Changeset 165 for branches/samba-3.0/source/libsmb
- Timestamp:
- Mar 11, 2009, 9:14:55 AM (16 years ago)
- Location:
- branches/samba-3.0/source/libsmb
- Files:
-
- 4 edited
-
cliconnect.c (modified) (4 diffs)
-
libsmbclient.c (modified) (7 diffs)
-
namequery.c (modified) (7 diffs)
-
trusts_util.c (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
branches/samba-3.0/source/libsmb/cliconnect.c
r140 r165 539 539 #define BASE_SESSSETUP_BLOB_PACKET_SIZE (35 + 24 + 22) 540 540 541 static BOOL cli_session_setup_blob(struct cli_state *cli, DATA_BLOB blob , DATA_BLOB session_key_krb5)541 static BOOL cli_session_setup_blob(struct cli_state *cli, DATA_BLOB blob) 542 542 { 543 543 int32 remaining = blob.length; … … 563 563 remaining -= max_blob_size; 564 564 } else { 565 DATA_BLOB null_blob = data_blob(NULL, 0);566 567 565 send_blob.length = remaining; 568 566 remaining = 0; 569 570 /* This is the last packet in the sequence - turn signing on. */571 cli_simple_set_signing(cli, session_key_krb5, null_blob);572 567 } 573 568 … … 617 612 DATA_BLOB negTokenTarg; 618 613 DATA_BLOB session_key_krb5; 614 DATA_BLOB null_blob = data_blob(NULL, 0); 615 NTSTATUS nt_status; 616 BOOL res; 619 617 int rc; 618 619 cli_temp_set_signing(cli); 620 620 621 621 DEBUG(2,("Doing kerberos session setup\n")); … … 634 634 #endif 635 635 636 if (!cli_session_setup_blob(cli, negTokenTarg, session_key_krb5)) { 637 data_blob_free(&negTokenTarg); 638 data_blob_free(&session_key_krb5); 639 return ADS_ERROR_NT(cli_nt_error(cli)); 636 if (!cli_session_setup_blob(cli, negTokenTarg)) { 637 nt_status = cli_nt_error(cli); 638 goto nt_error; 639 } 640 641 if (cli_is_error(cli)) { 642 nt_status = cli_nt_error(cli); 643 if (NT_STATUS_IS_OK(nt_status)) { 644 nt_status = NT_STATUS_UNSUCCESSFUL; 645 } 646 goto nt_error; 640 647 } 641 648 642 649 cli_set_session_key(cli, session_key_krb5); 650 651 res = cli_simple_set_signing(cli, session_key_krb5, null_blob); 652 if (res) { 653 /* 'resign' the last message, so we get the right sequence numbers 654 for checking the first reply from the server */ 655 cli_calculate_sign_mac(cli); 656 657 if (!cli_check_sign_mac(cli)) { 658 nt_status = NT_STATUS_ACCESS_DENIED; 659 goto nt_error; 660 } 661 } 643 662 644 663 data_blob_free(&negTokenTarg); 645 664 data_blob_free(&session_key_krb5); 646 665 647 if (cli_is_error(cli)) { 648 if (NT_STATUS_IS_OK(cli_nt_error(cli))) { 649 return ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL); 650 } 651 } 652 return ADS_ERROR_NT(cli_nt_error(cli)); 666 return ADS_ERROR_NT(NT_STATUS_OK); 667 668 nt_error: 669 data_blob_free(&negTokenTarg); 670 data_blob_free(&session_key_krb5); 671 cli->vuid = 0; 672 return ADS_ERROR_NT(nt_status); 653 673 } 654 674 #endif /* HAVE_KRB5 */ -
branches/samba-3.0/source/libsmb/libsmbclient.c
r134 r165 4527 4527 */ 4528 4528 if (ipc_cli && (all || some_nt || all_nt_acls)) { 4529 pstring targetpath; 4530 struct cli_state *targetcli; 4531 4529 4532 /* Point to the portion after "system.nt_sec_desc." */ 4530 4533 name += 19; /* if (all) this will be invalid but unused */ 4531 4534 4535 if (!cli_resolve_path("", cli, filename, 4536 &targetcli, targetpath)) 4537 { 4538 d_printf("Could not resolve %s\n", filename); 4539 return -1; 4540 } 4541 4532 4542 /* ... then obtain any NT attributes which were requested */ 4533 fnum = cli_nt_create( cli, filename, CREATE_ACCESS_READ);4543 fnum = cli_nt_create(targetcli, targetpath, CREATE_ACCESS_READ); 4534 4544 4535 4545 if (fnum == -1) { 4536 4546 DEBUG(5, ("cacl_get failed to open %s: %s\n", 4537 filename, cli_errstr(cli)));4547 targetpath, cli_errstr(targetcli))); 4538 4548 errno = 0; 4539 4549 return -1; 4540 4550 } 4541 4551 4542 sd = cli_query_secdesc( cli, fnum, ctx);4552 sd = cli_query_secdesc(targetcli, fnum, ctx); 4543 4553 4544 4554 if (!sd) { … … 4549 4559 } 4550 4560 4551 cli_close( cli, fnum);4561 cli_close(targetcli, fnum); 4552 4562 4553 4563 if (! exclude_nt_revision) { … … 5149 5159 BOOL numeric = True; 5150 5160 5161 pstring targetpath; 5162 struct cli_state *targetcli; 5163 5151 5164 /* the_acl will be null for REMOVE_ALL operations */ 5152 5165 if (the_acl) { … … 5178 5191 } 5179 5192 5193 if (!cli_resolve_path("", cli, filename, 5194 &targetcli, targetpath)) 5195 { 5196 d_printf("Could not resolve %s\n", filename); 5197 errno = ENOENT; 5198 return -1; 5199 } 5200 5180 5201 /* The desired access below is the only one I could find that works 5181 5202 with NT4, W2KP and Samba */ 5182 5203 5183 fnum = cli_nt_create( cli, filename, CREATE_ACCESS_READ);5204 fnum = cli_nt_create(targetcli, targetpath, CREATE_ACCESS_READ); 5184 5205 5185 5206 if (fnum == -1) { 5186 5207 DEBUG(5, ("cacl_set failed to open %s: %s\n", 5187 filename, cli_errstr(cli)));5208 targetpath, cli_errstr(targetcli))); 5188 5209 errno = 0; 5189 5210 return -1; 5190 5211 } 5191 5212 5192 old = cli_query_secdesc( cli, fnum, ctx);5213 old = cli_query_secdesc(targetcli, fnum, ctx); 5193 5214 5194 5215 if (!old) { … … 5198 5219 } 5199 5220 5200 cli_close( cli, fnum);5221 cli_close(targetcli, fnum); 5201 5222 5202 5223 switch (mode) { … … 5287 5308 owner_sid, group_sid, NULL, dacl, &sd_size); 5288 5309 5289 fnum = cli_nt_create( cli, filename,5310 fnum = cli_nt_create(targetcli, targetpath, 5290 5311 WRITE_DAC_ACCESS | WRITE_OWNER_ACCESS); 5291 5312 5292 5313 if (fnum == -1) { 5293 5314 DEBUG(5, ("cacl_set failed to open %s: %s\n", 5294 filename, cli_errstr(cli)));5315 targetpath, cli_errstr(targetcli))); 5295 5316 errno = 0; 5296 5317 return -1; 5297 5318 } 5298 5319 5299 if (!cli_set_secdesc( cli, fnum, sd)) {5300 DEBUG(5, ("ERROR: secdesc set failed: %s\n", cli_errstr( cli)));5320 if (!cli_set_secdesc(targetcli, fnum, sd)) { 5321 DEBUG(5, ("ERROR: secdesc set failed: %s\n", cli_errstr(targetcli))); 5301 5322 ret = -1; 5302 5323 } … … 5305 5326 5306 5327 failed: 5307 cli_close( cli, fnum);5328 cli_close(targetcli, fnum); 5308 5329 5309 5330 if (err != 0) { -
branches/samba-3.0/source/libsmb/namequery.c
r140 r165 35 35 #define SAFKEY_FMT "SAF/DOMAIN/%s" 36 36 #define SAF_TTL 900 37 #define SAFJOINKEY_FMT "SAFJOIN/DOMAIN/%s" 38 #define SAFJOIN_TTL 3600 37 39 38 40 static char *saf_key(const char *domain) … … 41 43 42 44 asprintf( &keystr, SAFKEY_FMT, strupper_static(domain) ); 45 46 return keystr; 47 } 48 49 static char *saf_join_key(const char *domain) 50 { 51 char *keystr; 52 53 asprintf( &keystr, SAFJOINKEY_FMT, strupper_static(domain) ); 43 54 44 55 return keystr; … … 68 79 69 80 key = saf_key( domain ); 70 expire = time( NULL ) + SAF_TTL;81 expire = time( NULL ) + lp_parm_int(-1, "saf","ttl", SAF_TTL); 71 82 72 83 … … 81 92 } 82 93 94 BOOL saf_join_store( const char *domain, const char *servername ) 95 { 96 char *key; 97 time_t expire; 98 BOOL ret = False; 99 100 if ( !domain || !servername ) { 101 DEBUG(2,("saf_join_store: Refusing to store empty domain or servername!\n")); 102 return False; 103 } 104 105 if ( (strlen(domain) == 0) || (strlen(servername) == 0) ) { 106 DEBUG(0,("saf_join_store: refusing to store 0 length domain or servername!\n")); 107 return False; 108 } 109 110 if ( !gencache_init() ) 111 return False; 112 113 key = saf_join_key( domain ); 114 expire = time( NULL ) + lp_parm_int(-1, "saf","join ttl", SAFJOIN_TTL); 115 116 DEBUG(10,("saf_join_store: domain = [%s], server = [%s], expire = [%u]\n", 117 domain, servername, (unsigned int)expire )); 118 119 ret = gencache_set( key, servername, expire ); 120 121 SAFE_FREE( key ); 122 123 return ret; 124 } 125 83 126 BOOL saf_delete( const char *domain ) 84 127 { … … 94 137 return False; 95 138 139 key = saf_join_key(domain); 140 ret = gencache_del(key); 141 SAFE_FREE(key); 142 143 if (ret) { 144 DEBUG(10,("saf_delete[join]: domain = [%s]\n", domain )); 145 } 146 96 147 key = saf_key(domain); 97 148 ret = gencache_del(key); 98 149 SAFE_FREE(key); 150 99 151 if (ret) { 100 152 DEBUG(10,("saf_delete: domain = [%s]\n", domain )); 101 153 } 102 103 SAFE_FREE( key );104 154 105 155 return ret; … … 123 173 if ( !gencache_init() ) 124 174 return False; 125 175 176 key = saf_join_key( domain ); 177 178 ret = gencache_get( key, &server, &timeout ); 179 180 SAFE_FREE( key ); 181 182 if ( ret ) { 183 DEBUG(5,("saf_fetch[join]: Returning \"%s\" for \"%s\" domain\n", 184 server, domain )); 185 return server; 186 } 187 126 188 key = saf_key( domain ); 127 189 … … 1649 1711 1650 1712 status = get_dc_list(domain, sitename, ip_list, count, lookup_type, &ordered); 1713 if (NT_STATUS_EQUAL(status, NT_STATUS_NO_LOGON_SERVERS) && sitename) { 1714 DEBUG(3,("get_sorted_dc_list: no server for name %s available" 1715 " in site %s, fallback to all servers\n", 1716 domain, sitename)); 1717 status = get_dc_list(domain, NULL, ip_list, count, 1718 lookup_type, &ordered); 1719 } 1720 1651 1721 if (!NT_STATUS_IS_OK(status)) { 1652 1722 return status; -
branches/samba-3.0/source/libsmb/trusts_util.c
r134 r165 33 33 static NTSTATUS just_change_the_password(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, 34 34 const unsigned char orig_trust_passwd_hash[16], 35 const char *new_trust_pwd_cleartext, 35 36 const unsigned char new_trust_passwd_hash[16], 36 37 uint32 sec_channel_type) 37 38 { 38 39 NTSTATUS result; 39 40 /* Check if the netlogon pipe is open using schannel. If so we 41 already have valid creds. If not we must set them up. */ 42 43 if (cli->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) { 44 uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; 45 46 result = rpccli_netlogon_setup_creds(cli, 40 uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; 41 42 result = rpccli_netlogon_setup_creds(cli, 47 43 cli->cli->desthost, /* server name */ 48 44 lp_workgroup(), /* domain */ … … 53 49 &neg_flags); 54 50 55 if (!NT_STATUS_IS_OK(result)) { 56 DEBUG(3,("just_change_the_password: unable to setup creds (%s)!\n", 57 nt_errstr(result))); 58 return result; 59 } 60 } 61 62 result = rpccli_net_srv_pwset(cli, mem_ctx, global_myname(), new_trust_passwd_hash); 51 if (!NT_STATUS_IS_OK(result)) { 52 DEBUG(3,("just_change_the_password: unable to setup creds (%s)!\n", 53 nt_errstr(result))); 54 return result; 55 } 56 57 if (neg_flags & NETLOGON_NEG_PASSWORD_SET2) { 58 result = rpccli_net_srv_pwset2(cli, mem_ctx, global_myname(), 59 new_trust_pwd_cleartext); 60 } else { 61 result = rpccli_net_srv_pwset(cli, mem_ctx, global_myname(), 62 new_trust_passwd_hash); 63 } 63 64 64 65 if (!NT_STATUS_IS_OK(result)) { … … 96 97 97 98 nt_status = just_change_the_password(cli, mem_ctx, orig_trust_passwd_hash, 99 new_trust_passwd, 98 100 new_trust_passwd_hash, sec_channel_type); 99 101
Note:
See TracChangeset
for help on using the changeset viewer.
