From 7ed5a181ac836f2f88e1525723dd6197ca3a9084 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 15 Jun 1998 22:02:14 +0000 Subject: client.c: Made -L do a null-session share unless -U user is specified. clientutil.c: Fixed NT session to add NT password. groupname.c: Added lookup function. Jeremy. (This used to be commit 8216363e83fcdccfade70f983830b56b7e6546a4) --- source3/client/client.c | 66 +++++++-------- source3/client/clientutil.c | 199 +++++++++++++++++++++++--------------------- source3/include/proto.h | 1 + source3/smbd/groupname.c | 34 ++++++++ 4 files changed, 170 insertions(+), 130 deletions(-) (limited to 'source3') diff --git a/source3/client/client.c b/source3/client/client.c index 86de850abf..c48c5500cd 100644 --- a/source3/client/client.c +++ b/source3/client/client.c @@ -3550,12 +3550,12 @@ static void usage(char *pname) pstring query_host; BOOL message = False; BOOL nt_domain_logon = False; + BOOL explicit_user = False; extern char tar_type; static pstring servicesf = CONFIGFILE; pstring term_code; pstring new_name_resolve_order; char *p; - int save_debuglevel = -1; #ifdef KANJI pstrcpy(term_code, KANJI); @@ -3575,6 +3575,22 @@ static void usage(char *pname) TimeInit(); charset_initialise(); + if(!get_myname(myhostname,NULL)) + { + DEBUG(0,("Failed to get my hostname.\n")); + } + + if (!lp_load(servicesf,True,False,False)) { + fprintf(stderr, "Can't load %s - run testparm to debug it\n", servicesf); + } + + codepage_initialise(lp_client_code_page()); + + interpret_coding_system(term_code); + + pstrcpy(workgroup,lp_workgroup()); + + load_interfaces(); pid = getpid(); uid = getuid(); gid = getgid(); @@ -3694,12 +3710,15 @@ static void usage(char *pname) case 'L': got_pass = True; pstrcpy(query_host,optarg); + if(!explicit_user) + *username = '\0'; break; case 'U': { char *lp; - pstrcpy(username,optarg); - if ((lp=strchr(username,'%'))) + explicit_user = True; + pstrcpy(username,optarg); + if ((lp=strchr(username,'%'))) { *lp = 0; pstrcpy(password,lp+1); @@ -3734,9 +3753,9 @@ static void usage(char *pname) break; case 'd': if (*optarg == 'A') - save_debuglevel = DEBUGLEVEL = 10000; + DEBUGLEVEL = 10000; else - save_debuglevel = DEBUGLEVEL = atoi(optarg); + DEBUGLEVEL = atoi(optarg); break; case 'l': slprintf(debugf,sizeof(debugf)-1, "%s.client",optarg); @@ -3763,6 +3782,12 @@ static void usage(char *pname) exit(1); } + get_myname((*global_myname)?NULL:global_myname,NULL); + strupper(global_myname); + + if(*new_name_resolve_order) + lp_set_name_resolve_order(new_name_resolve_order); + if (!tar_type && !*query_host && !*service && !message) { usage(pname); @@ -3772,37 +3797,6 @@ static void usage(char *pname) DEBUG(3,("%s client started (version %s)\n",timestring(),VERSION)); - if(!get_myname(myhostname,NULL)) - { - DEBUG(0,("Failed to get my hostname.\n")); - } - - if (!lp_load(servicesf,True,False,False)) { - fprintf(stderr, "Can't load %s - run testparm to debug it\n", servicesf); - } - - /* - * We need to reset the global debuglevel here, as - * lp_load will reset it from smb.conf. - */ - - if(save_debuglevel != -1) - DEBUGLEVEL = save_debuglevel; - - codepage_initialise(lp_client_code_page()); - - interpret_coding_system(term_code); - - if (*workgroup == 0) - pstrcpy(workgroup,lp_workgroup()); - - load_interfaces(); - get_myname((*global_myname)?NULL:global_myname,NULL); - strupper(global_myname); - - if(*new_name_resolve_order) - lp_set_name_resolve_order(new_name_resolve_order); - if (tar_type) { recurse=True; diff --git a/source3/client/clientutil.c b/source3/client/clientutil.c index 2da0fbb215..0c60ac0109 100644 --- a/source3/client/clientutil.c +++ b/source3/client/clientutil.c @@ -436,6 +436,8 @@ BOOL cli_send_login(char *inbuf,char *outbuf,BOOL start_session,BOOL use_setup, extern int serverzone; int crypt_len=0; char *pass = NULL; + uchar enc_ntpass[24]; + int ntpasslen = 0; pstring dev; char *p; int numprots; @@ -593,110 +595,119 @@ BOOL cli_send_login(char *inbuf,char *outbuf,BOOL start_session,BOOL use_setup, *username = 0; if (Protocol >= PROTOCOL_LANMAN1 && use_setup) + { + fstring pword; + int passlen = strlen(pass)+1; + fstrcpy(pword,pass); + + if (doencrypt && *pass) { - fstring pword; - int passlen = strlen(pass)+1; - fstrcpy(pword,pass); - - if (doencrypt && *pass) { - DEBUG(3,("Using encrypted passwords\n")); - passlen = 24; - SMBencrypt((uchar *)pass,(uchar *)cryptkey,(uchar *)pword); - } + DEBUG(3,("Using encrypted passwords\n")); + passlen = 24; + SMBencrypt((uchar *)pass,(uchar *)cryptkey,(uchar *)pword); + ntpasslen = 24; + SMBNTencrypt((uchar *)pass,(uchar *)cryptkey,enc_ntpass); + } - /* if in share level security then don't send a password now */ - if (!(opt.sec_mode & 1)) {fstrcpy(pword, "");passlen=1;} - - /* send a session setup command */ - bzero(outbuf,smb_size); - - if (Protocol < PROTOCOL_NT1) { - set_message(outbuf,10,1 + strlen(username) + passlen,True); - CVAL(outbuf,smb_com) = SMBsesssetupX; - cli_setup_pkt(outbuf); - - CVAL(outbuf,smb_vwv0) = 0xFF; - SSVAL(outbuf,smb_vwv2,max_xmit); - SSVAL(outbuf,smb_vwv3,2); - SSVAL(outbuf,smb_vwv4,opt.max_vcs-1); - SIVAL(outbuf,smb_vwv5,opt.sesskey); - SSVAL(outbuf,smb_vwv7,passlen); - p = smb_buf(outbuf); - memcpy(p,pword,passlen); - p += passlen; - pstrcpy(p,username); - } else { - if (!doencrypt) passlen--; - /* for Win95 */ - set_message(outbuf,13,0,True); - CVAL(outbuf,smb_com) = SMBsesssetupX; - cli_setup_pkt(outbuf); - - CVAL(outbuf,smb_vwv0) = 0xFF; - SSVAL(outbuf,smb_vwv2,BUFFER_SIZE); - SSVAL(outbuf,smb_vwv3,2); - SSVAL(outbuf,smb_vwv4,getpid()); - SIVAL(outbuf,smb_vwv5,opt.sesskey); - SSVAL(outbuf,smb_vwv7,passlen); - SSVAL(outbuf,smb_vwv8,0); - p = smb_buf(outbuf); - memcpy(p,pword,passlen); p += SVAL(outbuf,smb_vwv7); - pstrcpy(p,username);p = skip_string(p,1); - pstrcpy(p,workgroup);p = skip_string(p,1); - pstrcpy(p,"Unix");p = skip_string(p,1); - pstrcpy(p,"Samba");p = skip_string(p,1); - set_message(outbuf,13,PTR_DIFF(p,smb_buf(outbuf)),False); - } + /* if in share level security then don't send a password now */ + if (!(opt.sec_mode & 1)) {fstrcpy(pword, "");passlen=1;} - send_smb(Client,outbuf); - client_receive_smb(Client,inbuf,CLIENT_TIMEOUT); + /* send a session setup command */ + bzero(outbuf,smb_size); - show_msg(inbuf); + if (Protocol < PROTOCOL_NT1) + { + set_message(outbuf,10,1 + strlen(username) + passlen,True); + CVAL(outbuf,smb_com) = SMBsesssetupX; + cli_setup_pkt(outbuf); - if (CVAL(inbuf,smb_rcls) != 0) - { - if (! *pass && - ((CVAL(inbuf,smb_rcls) == ERRDOS && - SVAL(inbuf,smb_err) == ERRnoaccess) || - (CVAL(inbuf,smb_rcls) == ERRSRV && - SVAL(inbuf,smb_err) == ERRbadpw))) - { - got_pass = False; - DEBUG(3,("resending login\n")); - if (! no_pass) - goto get_pass; - } - - DEBUG(0,("Session setup failed for username=%s myname=%s destname=%s %s\n", - username,global_myname,desthost,smb_errstr(inbuf))); - DEBUG(0,("You might find the -U, -W or -n options useful\n")); - DEBUG(0,("Sometimes you have to use `-n USERNAME' (particularly with OS/2)\n")); - DEBUG(0,("Some servers also insist on uppercase-only passwords\n")); - if (was_null) - { - free(inbuf); - free(outbuf); - } - return(False); - } + CVAL(outbuf,smb_vwv0) = 0xFF; + SSVAL(outbuf,smb_vwv2,max_xmit); + SSVAL(outbuf,smb_vwv3,2); + SSVAL(outbuf,smb_vwv4,opt.max_vcs-1); + SIVAL(outbuf,smb_vwv5,opt.sesskey); + SSVAL(outbuf,smb_vwv7,passlen); + p = smb_buf(outbuf); + memcpy(p,pword,passlen); + p += passlen; + pstrcpy(p,username); + } + else + { + if (!doencrypt) passlen--; + /* for Win95 */ + set_message(outbuf,13,0,True); + CVAL(outbuf,smb_com) = SMBsesssetupX; + cli_setup_pkt(outbuf); - if (Protocol >= PROTOCOL_NT1) { - char *domain,*os,*lanman; - p = smb_buf(inbuf); - os = p; - lanman = skip_string(os,1); - domain = skip_string(lanman,1); - if (*domain || *os || *lanman) - DEBUG(1,("Domain=[%s] OS=[%s] Server=[%s]\n",domain,os,lanman)); + CVAL(outbuf,smb_vwv0) = 0xFF; + SSVAL(outbuf,smb_vwv2,BUFFER_SIZE); + SSVAL(outbuf,smb_vwv3,2); + SSVAL(outbuf,smb_vwv4,getpid()); + SIVAL(outbuf,smb_vwv5,opt.sesskey); + SSVAL(outbuf,smb_vwv7,passlen); + SSVAL(outbuf,smb_vwv8,doencrypt ? ntpasslen : 0); + p = smb_buf(outbuf); + memcpy(p,pword,passlen); p += SVAL(outbuf,smb_vwv7); + if(doencrypt) + memcpy(p,enc_ntpass,ntpasslen); p += SVAL(outbuf,smb_vwv8); + pstrcpy(p,username);p = skip_string(p,1); + pstrcpy(p,workgroup);p = skip_string(p,1); + pstrcpy(p,"Unix");p = skip_string(p,1); + pstrcpy(p,"Samba");p = skip_string(p,1); + set_message(outbuf,13,PTR_DIFF(p,smb_buf(outbuf)),False); + } + + send_smb(Client,outbuf); + client_receive_smb(Client,inbuf,CLIENT_TIMEOUT); + + show_msg(inbuf); + + if (CVAL(inbuf,smb_rcls) != 0) + { + if (! *pass && + ((CVAL(inbuf,smb_rcls) == ERRDOS && + SVAL(inbuf,smb_err) == ERRnoaccess) || + (CVAL(inbuf,smb_rcls) == ERRSRV && + SVAL(inbuf,smb_err) == ERRbadpw))) + { + got_pass = False; + DEBUG(3,("resending login\n")); + if (! no_pass) + goto get_pass; } + + DEBUG(0,("Session setup failed for username=%s myname=%s destname=%s %s\n", + username,global_myname,desthost,smb_errstr(inbuf))); + DEBUG(0,("You might find the -U, -W or -n options useful\n")); + DEBUG(0,("Sometimes you have to use `-n USERNAME' (particularly with OS/2)\n")); + DEBUG(0,("Some servers also insist on uppercase-only passwords\n")); + if (was_null) + { + free(inbuf); + free(outbuf); + } + return(False); + } - /* use the returned uid from now on */ - if (SVAL(inbuf,smb_uid) != uid) - DEBUG(3,("Server gave us a UID of %d. We gave %d\n", - SVAL(inbuf,smb_uid),uid)); - opt.server_uid = uid = SVAL(inbuf,smb_uid); + if (Protocol >= PROTOCOL_NT1) + { + char *domain,*os,*lanman; + p = smb_buf(inbuf); + os = p; + lanman = skip_string(os,1); + domain = skip_string(lanman,1); + if (*domain || *os || *lanman) + DEBUG(1,("Domain=[%s] OS=[%s] Server=[%s]\n",domain,os,lanman)); } + /* use the returned uid from now on */ + if (SVAL(inbuf,smb_uid) != uid) + DEBUG(3,("Server gave us a UID of %d. We gave %d\n", + SVAL(inbuf,smb_uid),uid)); + opt.server_uid = uid = SVAL(inbuf,smb_uid); + } + if (opt.sec_mode & 1) { if (SVAL(inbuf, smb_vwv2) & 1) DEBUG(1,("connected as guest ")); diff --git a/source3/include/proto.h b/source3/include/proto.h index 6938be6367..5ff9df5a5f 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -203,6 +203,7 @@ char *getsmbpass(char *prompt) ; /*The following definitions come from groupname.c */ void load_groupname_map(void); +void map_gid_to_sid( gid_t gid, DOM_SID *psid); /*The following definitions come from interface.c */ diff --git a/source3/smbd/groupname.c b/source3/smbd/groupname.c index 4cfd3e98f5..33ce3adbfe 100644 --- a/source3/smbd/groupname.c +++ b/source3/smbd/groupname.c @@ -202,3 +202,37 @@ Error was %s.\n", unixname, strerror(errno) )); fclose(fp); } + +/*********************************************************** + Lookup a SID entry by gid_t. +************************************************************/ + +void map_gid_to_sid( gid_t gid, DOM_SID *psid) +{ + groupname_map_entry *gmep; + + /* + * Initialize and load if not already loaded. + */ + load_groupname_map(); + + for( gmep = (groupname_map_entry *)ubi_slFirst( &groupname_map_list); + gmep; gmep = (groupname_map_entry *)ubi_slNext( gmep )) { + + if( gmep->unix_gid == gid) { + *psid = gmep->windows_sid; + DEBUG(7,("map_gid_to_sid: Mapping unix group %s to windows group %s.\n", + gmep->unix_name, gmep->windows_name )); + return; + } + } + + /* + * If there's no map, convert the UNIX gid_t + * to a rid within this domain SID. + */ + *psid = global_machine_sid; + psid->sub_auths[psid->num_auths++] = pdb_gid_to_group_rid(gid); + + return; +} -- cgit