Changeset 134 for branches/samba-3.0/source/utils
- Timestamp:
- May 23, 2008, 6:56:41 AM (17 years ago)
- Location:
- branches/samba-3.0/source/utils
- Files:
-
- 8 edited
-
net.c (modified) (3 diffs)
-
net_ads.c (modified) (2 diffs)
-
net_proto.h (modified) (1 diff)
-
net_rpc.c (modified) (1 diff)
-
net_rpc_join.c (modified) (3 diffs)
-
net_rpc_samsync.c (modified) (1 diff)
-
net_sam.c (modified) (3 diffs)
-
ntlm_auth.c (modified) (31 diffs)
Legend:
- Unmodified
- Added
- Removed
-
branches/samba-3.0/source/utils/net.c
r124 r134 347 347 348 348 /**************************************************************************** 349 Use the local machine 'spassword for this session.349 Use the local machine account (krb) and password for this session. 350 350 ****************************************************************************/ 351 351 352 int net_use_ machine_password(void)352 int net_use_krb_machine_account(void) 353 353 { 354 354 char *user_name = NULL; … … 359 359 } 360 360 361 user_name = NULL;362 361 opt_password = secrets_fetch_machine_password(opt_target_workgroup, NULL, NULL); 363 362 if (asprintf(&user_name, "%s$@%s", global_myname(), lp_realm()) == -1) { 363 return -1; 364 } 365 opt_user_name = user_name; 366 return 0; 367 } 368 369 /**************************************************************************** 370 Use the machine account name and password for this session. 371 ****************************************************************************/ 372 373 int net_use_machine_account(void) 374 { 375 char *user_name = NULL; 376 377 if (!secrets_init()) { 378 d_fprintf(stderr, "ERROR: Unable to open secrets database\n"); 379 exit(1); 380 } 381 382 opt_password = secrets_fetch_machine_password(opt_target_workgroup, NULL, NULL); 383 if (asprintf(&user_name, "%s$", global_myname()) == -1) { 364 384 return -1; 365 385 } … … 1035 1055 machine account for testing purposes and for domain leave */ 1036 1056 1037 net_use_ machine_password();1057 net_use_krb_machine_account(); 1038 1058 } 1039 1059 -
branches/samba-3.0/source/utils/net_ads.c
r62 r134 887 887 } 888 888 889 net_use_ machine_password();889 net_use_krb_machine_account(); 890 890 891 891 status = ads_startup(True, &ads); … … 2171 2171 } 2172 2172 2173 net_use_ machine_password();2173 net_use_krb_machine_account(); 2174 2174 2175 2175 use_in_memory_ccache(); -
branches/samba-3.0/source/utils/net_proto.h
r1 r134 23 23 struct in_addr *server_ip, const char *server_name); 24 24 NTSTATUS connect_dst_pipe(struct cli_state **cli_dst, struct rpc_pipe_client **pp_pipe_hnd, int pipe_num); 25 int net_use_machine_password(void) ; 25 int net_use_krb_machine_account(void) ; 26 int net_use_machine_account(void); 26 27 BOOL net_find_server(const char *domain, unsigned flags, struct in_addr *server_ip, char **server_name); 27 28 BOOL net_find_pdc(struct in_addr *server_ip, fstring server_name, const char *domain_name); -
branches/samba-3.0/source/utils/net_rpc.c
r124 r134 5884 5884 5885 5885 #ifdef DEBUG_PASSWORD 5886 DEBUG(100,("suc essfully vampired trusted domain [%s], sid: [%s], password: [%s]\n",5886 DEBUG(100,("successfully vampired trusted domain [%s], sid: [%s], password: [%s]\n", 5887 5887 trusted_dom_name, sid_string_static(&dom_sid), cleartextpwd)); 5888 5888 #endif -
branches/samba-3.0/source/utils/net_rpc_join.c
r124 r134 44 44 int net_rpc_join_ok(const char *domain, const char *server, struct in_addr *ip ) 45 45 { 46 uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL; 46 uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; 47 enum security_types sec; 48 unsigned int conn_flags = NET_FLAGS_PDC; 47 49 struct cli_state *cli = NULL; 48 50 struct rpc_pipe_client *pipe_hnd = NULL; … … 50 52 NTSTATUS ntret = NT_STATUS_UNSUCCESSFUL; 51 53 54 sec = (enum security_types)lp_security(); 55 56 if (sec == SEC_ADS) { 57 /* Connect to IPC$ using machine account's credentials. We don't use anonymous 58 connection here, as it may be denied by server's local policy. */ 59 net_use_machine_account(); 60 61 } else { 62 /* some servers (e.g. WinNT) don't accept machine-authenticated 63 smb connections */ 64 conn_flags |= NET_FLAGS_ANONYMOUS; 65 } 66 52 67 /* Connect to remote machine */ 53 if (!(cli = net_make_ipc_connection_ex(domain, server, ip, (NET_FLAGS_ANONYMOUS|NET_FLAGS_PDC)))) {68 if (!(cli = net_make_ipc_connection_ex(domain, server, ip, conn_flags))) { 54 69 return -1; 55 70 } … … 115 130 TALLOC_CTX *mem_ctx; 116 131 uint32 acb_info = ACB_WSTRUST; 117 uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS|(lp_client_schannel() ? NETLOGON_NEG_SCHANNEL : 0);132 uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; 118 133 uint32 sec_channel_type; 119 134 struct rpc_pipe_client *pipe_hnd = NULL; -
branches/samba-3.0/source/utils/net_rpc_samsync.c
r124 r134 239 239 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; 240 240 uchar trust_password[16]; 241 uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS;241 uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; 242 242 uint32 sec_channel_type = 0; 243 243 -
branches/samba-3.0/source/utils/net_sam.c
r124 r134 1028 1028 } 1029 1029 1030 smbldap_set_mod(&mods, LDAP_MOD_ADD, "object class", LDAP_OBJ_POSIXGROUP);1030 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXGROUP); 1031 1031 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPMAP); 1032 1032 smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", uname); … … 1082 1082 } 1083 1083 1084 smbldap_set_mod(&mods, LDAP_MOD_ADD, "object class", LDAP_OBJ_POSIXGROUP);1084 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXGROUP); 1085 1085 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPMAP); 1086 1086 smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", uname); … … 1301 1301 sid_compose(&gsid, get_global_sam_sid(), DOMAIN_GROUP_RID_GUESTS); 1302 1302 1303 smbldap_set_mod(&mods, LDAP_MOD_ADD, "object class", LDAP_OBJ_POSIXGROUP);1303 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXGROUP); 1304 1304 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPMAP); 1305 1305 smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", uname); -
branches/samba-3.0/source/utils/ntlm_auth.c
r22 r134 691 691 if (strlen(buf) < 2) { 692 692 DEBUG(1, ("NTLMSSP query [%s] invalid", buf)); 693 x_fprintf(x_stdout, "BH \n");693 x_fprintf(x_stdout, "BH NTLMSSP query invalid\n"); 694 694 return; 695 695 } … … 715 715 if (opt_password == NULL) { 716 716 DEBUG(1, ("Out of memory\n")); 717 x_fprintf(x_stdout, "BH \n");717 x_fprintf(x_stdout, "BH Out of memory\n"); 718 718 data_blob_free(&request); 719 719 return; … … 742 742 SAFE_FREE(key64); 743 743 } else { 744 x_fprintf(x_stdout, "BH \n");744 x_fprintf(x_stdout, "BH No session key available\n"); 745 745 } 746 746 … … 749 749 } else { 750 750 DEBUG(1, ("NTLMSSP query [%s] invalid", buf)); 751 x_fprintf(x_stdout, "BH \n");751 x_fprintf(x_stdout, "BH NTLMSSP query invalid\n"); 752 752 return; 753 753 } … … 819 819 if (strlen(buf) < 2) { 820 820 DEBUG(1, ("NTLMSSP query [%s] invalid", buf)); 821 x_fprintf(x_stdout, "BH \n");821 x_fprintf(x_stdout, "BH NTLMSSP query invalid\n"); 822 822 return; 823 823 } … … 843 843 if (opt_password == NULL) { 844 844 DEBUG(1, ("Out of memory\n")); 845 x_fprintf(x_stdout, "BH \n");845 x_fprintf(x_stdout, "BH Out of memory\n"); 846 846 data_blob_free(&request); 847 847 return; … … 893 893 } 894 894 else { 895 x_fprintf(x_stdout, "BH \n");895 x_fprintf(x_stdout, "BH No session key available\n"); 896 896 } 897 897 … … 900 900 } else { 901 901 DEBUG(1, ("NTLMSSP query [%s] invalid", buf)); 902 x_fprintf(x_stdout, "BH \n");902 x_fprintf(x_stdout, "BH NTLMSSP query invalid\n"); 903 903 return; 904 904 } … … 1028 1028 if (len == -1) { 1029 1029 DEBUG(1, ("Could not write SPNEGO data blob\n")); 1030 x_fprintf(x_stdout, "BH \n");1030 x_fprintf(x_stdout, "BH Could not write SPNEGO data blob\n"); 1031 1031 return; 1032 1032 } … … 1059 1059 if (strlen(buf) < 2) { 1060 1060 DEBUG(1, ("SPENGO query [%s] invalid", buf)); 1061 x_fprintf(x_stdout, "BH \n");1061 x_fprintf(x_stdout, "BH SPENGO query invalid\n"); 1062 1062 return; 1063 1063 } … … 1070 1070 } else { 1071 1071 DEBUG(1, ("SPENGO query [%s] invalid", buf)); 1072 x_fprintf(x_stdout, "BH \n");1072 x_fprintf(x_stdout, "BH SPENGO query invalid\n"); 1073 1073 return; 1074 1074 } … … 1087 1087 if (strlen(buf) <= 3) { 1088 1088 DEBUG(1, ("GSS-SPNEGO query [%s] invalid\n", buf)); 1089 x_fprintf(x_stdout, "BH \n");1089 x_fprintf(x_stdout, "BH GSS-SPNEGO query invalid\n"); 1090 1090 return; 1091 1091 } … … 1097 1097 if (len == -1) { 1098 1098 DEBUG(1, ("GSS-SPNEGO query [%s] invalid", buf)); 1099 x_fprintf(x_stdout, "BH \n");1099 x_fprintf(x_stdout, "BH GSS-SPNEGO query invalid\n"); 1100 1100 return; 1101 1101 } … … 1109 1109 (request.negTokenInit.mechTypes[0] == NULL) ) { 1110 1110 DEBUG(1, ("Client did not offer any mechanism")); 1111 x_fprintf(x_stdout, "BH \n");1111 x_fprintf(x_stdout, "BH Client did not offer any mechanism\n"); 1112 1112 return; 1113 1113 } … … 1117 1117 1118 1118 if ( request.negTokenInit.mechToken.data == NULL ) { 1119 DEBUG(1, ("Client did not provide 1120 x_fprintf(x_stdout, "BH \n");1119 DEBUG(1, ("Client did not provide NTLMSSP data\n")); 1120 x_fprintf(x_stdout, "BH Client did not provide NTLMSSP data\n"); 1121 1121 return; 1122 1122 } … … 1125 1125 DEBUG(1, ("Client wants a new NTLMSSP challenge, but " 1126 1126 "already got one\n")); 1127 x_fprintf(x_stdout, "BH \n");1127 x_fprintf(x_stdout, "BH Client wants a new NTLMSSP challenge, but already got one\n"); 1128 1128 ntlmssp_end(&ntlmssp_state); 1129 1129 return; … … 1158 1158 if ( request.negTokenInit.mechToken.data == NULL ) { 1159 1159 DEBUG(1, ("Client did not provide Kerberos data\n")); 1160 x_fprintf(x_stdout, "BH \n");1160 x_fprintf(x_stdout, "BH Client did not provide Kerberos data\n"); 1161 1161 return; 1162 1162 } … … 1184 1184 DEBUG(1, ("Did not get a valid principal " 1185 1185 "from ads_verify_ticket\n")); 1186 x_fprintf(x_stdout, "BH \n");1186 x_fprintf(x_stdout, "BH Did not get a valid principal from ads_verify_ticket\n"); 1187 1187 return; 1188 1188 } … … 1207 1207 DEBUG(1, ("Got a negTokenTarg for something non-NTLMSSP: %s\n", 1208 1208 request.negTokenTarg.supportedMech)); 1209 x_fprintf(x_stdout, "BH \n");1209 x_fprintf(x_stdout, "BH Got a negTokenTarg for something non-NTLMSSP\n"); 1210 1210 return; 1211 1211 } … … 1213 1213 if (request.negTokenTarg.responseToken.data == NULL) { 1214 1214 DEBUG(1, ("Got a negTokenTarg without a responseToken!\n")); 1215 x_fprintf(x_stdout, "BH \n");1215 x_fprintf(x_stdout, "BH Got a negTokenTarg without a responseToken!\n"); 1216 1216 return; 1217 1217 } … … 1257 1257 if (len == -1) { 1258 1258 DEBUG(1, ("Could not write SPNEGO data blob\n")); 1259 x_fprintf(x_stdout, "BH \n");1259 x_fprintf(x_stdout, "BH Could not write SPNEGO data blob\n"); 1260 1260 return; 1261 1261 } … … 1347 1347 if (client_ntlmssp_state == NULL) { 1348 1348 DEBUG(1, ("Got NTLMSSP tArg without a client state\n")); 1349 x_fprintf(x_stdout, "BH \n");1349 x_fprintf(x_stdout, "BH Got NTLMSSP tArg without a client state\n"); 1350 1350 return; 1351 1351 } … … 1371 1371 "ntlmssp_client_update, got: %s\n", 1372 1372 nt_errstr(status))); 1373 x_fprintf(x_stdout, "BH \n");1373 x_fprintf(x_stdout, "BH Expected MORE_PROCESSING_REQUIRED from ntlmssp_client_update\n"); 1374 1374 data_blob_free(&request); 1375 1375 ntlmssp_end(&client_ntlmssp_state); … … 1487 1487 case SPNEGO_ACCEPT_INCOMPLETE: 1488 1488 DEBUG(1, ("Got a Kerberos negTokenTarg with ACCEPT_INCOMPLETE\n")); 1489 x_fprintf(x_stdout, "BH \n");1489 x_fprintf(x_stdout, "BH Got a Kerberos negTokenTarg with ACCEPT_INCOMPLETE\n"); 1490 1490 break; 1491 1491 case SPNEGO_ACCEPT_COMPLETED: … … 1519 1519 if (strlen(buf) <= 3) { 1520 1520 DEBUG(1, ("SPNEGO query [%s] too short\n", buf)); 1521 x_fprintf(x_stdout, "BH \n");1521 x_fprintf(x_stdout, "BH SPNEGO query too short\n"); 1522 1522 return; 1523 1523 } … … 1533 1533 if (opt_password == NULL) { 1534 1534 DEBUG(1, ("Out of memory\n")); 1535 x_fprintf(x_stdout, "BH \n");1535 x_fprintf(x_stdout, "BH Out of memory\n"); 1536 1536 data_blob_free(&request); 1537 1537 return; … … 1547 1547 (strncmp(buf, "NA ", 3) != 0) ) { 1548 1548 DEBUG(1, ("SPNEGO request [%s] invalid\n", buf)); 1549 x_fprintf(x_stdout, "BH \n");1549 x_fprintf(x_stdout, "BH SPNEGO request invalid\n"); 1550 1550 data_blob_free(&request); 1551 1551 return; … … 1560 1560 if (len == -1) { 1561 1561 DEBUG(1, ("Could not read SPNEGO data for [%s]\n", buf)); 1562 x_fprintf(x_stdout, "BH \n");1562 x_fprintf(x_stdout, "BH Could not read SPNEGO data\n"); 1563 1563 return; 1564 1564 } … … 1589 1589 1590 1590 DEBUG(1, ("Server offered no compatible mechanism\n")); 1591 x_fprintf(x_stdout, "BH \n");1591 x_fprintf(x_stdout, "BH Server offered no compatible mechanism\n"); 1592 1592 return; 1593 1593 } … … 1611 1611 "unknown negResult: %d\n", 1612 1612 spnego.negTokenTarg.negResult)); 1613 x_fprintf(x_stdout, "BH \n");1613 x_fprintf(x_stdout, "BH Got a negTokenTarg with no mech and an unknown negResult\n"); 1614 1614 } 1615 1615 … … 1635 1635 1636 1636 DEBUG(1, ("Got an SPNEGO token I could not handle [%s]!\n", buf)); 1637 x_fprintf(x_stdout, "BH \n");1637 x_fprintf(x_stdout, "BH Got an SPNEGO token I could not handle\n"); 1638 1638 return; 1639 1639
Note:
See TracChangeset
for help on using the changeset viewer.
