer description ********************************************************************/ -static void update_printer(PRINTER_HND handle, uint32 level, +static void update_printer(POLICY_HND handle, uint32 level, SPOOL_PRINTER_INFO_LEVEL info, DEVICEMODE *devmode) { int pnum; diff --git a/source3/rpcclient/cmd_netlogon.c b/source3/rpcclient/cmd_netlogon.c index 4933501b7a..0b0292e632 100644 --- a/source3/rpcclient/cmd_netlogon.c +++ b/source3/rpcclient/cmd_netlogon.c @@ -113,7 +113,8 @@ void cmd_netlogon_login_test(struct client_info *info, int argc, char *argv[]) res = res ? cli_nt_setup_creds(srv_name, info->myhostname, trust_acct, - trust_passwd, SEC_CHAN_WKSTA) == 0x0 : False; + trust_passwd, SEC_CHAN_WKSTA, + srv_name) == 0x0 : False; #if 0 /* change the machine password? */ @@ -182,9 +183,11 @@ void cmd_netlogon_domain_test(struct client_info *info, int argc, char *argv[]) res = res ? trust_get_passwd(trust_passwd, usr_creds->domain, nt_trust_dom) : False; - res = res ? cli_nt_setup_creds(srv_name, info->myhostname, inter_dom_acct, + res = res ? cli_nt_setup_creds(srv_name, + info->myhostname, inter_dom_acct, trust_passwd, - SEC_CHAN_DOMAIN) == 0x0 : False; + SEC_CHAN_DOMAIN, + srv_name) == 0x0 : False; memset(trust_passwd, 0, 16); diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 010272b807..fa6f2b06e3 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -1116,16 +1116,15 @@ BOOL domain_client_validate( char *user, char *domain, char *server_list, char *smb_ntpasswd, int smb_ntpasslen, uchar user_sess_key[16]) { - uint16 nt_pipe_fnum; unsigned char local_challenge[8]; unsigned char local_lm_response[24]; unsigned char local_nt_reponse[24]; unsigned char trust_passwd[16]; NET_ID_INFO_CTR ctr; NET_USER_INFO_3 info3; - struct cli_state cli; uint32 smb_uid_low; fstring trust_acct; + fstring srv_name; fstrcpy(trust_acct, acct_name); fstrcat(trust_acct, "$"); @@ -1192,50 +1191,31 @@ BOOL domain_client_validate( char *user, char *domain, char *server_list, * see if they were valid. */ - if (!cli_connect_serverlist(&cli, server_list)) - { - DEBUG(0,("domain_client_validate: Domain password server not available.\n")); - return False; - } - /* * Ok - we have an anonymous connection to the IPC$ share. * Now start the NT Domain stuff :-). */ - if (!cli_nt_session_open(&cli, PIPE_NETLOGON, &nt_pipe_fnum)) { - DEBUG(0,("domain_client_validate: unable to open the domain client session to \ - machine %s. Error was : %s.\n", cli.desthost, cli_errstr(&cli))); - cli_nt_session_close(&cli, nt_pipe_fnum); - cli_ulogoff(&cli); - cli_shutdown(&cli); - return False; - } - - if(cli_nt_setup_creds(&cli, nt_pipe_fnum, - trust_acct, global_myname, trust_passwd, acct_type) != 0x0) + if(cli_nt_setup_creds(server_list, global_myname, trust_acct, + trust_passwd, acct_type, srv_name) != 0x0) { DEBUG(0,("domain_client_validate: unable to setup the PDC credentials to machine \ - %s. Error was : %s.\n", cli.desthost, cli_errstr(&cli))); - cli_nt_session_close(&cli, nt_pipe_fnum); - cli_ulogoff(&cli); - cli_shutdown(&cli); + %s.\n", srv_name)); return False; } /* We really don't care what LUID we give the user. */ generate_random_buffer( (unsigned char *)&smb_uid_low, 4, False); - if (!cli_nt_login_network(&cli, nt_pipe_fnum, domain, user, smb_uid_low, (char *)local_challenge, - ((smb_apasslen != 0) ? smb_apasswd : NULL), - ((smb_ntpasslen != 0) ? smb_ntpasswd : NULL), - &ctr, &info3)) + if (!cli_nt_login_network(srv_name, global_myname, + domain, user, + smb_uid_low, (char *)local_challenge, + ((smb_apasslen != 0) ? smb_apasswd : NULL), + ((smb_ntpasslen != 0) ? smb_ntpasswd : NULL), + &ctr, &info3)) { DEBUG(0,("domain_client_validate: unable to validate password for user %s in domain \ - %s to Domain controller %s. Error was %s.\n", user, domain, cli.desthost, cli_errstr(&cli))); - cli_nt_session_close(&cli, nt_pipe_fnum); - cli_ulogoff(&cli); - cli_shutdown(&cli); + %s to Domain controller %s.\n", user, domain, srv_name)); return False; } @@ -1245,27 +1225,5 @@ BOOL domain_client_validate( char *user, char *domain, char *server_list, * locked out / disabled" etc!!!! */ -#if 0 - /* - * We don't actually need to do this - plus it fails currently with - * NT_STATUS_INVALID_INFO_CLASS - we need to know *exactly* what to - * send here. JRA. - */ - - if (!cli_nt_logoff(&cli, nt_pipe_fnum, &ctr)) - { - DEBUG(0,("domain_client_validate: unable to log off user %s in domain \ - %s to Domain controller %s. Error was %s.\n", user, domain, cli.desthost, cli_errstr(&cli))); - cli_nt_session_close(&cli, nt_pipe_fnum); - cli_ulogoff(&cli); - cli_shutdown(&cli); - return False; - } -#endif /* 0 */ - - cli_nt_session_close(&cli, nt_pipe_fnum); - cli_ulogoff(&cli); - cli_shutdown(&cli); - return True; } -- cgit