static int /* O - 0 = success, non-0 = failure */
smb_print(struct cli_state *cli, /* I - SMB connection */
char *title, /* I - Title/job name */
FILE *fp) /* I - File to print */
{
int fnum; /* File number */
int nbytes, /* Number of bytes read */
tbytes; /* Total bytes read */
char buffer[8192], /* Buffer for copy */
*ptr; /* Pointer into tile */
/*
* Sanitize the title...
*/
for (ptr = title; *ptr; ptr ++)
if (!isalnum((int)*ptr) && !isspace((int)*ptr))
*ptr = '_';
/*
* Open the printer device...
*/
if ((fnum = cli_open(cli, title, O_RDWR | O_CREAT | O_TRUNC, DENY_NONE)) == -1)
{
fprintf(stderr, "ERROR: %s opening remote spool %s\n",
cli_errstr(cli), title);
return (1);
}
/*
* Copy the file to the printer...
*/
if (fp != stdin)
rewind(fp);
tbytes = 0;
while ((nbytes = fread(buffer, 1, sizeof(buffer), fp)) > 0)
{
if (cli_write(cli, fnum, 0, buffer, tbytes, nbytes) != nbytes)
{
fprintf(stderr, "ERROR: Error writing spool: %s\n", cli_errstr(cli));
break;
}
tbytes += nbytes;
}
if (!cli_close(cli, fnum))
{
fprintf(stderr, "ERROR: %s closing remote spool %s\n",
cli_errstr(cli), title);
return (1);
}
else
return (0);
}
void send_message(const char *msg) {
pstring msg_conv;
int len;
int grp_id;
#if SAMBA_VERSION_MAJOR==2
#if SAMBA_VERSION_RELEASE < 4
/* Samba 2.2.0-2.2.3 */
pstrcpy(msg_conv, unix_to_dos(msg, FALSE));
#else
/* Samba >= 2.2.4 */
pstrcpy(msg_conv, unix_to_dos(msg));
#endif
#elif SAMBA_VERSION_MAJOR==3
push_ascii_pstring(msg_conv, msg);
#endif
len = strlen(msg_conv);
if (!cli_message_start(cli, remote_machine, username, &grp_id)) {
DEBUG(5,("message start: %s\n", cli_errstr(cli)));
return;
}
if (!cli_message_text(cli, msg_conv, len, grp_id)) {
DEBUG(5,("SMBsendtxt failed: %s\n",cli_errstr(cli)));
return;
}
if (!cli_message_end(cli, grp_id)) {
DEBUG(5,("SMBsendend failed: %s\n",cli_errstr(cli)));
return;
}
}
BOOL attempt_netbios_session_request(struct cli_state *cli, const char *srchost, const char *desthost,
struct in_addr *pdest_ip)
{
struct nmb_name calling, called;
make_nmb_name(&calling, srchost, 0x0);
/*
* If the called name is an IP address
* then use *SMBSERVER immediately.
*/
if(is_ipaddress(desthost))
make_nmb_name(&called, "*SMBSERVER", 0x20);
else
make_nmb_name(&called, desthost, 0x20);
if (!cli_session_request(cli, &calling, &called)) {
struct nmb_name smbservername;
make_nmb_name(&smbservername , "*SMBSERVER", 0x20);
/*
* If the name wasn't *SMBSERVER then
* try with *SMBSERVER if the first name fails.
*/
if (nmb_name_equal(&called, &smbservername)) {
/*
* The name used was *SMBSERVER, don't bother with another name.
*/
DEBUG(0,("attempt_netbios_session_request: %s rejected the session for name *SMBSERVER with error %s.\n",
desthost, cli_errstr(cli) ));
return False;
}
/*
* We need to close the connection here but can't call cli_shutdown as
* will free an allocated cli struct. cli_close_connection was invented
* for this purpose. JRA. Based on work by "Kim R. Pedersen" <*****@*****.**>.
*/
cli_close_connection(cli);
if (!cli_initialise(cli) || !cli_connect(cli, desthost, pdest_ip) ||
!cli_session_request(cli, &calling, &smbservername)) {
DEBUG(0,("attempt_netbios_session_request: %s rejected the session for name *SMBSERVER with error %s\n",
desthost, cli_errstr(cli) ));
return False;
}
}
return True;
}
bool cli_rpc_pipe_close(struct rpc_pipe_client *cli)
{
bool ret;
if (!cli) {
return false;
}
ret = cli_close(cli->cli, cli->fnum);
if (!ret) {
DEBUG(1,("cli_rpc_pipe_close: cli_close failed on pipe %s, "
"fnum 0x%x "
"to machine %s. Error was %s\n",
cli->pipe_name,
(int) cli->fnum,
cli->cli->desthost,
cli_errstr(cli->cli)));
}
if (cli->auth.cli_auth_data_free_func) {
(*cli->auth.cli_auth_data_free_func)(&cli->auth);
}
DEBUG(10,("cli_rpc_pipe_close: closed pipe %s to machine %s\n",
cli->pipe_name, cli->cli->desthost ));
DLIST_REMOVE(cli->cli->pipe_list, cli);
talloc_destroy(cli->mem_ctx);
return ret;
}
static void send_message(void)
{
int total_len = 0;
int grp_id;
if (!cli_message_start(cli, desthost, username, &grp_id)) {
d_printf("message start: %s\n", cli_errstr(cli));
return;
}
d_printf("Connected. Type your message, ending it with a Control-D\n");
while (!feof(stdin) && total_len < 1600) {
int maxlen = MIN(1600 - total_len,127);
pstring msg;
int l=0;
int c;
ZERO_ARRAY(msg);
for (l=0;l<maxlen && (c=fgetc(stdin))!=EOF;l++) {
if (c == '\n')
msg[l++] = '\r';
msg[l] = c;
}
if (!cli_message_text(cli, msg, l, grp_id)) {
d_printf("SMBsendtxt failed (%s)\n",cli_errstr(cli));
return;
}
total_len += l;
}
if (total_len >= 1600)
d_printf("the message was truncated to 1600 bytes\n");
else
d_printf("sent %d bytes\n",total_len);
if (!cli_message_end(cli, grp_id)) {
d_printf("SMBsendend failed (%s)\n",cli_errstr(cli));
return;
}
}
void nb_unlink(const char *fname)
{
if (!NT_STATUS_IS_OK(cli_unlink(c, fname, aSYSTEM | aHIDDEN))) {
#if NBDEBUG
printf("(%d) unlink %s failed (%s)\n",
line_count, fname, cli_errstr(c));
#endif
}
}
void nb_unlink(const char *fname)
{
if (!cli_unlink(c, fname)) {
#if NBDEBUG
printf("(%d) unlink %s failed (%s)\n",
line_count, fname, cli_errstr(c));
#endif
}
}
void nb_rmdir(char *fname)
{
strupper(fname);
if (!cli_rmdir(c, fname)) {
#if NBDEBUG
printf("rmdir %s failed (%s)\n",
fname, cli_errstr(c));
#endif
}
}
static BOOL gpo_sync_files(struct sync_context *ctx)
{
DEBUG(3,("calling cli_list with mask: %s\n", ctx->mask));
if (cli_list(ctx->cli, ctx->mask, ctx->attribute, gpo_sync_func, ctx) == -1) {
DEBUG(1,("listing [%s] failed with error: %s\n",
ctx->mask, cli_errstr(ctx->cli)));
return False;
}
return True;
}
static void do_setrattr(char *name, uint16 attr, int set)
{
uint16 oldattr;
if (!cli_getatr(cli, name, &oldattr, NULL, NULL)) return;
if (set == ATTRSET) {
attr |= oldattr;
} else {
attr = oldattr & ~attr;
}
if (!cli_setatr(cli, name, attr, 0)) {
DEBUG(1,("setatr failed: %s\n", cli_errstr(cli)));
}
}
static int rpc_transport_np_state_destructor(struct rpc_transport_np_state *s)
{
if (s->cli->fd == -1) {
DEBUG(10, ("socket was closed, no need to send close request.\n"));
return 0;
}
if (!NT_STATUS_IS_OK(cli_close(s->cli, s->fnum))) {
DEBUG(1, ("rpc_transport_np_state_destructor: cli_close "
"failed on pipe %s. Error was %s\n", s->pipe_name,
cli_errstr(s->cli)));
}
DEBUG(10, ("rpc_pipe_destructor: closed %s\n", s->pipe_name));
/*
* We can't do much on failure
*/
return 0;
}
void nb_open(char *fname, int handle, int size)
{
int fd, i;
int flags = O_RDWR|O_CREAT;
size_t st_size;
static int count;
strupper(fname);
if (size == 0) flags |= O_TRUNC;
fd = cli_open(c, fname, flags, DENY_NONE);
if (fd == -1) {
#if NBDEBUG
printf("(%d) open %s failed for handle %d (%s)\n",
line_count, fname, handle, cli_errstr(c));
#endif
return;
}
cli_getattrE(c, fd, NULL, &st_size, NULL, NULL, NULL);
if (size > st_size) {
#if NBDEBUG
printf("(%d) needs expanding %s to %d from %d\n",
line_count, fname, size, (int)st_size);
#endif
} else if (size < st_size) {
#if NBDEBUG
printf("(%d) needs truncating %s to %d from %d\n",
line_count, fname, size, (int)st_size);
#endif
}
for (i=0;i<MAX_FILES;i++) {
if (ftable[i].handle == 0) break;
}
if (i == MAX_FILES) {
printf("file table full for %s\n", fname);
exit(1);
}
ftable[i].handle = handle;
ftable[i].fd = fd;
if (count++ % 100 == 0) {
printf(".");
}
}
void nb_createx(const char *fname,
unsigned create_options, unsigned create_disposition, int handle)
{
uint16_t fd = (uint16_t)-1;
int i;
NTSTATUS status;
uint32 desired_access;
if (create_options & FILE_DIRECTORY_FILE) {
desired_access = FILE_READ_DATA;
} else {
desired_access = FILE_READ_DATA | FILE_WRITE_DATA;
}
status = cli_ntcreate(c, fname, 0,
desired_access,
0x0,
FILE_SHARE_READ|FILE_SHARE_WRITE,
create_disposition,
create_options, 0, &fd);
if (!NT_STATUS_IS_OK(status) && handle != -1) {
printf("ERROR: cli_ntcreate failed for %s - %s\n",
fname, cli_errstr(c));
exit(1);
}
if (NT_STATUS_IS_OK(status) && handle == -1) {
printf("ERROR: cli_ntcreate succeeded for %s\n", fname);
exit(1);
}
if (fd == (uint16_t)-1) return;
for (i=0;i<MAX_FILES;i++) {
if (ftable[i].handle == 0) break;
}
if (i == MAX_FILES) {
printf("(%d) file table full for %s\n", line_count,
fname);
exit(1);
}
ftable[i].handle = handle;
ftable[i].fd = fd;
}
void nb_createx(const char *fname,
unsigned create_options, unsigned create_disposition, int handle)
{
int fd, i;
uint32 desired_access;
if (create_options & FILE_DIRECTORY_FILE) {
desired_access = FILE_READ_DATA;
} else {
desired_access = FILE_READ_DATA | FILE_WRITE_DATA;
}
fd = cli_nt_create_full(c, fname, 0,
desired_access,
0x0,
FILE_SHARE_READ|FILE_SHARE_WRITE,
create_disposition,
create_options, 0);
if (fd == -1 && handle != -1) {
printf("ERROR: cli_nt_create_full failed for %s - %s\n",
fname, cli_errstr(c));
exit(1);
}
if (fd != -1 && handle == -1) {
printf("ERROR: cli_nt_create_full succeeded for %s\n", fname);
exit(1);
}
if (fd == -1) return;
for (i=0;i<MAX_FILES;i++) {
if (ftable[i].handle == 0) break;
}
if (i == MAX_FILES) {
printf("(%d) file table full for %s\n", line_count,
fname);
exit(1);
}
ftable[i].handle = handle;
ftable[i].fd = fd;
}
static BOOL rpc_api_pipe(struct cli_state *cli, prs_struct *data, prs_struct *rdata,
uint8 expected_pkt_type)
{
uint32 len;
char *rparam = NULL;
uint32 rparam_len = 0;
uint16 setup[2];
BOOL first = True;
BOOL last = True;
RPC_HDR rhdr;
char *pdata = data ? prs_data_p(data) : NULL;
uint32 data_len = data ? prs_offset(data) : 0;
char *prdata = NULL;
uint32 rdata_len = 0;
uint32 current_offset = 0;
uint32 fragment_start = 0;
uint32 max_data = cli->max_xmit_frag ? cli->max_xmit_frag : 1024;
int auth_padding_len = 0;
/* Create setup parameters - must be in native byte order. */
setup[0] = TRANSACT_DCERPCCMD;
setup[1] = cli->nt_pipe_fnum; /* Pipe file handle. */
DEBUG(5,("rpc_api_pipe: fnum:%x\n", (int)cli->nt_pipe_fnum));
/* Send the RPC request and receive a response. For short RPC
calls (about 1024 bytes or so) the RPC request and response
appears in a SMBtrans request and response. Larger RPC
responses are received further on. */
if (!cli_api_pipe(cli, "\\PIPE\\",
setup, 2, 0, /* Setup, length, max */
NULL, 0, 0, /* Params, length, max */
pdata, data_len, max_data, /* data, length, max */
&rparam, &rparam_len, /* return params, len */
&prdata, &rdata_len)) /* return data, len */
{
DEBUG(0, ("cli_pipe: return critical error. Error was %s\n", cli_errstr(cli)));
return False;
}
/* Throw away returned params - we know we won't use them. */
SAFE_FREE(rparam);
if (prdata == NULL) {
DEBUG(0,("rpc_api_pipe: pipe %x failed to return data.\n",
(int)cli->nt_pipe_fnum));
return False;
}
/*
* Give this memory as dynamically allocated to the return parse
* struct.
*/
prs_give_memory(rdata, prdata, rdata_len, True);
current_offset = rdata_len;
/* This next call sets the endian bit correctly in rdata. */
if (!rpc_check_hdr(rdata, &rhdr, &first, &last, &len)) {
prs_mem_free(rdata);
return False;
}
if (rhdr.pkt_type == RPC_BINDACK) {
if (!last && !first) {
DEBUG(5,("rpc_api_pipe: bug in server (AS/U?), setting fragment first/last ON.\n"));
first = True;
last = True;
}
}
if (rhdr.pkt_type == RPC_BINDNACK) {
DEBUG(3, ("Bind NACK received on pipe %x!\n", (int)cli->nt_pipe_fnum));
prs_mem_free(rdata);
return False;
}
if (rhdr.pkt_type == RPC_RESPONSE) {
RPC_HDR_RESP rhdr_resp;
if(!smb_io_rpc_hdr_resp("rpc_hdr_resp", &rhdr_resp, rdata, 0)) {
DEBUG(5,("rpc_api_pipe: failed to unmarshal RPC_HDR_RESP.\n"));
prs_mem_free(rdata);
return False;
}
}
if (rhdr.pkt_type != expected_pkt_type) {
DEBUG(3, ("Connection to pipe %x got an unexpected RPC packet type - %d, not %d\n", (int)cli->nt_pipe_fnum, rhdr.pkt_type, expected_pkt_type));
prs_mem_free(rdata);
return False;
}
DEBUG(5,("rpc_api_pipe: len left: %u smbtrans read: %u\n",
(unsigned int)len, (unsigned int)rdata_len ));
/* check if data to be sent back was too large for one SMBtrans */
/* err status is only informational: the _real_ check is on the
length */
if (len > 0) {
/* || err == (0x80000000 | STATUS_BUFFER_OVERFLOW)) */
/* Read the remaining part of the first response fragment */
if (!rpc_read(cli, rdata, len, ¤t_offset)) {
prs_mem_free(rdata);
return False;
}
}
/*
* Now we have a complete PDU, check the auth struct if any was sent.
*/
if(!rpc_auth_pipe(cli, rdata, fragment_start, rhdr.frag_len,
rhdr.auth_len, rhdr.pkt_type, &auth_padding_len)) {
prs_mem_free(rdata);
return False;
}
if (rhdr.auth_len != 0) {
/*
* Drop the auth footers from the current offset.
* We need this if there are more fragments.
* The auth footers consist of the auth_data and the
* preceeding 8 byte auth_header.
*/
current_offset -= (auth_padding_len + RPC_HDR_AUTH_LEN + rhdr.auth_len);
}
/*
* Only one rpc fragment, and it has been read.
*/
if (first && last) {
DEBUG(6,("rpc_api_pipe: fragment first and last both set\n"));
return True;
}
/*
* Read more fragments using SMBreadX until we get one with the
* last bit set.
*/
while (!last) {
RPC_HDR_RESP rhdr_resp;
int num_read;
char hdr_data[RPC_HEADER_LEN+RPC_HDR_RESP_LEN];
prs_struct hps;
uint8 eclass;
uint32 ecode;
/*
* First read the header of the next PDU.
*/
prs_init(&hps, 0, cli->mem_ctx, UNMARSHALL);
prs_give_memory(&hps, hdr_data, sizeof(hdr_data), False);
num_read = cli_read(cli, cli->nt_pipe_fnum, hdr_data, 0, RPC_HEADER_LEN+RPC_HDR_RESP_LEN);
if (cli_is_dos_error(cli)) {
cli_dos_error(cli, &eclass, &ecode);
if (eclass != ERRDOS && ecode != ERRmoredata) {
DEBUG(0,("rpc_api_pipe: cli_read error : %d/%d\n", eclass, ecode));
return False;
}
}
DEBUG(5,("rpc_api_pipe: read header (size:%d)\n", num_read));
if (num_read != RPC_HEADER_LEN+RPC_HDR_RESP_LEN) {
DEBUG(0,("rpc_api_pipe: Error : requested %d bytes, got %d.\n",
RPC_HEADER_LEN+RPC_HDR_RESP_LEN, num_read ));
return False;
}
/* This call sets the endianness in hps. */
if (!rpc_check_hdr(&hps, &rhdr, &first, &last, &len))
return False;
/* Ensure the endianness in rdata is set correctly - must be same as hps. */
if (hps.bigendian_data != rdata->bigendian_data) {
DEBUG(0,("rpc_api_pipe: Error : Endianness changed from %s to %s\n",
rdata->bigendian_data ? "big" : "little",
hps.bigendian_data ? "big" : "little" ));
return False;
}
if(!smb_io_rpc_hdr_resp("rpc_hdr_resp", &rhdr_resp, &hps, 0)) {
DEBUG(0,("rpc_api_pipe: Error in unmarshalling RPC_HDR_RESP.\n"));
return False;
}
if (first) {
DEBUG(0,("rpc_api_pipe: secondary PDU rpc header has 'first' set !\n"));
return False;
}
/*
* Now read the rest of the PDU.
*/
if (!rpc_read(cli, rdata, len, ¤t_offset)) {
prs_mem_free(rdata);
return False;
}
fragment_start = current_offset - len - RPC_HEADER_LEN - RPC_HDR_RESP_LEN;
/*
* Verify any authentication footer.
*/
if(!rpc_auth_pipe(cli, rdata, fragment_start, rhdr.frag_len,
rhdr.auth_len, rhdr.pkt_type, &auth_padding_len)) {
prs_mem_free(rdata);
return False;
}
if (rhdr.auth_len != 0 ) {
/*
* Drop the auth footers from the current offset.
* The auth footers consist of the auth_data and the
* preceeding 8 byte auth_header.
* We need this if there are more fragments.
*/
current_offset -= (auth_padding_len + RPC_HDR_AUTH_LEN + rhdr.auth_len);
}
}
return True;
}
static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx)
{
struct cli_state *cli = NULL;
fstring desthost;
struct in_addr dest_ip;
const char *p;
char *pserver;
BOOL connected_ok = False;
if (!(cli = cli_initialise()))
return NULL;
/* security = server just can't function with spnego */
cli->use_spnego = False;
pserver = talloc_strdup(mem_ctx, lp_passwordserver());
p = pserver;
while(next_token( &p, desthost, LIST_SEP, sizeof(desthost))) {
standard_sub_basic(current_user_info.smb_name, current_user_info.domain,
desthost, sizeof(desthost));
strupper_m(desthost);
if(!resolve_name( desthost, &dest_ip, 0x20)) {
DEBUG(1,("server_cryptkey: Can't resolve address for %s\n",desthost));
continue;
}
if (ismyip(dest_ip)) {
DEBUG(1,("Password server loop - disabling password server %s\n",desthost));
continue;
}
/* we use a mutex to prevent two connections at once - when a
Win2k PDC get two connections where one hasn't completed a
session setup yet it will send a TCP reset to the first
connection (tridge) */
if (!grab_server_mutex(desthost)) {
return NULL;
}
if (cli_connect(cli, desthost, &dest_ip)) {
DEBUG(3,("connected to password server %s\n",desthost));
connected_ok = True;
break;
}
}
if (!connected_ok) {
release_server_mutex();
DEBUG(0,("password server not available\n"));
cli_shutdown(cli);
return NULL;
}
if (!attempt_netbios_session_request(&cli, global_myname(),
desthost, &dest_ip)) {
release_server_mutex();
DEBUG(1,("password server fails session request\n"));
cli_shutdown(cli);
return NULL;
}
if (strequal(desthost,myhostname())) {
exit_server_cleanly("Password server loop!");
}
DEBUG(3,("got session\n"));
if (!cli_negprot(cli)) {
DEBUG(1,("%s rejected the negprot\n",desthost));
release_server_mutex();
cli_shutdown(cli);
return NULL;
}
if (cli->protocol < PROTOCOL_LANMAN2 ||
!(cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL)) {
DEBUG(1,("%s isn't in user level security mode\n",desthost));
release_server_mutex();
cli_shutdown(cli);
return NULL;
}
/* Get the first session setup done quickly, to avoid silly
Win2k bugs. (The next connection to the server will kill
this one...
*/
if (!NT_STATUS_IS_OK(cli_session_setup(cli, "", "", 0, "", 0,
""))) {
DEBUG(0,("%s rejected the initial session setup (%s)\n",
desthost, cli_errstr(cli)));
release_server_mutex();
cli_shutdown(cli);
return NULL;
}
release_server_mutex();
DEBUG(3,("password server OK\n"));
return cli;
}
static struct cli_state
*smb_complete_connection(const char *myname,
const char *server,
int port,
const char *username,
const char *password,
const char *workgroup,
const char *share,
int flags)
{
struct cli_state *cli; /* New connection */
NTSTATUS nt_status;
/* Start the SMB connection */
nt_status = cli_start_connection( &cli, myname, server, NULL, port,
Undefined, flags, NULL);
if (!NT_STATUS_IS_OK(nt_status))
{
return NULL;
}
/* We pretty much guarentee password must be valid or a pointer
to a 0 char. */
if (!password) {
return NULL;
}
if ( (username) && (*username) &&
(strlen(password) == 0 ) &&
(cli->use_kerberos) )
{
/* Use kerberos authentication */
struct passwd *pw;
char *cache_file;
if ( !(pw = sys_getpwnam(username)) ) {
fprintf(stderr,"ERROR Can not get %s uid\n", username);
cli_shutdown(cli);
return NULL;
}
/*
* Get the ticket cache of the user to set KRB5CCNAME env
* variable
*/
cache_file = get_ticket_cache( pw->pw_uid );
if ( cache_file == NULL )
{
fprintf(stderr, "ERROR: Can not get the ticket cache for %s\n", username);
cli_shutdown(cli);
return NULL;
}
if ( setenv(KRB5CCNAME, cache_file, OVERWRITE) < 0 )
{
fprintf(stderr, "ERROR: Can not add KRB5CCNAME to the environment");
cli_shutdown(cli);
free(cache_file);
return NULL;
}
free(cache_file);
/*
* Change the UID of the process to be able to read the kerberos
* ticket cache
*/
setuid(pw->pw_uid);
}
if (!NT_STATUS_IS_OK(cli_session_setup(cli, username,
password, strlen(password)+1,
password, strlen(password)+1,
workgroup)))
{
fprintf(stderr,"ERROR: Session setup failed: %s\n", cli_errstr(cli));
if (NT_STATUS_V(cli_nt_error(cli)) ==
NT_STATUS_V(NT_STATUS_MORE_PROCESSING_REQUIRED))
{
fprintf(stderr, "did you forget to run kinit?\n");
}
cli_shutdown(cli);
return NULL;
}
if (!cli_send_tconX(cli, share, "?????", password, strlen(password)+1))
{
fprintf(stderr, "ERROR: Tree connect failed (%s)\n", cli_errstr(cli));
cli_shutdown(cli);
return NULL;
}
return cli;
}
int cli_list_old(struct cli_state *cli,const char *Mask,uint16 attribute,
void (*fn)(const char *, file_info *, const char *, void *), void *state)
{
char *p;
int received = 0;
BOOL first = True;
char status[21];
int num_asked = (cli->max_xmit - 100)/DIR_STRUCT_SIZE;
int num_received = 0;
int i;
char *dirlist = NULL;
pstring mask;
ZERO_ARRAY(status);
pstrcpy(mask,Mask);
while (1) {
memset(cli->outbuf,'\0',smb_size);
memset(cli->inbuf,'\0',smb_size);
set_message(cli->outbuf,2,0,True);
SCVAL(cli->outbuf,smb_com,SMBsearch);
SSVAL(cli->outbuf,smb_tid,cli->cnum);
cli_setup_packet(cli);
SSVAL(cli->outbuf,smb_vwv0,num_asked);
SSVAL(cli->outbuf,smb_vwv1,attribute);
p = smb_buf(cli->outbuf);
*p++ = 4;
p += clistr_push(cli, p, first?mask:"", -1, STR_TERMINATE);
*p++ = 5;
if (first) {
SSVAL(p,0,0);
p += 2;
} else {
SSVAL(p,0,21);
p += 2;
memcpy(p,status,21);
p += 21;
}
cli_setup_bcc(cli, p);
cli_send_smb(cli);
if (!cli_receive_smb(cli)) break;
received = SVAL(cli->inbuf,smb_vwv0);
if (received <= 0) break;
first = False;
dirlist = (char *)SMB_REALLOC(
dirlist,(num_received + received)*DIR_STRUCT_SIZE);
if (!dirlist) {
DEBUG(0,("cli_list_old: failed to expand dirlist"));
return 0;
}
p = smb_buf(cli->inbuf) + 3;
memcpy(dirlist+num_received*DIR_STRUCT_SIZE,
p,received*DIR_STRUCT_SIZE);
memcpy(status,p + ((received-1)*DIR_STRUCT_SIZE),21);
num_received += received;
if (cli_is_error(cli)) break;
}
if (!first) {
memset(cli->outbuf,'\0',smb_size);
memset(cli->inbuf,'\0',smb_size);
set_message(cli->outbuf,2,0,True);
SCVAL(cli->outbuf,smb_com,SMBfclose);
SSVAL(cli->outbuf,smb_tid,cli->cnum);
cli_setup_packet(cli);
SSVAL(cli->outbuf, smb_vwv0, 0); /* find count? */
SSVAL(cli->outbuf, smb_vwv1, attribute);
p = smb_buf(cli->outbuf);
*p++ = 4;
fstrcpy(p, "");
p += strlen(p) + 1;
*p++ = 5;
SSVAL(p, 0, 21);
p += 2;
memcpy(p,status,21);
p += 21;
cli_setup_bcc(cli, p);
cli_send_smb(cli);
if (!cli_receive_smb(cli)) {
DEBUG(0,("Error closing search: %s\n",cli_errstr(cli)));
}
}
for (p=dirlist,i=0;i<num_received;i++) {
file_info finfo;
p += interpret_short_filename(cli, p,&finfo);
fn("\\", &finfo, Mask, state);
}
SAFE_FREE(dirlist);
return(num_received);
}
static struct cli_state *do_connect( const char *server, const char *share,
BOOL show_sessetup )
{
struct cli_state *c = NULL;
struct nmb_name called, calling;
const char *server_n;
struct in_addr ip;
pstring servicename;
char *sharename;
fstring newserver, newshare;
NTSTATUS status;
/* make a copy so we don't modify the global string 'service' */
pstrcpy(servicename, share);
sharename = servicename;
if (*sharename == '\\') {
server = sharename+2;
sharename = strchr_m(server,'\\');
if (!sharename) return NULL;
*sharename = 0;
sharename++;
}
server_n = server;
zero_ip(&ip);
make_nmb_name(&calling, global_myname(), 0x0);
make_nmb_name(&called , server, name_type);
again:
zero_ip(&ip);
if (have_ip)
ip = dest_ip;
/* have to open a new connection */
if (!(c=cli_initialise()) || (cli_set_port(c, port) != port)) {
d_printf("Connection to %s failed\n", server_n);
return NULL;
}
status = cli_connect(c, server_n, &ip);
if (!NT_STATUS_IS_OK(status)) {
d_printf("Connection to %s failed (Error %s)\n", server_n, nt_errstr(status));
return NULL;
}
c->protocol = max_protocol;
c->use_kerberos = use_kerberos;
cli_setup_signing_state(c, signing_state);
if (!cli_session_request(c, &calling, &called, NULL)) {
char *p;
d_printf("session request to %s failed (%s)\n",
called.name, cli_errstr(c));
cli_shutdown(c);
c = NULL;
if ((p=strchr_m(called.name, '.'))) {
*p = 0;
goto again;
}
if (strcmp(called.name, "*SMBSERVER")) {
make_nmb_name(&called , "*SMBSERVER", 0x20);
goto again;
}
return NULL;
}
DEBUG(4,(" session request ok\n"));
if (!cli_negprot(c)) {
d_printf("protocol negotiation failed\n");
cli_shutdown(c);
return NULL;
}
if (!got_pass) {
char *pass = getpass("Password: "******"", "", 0, "", 0,
lp_workgroup()))) {
d_printf("session setup failed: %s\n", cli_errstr(c));
if (NT_STATUS_V(cli_nt_error(c)) ==
NT_STATUS_V(NT_STATUS_MORE_PROCESSING_REQUIRED))
d_printf("did you forget to run kinit?\n");
cli_shutdown(c);
return NULL;
}
d_printf("Anonymous login successful\n");
}
if ( show_sessetup ) {
if (*c->server_domain) {
DEBUG(0,("Domain=[%s] OS=[%s] Server=[%s]\n",
c->server_domain,c->server_os,c->server_type));
} else if (*c->server_os || *c->server_type){
DEBUG(0,("OS=[%s] Server=[%s]\n",
c->server_os,c->server_type));
}
}
DEBUG(4,(" session setup ok\n"));
/* here's the fun part....to support 'msdfs proxy' shares
(on Samba or windows) we have to issues a TRANS_GET_DFS_REFERRAL
here before trying to connect to the original share.
check_dfs_proxy() will fail if it is a normal share. */
if ( (c->capabilities & CAP_DFS) && cli_check_msdfs_proxy( c, sharename, newserver, newshare ) ) {
cli_shutdown(c);
return do_connect( newserver, newshare, False );
}
/* must be a normal share */
if (!cli_send_tconX(c, sharename, "?????", password, strlen(password)+1)) {
d_printf("tree connect failed: %s\n", cli_errstr(c));
cli_shutdown(c);
return NULL;
}
DEBUG(4,(" tconx ok\n"));
return c;
}
static int parse_quota_set(pstring set_str, pstring username_str, enum SMB_QUOTA_TYPE *qtype, int *cmd, SMB_NTQUOTA_STRUCT *pqt)
{
char *p = set_str,*p2;
int todo;
BOOL stop = False;
BOOL enable = False;
BOOL deny = False;
if (strnequal(set_str,"UQLIM:",6)) {
p += 6;
*qtype = SMB_USER_QUOTA_TYPE;
*cmd = QUOTA_SETLIM;
todo = PARSE_LIM;
if ((p2=strstr(p,":"))==NULL) {
return -1;
}
*p2 = '\0';
p2++;
fstrcpy(username_str,p);
p = p2;
} else if (strnequal(set_str,"FSQLIM:",7)) {
p +=7;
*qtype = SMB_USER_FS_QUOTA_TYPE;
*cmd = QUOTA_SETLIM;
todo = PARSE_LIM;
} else if (strnequal(set_str,"FSQFLAGS:",9)) {
p +=9;
todo = PARSE_FLAGS;
*qtype = SMB_USER_FS_QUOTA_TYPE;
*cmd = QUOTA_SETFLAGS;
} else {
return -1;
}
switch (todo) {
case PARSE_LIM:
#if defined(HAVE_LONGLONG)
if (sscanf(p,"%llu/%llu",&pqt->softlim,&pqt->hardlim)!=2) {
#else
if (sscanf(p,"%lu/%lu",&pqt->softlim,&pqt->hardlim)!=2) {
#endif
return -1;
}
break;
case PARSE_FLAGS:
while (!stop) {
if ((p2=strstr(p,"/"))==NULL) {
stop = True;
} else {
*p2 = '\0';
p2++;
}
if (strnequal(p,"QUOTA_ENABLED",13)) {
enable = True;
} else if (strnequal(p,"DENY_DISK",9)) {
deny = True;
} else if (strnequal(p,"LOG_SOFTLIMIT",13)) {
pqt->qflags |= QUOTAS_LOG_THRESHOLD;
} else if (strnequal(p,"LOG_HARDLIMIT",13)) {
pqt->qflags |= QUOTAS_LOG_LIMIT;
} else {
return -1;
}
p=p2;
}
if (deny) {
pqt->qflags |= QUOTAS_DENY_DISK;
} else if (enable) {
pqt->qflags |= QUOTAS_ENABLED;
}
break;
}
return 0;
}
static int do_quota(struct cli_state *cli, enum SMB_QUOTA_TYPE qtype, uint16 cmd, pstring username_str, SMB_NTQUOTA_STRUCT *pqt)
{
uint32 fs_attrs = 0;
int quota_fnum = 0;
SMB_NTQUOTA_LIST *qtl = NULL;
SMB_NTQUOTA_STRUCT qt;
ZERO_STRUCT(qt);
if (!cli_get_fs_attr_info(cli, &fs_attrs)) {
d_printf("Failed to get the filesystem attributes %s.\n",
cli_errstr(cli));
return -1;
}
if (!(fs_attrs & FILE_VOLUME_QUOTAS)) {
d_printf("Quotas are not supported by the server.\n");
return 0;
}
if (!cli_get_quota_handle(cli, "a_fnum)) {
d_printf("Failed to open \\%s %s.\n",
FAKE_FILE_NAME_QUOTA,cli_errstr(cli));
return -1;
}
switch(qtype) {
case SMB_USER_QUOTA_TYPE:
if (!StringToSid(&qt.sid, username_str)) {
d_printf("StringToSid() failed for [%s]\n",username_str);
return -1;
}
switch(cmd) {
case QUOTA_GET:
if (!cli_get_user_quota(cli, quota_fnum, &qt)) {
d_printf("%s cli_get_user_quota %s\n",
cli_errstr(cli),username_str);
return -1;
}
dump_ntquota(&qt,verbose,numeric,SidToString);
break;
case QUOTA_SETLIM:
pqt->sid = qt.sid;
if (!cli_set_user_quota(cli, quota_fnum, pqt)) {
d_printf("%s cli_set_user_quota %s\n",
cli_errstr(cli),username_str);
return -1;
}
if (!cli_get_user_quota(cli, quota_fnum, &qt)) {
d_printf("%s cli_get_user_quota %s\n",
cli_errstr(cli),username_str);
return -1;
}
dump_ntquota(&qt,verbose,numeric,SidToString);
break;
case QUOTA_LIST:
if (!cli_list_user_quota(cli, quota_fnum, &qtl)) {
d_printf("%s cli_set_user_quota %s\n",
cli_errstr(cli),username_str);
return -1;
}
dump_ntquota_list(&qtl,verbose,numeric,SidToString);
free_ntquota_list(&qtl);
break;
default:
d_printf("Unknown Error\n");
return -1;
}
break;
case SMB_USER_FS_QUOTA_TYPE:
switch(cmd) {
case QUOTA_GET:
if (!cli_get_fs_quota_info(cli, quota_fnum, &qt)) {
d_printf("%s cli_get_fs_quota_info\n",
cli_errstr(cli));
return -1;
}
dump_ntquota(&qt,True,numeric,NULL);
break;
case QUOTA_SETLIM:
if (!cli_get_fs_quota_info(cli, quota_fnum, &qt)) {
d_printf("%s cli_get_fs_quota_info\n",
cli_errstr(cli));
return -1;
}
qt.softlim = pqt->softlim;
qt.hardlim = pqt->hardlim;
if (!cli_set_fs_quota_info(cli, quota_fnum, &qt)) {
d_printf("%s cli_set_fs_quota_info\n",
cli_errstr(cli));
return -1;
}
if (!cli_get_fs_quota_info(cli, quota_fnum, &qt)) {
d_printf("%s cli_get_fs_quota_info\n",
cli_errstr(cli));
return -1;
}
dump_ntquota(&qt,True,numeric,NULL);
break;
case QUOTA_SETFLAGS:
if (!cli_get_fs_quota_info(cli, quota_fnum, &qt)) {
d_printf("%s cli_get_fs_quota_info\n",
cli_errstr(cli));
return -1;
}
qt.qflags = pqt->qflags;
if (!cli_set_fs_quota_info(cli, quota_fnum, &qt)) {
d_printf("%s cli_set_fs_quota_info\n",
cli_errstr(cli));
return -1;
}
if (!cli_get_fs_quota_info(cli, quota_fnum, &qt)) {
d_printf("%s cli_get_fs_quota_info\n",
cli_errstr(cli));
return -1;
}
dump_ntquota(&qt,True,numeric,NULL);
break;
default:
d_printf("Unknown Error\n");
return -1;
}
break;
default:
d_printf("Unknown Error\n");
return -1;
}
cli_close(cli, quota_fnum);
return 0;
}
static SMBCSRV *
SMBC_server_internal(TALLOC_CTX *ctx,
SMBCCTX *context,
bool connect_if_not_found,
const char *server,
const char *share,
char **pp_workgroup,
char **pp_username,
char **pp_password,
bool *in_cache)
{
SMBCSRV *srv=NULL;
char *workgroup = NULL;
struct cli_state *c;
struct nmb_name called, calling;
const char *server_n = server;
struct sockaddr_storage ss;
int tried_reverse = 0;
int port_try_first;
int port_try_next;
int is_ipc = (share != NULL && strcmp(share, "IPC$") == 0);
uint32 fs_attrs = 0;
const char *username_used;
NTSTATUS status;
char *newserver, *newshare;
zero_sockaddr(&ss);
ZERO_STRUCT(c);
*in_cache = false;
if (server[0] == 0) {
errno = EPERM;
return NULL;
}
/* Look for a cached connection */
srv = SMBC_find_server(ctx, context, server, share,
pp_workgroup, pp_username, pp_password);
/*
* If we found a connection and we're only allowed one share per
* server...
*/
if (srv &&
*share != '\0' &&
smbc_getOptionOneSharePerServer(context)) {
/*
* ... then if there's no current connection to the share,
* connect to it. SMBC_find_server(), or rather the function
* pointed to by context->get_cached_srv_fn which
* was called by SMBC_find_server(), will have issued a tree
* disconnect if the requested share is not the same as the
* one that was already connected.
*/
/*
* Use srv->cli->desthost and srv->cli->share instead of
* server and share below to connect to the actual share,
* i.e., a normal share or a referred share from
* 'msdfs proxy' share.
*/
if (srv->cli->cnum == (uint16) -1) {
/* Ensure we have accurate auth info */
SMBC_call_auth_fn(ctx, context,
srv->cli->desthost,
srv->cli->share,
pp_workgroup,
pp_username,
pp_password);
if (!*pp_workgroup || !*pp_username || !*pp_password) {
errno = ENOMEM;
cli_shutdown(srv->cli);
srv->cli = NULL;
smbc_getFunctionRemoveCachedServer(context)(context,
srv);
return NULL;
}
/*
* We don't need to renegotiate encryption
* here as the encryption context is not per
* tid.
*/
status = cli_tcon_andx(srv->cli, srv->cli->share, "?????",
*pp_password,
strlen(*pp_password)+1);
if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
cli_shutdown(srv->cli);
srv->cli = NULL;
smbc_getFunctionRemoveCachedServer(context)(context,
srv);
srv = NULL;
}
/* Determine if this share supports case sensitivity */
if (is_ipc) {
DEBUG(4,
("IPC$ so ignore case sensitivity\n"));
} else if (!cli_get_fs_attr_info(c, &fs_attrs)) {
DEBUG(4, ("Could not retrieve "
"case sensitivity flag: %s.\n",
cli_errstr(c)));
/*
* We can't determine the case sensitivity of
* the share. We have no choice but to use the
* user-specified case sensitivity setting.
*/
if (smbc_getOptionCaseSensitive(context)) {
cli_set_case_sensitive(c, True);
} else {
cli_set_case_sensitive(c, False);
}
} else {
DEBUG(4,
("Case sensitive: %s\n",
(fs_attrs & FILE_CASE_SENSITIVE_SEARCH
? "True"
: "False")));
cli_set_case_sensitive(
c,
(fs_attrs & FILE_CASE_SENSITIVE_SEARCH
? True
: False));
}
/*
* Regenerate the dev value since it's based on both
* server and share
*/
if (srv) {
srv->dev = (dev_t)(str_checksum(srv->cli->desthost) ^
str_checksum(srv->cli->share));
}
}
}
/* If we have a connection... */
if (srv) {
/* ... then we're done here. Give 'em what they came for. */
*in_cache = true;
goto done;
}
/* If we're not asked to connect when a connection doesn't exist... */
if (! connect_if_not_found) {
/* ... then we're done here. */
return NULL;
}
if (!*pp_workgroup || !*pp_username || !*pp_password) {
errno = ENOMEM;
return NULL;
}
make_nmb_name(&calling, smbc_getNetbiosName(context), 0x0);
make_nmb_name(&called , server, 0x20);
DEBUG(4,("SMBC_server: server_n=[%s] server=[%s]\n", server_n, server));
DEBUG(4,(" -> server_n=[%s] server=[%s]\n", server_n, server));
again:
zero_sockaddr(&ss);
/* have to open a new connection */
if ((c = cli_initialise()) == NULL) {
errno = ENOMEM;
return NULL;
}
if (smbc_getOptionUseKerberos(context)) {
c->use_kerberos = True;
}
if (smbc_getOptionFallbackAfterKerberos(context)) {
c->fallback_after_kerberos = True;
}
if (smbc_getOptionUseCCache(context)) {
c->use_ccache = True;
}
c->timeout = smbc_getTimeout(context);
/*
* Force use of port 139 for first try if share is $IPC, empty, or
* null, so browse lists can work
*/
if (share == NULL || *share == '\0' || is_ipc) {
port_try_first = 139;
port_try_next = 445;
} else {
port_try_first = 445;
port_try_next = 139;
}
c->port = port_try_first;
status = cli_connect(c, server_n, &ss);
if (!NT_STATUS_IS_OK(status)) {
/* First connection attempt failed. Try alternate port. */
c->port = port_try_next;
status = cli_connect(c, server_n, &ss);
if (!NT_STATUS_IS_OK(status)) {
cli_shutdown(c);
errno = ETIMEDOUT;
return NULL;
}
}
if (!cli_session_request(c, &calling, &called)) {
cli_shutdown(c);
if (strcmp(called.name, "*SMBSERVER")) {
make_nmb_name(&called , "*SMBSERVER", 0x20);
goto again;
} else { /* Try one more time, but ensure we don't loop */
/* Only try this if server is an IP address ... */
if (is_ipaddress(server) && !tried_reverse) {
fstring remote_name;
struct sockaddr_storage rem_ss;
if (!interpret_string_addr(&rem_ss, server,
NI_NUMERICHOST)) {
DEBUG(4, ("Could not convert IP address "
"%s to struct sockaddr_storage\n",
server));
errno = ETIMEDOUT;
return NULL;
}
tried_reverse++; /* Yuck */
if (name_status_find("*", 0, 0,
&rem_ss, remote_name)) {
make_nmb_name(&called,
remote_name,
0x20);
goto again;
}
}
}
errno = ETIMEDOUT;
return NULL;
}
DEBUG(4,(" session request ok\n"));
status = cli_negprot(c);
if (!NT_STATUS_IS_OK(status)) {
cli_shutdown(c);
errno = ETIMEDOUT;
return NULL;
}
username_used = *pp_username;
if (!NT_STATUS_IS_OK(cli_session_setup(c, username_used,
*pp_password,
strlen(*pp_password),
*pp_password,
strlen(*pp_password),
*pp_workgroup))) {
fprintf(stderr, "JerryLin: Libsmb_server.c->SMBC_server_internal: cli_session_setup fail with username=[%s], password=[%s]\n", username_used, *pp_password);
/* Failed. Try an anonymous login, if allowed by flags. */
username_used = "";
if (smbc_getOptionNoAutoAnonymousLogin(context) ||
!NT_STATUS_IS_OK(cli_session_setup(c, username_used,
*pp_password, 1,
*pp_password, 0,
*pp_workgroup))) {
cli_shutdown(c);
errno = EPERM;
return NULL;
}
}
status = cli_init_creds(c, username_used,
*pp_workgroup, *pp_password);
if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
cli_shutdown(c);
return NULL;
}
DEBUG(4,(" session setup ok\n"));
/* here's the fun part....to support 'msdfs proxy' shares
(on Samba or windows) we have to issues a TRANS_GET_DFS_REFERRAL
here before trying to connect to the original share.
cli_check_msdfs_proxy() will fail if it is a normal share. */
if ((c->capabilities & CAP_DFS) &&
cli_check_msdfs_proxy(ctx, c, share,
&newserver, &newshare,
/* FIXME: cli_check_msdfs_proxy() does
not support smbc_smb_encrypt_level type */
context->internal->smb_encryption_level ?
true : false,
*pp_username,
*pp_password,
*pp_workgroup)) {
cli_shutdown(c);
srv = SMBC_server_internal(ctx, context, connect_if_not_found,
newserver, newshare, pp_workgroup,
pp_username, pp_password, in_cache);
TALLOC_FREE(newserver);
TALLOC_FREE(newshare);
return srv;
}
/* must be a normal share */
status = cli_tcon_andx(c, share, "?????", *pp_password,
strlen(*pp_password)+1);
if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
fprintf(stderr, "JerryLin: Libsmb_server.c->SMBC_server_internal: cli_tcon_andx return %08X, errno=[%d]\n", NT_STATUS_V(status), errno);
cli_shutdown(c);
return NULL;
}
DEBUG(4,(" tconx ok\n"));
/* Determine if this share supports case sensitivity */
if (is_ipc) {
DEBUG(4, ("IPC$ so ignore case sensitivity\n"));
} else if (!cli_get_fs_attr_info(c, &fs_attrs)) {
DEBUG(4, ("Could not retrieve case sensitivity flag: %s.\n",
cli_errstr(c)));
/*
* We can't determine the case sensitivity of the share. We
* have no choice but to use the user-specified case
* sensitivity setting.
*/
if (smbc_getOptionCaseSensitive(context)) {
cli_set_case_sensitive(c, True);
} else {
cli_set_case_sensitive(c, False);
}
} else {
DEBUG(4, ("Case sensitive: %s\n",
(fs_attrs & FILE_CASE_SENSITIVE_SEARCH
? "True"
: "False")));
cli_set_case_sensitive(c,
(fs_attrs & FILE_CASE_SENSITIVE_SEARCH
? True
: False));
}
if (context->internal->smb_encryption_level) {
/* Attempt UNIX smb encryption. */
if (!NT_STATUS_IS_OK(cli_force_encryption(c,
username_used,
*pp_password,
*pp_workgroup))) {
/*
* context->smb_encryption_level == 1
* means don't fail if encryption can't be negotiated,
* == 2 means fail if encryption can't be negotiated.
*/
DEBUG(4,(" SMB encrypt failed\n"));
if (context->internal->smb_encryption_level == 2) {
cli_shutdown(c);
errno = EPERM;
return NULL;
}
}
DEBUG(4,(" SMB encrypt ok\n"));
}
/*
* Ok, we have got a nice connection
* Let's allocate a server structure.
*/
srv = SMB_MALLOC_P(SMBCSRV);
if (!srv) {
cli_shutdown(c);
errno = ENOMEM;
return NULL;
}
ZERO_STRUCTP(srv);
srv->cli = c;
srv->dev = (dev_t)(str_checksum(server) ^ str_checksum(share));
srv->no_pathinfo = False;
srv->no_pathinfo2 = False;
srv->no_nt_session = False;
done:
if (!pp_workgroup || !*pp_workgroup || !**pp_workgroup) {
workgroup = talloc_strdup(ctx, smbc_getWorkgroup(context));
} else {
workgroup = *pp_workgroup;
}
if(!workgroup) {
return NULL;
}
/* set the credentials to make DFS work */
smbc_set_credentials_with_fallback(context,
workgroup,
*pp_username,
*pp_password);
return srv;
}
NTSTATUS cli_full_connection(struct cli_state **output_cli,
const char *my_name, const char *dest_host,
struct in_addr *dest_ip, int port,
const char *service, const char *service_type,
const char *user, const char *domain,
const char *password, int pass_len)
{
struct ntuser_creds creds;
NTSTATUS nt_status;
struct nmb_name calling;
struct nmb_name called;
struct cli_state *cli;
struct in_addr ip;
if (!output_cli)
DEBUG(0, ("output_cli is NULL!?!"));
*output_cli = NULL;
make_nmb_name(&calling, my_name, 0x0);
make_nmb_name(&called , dest_host, 0x20);
again:
if (!(cli = cli_initialise(NULL)))
return NT_STATUS_NO_MEMORY;
if (cli_set_port(cli, port) != port) {
cli_shutdown(cli);
return NT_STATUS_UNSUCCESSFUL;
}
ip = *dest_ip;
DEBUG(3,("Connecting to host=%s share=%s\n", dest_host, service));
if (!cli_connect(cli, dest_host, &ip)) {
DEBUG(1,("cli_establish_connection: failed to connect to %s (%s)\n",
nmb_namestr(&called), inet_ntoa(*dest_ip)));
cli_shutdown(cli);
return NT_STATUS_UNSUCCESSFUL;
}
if (!cli_session_request(cli, &calling, &called)) {
char *p;
DEBUG(1,("session request to %s failed (%s)\n",
called.name, cli_errstr(cli)));
cli_shutdown(cli);
if ((p=strchr(called.name, '.')) && !is_ipaddress(called.name)) {
*p = 0;
goto again;
}
if (strcmp(called.name, "*SMBSERVER")) {
make_nmb_name(&called , "*SMBSERVER", 0x20);
goto again;
}
return NT_STATUS_UNSUCCESSFUL;
}
if (!cli_negprot(cli)) {
DEBUG(1,("failed negprot\n"));
nt_status = NT_STATUS_UNSUCCESSFUL;
cli_shutdown(cli);
return nt_status;
}
if (!cli_session_setup(cli, user, password, pass_len, password, pass_len,
domain)) {
DEBUG(1,("failed session setup\n"));
nt_status = cli_nt_error(cli);
cli_shutdown(cli);
if (NT_STATUS_IS_OK(nt_status))
nt_status = NT_STATUS_UNSUCCESSFUL;
return nt_status;
}
if (service) {
if (!cli_send_tconX(cli, service, service_type,
password, pass_len)) {
DEBUG(1,("failed tcon_X\n"));
nt_status = cli_nt_error(cli);
cli_shutdown(cli);
if (NT_STATUS_IS_OK(nt_status))
nt_status = NT_STATUS_UNSUCCESSFUL;
return nt_status;
}
}
init_creds(&creds, user, domain, password, pass_len);
cli_init_creds(cli, &creds);
*output_cli = cli;
return NT_STATUS_OK;
}
NTSTATUS remote_password_change(const char *remote_machine, const char *user_name,
const char *old_passwd, const char *new_passwd,
char **err_str)
{
struct nmb_name calling, called;
struct cli_state *cli;
struct rpc_pipe_client *pipe_hnd;
struct sockaddr_storage ss;
NTSTATUS result;
bool pass_must_change = False;
*err_str = NULL;
if(!resolve_name( remote_machine, &ss, 0x20)) {
asprintf(err_str, "Unable to find an IP address for machine "
"%s.\n", remote_machine);
return NT_STATUS_UNSUCCESSFUL;
}
cli = cli_initialise();
if (!cli) {
return NT_STATUS_NO_MEMORY;
}
result = cli_connect(cli, remote_machine, &ss);
if (!NT_STATUS_IS_OK(result)) {
asprintf(err_str, "Unable to connect to SMB server on "
"machine %s. Error was : %s.\n",
remote_machine, nt_errstr(result));
cli_shutdown(cli);
return result;
}
make_nmb_name(&calling, global_myname() , 0x0);
make_nmb_name(&called , remote_machine, 0x20);
if (!cli_session_request(cli, &calling, &called)) {
asprintf(err_str, "machine %s rejected the session setup. "
"Error was : %s.\n",
remote_machine, cli_errstr(cli) );
result = cli_nt_error(cli);
cli_shutdown(cli);
return result;
}
cli->protocol = PROTOCOL_NT1;
if (!cli_negprot(cli)) {
asprintf(err_str, "machine %s rejected the negotiate "
"protocol. Error was : %s.\n",
remote_machine, cli_errstr(cli) );
result = cli_nt_error(cli);
cli_shutdown(cli);
return result;
}
/* Given things like SMB signing, restrict anonymous and the like,
try an authenticated connection first */
result = cli_session_setup(cli, user_name,
old_passwd, strlen(old_passwd)+1,
old_passwd, strlen(old_passwd)+1, "");
if (!NT_STATUS_IS_OK(result)) {
/* Password must change or Password expired are the only valid
* error conditions here from where we can proceed, the rest like
* account locked out or logon failure will lead to errors later
* anyway */
if (!NT_STATUS_EQUAL(result, NT_STATUS_PASSWORD_MUST_CHANGE) &&
!NT_STATUS_EQUAL(result, NT_STATUS_PASSWORD_EXPIRED)) {
asprintf(err_str, "Could not connect to machine %s: "
"%s\n", remote_machine, cli_errstr(cli));
cli_shutdown(cli);
return result;
}
pass_must_change = True;
/*
* We should connect as the anonymous user here, in case
* the server has "must change password" checked...
* Thanks to <*****@*****.**> for this fix.
*/
result = cli_session_setup(cli, "", "", 0, "", 0, "");
if (!NT_STATUS_IS_OK(result)) {
asprintf(err_str, "machine %s rejected the session "
"setup. Error was : %s.\n",
remote_machine, cli_errstr(cli) );
cli_shutdown(cli);
return result;
}
cli_init_creds(cli, "", "", NULL);
} else {
cli_init_creds(cli, user_name, "", old_passwd);
}
if (!cli_send_tconX(cli, "IPC$", "IPC", "", 1)) {
asprintf(err_str, "machine %s rejected the tconX on the IPC$ "
"share. Error was : %s.\n",
remote_machine, cli_errstr(cli) );
result = cli_nt_error(cli);
cli_shutdown(cli);
return result;
}
/* Try not to give the password away too easily */
if (!pass_must_change) {
pipe_hnd = cli_rpc_pipe_open_ntlmssp(cli,
PI_SAMR,
PIPE_AUTH_LEVEL_PRIVACY,
"", /* what domain... ? */
user_name,
old_passwd,
&result);
} else {
/*
* If the user password must be changed the ntlmssp bind will
* fail the same way as the session setup above did. The
* difference ist that with a pipe bind we don't get a good
* error message, the result will be that the rpc call below
* will just fail. So we do it anonymously, there's no other
* way.
*/
pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_SAMR, &result);
}
if (!pipe_hnd) {
if (lp_client_lanman_auth()) {
/* Use the old RAP method. */
if (!cli_oem_change_password(cli, user_name, new_passwd, old_passwd)) {
asprintf(err_str, "machine %s rejected the "
"password change: Error was : %s.\n",
remote_machine, cli_errstr(cli) );
result = cli_nt_error(cli);
cli_shutdown(cli);
return result;
}
} else {
asprintf(err_str, "SAMR connection to machine %s "
"failed. Error was %s, but LANMAN password "
"changed are disabled\n",
nt_errstr(result), remote_machine);
result = cli_nt_error(cli);
cli_shutdown(cli);
return result;
}
}
if (NT_STATUS_IS_OK(result = rpccli_samr_chgpasswd_user(pipe_hnd, pipe_hnd->mem_ctx, user_name,
new_passwd, old_passwd))) {
/* Great - it all worked! */
cli_shutdown(cli);
return NT_STATUS_OK;
} else if (!(NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED)
|| NT_STATUS_EQUAL(result, NT_STATUS_UNSUCCESSFUL))) {
/* it failed, but for reasons such as wrong password, too short etc ... */
asprintf(err_str, "machine %s rejected the password change: "
"Error was : %s.\n",
remote_machine, get_friendly_nt_error_msg(result));
cli_shutdown(cli);
return result;
}
/* OK, that failed, so try again... */
cli_rpc_pipe_close(pipe_hnd);
/* Try anonymous NTLMSSP... */
cli_init_creds(cli, "", "", NULL);
result = NT_STATUS_UNSUCCESSFUL;
/* OK, this is ugly, but... try an anonymous pipe. */
pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_SAMR, &result);
if ( pipe_hnd &&
(NT_STATUS_IS_OK(result = rpccli_samr_chgpasswd_user(pipe_hnd,
pipe_hnd->mem_ctx,
user_name,
new_passwd,
old_passwd)))) {
/* Great - it all worked! */
cli_shutdown(cli);
return NT_STATUS_OK;
} else {
if (!(NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED)
|| NT_STATUS_EQUAL(result, NT_STATUS_UNSUCCESSFUL))) {
/* it failed, but again it was due to things like new password too short */
asprintf(err_str, "machine %s rejected the "
"(anonymous) password change: Error was : "
"%s.\n", remote_machine,
get_friendly_nt_error_msg(result));
cli_shutdown(cli);
return result;
}
/* We have failed to change the user's password, and we think the server
just might not support SAMR password changes, so fall back */
if (lp_client_lanman_auth()) {
/* Use the old RAP method. */
if (cli_oem_change_password(cli, user_name, new_passwd, old_passwd)) {
/* SAMR failed, but the old LanMan protocol worked! */
cli_shutdown(cli);
return NT_STATUS_OK;
}
asprintf(err_str, "machine %s rejected the password "
"change: Error was : %s.\n",
remote_machine, cli_errstr(cli) );
result = cli_nt_error(cli);
cli_shutdown(cli);
return result;
} else {
asprintf(err_str, "SAMR connection to machine %s "
"failed. Error was %s, but LANMAN password "
"changed are disabled\n",
nt_errstr(result), remote_machine);
cli_shutdown(cli);
return NT_STATUS_UNSUCCESSFUL;
}
}
}
static struct cli_state *do_connect( const char *server, const char *share,
BOOL show_sessetup )
{
struct cli_state *c;
struct nmb_name called, calling;
const char *server_n;
struct in_addr ip;
pstring servicename;
char *sharename;
/* make a copy so we don't modify the global string 'service' */
pstrcpy(servicename, share);
sharename = servicename;
if (*sharename == '\\') {
server = sharename+2;
sharename = strchr_m(server,'\\');
if (!sharename) return NULL;
*sharename = 0;
sharename++;
}
server_n = server;
zero_ip(&ip);
make_nmb_name(&calling, global_myname(), 0x0);
make_nmb_name(&called , server, name_type);
again:
zero_ip(&ip);
if (have_ip)
ip = dest_ip;
/* have to open a new connection */
if (!(c=cli_initialise(NULL)) || (cli_set_port(c, port) != port) ||
!cli_connect(c, server_n, &ip)) {
d_printf("Connection to %s failed\n", server_n);
return NULL;
}
c->protocol = max_protocol;
c->use_kerberos = use_kerberos;
cli_setup_signing_state(c, signing_state);
if (!cli_session_request(c, &calling, &called)) {
char *p;
d_printf("session request to %s failed (%s)\n",
called.name, cli_errstr(c));
cli_shutdown(c);
if ((p=strchr_m(called.name, '.'))) {
*p = 0;
goto again;
}
if (strcmp(called.name, "*SMBSERVER")) {
make_nmb_name(&called , "*SMBSERVER", 0x20);
goto again;
}
return NULL;
}
DEBUG(4,(" session request ok\n"));
if (!cli_negprot(c)) {
d_printf("protocol negotiation failed\n");
cli_shutdown(c);
return NULL;
}
if (!got_pass) {
char *pass = getpass("Password: "******"", "", 0, "", 0, lp_workgroup())) {
d_printf("session setup failed: %s\n", cli_errstr(c));
if (NT_STATUS_V(cli_nt_error(c)) ==
NT_STATUS_V(NT_STATUS_MORE_PROCESSING_REQUIRED))
d_printf("did you forget to run kinit?\n");
cli_shutdown(c);
return NULL;
}
d_printf("Anonymous login successful\n");
}
if ( show_sessetup ) {
if (*c->server_domain) {
DEBUG(0,("Domain=[%s] OS=[%s] Server=[%s]\n",
c->server_domain,c->server_os,c->server_type));
} else if (*c->server_os || *c->server_type){
DEBUG(0,("OS=[%s] Server=[%s]\n",
c->server_os,c->server_type));
}
}
DEBUG(4,(" session setup ok\n"));
if (!cli_send_tconX(c, sharename, "?????",
password, strlen(password)+1)) {
d_printf("tree connect failed: %s\n", cli_errstr(c));
cli_shutdown(c);
return NULL;
}
DEBUG(4,(" tconx ok\n"));
return c;
}
static int do_quota(struct cli_state *cli,
enum SMB_QUOTA_TYPE qtype,
uint16 cmd,
const char *username_str,
SMB_NTQUOTA_STRUCT *pqt)
{
uint32 fs_attrs = 0;
int quota_fnum = 0;
SMB_NTQUOTA_LIST *qtl = NULL;
SMB_NTQUOTA_STRUCT qt;
ZERO_STRUCT(qt);
if (!cli_get_fs_attr_info(cli, &fs_attrs)) {
d_printf("Failed to get the filesystem attributes %s.\n",
cli_errstr(cli));
return -1;
}
if (!(fs_attrs & FILE_VOLUME_QUOTAS)) {
d_printf("Quotas are not supported by the server.\n");
return 0;
}
if (!cli_get_quota_handle(cli, "a_fnum)) {
d_printf("Quotas are not enabled on this share.\n");
d_printf("Failed to open %s %s.\n",
FAKE_FILE_NAME_QUOTA_WIN32,cli_errstr(cli));
return -1;
}
switch(qtype) {
case SMB_USER_QUOTA_TYPE:
if (!StringToSid(&qt.sid, username_str)) {
d_printf("StringToSid() failed for [%s]\n",username_str);
return -1;
}
switch(cmd) {
case QUOTA_GET:
if (!cli_get_user_quota(cli, quota_fnum, &qt)) {
d_printf("%s cli_get_user_quota %s\n",
cli_errstr(cli),username_str);
return -1;
}
dump_ntquota(&qt,verbose,numeric,SidToString);
break;
case QUOTA_SETLIM:
pqt->sid = qt.sid;
if (!cli_set_user_quota(cli, quota_fnum, pqt)) {
d_printf("%s cli_set_user_quota %s\n",
cli_errstr(cli),username_str);
return -1;
}
if (!cli_get_user_quota(cli, quota_fnum, &qt)) {
d_printf("%s cli_get_user_quota %s\n",
cli_errstr(cli),username_str);
return -1;
}
dump_ntquota(&qt,verbose,numeric,SidToString);
break;
case QUOTA_LIST:
if (!cli_list_user_quota(cli, quota_fnum, &qtl)) {
d_printf("%s cli_set_user_quota %s\n",
cli_errstr(cli),username_str);
return -1;
}
dump_ntquota_list(&qtl,verbose,numeric,SidToString);
free_ntquota_list(&qtl);
break;
default:
d_printf("Unknown Error\n");
return -1;
}
break;
case SMB_USER_FS_QUOTA_TYPE:
switch(cmd) {
case QUOTA_GET:
if (!cli_get_fs_quota_info(cli, quota_fnum, &qt)) {
d_printf("%s cli_get_fs_quota_info\n",
cli_errstr(cli));
return -1;
}
dump_ntquota(&qt,True,numeric,NULL);
break;
case QUOTA_SETLIM:
if (!cli_get_fs_quota_info(cli, quota_fnum, &qt)) {
d_printf("%s cli_get_fs_quota_info\n",
cli_errstr(cli));
return -1;
}
qt.softlim = pqt->softlim;
qt.hardlim = pqt->hardlim;
if (!cli_set_fs_quota_info(cli, quota_fnum, &qt)) {
d_printf("%s cli_set_fs_quota_info\n",
cli_errstr(cli));
return -1;
}
if (!cli_get_fs_quota_info(cli, quota_fnum, &qt)) {
d_printf("%s cli_get_fs_quota_info\n",
cli_errstr(cli));
return -1;
}
dump_ntquota(&qt,True,numeric,NULL);
break;
case QUOTA_SETFLAGS:
if (!cli_get_fs_quota_info(cli, quota_fnum, &qt)) {
d_printf("%s cli_get_fs_quota_info\n",
cli_errstr(cli));
return -1;
}
qt.qflags = pqt->qflags;
if (!cli_set_fs_quota_info(cli, quota_fnum, &qt)) {
d_printf("%s cli_set_fs_quota_info\n",
cli_errstr(cli));
return -1;
}
if (!cli_get_fs_quota_info(cli, quota_fnum, &qt)) {
d_printf("%s cli_get_fs_quota_info\n",
cli_errstr(cli));
return -1;
}
dump_ntquota(&qt,True,numeric,NULL);
break;
default:
d_printf("Unknown Error\n");
return -1;
}
break;
default:
d_printf("Unknown Error\n");
return -1;
}
cli_close(cli, quota_fnum);
return 0;
}
static void do_atar(char *rname,char *lname,file_info *finfo1)
{
int fnum;
SMB_BIG_UINT nread=0;
char ftype;
file_info2 finfo;
BOOL close_done = False;
BOOL shallitime=True;
char data[65520];
int read_size = 65520;
int datalen=0;
struct timeval tp_start;
GetTimeOfDay(&tp_start);
ftype = '0'; /* An ordinary file ... */
if (finfo1) {
finfo.size = finfo1 -> size;
finfo.mode = finfo1 -> mode;
finfo.uid = finfo1 -> uid;
finfo.gid = finfo1 -> gid;
finfo.mtime = finfo1 -> mtime;
finfo.atime = finfo1 -> atime;
finfo.ctime = finfo1 -> ctime;
finfo.name = finfo1 -> name;
} else {
finfo.size = def_finfo.size;
finfo.mode = def_finfo.mode;
finfo.uid = def_finfo.uid;
finfo.gid = def_finfo.gid;
finfo.mtime = def_finfo.mtime;
finfo.atime = def_finfo.atime;
finfo.ctime = def_finfo.ctime;
finfo.name = def_finfo.name;
}
if (dry_run) {
DEBUG(3,("skipping file %s of size %12.0f bytes\n", finfo.name,
(double)finfo.size));
shallitime=0;
ttarf+=finfo.size + TBLOCK - (finfo.size % TBLOCK);
ntarf++;
return;
}
fnum = cli_open(cli, rname, O_RDONLY, DENY_NONE);
dos_clean_name(rname);
if (fnum == -1) {
DEBUG(0,("%s opening remote file %s (%s)\n",
cli_errstr(cli),rname, cur_dir));
return;
}
finfo.name = string_create_s(strlen(rname));
if (finfo.name == NULL) {
DEBUG(0, ("Unable to allocate space for finfo.name in do_atar\n"));
return;
}
safe_strcpy(finfo.name,rname, strlen(rname));
if (!finfo1) {
if (!cli_getattrE(cli, fnum, &finfo.mode, &finfo.size, NULL, &finfo.atime, &finfo.mtime)) {
DEBUG(0, ("getattrE: %s\n", cli_errstr(cli)));
return;
}
finfo.ctime = finfo.mtime;
}
DEBUG(3,("file %s attrib 0x%X\n",finfo.name,finfo.mode));
if (tar_inc && !(finfo.mode & aARCH)) {
DEBUG(4, ("skipping %s - archive bit not set\n", finfo.name));
shallitime=0;
} else if (!tar_system && (finfo.mode & aSYSTEM)) {
DEBUG(4, ("skipping %s - system bit is set\n", finfo.name));
shallitime=0;
} else if (!tar_hidden && (finfo.mode & aHIDDEN)) {
DEBUG(4, ("skipping %s - hidden bit is set\n", finfo.name));
shallitime=0;
} else {
DEBUG(3,("getting file %s of size %.0f bytes as a tar file %s",
finfo.name, (double)finfo.size, lname));
/* write a tar header, don't bother with mode - just set to 100644 */
writetarheader(tarhandle, rname, finfo.size, finfo.mtime, "100644 \0", ftype);
while (nread < finfo.size && !close_done) {
DEBUG(3,("nread=%.0f\n",(double)nread));
datalen = cli_read(cli, fnum, data, nread, read_size);
if (datalen == -1) {
DEBUG(0,("Error reading file %s : %s\n", rname, cli_errstr(cli)));
break;
}
nread += datalen;
/* if file size has increased since we made file size query, truncate
read so tar header for this file will be correct.
*/
if (nread > finfo.size) {
datalen -= nread - finfo.size;
DEBUG(0,("File size change - truncating %s to %.0f bytes\n",
finfo.name, (double)finfo.size));
}
/* add received bits of file to buffer - dotarbuf will
* write out in 512 byte intervals */
if (dotarbuf(tarhandle,data,datalen) != datalen) {
DEBUG(0,("Error writing to tar file - %s\n", strerror(errno)));
break;
}
if (datalen == 0) {
DEBUG(0,("Error reading file %s. Got 0 bytes\n", rname));
break;
}
datalen=0;
}
/* pad tar file with zero's if we couldn't get entire file */
if (nread < finfo.size) {
DEBUG(0, ("Didn't get entire file. size=%.0f, nread=%d\n",
(double)finfo.size, (int)nread));
if (padit(data, sizeof(data), finfo.size - nread))
DEBUG(0,("Error writing tar file - %s\n", strerror(errno)));
}
/* round tar file to nearest block */
if (finfo.size % TBLOCK)
dozerobuf(tarhandle, TBLOCK - (finfo.size % TBLOCK));
ttarf+=finfo.size + TBLOCK - (finfo.size % TBLOCK);
ntarf++;
}
cli_close(cli, fnum);
if (shallitime) {
struct timeval tp_end;
int this_time;
/* if shallitime is true then we didn't skip */
if (tar_reset && !dry_run)
(void) do_setrattr(finfo.name, aARCH, ATTRRESET);
GetTimeOfDay(&tp_end);
this_time = (tp_end.tv_sec - tp_start.tv_sec)*1000 + (tp_end.tv_usec - tp_start.tv_usec)/1000;
get_total_time_ms += this_time;
get_total_size += finfo.size;
if (tar_noisy) {
DEBUG(0, ("%12.0f (%7.1f kb/s) %s\n",
(double)finfo.size, finfo.size / MAX(0.001, (1.024*this_time)),
finfo.name));
}
/* Thanks to Carel-Jan Engel ([email protected]) for this one */
DEBUG(3,("(%g kb/s) (average %g kb/s)\n",
finfo.size / MAX(0.001, (1.024*this_time)),
get_total_size / MAX(0.001, (1.024*get_total_time_ms))));
}
}
NTSTATUS cli_nt_establish_netlogon(struct cli_state *cli, int sec_chan,
const uchar trust_password[16])
{
NTSTATUS result;
uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
int fnum;
cli_nt_netlogon_netsec_session_close(cli);
if (lp_client_schannel() != False)
neg_flags |= NETLOGON_NEG_SCHANNEL;
result = cli_nt_setup_creds(cli, sec_chan, trust_password,
&neg_flags, 2);
if (!NT_STATUS_IS_OK(result)) {
cli_nt_session_close(cli);
return result;
}
if ((lp_client_schannel() == True) &&
((neg_flags & NETLOGON_NEG_SCHANNEL) == 0)) {
DEBUG(3, ("Server did not offer schannel\n"));
cli_nt_session_close(cli);
return NT_STATUS_UNSUCCESSFUL;
}
if ((lp_client_schannel() == False) ||
((neg_flags & NETLOGON_NEG_SCHANNEL) == 0)) {
return NT_STATUS_OK;
/* keep the existing connection to NETLOGON open */
}
/* Server offered schannel, so try it. */
memcpy(cli->auth_info.sess_key, cli->sess_key,
sizeof(cli->auth_info.sess_key));
cli->saved_netlogon_pipe_fnum = cli->nt_pipe_fnum;
cli->pipe_auth_flags = AUTH_PIPE_NETSEC;
cli->pipe_auth_flags |= AUTH_PIPE_SIGN;
cli->pipe_auth_flags |= AUTH_PIPE_SEAL;
if (cli->capabilities & CAP_NT_SMBS) {
/* The secure channel connection must be opened on the same
session (TCP connection) as the one the challenge was
requested from. */
if ((fnum = cli_nt_create(cli, PIPE_NETLOGON_PLAIN,
DESIRED_ACCESS_PIPE)) == -1) {
DEBUG(0,("cli_nt_create failed to %s machine %s. "
"Error was %s\n",
PIPE_NETLOGON, cli->desthost,
cli_errstr(cli)));
return NT_STATUS_UNSUCCESSFUL;
}
cli->nt_pipe_fnum = (uint16)fnum;
} else {
if ((fnum = cli_open(cli, PIPE_NETLOGON,
O_CREAT|O_RDWR, DENY_NONE)) == -1) {
DEBUG(0,("cli_open failed on pipe %s to machine %s. "
"Error was %s\n",
PIPE_NETLOGON, cli->desthost,
cli_errstr(cli)));
return NT_STATUS_UNSUCCESSFUL;
}
cli->nt_pipe_fnum = (uint16)fnum;
/**************** Set Named Pipe State ***************/
if (!rpc_pipe_set_hnd_state(cli, PIPE_NETLOGON, 0x4300)) {
DEBUG(0,("Pipe hnd state failed. Error was %s\n",
cli_errstr(cli)));
cli_close(cli, cli->nt_pipe_fnum);
return NT_STATUS_UNSUCCESSFUL;
}
}
if (!rpc_pipe_bind(cli, PI_NETLOGON, global_myname())) {
DEBUG(2,("rpc bind to %s failed\n", PIPE_NETLOGON));
cli_close(cli, cli->nt_pipe_fnum);
return NT_STATUS_UNSUCCESSFUL;
}
return NT_STATUS_OK;
}
BOOL cli_nt_session_open(struct cli_state *cli, const int pipe_idx)
{
int fnum;
/* At the moment we can't have more than one pipe open over
a cli connection. )-: */
SMB_ASSERT(cli->nt_pipe_fnum == 0);
/* The pipe index must fall within our array */
SMB_ASSERT((pipe_idx >= 0) && (pipe_idx < PI_MAX_PIPES));
if (cli->capabilities & CAP_NT_SMBS) {
if ((fnum = cli_nt_create(cli, &pipe_names[pipe_idx].client_pipe[5], DESIRED_ACCESS_PIPE)) == -1) {
DEBUG(0,("cli_nt_session_open: cli_nt_create failed on pipe %s to machine %s. Error was %s\n",
&pipe_names[pipe_idx].client_pipe[5], cli->desthost, cli_errstr(cli)));
return False;
}
cli->nt_pipe_fnum = (uint16)fnum;
} else {
if ((fnum = cli_open(cli, pipe_names[pipe_idx].client_pipe, O_CREAT|O_RDWR, DENY_NONE)) == -1) {
DEBUG(1,("cli_nt_session_open: cli_open failed on pipe %s to machine %s. Error was %s\n",
pipe_names[pipe_idx].client_pipe, cli->desthost, cli_errstr(cli)));
return False;
}
cli->nt_pipe_fnum = (uint16)fnum;
/**************** Set Named Pipe State ***************/
if (!rpc_pipe_set_hnd_state(cli, pipe_names[pipe_idx].client_pipe, 0x4300)) {
DEBUG(0,("cli_nt_session_open: pipe hnd state failed. Error was %s\n",
cli_errstr(cli)));
cli_close(cli, cli->nt_pipe_fnum);
cli->nt_pipe_fnum = 0;
return False;
}
}
/******************* bind request on pipe *****************/
if (!rpc_pipe_bind(cli, pipe_idx, global_myname())) {
DEBUG(2,("cli_nt_session_open: rpc bind to %s failed\n",
get_pipe_name_from_index(pipe_idx)));
cli_close(cli, cli->nt_pipe_fnum);
cli->nt_pipe_fnum = 0;
return False;
}
cli->pipe_idx = pipe_idx;
/*
* Setup the remote server name prefixed by \ and the machine account name.
*/
fstrcpy(cli->srv_name_slash, "\\\\");
fstrcat(cli->srv_name_slash, cli->desthost);
strupper_m(cli->srv_name_slash);
fstrcpy(cli->clnt_name_slash, "\\\\");
fstrcat(cli->clnt_name_slash, global_myname());
strupper_m(cli->clnt_name_slash);
fstrcpy(cli->mach_acct, global_myname());
fstrcat(cli->mach_acct, "$");
strupper_m(cli->mach_acct);
/* Remember which pipe we're talking to */
fstrcpy(cli->pipe_name, pipe_names[pipe_idx].client_pipe);
return True;
}
/*************************************************************
change a password on a remote machine using IPC calls
*************************************************************/
BOOL remote_password_change(const char *remote_machine, const char *user_name,
const char *old_passwd, const char *new_passwd,
char *err_str, size_t err_str_len)
{
struct nmb_name calling, called;
struct cli_state cli;
struct in_addr ip;
*err_str = '\0';
if(!resolve_name( remote_machine, &ip, 0x20)) {
slprintf(err_str, err_str_len-1, "unable to find an IP address for machine %s.\n",
remote_machine );
return False;
}
ZERO_STRUCT(cli);
if (!cli_initialise(&cli) || !cli_connect(&cli, remote_machine, &ip)) {
slprintf(err_str, err_str_len-1, "unable to connect to SMB server on machine %s. Error was : %s.\n",
remote_machine, cli_errstr(&cli) );
return False;
}
make_nmb_name(&calling, global_myname() , 0x0);
make_nmb_name(&called , remote_machine, 0x20);
if (!cli_session_request(&cli, &calling, &called)) {
slprintf(err_str, err_str_len-1, "machine %s rejected the session setup. Error was : %s.\n",
remote_machine, cli_errstr(&cli) );
cli_shutdown(&cli);
return False;
}
cli.protocol = PROTOCOL_NT1;
if (!cli_negprot(&cli)) {
slprintf(err_str, err_str_len-1, "machine %s rejected the negotiate protocol. Error was : %s.\n",
remote_machine, cli_errstr(&cli) );
cli_shutdown(&cli);
return False;
}
/*
* We should connect as the anonymous user here, in case
* the server has "must change password" checked...
* Thanks to <*****@*****.**> for this fix.
*/
if (!cli_session_setup(&cli, "", "", 0, "", 0, "")) {
slprintf(err_str, err_str_len-1, "machine %s rejected the session setup. Error was : %s.\n",
remote_machine, cli_errstr(&cli) );
cli_shutdown(&cli);
return False;
}
if (!cli_send_tconX(&cli, "IPC$", "IPC", "", 1)) {
slprintf(err_str, err_str_len-1, "machine %s rejected the tconX on the IPC$ share. Error was : %s.\n",
remote_machine, cli_errstr(&cli) );
cli_shutdown(&cli);
return False;
}
if(!cli_oem_change_password(&cli, user_name, new_passwd, old_passwd)) {
slprintf(err_str, err_str_len-1, "machine %s rejected the password change: Error was : %s.\n",
remote_machine, cli_errstr(&cli) );
cli_shutdown(&cli);
return False;
}
cli_shutdown(&cli);
return True;
}
NTSTATUS change_trust_account_password( const char *domain, const char *remote_machine)
{
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
struct in_addr pdc_ip;
fstring dc_name;
struct cli_state *cli;
DEBUG(5,("change_trust_account_password: Attempting to change trust account password in domain %s....\n",
domain));
if (remote_machine == NULL || !strcmp(remote_machine, "*")) {
/* Use the PDC *only* for this */
if ( !get_pdc_ip(domain, &pdc_ip) ) {
DEBUG(0,("Can't get IP for PDC for domain %s\n", domain));
goto failed;
}
if ( !name_status_find( domain, 0x1b, 0x20, pdc_ip, dc_name) )
goto failed;
} else {
/* supoport old deprecated "smbpasswd -j DOMAIN -r MACHINE" behavior */
fstrcpy( dc_name, remote_machine );
}
/* if this next call fails, then give up. We can't do
password changes on BDC's --jerry */
if (!NT_STATUS_IS_OK(cli_full_connection(&cli, global_myname(), dc_name,
NULL, 0,
"IPC$", "IPC",
"", "",
"", 0, Undefined, NULL))) {
DEBUG(0,("modify_trust_password: Connection to %s failed!\n", dc_name));
nt_status = NT_STATUS_UNSUCCESSFUL;
goto failed;
}
/*
* Ok - we have an anonymous connection to the IPC$ share.
* Now start the NT Domain stuff :-).
*/
if(cli_nt_session_open(cli, PI_NETLOGON) == False) {
DEBUG(0,("modify_trust_password: unable to open the domain client session to machine %s. Error was : %s.\n",
dc_name, cli_errstr(cli)));
cli_nt_session_close(cli);
cli_ulogoff(cli);
cli_shutdown(cli);
nt_status = NT_STATUS_UNSUCCESSFUL;
goto failed;
}
nt_status = trust_pw_find_change_and_store_it(cli, cli->mem_ctx, domain);
cli_nt_session_close(cli);
cli_ulogoff(cli);
cli_shutdown(cli);
failed:
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0,("%s : change_trust_account_password: Failed to change password for domain %s.\n",
timestring(False), domain));
}
else
DEBUG(5,("change_trust_account_password: sucess!\n"));
return nt_status;
}
