static nss_backend_t*
_nss_winbind_common_constr (nss_backend_op_t ops[], int n_ops)
{
nss_backend_t* be;
if(!(be = SMB_MALLOC_P(nss_backend_t)) )
return NULL;
be->ops = ops;
be->n_ops = n_ops;
return be;
}
static DIR *shadow_copy_opendir(vfs_handle_struct *handle, connection_struct *conn, const char *fname)
{
shadow_copy_Dir *dirp;
DIR *p = SMB_VFS_NEXT_OPENDIR(handle,conn,fname);
if (!p) {
DEBUG(0,("shadow_copy_opendir: SMB_VFS_NEXT_OPENDIR() failed for [%s]\n",fname));
return NULL;
}
dirp = SMB_MALLOC_P(shadow_copy_Dir);
if (!dirp) {
DEBUG(0,("shadow_copy_opendir: Out of memory\n"));
SMB_VFS_NEXT_CLOSEDIR(handle,conn,p);
return NULL;
}
ZERO_STRUCTP(dirp);
while (True) {
SMB_STRUCT_DIRENT *d;
SMB_STRUCT_DIRENT *r;
d = SMB_VFS_NEXT_READDIR(handle, conn, p);
if (d == NULL) {
break;
}
if (shadow_copy_match_name(d->d_name)) {
DEBUG(8,("shadow_copy_opendir: hide [%s]\n",d->d_name));
continue;
}
DEBUG(10,("shadow_copy_opendir: not hide [%s]\n",d->d_name));
r = SMB_REALLOC_ARRAY(dirp->dirs,SMB_STRUCT_DIRENT, dirp->num+1);
if (!r) {
DEBUG(0,("shadow_copy_opendir: Out of memory\n"));
break;
}
dirp->dirs = r;
dirp->dirs[dirp->num++] = *d;
}
SMB_VFS_NEXT_CLOSEDIR(handle,conn,p);
return((DIR *)dirp);
}
nss_backend_t*
_nss_winbind_group_constr (const char* db_name,
const char* src_name,
const char* cfg_args)
{
nss_backend_t* be;
if(!(be = SMB_MALLOC_P(nss_backend_t)) )
return NULL;
be->ops = group_ops;
be->n_ops = sizeof(group_ops) / sizeof(nss_backend_op_t);
NSS_DEBUG("Initialized nss_winbind group backend");
return be;
}
/* if we can't read the cache, oh well, no need to return anything */
LOGIN_CACHE * login_cache_read(struct samu *sampass)
{
char *keystr;
TDB_DATA databuf;
LOGIN_CACHE *entry;
if (!login_cache_init())
return NULL;
if (pdb_get_nt_username(sampass) == NULL) {
return NULL;
}
keystr = SMB_STRDUP(pdb_get_nt_username(sampass));
if (!keystr || !keystr[0]) {
SAFE_FREE(keystr);
return NULL;
}
DEBUG(7, ("Looking up login cache for user %s\n",
keystr));
databuf = tdb_fetch_bystring(cache, keystr);
SAFE_FREE(keystr);
if (!(entry = SMB_MALLOC_P(LOGIN_CACHE))) {
DEBUG(1, ("Unable to allocate cache entry buffer!\n"));
SAFE_FREE(databuf.dptr);
return NULL;
}
if (tdb_unpack (databuf.dptr, databuf.dsize, SAM_CACHE_FORMAT,
&entry->entry_timestamp, &entry->acct_ctrl,
&entry->bad_password_count,
&entry->bad_password_time) == -1) {
DEBUG(7, ("No cache entry found\n"));
SAFE_FREE(entry);
SAFE_FREE(databuf.dptr);
return NULL;
}
SAFE_FREE(databuf.dptr);
DEBUG(5, ("Found login cache entry: timestamp %12u, flags 0x%x, count %d, time %12u\n",
(unsigned int)entry->entry_timestamp, entry->acct_ctrl,
entry->bad_password_count, (unsigned int)entry->bad_password_time));
return entry;
}
/* add new PID <-> Machine name mapping */
static void addPid2Machine (struct server_id pid, const char *machine)
{
/* show machine name rather PID on table "Open Files"? */
if (PID_or_Machine) {
PIDMAP *newmap;
if ((newmap = SMB_MALLOC_P(PIDMAP)) == NULL) {
/* XXX need error message for this?
if malloc fails, PID is always shown */
return;
}
newmap->pid = pid;
newmap->machine = SMB_STRDUP(machine);
DLIST_ADD(pidmap, newmap);
}
}
static myFILE *OpenConfFile( const char *FileName )
{
const char *func = "params.c:OpenConfFile() -";
int lvl = lp_is_in_client() ? 1 : 0;
myFILE *ret;
ret = SMB_MALLOC_P(myFILE);
if (!ret)
return NULL;
ret->buf = file_load(FileName, &ret->size, 0);
if( NULL == ret->buf ) {
DEBUG( lvl, ("%s Unable to open configuration file \"%s\":\n\t%s\n",
func, FileName, strerror(errno)) );
SAFE_FREE(ret);
return NULL;
}
ret->p = ret->buf;
ret->end_section_p = NULL;
return( ret );
}
int register_vuid(auth_serversupplied_info *server_info,
DATA_BLOB session_key, DATA_BLOB response_blob,
const char *smb_name)
{
user_struct *vuser = NULL;
/* Paranoia check. */
if(lp_security() == SEC_SHARE) {
smb_panic("Tried to register uid in security=share\n");
}
/* Limit allowed vuids to 16bits - VUID_OFFSET. */
if (num_validated_vuids >= 0xFFFF-VUID_OFFSET) {
data_blob_free(&session_key);
return UID_FIELD_INVALID;
}
if((vuser = SMB_MALLOC_P(user_struct)) == NULL) {
DEBUG(0,("Failed to malloc users struct!\n"));
data_blob_free(&session_key);
return UID_FIELD_INVALID;
}
ZERO_STRUCTP(vuser);
/* Allocate a free vuid. Yes this is a linear search... :-) */
while( get_valid_user_struct(next_vuid) != NULL ) {
next_vuid++;
/* Check for vuid wrap. */
if (next_vuid == UID_FIELD_INVALID)
next_vuid = VUID_OFFSET;
}
DEBUG(10,("register_vuid: allocated vuid = %u\n",
(unsigned int)next_vuid ));
vuser->vuid = next_vuid;
if (!server_info) {
/*
* This happens in an unfinished NTLMSSP session setup. We
* need to allocate a vuid between the first and second calls
* to NTLMSSP.
*/
next_vuid++;
num_validated_vuids++;
vuser->server_info = NULL;
DLIST_ADD(validated_users, vuser);
return vuser->vuid;
}
/* the next functions should be done by a SID mapping system (SMS) as
* the new real sam db won't have reference to unix uids or gids
*/
vuser->uid = server_info->uid;
vuser->gid = server_info->gid;
vuser->n_groups = server_info->n_groups;
if (vuser->n_groups) {
if (!(vuser->groups = (gid_t *)memdup(server_info->groups,
sizeof(gid_t) *
vuser->n_groups))) {
DEBUG(0,("register_vuid: failed to memdup "
"vuser->groups\n"));
data_blob_free(&session_key);
free(vuser);
TALLOC_FREE(server_info);
return UID_FIELD_INVALID;
}
}
vuser->guest = server_info->guest;
fstrcpy(vuser->user.unix_name, server_info->unix_name);
/* This is a potentially untrusted username */
alpha_strcpy(vuser->user.smb_name, smb_name, ". _-$",
sizeof(vuser->user.smb_name));
fstrcpy(vuser->user.domain, pdb_get_domain(server_info->sam_account));
fstrcpy(vuser->user.full_name,
pdb_get_fullname(server_info->sam_account));
{
/* Keep the homedir handy */
const char *homedir =
pdb_get_homedir(server_info->sam_account);
const char *logon_script =
pdb_get_logon_script(server_info->sam_account);
if (!IS_SAM_DEFAULT(server_info->sam_account,
PDB_UNIXHOMEDIR)) {
const char *unix_homedir =
pdb_get_unix_homedir(server_info->sam_account);
if (unix_homedir) {
vuser->unix_homedir =
smb_xstrdup(unix_homedir);
}
} else {
struct passwd *passwd =
getpwnam_alloc(NULL, vuser->user.unix_name);
if (passwd) {
vuser->unix_homedir =
smb_xstrdup(passwd->pw_dir);
TALLOC_FREE(passwd);
}
}
if (homedir) {
vuser->homedir = smb_xstrdup(homedir);
}
if (logon_script) {
vuser->logon_script = smb_xstrdup(logon_script);
}
}
vuser->session_key = session_key;
DEBUG(10,("register_vuid: (%u,%u) %s %s %s guest=%d\n",
(unsigned int)vuser->uid,
(unsigned int)vuser->gid,
vuser->user.unix_name, vuser->user.smb_name,
vuser->user.domain, vuser->guest ));
DEBUG(3, ("User name: %s\tReal name: %s\n", vuser->user.unix_name,
vuser->user.full_name));
if (server_info->ptok) {
vuser->nt_user_token = dup_nt_token(NULL, server_info->ptok);
} else {
DEBUG(1, ("server_info does not contain a user_token - "
"cannot continue\n"));
TALLOC_FREE(server_info);
data_blob_free(&session_key);
SAFE_FREE(vuser->homedir);
SAFE_FREE(vuser->unix_homedir);
SAFE_FREE(vuser->logon_script);
SAFE_FREE(vuser);
return UID_FIELD_INVALID;
}
/* use this to keep tabs on all our info from the authentication */
vuser->server_info = server_info;
DEBUG(3,("UNIX uid %d is UNIX user %s, and will be vuid %u\n",
(int)vuser->uid,vuser->user.unix_name, vuser->vuid));
next_vuid++;
num_validated_vuids++;
DLIST_ADD(validated_users, vuser);
if (!session_claim(vuser)) {
DEBUG(1, ("Failed to claim session for vuid=%d\n",
vuser->vuid));
invalidate_vuid(vuser->vuid);
return UID_FIELD_INVALID;
}
/* Register a home dir service for this user iff
(a) This is not a guest connection,
(b) we have a home directory defined
(c) there s not an existing static share by that name
If a share exists by this name (autoloaded or not) reuse it . */
vuser->homes_snum = -1;
if ( (!vuser->guest) && vuser->unix_homedir && *(vuser->unix_homedir))
{
int servicenumber = lp_servicenumber(vuser->user.unix_name);
if ( servicenumber == -1 ) {
DEBUG(3, ("Adding homes service for user '%s' using "
"home directory: '%s'\n",
vuser->user.unix_name, vuser->unix_homedir));
vuser->homes_snum =
add_home_service(vuser->user.unix_name,
vuser->user.unix_name,
vuser->unix_homedir);
} else {
DEBUG(3, ("Using static (or previously created) "
"service for user '%s'; path = '%s'\n",
vuser->user.unix_name,
lp_pathname(servicenumber) ));
vuser->homes_snum = servicenumber;
}
}
if (srv_is_signing_negotiated() && !vuser->guest &&
!srv_signing_started()) {
/* Try and turn on server signing on the first non-guest
* sessionsetup. */
srv_set_signing(vuser->session_key, response_blob);
}
/* fill in the current_user_info struct */
set_current_user_info( &vuser->user );
return vuser->vuid;
}
BOOL push_blocking_lock_request( char *inbuf, int length, int lock_timeout,
int lock_num, uint16 lock_pid, SMB_BIG_UINT offset, SMB_BIG_UINT count)
{
static BOOL set_lock_msg;
blocking_lock_record *blr, *tmp;
BOOL my_lock_ctx = False;
NTSTATUS status;
if(in_chained_smb() ) {
DEBUG(0,("push_blocking_lock_request: cannot queue a chained request (currently).\n"));
return False;
}
/*
* Now queue an entry on the blocking lock queue. We setup
* the expiration time here.
*/
if((blr = SMB_MALLOC_P(blocking_lock_record)) == NULL) {
DEBUG(0,("push_blocking_lock_request: Malloc fail !\n" ));
return False;
}
if((blr->inbuf = (char *)SMB_MALLOC(length)) == NULL) {
DEBUG(0,("push_blocking_lock_request: Malloc fail (2)!\n" ));
SAFE_FREE(blr);
return False;
}
blr->com_type = CVAL(inbuf,smb_com);
blr->fsp = get_fsp_from_pkt(inbuf);
blr->expire_time = (lock_timeout == -1) ? (time_t)-1 : time(NULL) + (time_t)lock_timeout;
blr->lock_num = lock_num;
blr->lock_pid = lock_pid;
blr->offset = offset;
blr->count = count;
memcpy(blr->inbuf, inbuf, length);
blr->length = length;
/* Add a pending lock record for this. */
status = brl_lock(blr->fsp->dev, blr->fsp->inode, blr->fsp->fnum,
lock_pid, sys_getpid(), blr->fsp->conn->cnum,
offset, count, PENDING_LOCK, &my_lock_ctx);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("push_blocking_lock_request: failed to add PENDING_LOCK record.\n"));
free_blocking_lock_record(blr);
return False;
}
DLIST_ADD_END(blocking_lock_queue, blr, tmp);
/* Ensure we'll receive messages when this is unlocked. */
if (!set_lock_msg) {
message_register(MSG_SMB_UNLOCK, received_unlock_msg);
set_lock_msg = True;
}
DEBUG(3,("push_blocking_lock_request: lock request length=%d blocked with expiry time %d (+%d) \
for fnum = %d, name = %s\n", length, (int)blr->expire_time, lock_timeout,
blr->fsp->fnum, blr->fsp->fsp_name ));
/* Push the MID of this packet on the signing queue. */
srv_defer_sign_response(SVAL(inbuf,smb_mid));
return True;
}
SMBCFILE *
SMBC_open_ctx(SMBCCTX *context,
const char *fname,
int flags,
mode_t mode)
{
char *server = NULL;
char *share = NULL;
char *user = NULL;
char *password = NULL;
char *workgroup = NULL;
char *path = NULL;
char *targetpath = NULL;
struct cli_state *targetcli = NULL;
SMBCSRV *srv = NULL;
SMBCFILE *file = NULL;
uint16_t fd;
uint16_t port = 0;
NTSTATUS status = NT_STATUS_OBJECT_PATH_INVALID;
TALLOC_CTX *frame = talloc_stackframe();
if (!context || !context->internal->initialized) {
errno = EINVAL; /* Best I can think of ... */
TALLOC_FREE(frame);
return NULL;
}
if (!fname) {
errno = EINVAL;
TALLOC_FREE(frame);
return NULL;
}
if (SMBC_parse_path(frame,
context,
fname,
&workgroup,
&server,
&port,
&share,
&path,
&user,
&password,
NULL)) {
errno = EINVAL;
TALLOC_FREE(frame);
return NULL;
}
if (!user || user[0] == (char)0) {
user = talloc_strdup(frame, smbc_getUser(context));
if (!user) {
errno = ENOMEM;
TALLOC_FREE(frame);
return NULL;
}
}
srv = SMBC_server(frame, context, True,
server, port, share, &workgroup, &user, &password);
if (!srv) {
if (errno == EPERM) errno = EACCES;
TALLOC_FREE(frame);
return NULL; /* SMBC_server sets errno */
}
/* Hmmm, the test for a directory is suspect here ... FIXME */
if (strlen(path) > 0 && path[strlen(path) - 1] == '\\') {
status = NT_STATUS_OBJECT_PATH_INVALID;
} else {
file = SMB_MALLOC_P(SMBCFILE);
if (!file) {
errno = ENOMEM;
TALLOC_FREE(frame);
return NULL;
}
ZERO_STRUCTP(file);
/*d_printf(">>>open: resolving %s\n", path);*/
status = cli_resolve_path(
frame, "", context->internal->auth_info,
srv->cli, path, &targetcli, &targetpath);
if (!NT_STATUS_IS_OK(status)) {
d_printf("Could not resolve %s\n", path);
errno = ENOENT;
SAFE_FREE(file);
TALLOC_FREE(frame);
return NULL;
}
/*d_printf(">>>open: resolved %s as %s\n", path, targetpath);*/
status = cli_open(targetcli, targetpath, flags,
context->internal->share_mode, &fd);
if (!NT_STATUS_IS_OK(status)) {
/* Handle the error ... */
SAFE_FREE(file);
errno = SMBC_errno(context, targetcli);
TALLOC_FREE(frame);
return NULL;
}
/* Fill in file struct */
file->cli_fd = fd;
file->fname = SMB_STRDUP(fname);
file->srv = srv;
file->offset = 0;
file->file = True;
/*
* targetcli is either equal to srv->cli or
* is a subsidiary DFS connection. Either way
* file->cli_fd belongs to it so we must cache
* it for read/write/close, not re-resolve each time.
* Re-resolving is both slow and incorrect.
*/
file->targetcli = targetcli;
DLIST_ADD(context->internal->files, file);
/*
* If the file was opened in O_APPEND mode, all write
* operations should be appended to the file. To do that,
* though, using this protocol, would require a getattrE()
* call for each and every write, to determine where the end
* of the file is. (There does not appear to be an append flag
* in the protocol.) Rather than add all of that overhead of
* retrieving the current end-of-file offset prior to each
* write operation, we'll assume that most append operations
* will continuously write, so we'll just set the offset to
* the end of the file now and hope that's adequate.
*
* Note to self: If this proves inadequate, and O_APPEND
* should, in some cases, be forced for each write, add a
* field in the context options structure, for
* "strict_append_mode" which would select between the current
* behavior (if FALSE) or issuing a getattrE() prior to each
* write and forcing the write to the end of the file (if
* TRUE). Adding that capability will likely require adding
* an "append" flag into the _SMBCFILE structure to track
* whether a file was opened in O_APPEND mode. -- djl
*/
if (flags & O_APPEND) {
if (SMBC_lseek_ctx(context, file, 0, SEEK_END) < 0) {
(void) SMBC_close_ctx(context, file);
errno = ENXIO;
TALLOC_FREE(frame);
return NULL;
}
}
TALLOC_FREE(frame);
return file;
}
/* Check if opendir needed ... */
if (!NT_STATUS_IS_OK(status)) {
int eno = 0;
eno = SMBC_errno(context, srv->cli);
file = smbc_getFunctionOpendir(context)(context, fname);
if (!file) errno = eno;
TALLOC_FREE(frame);
return file;
}
errno = EINVAL; /* FIXME, correct errno ? */
TALLOC_FREE(frame);
return NULL;
}
static SMBCSRV *
SMBC_server_internal(TALLOC_CTX *ctx,
SMBCCTX *context,
bool connect_if_not_found,
const char *server,
const char *share,
char **pp_workgroup,
char **pp_username,
char **pp_password,
bool *in_cache)
{
SMBCSRV *srv=NULL;
char *workgroup = NULL;
struct cli_state *c;
struct nmb_name called, calling;
const char *server_n = server;
struct sockaddr_storage ss;
int tried_reverse = 0;
int port_try_first;
int port_try_next;
int is_ipc = (share != NULL && strcmp(share, "IPC$") == 0);
uint32 fs_attrs = 0;
const char *username_used;
NTSTATUS status;
char *newserver, *newshare;
zero_sockaddr(&ss);
ZERO_STRUCT(c);
*in_cache = false;
if (server[0] == 0) {
errno = EPERM;
return NULL;
}
/* Look for a cached connection */
srv = SMBC_find_server(ctx, context, server, share,
pp_workgroup, pp_username, pp_password);
/*
* If we found a connection and we're only allowed one share per
* server...
*/
if (srv &&
*share != '\0' &&
smbc_getOptionOneSharePerServer(context)) {
/*
* ... then if there's no current connection to the share,
* connect to it. SMBC_find_server(), or rather the function
* pointed to by context->get_cached_srv_fn which
* was called by SMBC_find_server(), will have issued a tree
* disconnect if the requested share is not the same as the
* one that was already connected.
*/
/*
* Use srv->cli->desthost and srv->cli->share instead of
* server and share below to connect to the actual share,
* i.e., a normal share or a referred share from
* 'msdfs proxy' share.
*/
if (srv->cli->cnum == (uint16) -1) {
/* Ensure we have accurate auth info */
SMBC_call_auth_fn(ctx, context,
srv->cli->desthost,
srv->cli->share,
pp_workgroup,
pp_username,
pp_password);
if (!*pp_workgroup || !*pp_username || !*pp_password) {
errno = ENOMEM;
cli_shutdown(srv->cli);
srv->cli = NULL;
smbc_getFunctionRemoveCachedServer(context)(context,
srv);
return NULL;
}
/*
* We don't need to renegotiate encryption
* here as the encryption context is not per
* tid.
*/
status = cli_tcon_andx(srv->cli, srv->cli->share, "?????",
*pp_password,
strlen(*pp_password)+1);
if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
cli_shutdown(srv->cli);
srv->cli = NULL;
smbc_getFunctionRemoveCachedServer(context)(context,
srv);
srv = NULL;
}
/* Determine if this share supports case sensitivity */
if (is_ipc) {
DEBUG(4,
("IPC$ so ignore case sensitivity\n"));
} else if (!cli_get_fs_attr_info(c, &fs_attrs)) {
DEBUG(4, ("Could not retrieve "
"case sensitivity flag: %s.\n",
cli_errstr(c)));
/*
* We can't determine the case sensitivity of
* the share. We have no choice but to use the
* user-specified case sensitivity setting.
*/
if (smbc_getOptionCaseSensitive(context)) {
cli_set_case_sensitive(c, True);
} else {
cli_set_case_sensitive(c, False);
}
} else {
DEBUG(4,
("Case sensitive: %s\n",
(fs_attrs & FILE_CASE_SENSITIVE_SEARCH
? "True"
: "False")));
cli_set_case_sensitive(
c,
(fs_attrs & FILE_CASE_SENSITIVE_SEARCH
? True
: False));
}
/*
* Regenerate the dev value since it's based on both
* server and share
*/
if (srv) {
srv->dev = (dev_t)(str_checksum(srv->cli->desthost) ^
str_checksum(srv->cli->share));
}
}
}
/* If we have a connection... */
if (srv) {
/* ... then we're done here. Give 'em what they came for. */
*in_cache = true;
goto done;
}
/* If we're not asked to connect when a connection doesn't exist... */
if (! connect_if_not_found) {
/* ... then we're done here. */
return NULL;
}
if (!*pp_workgroup || !*pp_username || !*pp_password) {
errno = ENOMEM;
return NULL;
}
make_nmb_name(&calling, smbc_getNetbiosName(context), 0x0);
make_nmb_name(&called , server, 0x20);
DEBUG(4,("SMBC_server: server_n=[%s] server=[%s]\n", server_n, server));
DEBUG(4,(" -> server_n=[%s] server=[%s]\n", server_n, server));
again:
zero_sockaddr(&ss);
/* have to open a new connection */
if ((c = cli_initialise()) == NULL) {
errno = ENOMEM;
return NULL;
}
if (smbc_getOptionUseKerberos(context)) {
c->use_kerberos = True;
}
if (smbc_getOptionFallbackAfterKerberos(context)) {
c->fallback_after_kerberos = True;
}
if (smbc_getOptionUseCCache(context)) {
c->use_ccache = True;
}
c->timeout = smbc_getTimeout(context);
/*
* Force use of port 139 for first try if share is $IPC, empty, or
* null, so browse lists can work
*/
if (share == NULL || *share == '\0' || is_ipc) {
port_try_first = 139;
port_try_next = 445;
} else {
port_try_first = 445;
port_try_next = 139;
}
c->port = port_try_first;
status = cli_connect(c, server_n, &ss);
if (!NT_STATUS_IS_OK(status)) {
/* First connection attempt failed. Try alternate port. */
c->port = port_try_next;
status = cli_connect(c, server_n, &ss);
if (!NT_STATUS_IS_OK(status)) {
cli_shutdown(c);
errno = ETIMEDOUT;
return NULL;
}
}
if (!cli_session_request(c, &calling, &called)) {
cli_shutdown(c);
if (strcmp(called.name, "*SMBSERVER")) {
make_nmb_name(&called , "*SMBSERVER", 0x20);
goto again;
} else { /* Try one more time, but ensure we don't loop */
/* Only try this if server is an IP address ... */
if (is_ipaddress(server) && !tried_reverse) {
fstring remote_name;
struct sockaddr_storage rem_ss;
if (!interpret_string_addr(&rem_ss, server,
NI_NUMERICHOST)) {
DEBUG(4, ("Could not convert IP address "
"%s to struct sockaddr_storage\n",
server));
errno = ETIMEDOUT;
return NULL;
}
tried_reverse++; /* Yuck */
if (name_status_find("*", 0, 0,
&rem_ss, remote_name)) {
make_nmb_name(&called,
remote_name,
0x20);
goto again;
}
}
}
errno = ETIMEDOUT;
return NULL;
}
DEBUG(4,(" session request ok\n"));
status = cli_negprot(c);
if (!NT_STATUS_IS_OK(status)) {
cli_shutdown(c);
errno = ETIMEDOUT;
return NULL;
}
username_used = *pp_username;
if (!NT_STATUS_IS_OK(cli_session_setup(c, username_used,
*pp_password,
strlen(*pp_password),
*pp_password,
strlen(*pp_password),
*pp_workgroup))) {
fprintf(stderr, "JerryLin: Libsmb_server.c->SMBC_server_internal: cli_session_setup fail with username=[%s], password=[%s]\n", username_used, *pp_password);
/* Failed. Try an anonymous login, if allowed by flags. */
username_used = "";
if (smbc_getOptionNoAutoAnonymousLogin(context) ||
!NT_STATUS_IS_OK(cli_session_setup(c, username_used,
*pp_password, 1,
*pp_password, 0,
*pp_workgroup))) {
cli_shutdown(c);
errno = EPERM;
return NULL;
}
}
status = cli_init_creds(c, username_used,
*pp_workgroup, *pp_password);
if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
cli_shutdown(c);
return NULL;
}
DEBUG(4,(" session setup ok\n"));
/* here's the fun part....to support 'msdfs proxy' shares
(on Samba or windows) we have to issues a TRANS_GET_DFS_REFERRAL
here before trying to connect to the original share.
cli_check_msdfs_proxy() will fail if it is a normal share. */
if ((c->capabilities & CAP_DFS) &&
cli_check_msdfs_proxy(ctx, c, share,
&newserver, &newshare,
/* FIXME: cli_check_msdfs_proxy() does
not support smbc_smb_encrypt_level type */
context->internal->smb_encryption_level ?
true : false,
*pp_username,
*pp_password,
*pp_workgroup)) {
cli_shutdown(c);
srv = SMBC_server_internal(ctx, context, connect_if_not_found,
newserver, newshare, pp_workgroup,
pp_username, pp_password, in_cache);
TALLOC_FREE(newserver);
TALLOC_FREE(newshare);
return srv;
}
/* must be a normal share */
status = cli_tcon_andx(c, share, "?????", *pp_password,
strlen(*pp_password)+1);
if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
fprintf(stderr, "JerryLin: Libsmb_server.c->SMBC_server_internal: cli_tcon_andx return %08X, errno=[%d]\n", NT_STATUS_V(status), errno);
cli_shutdown(c);
return NULL;
}
DEBUG(4,(" tconx ok\n"));
/* Determine if this share supports case sensitivity */
if (is_ipc) {
DEBUG(4, ("IPC$ so ignore case sensitivity\n"));
} else if (!cli_get_fs_attr_info(c, &fs_attrs)) {
DEBUG(4, ("Could not retrieve case sensitivity flag: %s.\n",
cli_errstr(c)));
/*
* We can't determine the case sensitivity of the share. We
* have no choice but to use the user-specified case
* sensitivity setting.
*/
if (smbc_getOptionCaseSensitive(context)) {
cli_set_case_sensitive(c, True);
} else {
cli_set_case_sensitive(c, False);
}
} else {
DEBUG(4, ("Case sensitive: %s\n",
(fs_attrs & FILE_CASE_SENSITIVE_SEARCH
? "True"
: "False")));
cli_set_case_sensitive(c,
(fs_attrs & FILE_CASE_SENSITIVE_SEARCH
? True
: False));
}
if (context->internal->smb_encryption_level) {
/* Attempt UNIX smb encryption. */
if (!NT_STATUS_IS_OK(cli_force_encryption(c,
username_used,
*pp_password,
*pp_workgroup))) {
/*
* context->smb_encryption_level == 1
* means don't fail if encryption can't be negotiated,
* == 2 means fail if encryption can't be negotiated.
*/
DEBUG(4,(" SMB encrypt failed\n"));
if (context->internal->smb_encryption_level == 2) {
cli_shutdown(c);
errno = EPERM;
return NULL;
}
}
DEBUG(4,(" SMB encrypt ok\n"));
}
/*
* Ok, we have got a nice connection
* Let's allocate a server structure.
*/
srv = SMB_MALLOC_P(SMBCSRV);
if (!srv) {
cli_shutdown(c);
errno = ENOMEM;
return NULL;
}
ZERO_STRUCTP(srv);
srv->cli = c;
srv->dev = (dev_t)(str_checksum(server) ^ str_checksum(share));
srv->no_pathinfo = False;
srv->no_pathinfo2 = False;
srv->no_nt_session = False;
done:
if (!pp_workgroup || !*pp_workgroup || !**pp_workgroup) {
workgroup = talloc_strdup(ctx, smbc_getWorkgroup(context));
} else {
workgroup = *pp_workgroup;
}
if(!workgroup) {
return NULL;
}
/* set the credentials to make DFS work */
smbc_set_credentials_with_fallback(context,
workgroup,
*pp_username,
*pp_password);
return srv;
}
/*
* Get a new empty handle to fill in with your own info
*/
SMBCCTX *
smbc_new_context(void)
{
SMBCCTX *context;
/* The first call to this function should initialize the module */
SMB_THREAD_ONCE(&SMBC_initialized, SMBC_module_init, NULL);
/*
* All newly added context fields should be placed in
* SMBC_internal_data, not directly in SMBCCTX.
*/
context = SMB_MALLOC_P(SMBCCTX);
if (!context) {
errno = ENOMEM;
return NULL;
}
ZERO_STRUCTP(context);
context->internal = SMB_MALLOC_P(struct SMBC_internal_data);
if (!context->internal) {
SAFE_FREE(context);
errno = ENOMEM;
return NULL;
}
/* Initialize the context and establish reasonable defaults */
ZERO_STRUCTP(context->internal);
smbc_setDebug(context, 0);
smbc_setTimeout(context, 20000);
smbc_setOptionFullTimeNames(context, False);
smbc_setOptionOpenShareMode(context, SMBC_SHAREMODE_DENY_NONE);
smbc_setOptionSmbEncryptionLevel(context, SMBC_ENCRYPTLEVEL_NONE);
smbc_setOptionCaseSensitive(context, False);
smbc_setOptionBrowseMaxLmbCount(context, 3); /* # LMBs to query */
smbc_setOptionUrlEncodeReaddirEntries(context, False);
smbc_setOptionOneSharePerServer(context, False);
smbc_setFunctionAuthData(context, SMBC_get_auth_data);
smbc_setFunctionCheckServer(context, SMBC_check_server);
smbc_setFunctionRemoveUnusedServer(context, SMBC_remove_unused_server);
smbc_setOptionUserData(context, NULL);
smbc_setFunctionAddCachedServer(context, SMBC_add_cached_server);
smbc_setFunctionGetCachedServer(context, SMBC_get_cached_server);
smbc_setFunctionRemoveCachedServer(context, SMBC_remove_cached_server);
smbc_setFunctionPurgeCachedServers(context, SMBC_purge_cached_servers);
smbc_setFunctionOpen(context, SMBC_open_ctx);
smbc_setFunctionCreat(context, SMBC_creat_ctx);
smbc_setFunctionRead(context, SMBC_read_ctx);
smbc_setFunctionWrite(context, SMBC_write_ctx);
smbc_setFunctionClose(context, SMBC_close_ctx);
smbc_setFunctionUnlink(context, SMBC_unlink_ctx);
smbc_setFunctionRename(context, SMBC_rename_ctx);
smbc_setFunctionLseek(context, SMBC_lseek_ctx);
smbc_setFunctionFtruncate(context, SMBC_ftruncate_ctx);
smbc_setFunctionStat(context, SMBC_stat_ctx);
smbc_setFunctionStatVFS(context, SMBC_statvfs_ctx);
smbc_setFunctionFstatVFS(context, SMBC_fstatvfs_ctx);
smbc_setFunctionFstat(context, SMBC_fstat_ctx);
smbc_setFunctionOpendir(context, SMBC_opendir_ctx);
smbc_setFunctionClosedir(context, SMBC_closedir_ctx);
smbc_setFunctionReaddir(context, SMBC_readdir_ctx);
smbc_setFunctionGetdents(context, SMBC_getdents_ctx);
smbc_setFunctionMkdir(context, SMBC_mkdir_ctx);
smbc_setFunctionRmdir(context, SMBC_rmdir_ctx);
smbc_setFunctionTelldir(context, SMBC_telldir_ctx);
smbc_setFunctionLseekdir(context, SMBC_lseekdir_ctx);
smbc_setFunctionFstatdir(context, SMBC_fstatdir_ctx);
smbc_setFunctionChmod(context, SMBC_chmod_ctx);
smbc_setFunctionUtimes(context, SMBC_utimes_ctx);
smbc_setFunctionSetxattr(context, SMBC_setxattr_ctx);
smbc_setFunctionGetxattr(context, SMBC_getxattr_ctx);
smbc_setFunctionRemovexattr(context, SMBC_removexattr_ctx);
smbc_setFunctionListxattr(context, SMBC_listxattr_ctx);
smbc_setFunctionOpenPrintJob(context, SMBC_open_print_job_ctx);
smbc_setFunctionPrintFile(context, SMBC_print_file_ctx);
smbc_setFunctionListPrintJobs(context, SMBC_list_print_jobs_ctx);
smbc_setFunctionUnlinkPrintJob(context, SMBC_unlink_print_job_ctx);
return context;
}
static SMBCSRV *
SMBC_server_internal(TALLOC_CTX *ctx,
SMBCCTX *context,
bool connect_if_not_found,
const char *server,
uint16_t port,
const char *share,
char **pp_workgroup,
char **pp_username,
char **pp_password,
bool *in_cache)
{
SMBCSRV *srv=NULL;
char *workgroup = NULL;
struct cli_state *c = NULL;
const char *server_n = server;
int is_ipc = (share != NULL && strcmp(share, "IPC$") == 0);
uint32_t fs_attrs = 0;
const char *username_used;
NTSTATUS status;
char *newserver, *newshare;
int flags = 0;
struct smbXcli_tcon *tcon = NULL;
int signing_state = SMB_SIGNING_DEFAULT;
ZERO_STRUCT(c);
*in_cache = false;
if (server[0] == 0) {
errno = EPERM;
return NULL;
}
/* Look for a cached connection */
srv = SMBC_find_server(ctx, context, server, share,
pp_workgroup, pp_username, pp_password);
/*
* If we found a connection and we're only allowed one share per
* server...
*/
if (srv &&
share != NULL && *share != '\0' &&
smbc_getOptionOneSharePerServer(context)) {
/*
* ... then if there's no current connection to the share,
* connect to it. SMBC_find_server(), or rather the function
* pointed to by context->get_cached_srv_fn which
* was called by SMBC_find_server(), will have issued a tree
* disconnect if the requested share is not the same as the
* one that was already connected.
*/
/*
* Use srv->cli->desthost and srv->cli->share instead of
* server and share below to connect to the actual share,
* i.e., a normal share or a referred share from
* 'msdfs proxy' share.
*/
if (!cli_state_has_tcon(srv->cli)) {
/* Ensure we have accurate auth info */
SMBC_call_auth_fn(ctx, context,
smbXcli_conn_remote_name(srv->cli->conn),
srv->cli->share,
pp_workgroup,
pp_username,
pp_password);
if (!*pp_workgroup || !*pp_username || !*pp_password) {
errno = ENOMEM;
cli_shutdown(srv->cli);
srv->cli = NULL;
smbc_getFunctionRemoveCachedServer(context)(context,
srv);
return NULL;
}
/*
* We don't need to renegotiate encryption
* here as the encryption context is not per
* tid.
*/
status = cli_tree_connect(srv->cli,
srv->cli->share,
"?????",
*pp_password,
strlen(*pp_password)+1);
if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
cli_shutdown(srv->cli);
srv->cli = NULL;
smbc_getFunctionRemoveCachedServer(context)(context,
srv);
srv = NULL;
}
/* Determine if this share supports case sensitivity */
if (is_ipc) {
DEBUG(4,
("IPC$ so ignore case sensitivity\n"));
status = NT_STATUS_OK;
} else {
status = cli_get_fs_attr_info(c, &fs_attrs);
}
if (!NT_STATUS_IS_OK(status)) {
DEBUG(4, ("Could not retrieve "
"case sensitivity flag: %s.\n",
nt_errstr(status)));
/*
* We can't determine the case sensitivity of
* the share. We have no choice but to use the
* user-specified case sensitivity setting.
*/
if (smbc_getOptionCaseSensitive(context)) {
cli_set_case_sensitive(c, True);
} else {
cli_set_case_sensitive(c, False);
}
} else if (!is_ipc) {
DEBUG(4,
("Case sensitive: %s\n",
(fs_attrs & FILE_CASE_SENSITIVE_SEARCH
? "True"
: "False")));
cli_set_case_sensitive(
c,
(fs_attrs & FILE_CASE_SENSITIVE_SEARCH
? True
: False));
}
/*
* Regenerate the dev value since it's based on both
* server and share
*/
if (srv) {
const char *remote_name =
smbXcli_conn_remote_name(srv->cli->conn);
srv->dev = (dev_t)(str_checksum(remote_name) ^
str_checksum(srv->cli->share));
}
}
}
/* If we have a connection... */
if (srv) {
/* ... then we're done here. Give 'em what they came for. */
*in_cache = true;
goto done;
}
/* If we're not asked to connect when a connection doesn't exist... */
if (! connect_if_not_found) {
/* ... then we're done here. */
return NULL;
}
if (!*pp_workgroup || !*pp_username || !*pp_password) {
errno = ENOMEM;
return NULL;
}
DEBUG(4,("SMBC_server: server_n=[%s] server=[%s]\n", server_n, server));
DEBUG(4,(" -> server_n=[%s] server=[%s]\n", server_n, server));
status = NT_STATUS_UNSUCCESSFUL;
if (smbc_getOptionUseKerberos(context)) {
flags |= CLI_FULL_CONNECTION_USE_KERBEROS;
}
if (smbc_getOptionFallbackAfterKerberos(context)) {
flags |= CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
}
if (smbc_getOptionUseCCache(context)) {
flags |= CLI_FULL_CONNECTION_USE_CCACHE;
}
if (smbc_getOptionUseNTHash(context)) {
flags |= CLI_FULL_CONNECTION_USE_NT_HASH;
}
if (context->internal->smb_encryption_level != SMBC_ENCRYPTLEVEL_NONE) {
signing_state = SMB_SIGNING_REQUIRED;
}
if (port == 0) {
if (share == NULL || *share == '\0' || is_ipc) {
/*
* Try 139 first for IPC$
*/
status = cli_connect_nb(server_n, NULL, NBT_SMB_PORT, 0x20,
smbc_getNetbiosName(context),
signing_state, flags, &c);
}
}
if (!NT_STATUS_IS_OK(status)) {
/*
* No IPC$ or 139 did not work
*/
status = cli_connect_nb(server_n, NULL, port, 0x20,
smbc_getNetbiosName(context),
signing_state, flags, &c);
}
if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
return NULL;
}
cli_set_timeout(c, smbc_getTimeout(context));
status = smbXcli_negprot(c->conn, c->timeout,
lp_client_min_protocol(),
lp_client_max_protocol());
if (!NT_STATUS_IS_OK(status)) {
cli_shutdown(c);
errno = ETIMEDOUT;
return NULL;
}
if (smbXcli_conn_protocol(c->conn) >= PROTOCOL_SMB2_02) {
/* Ensure we ask for some initial credits. */
smb2cli_conn_set_max_credits(c->conn, DEFAULT_SMB2_MAX_CREDITS);
}
username_used = *pp_username;
if (!NT_STATUS_IS_OK(cli_session_setup(c, username_used,
*pp_password,
strlen(*pp_password),
*pp_password,
strlen(*pp_password),
*pp_workgroup))) {
/* Failed. Try an anonymous login, if allowed by flags. */
username_used = "";
if (smbc_getOptionNoAutoAnonymousLogin(context) ||
!NT_STATUS_IS_OK(cli_session_setup(c, username_used,
*pp_password, 1,
*pp_password, 0,
*pp_workgroup))) {
cli_shutdown(c);
errno = EPERM;
return NULL;
}
}
DEBUG(4,(" session setup ok\n"));
/* here's the fun part....to support 'msdfs proxy' shares
(on Samba or windows) we have to issues a TRANS_GET_DFS_REFERRAL
here before trying to connect to the original share.
cli_check_msdfs_proxy() will fail if it is a normal share. */
if (smbXcli_conn_dfs_supported(c->conn) &&
cli_check_msdfs_proxy(ctx, c, share,
&newserver, &newshare,
/* FIXME: cli_check_msdfs_proxy() does
not support smbc_smb_encrypt_level type */
context->internal->smb_encryption_level ?
true : false,
*pp_username,
*pp_password,
*pp_workgroup)) {
cli_shutdown(c);
srv = SMBC_server_internal(ctx, context, connect_if_not_found,
newserver, port, newshare, pp_workgroup,
pp_username, pp_password, in_cache);
TALLOC_FREE(newserver);
TALLOC_FREE(newshare);
return srv;
}
/* must be a normal share */
status = cli_tree_connect(c, share, "?????", *pp_password,
strlen(*pp_password)+1);
if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
cli_shutdown(c);
return NULL;
}
DEBUG(4,(" tconx ok\n"));
if (smbXcli_conn_protocol(c->conn) >= PROTOCOL_SMB2_02) {
tcon = c->smb2.tcon;
} else {
tcon = c->smb1.tcon;
}
/* Determine if this share supports case sensitivity */
if (is_ipc) {
DEBUG(4, ("IPC$ so ignore case sensitivity\n"));
status = NT_STATUS_OK;
} else {
status = cli_get_fs_attr_info(c, &fs_attrs);
}
if (!NT_STATUS_IS_OK(status)) {
DEBUG(4, ("Could not retrieve case sensitivity flag: %s.\n",
nt_errstr(status)));
/*
* We can't determine the case sensitivity of the share. We
* have no choice but to use the user-specified case
* sensitivity setting.
*/
if (smbc_getOptionCaseSensitive(context)) {
cli_set_case_sensitive(c, True);
} else {
cli_set_case_sensitive(c, False);
}
} else if (!is_ipc) {
DEBUG(4, ("Case sensitive: %s\n",
(fs_attrs & FILE_CASE_SENSITIVE_SEARCH
? "True"
: "False")));
smbXcli_tcon_set_fs_attributes(tcon, fs_attrs);
}
if (context->internal->smb_encryption_level) {
/* Attempt UNIX smb encryption. */
if (!NT_STATUS_IS_OK(cli_force_encryption(c,
username_used,
*pp_password,
*pp_workgroup))) {
/*
* context->smb_encryption_level == 1
* means don't fail if encryption can't be negotiated,
* == 2 means fail if encryption can't be negotiated.
*/
DEBUG(4,(" SMB encrypt failed\n"));
if (context->internal->smb_encryption_level == 2) {
cli_shutdown(c);
errno = EPERM;
return NULL;
}
}
DEBUG(4,(" SMB encrypt ok\n"));
}
/*
* Ok, we have got a nice connection
* Let's allocate a server structure.
*/
srv = SMB_MALLOC_P(SMBCSRV);
if (!srv) {
cli_shutdown(c);
errno = ENOMEM;
return NULL;
}
ZERO_STRUCTP(srv);
DLIST_ADD(srv->cli, c);
srv->dev = (dev_t)(str_checksum(server) ^ str_checksum(share));
srv->no_pathinfo = False;
srv->no_pathinfo2 = False;
srv->no_pathinfo3 = False;
srv->no_nt_session = False;
done:
if (!pp_workgroup || !*pp_workgroup || !**pp_workgroup) {
workgroup = talloc_strdup(ctx, smbc_getWorkgroup(context));
} else {
workgroup = *pp_workgroup;
}
if(!workgroup) {
if (c != NULL) {
cli_shutdown(c);
}
SAFE_FREE(srv);
return NULL;
}
/* set the credentials to make DFS work */
smbc_set_credentials_with_fallback(context,
workgroup,
*pp_username,
*pp_password);
return srv;
}
static krb5_error_code ads_secrets_verify_ticket(krb5_context context,
krb5_auth_context auth_context,
krb5_principal host_princ,
const DATA_BLOB *ticket,
krb5_ticket **pp_tkt,
krb5_keyblock **keyblock,
krb5_error_code *perr)
{
krb5_error_code ret = 0;
bool auth_ok = False;
bool cont = true;
char *password_s = NULL;
/* Let's make some room for 2 password (old and new)*/
krb5_data passwords[2];
krb5_enctype enctypes[] = {
#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96
ENCTYPE_AES256_CTS_HMAC_SHA1_96,
#endif
#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96
ENCTYPE_AES128_CTS_HMAC_SHA1_96,
#endif
ENCTYPE_ARCFOUR_HMAC,
ENCTYPE_DES_CBC_CRC,
ENCTYPE_DES_CBC_MD5,
ENCTYPE_NULL
};
krb5_data packet;
int i, j;
*pp_tkt = NULL;
*keyblock = NULL;
*perr = 0;
ZERO_STRUCT(passwords);
if (!secrets_init()) {
DEBUG(1,("ads_secrets_verify_ticket: secrets_init failed\n"));
*perr = KRB5_CONFIG_CANTOPEN;
return False;
}
password_s = secrets_fetch_machine_password(lp_workgroup(),
NULL, NULL);
if (!password_s) {
DEBUG(1,(__location__ ": failed to fetch machine password\n"));
*perr = KRB5_LIBOS_CANTREADPWD;
return False;
}
passwords[0].data = password_s;
passwords[0].length = strlen(password_s);
password_s = secrets_fetch_prev_machine_password(lp_workgroup());
if (password_s) {
DEBUG(10, (__location__ ": found previous password\n"));
passwords[1].data = password_s;
passwords[1].length = strlen(password_s);
}
/* CIFS doesn't use addresses in tickets. This would break NAT. JRA */
packet.length = ticket->length;
packet.data = (char *)ticket->data;
/* We need to setup a auth context with each possible encoding type
* in turn. */
for (j=0; j<2 && passwords[j].length; j++) {
for (i=0;enctypes[i];i++) {
krb5_keyblock *key = NULL;
if (!(key = SMB_MALLOC_P(krb5_keyblock))) {
ret = ENOMEM;
goto out;
}
if (create_kerberos_key_from_string(context,
host_princ, &passwords[j],
key, enctypes[i], false)) {
SAFE_FREE(key);
continue;
}
krb5_auth_con_setuseruserkey(context,
auth_context, key);
if (!(ret = krb5_rd_req(context, &auth_context,
&packet, NULL, NULL,
NULL, pp_tkt))) {
DEBUG(10, (__location__ ": enc type [%u] "
"decrypted message !\n",
(unsigned int)enctypes[i]));
auth_ok = True;
cont = false;
krb5_copy_keyblock(context, key, keyblock);
krb5_free_keyblock(context, key);
break;
}
DEBUG((ret != KRB5_BAD_ENCTYPE) ? 3 : 10,
(__location__ ": enc type [%u] failed to "
"decrypt with error %s\n",
(unsigned int)enctypes[i],
error_message(ret)));
/* successfully decrypted but ticket is just not
* valid at the moment */
if (ret == KRB5KRB_AP_ERR_TKT_NYV ||
ret == KRB5KRB_AP_ERR_TKT_EXPIRED ||
ret == KRB5KRB_AP_ERR_SKEW) {
krb5_free_keyblock(context, key);
cont = false;
break;
}
krb5_free_keyblock(context, key);
}
if (!cont) {
/* If we found a valid pass then no need to try
* the next one or we have invalid ticket so no need
* to try next password*/
break;
}
}
out:
SAFE_FREE(passwords[0].data);
SAFE_FREE(passwords[1].data);
*perr = ret;
return auth_ok;
}
/*
* Connect to a server for getting/setting attributes, possibly on an existing
* connection. This works similarly to SMBC_server().
*/
SMBCSRV *
SMBC_attr_server(TALLOC_CTX *ctx,
SMBCCTX *context,
const char *server,
const char *share,
char **pp_workgroup,
char **pp_username,
char **pp_password)
{
int flags;
struct sockaddr_storage ss;
struct cli_state *ipc_cli;
struct rpc_pipe_client *pipe_hnd;
NTSTATUS nt_status;
SMBCSRV *ipc_srv=NULL;
/*
* See if we've already created this special connection. Reference
* our "special" share name '*IPC$', which is an impossible real share
* name due to the leading asterisk.
*/
ipc_srv = SMBC_find_server(ctx, context, server, "*IPC$",
pp_workgroup, pp_username, pp_password);
if (!ipc_srv) {
/* We didn't find a cached connection. Get the password */
if (!*pp_password || (*pp_password)[0] == '\0') {
/* ... then retrieve it now. */
SMBC_call_auth_fn(ctx, context, server, share,
pp_workgroup,
pp_username,
pp_password);
if (!*pp_workgroup || !*pp_username || !*pp_password) {
errno = ENOMEM;
return NULL;
}
}
flags = 0;
if (smbc_getOptionUseKerberos(context)) {
flags |= CLI_FULL_CONNECTION_USE_KERBEROS;
}
zero_sockaddr(&ss);
nt_status = cli_full_connection(&ipc_cli,
global_myname(), server,
&ss, 0, "IPC$", "?????",
*pp_username,
*pp_workgroup,
*pp_password,
flags,
Undefined, NULL);
if (! NT_STATUS_IS_OK(nt_status)) {
DEBUG(1,("cli_full_connection failed! (%s)\n",
nt_errstr(nt_status)));
errno = ENOTSUP;
return NULL;
}
if (context->internal->smb_encryption_level) {
/* Attempt UNIX smb encryption. */
if (!NT_STATUS_IS_OK(cli_force_encryption(ipc_cli,
*pp_username,
*pp_password,
*pp_workgroup))) {
/*
* context->smb_encryption_level ==
* 1 means don't fail if encryption can't be
* negotiated, == 2 means fail if encryption
* can't be negotiated.
*/
DEBUG(4,(" SMB encrypt failed on IPC$\n"));
if (context->internal->smb_encryption_level == 2) {
cli_shutdown(ipc_cli);
errno = EPERM;
return NULL;
}
}
DEBUG(4,(" SMB encrypt ok on IPC$\n"));
}
ipc_srv = SMB_MALLOC_P(SMBCSRV);
if (!ipc_srv) {
errno = ENOMEM;
cli_shutdown(ipc_cli);
return NULL;
}
ZERO_STRUCTP(ipc_srv);
ipc_srv->cli = ipc_cli;
nt_status = cli_rpc_pipe_open_noauth(
ipc_srv->cli, &ndr_table_lsarpc.syntax_id, &pipe_hnd);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(1, ("cli_nt_session_open fail!\n"));
errno = ENOTSUP;
cli_shutdown(ipc_srv->cli);
free(ipc_srv);
return NULL;
}
/*
* Some systems don't support
* SEC_RIGHTS_MAXIMUM_ALLOWED, but NT sends 0x2000000
* so we might as well do it too.
*/
nt_status = rpccli_lsa_open_policy(
pipe_hnd,
talloc_tos(),
True,
GENERIC_EXECUTE_ACCESS,
&ipc_srv->pol);
if (!NT_STATUS_IS_OK(nt_status)) {
errno = SMBC_errno(context, ipc_srv->cli);
cli_shutdown(ipc_srv->cli);
return NULL;
}
/* now add it to the cache (internal or external) */
errno = 0; /* let cache function set errno if it likes */
if (smbc_getFunctionAddCachedServer(context)(context, ipc_srv,
server,
"*IPC$",
*pp_workgroup,
*pp_username)) {
DEBUG(3, (" Failed to add server to cache\n"));
if (errno == 0) {
errno = ENOMEM;
}
cli_shutdown(ipc_srv->cli);
free(ipc_srv);
return NULL;
}
DLIST_ADD(context->internal->servers, ipc_srv);
}
return ipc_srv;
}
NTSTATUS file_new(struct smb_request *req, connection_struct *conn,
files_struct **result)
{
int i;
files_struct *fsp;
/* we want to give out file handles differently on each new
connection because of a common bug in MS clients where they try to
reuse a file descriptor from an earlier smb connection. This code
increases the chance that the errant client will get an error rather
than causing corruption */
if (first_file == 0) {
first_file = (sys_getpid() ^ (int)time(NULL)) % real_max_open_files;
}
/* TODO: Port the id-tree implementation from Samba4 */
i = bitmap_find(file_bmap, first_file);
if (i == -1) {
DEBUG(0,("ERROR! Out of file structures\n"));
/* TODO: We have to unconditionally return a DOS error here,
* W2k3 even returns ERRDOS/ERRnofids for ntcreate&x with
* NTSTATUS negotiated */
return NT_STATUS_TOO_MANY_OPENED_FILES;
}
fsp = SMB_MALLOC_P(files_struct);
if (!fsp) {
return NT_STATUS_NO_MEMORY;
}
ZERO_STRUCTP(fsp);
fsp->fh = SMB_MALLOC_P(struct fd_handle);
if (!fsp->fh) {
SAFE_FREE(fsp);
return NT_STATUS_NO_MEMORY;
}
ZERO_STRUCTP(fsp->fh);
fsp->fh->ref_count = 1;
fsp->fh->fd = -1;
fsp->conn = conn;
fsp->fh->gen_id = get_gen_count();
GetTimeOfDay(&fsp->open_time);
first_file = (i+1) % real_max_open_files;
bitmap_set(file_bmap, i);
files_used++;
fsp->fnum = i + FILE_HANDLE_OFFSET;
SMB_ASSERT(fsp->fnum < 65536);
string_set(&fsp->fsp_name,"");
DLIST_ADD(Files, fsp);
DEBUG(5,("allocated file structure %d, fnum = %d (%d used)\n",
i, fsp->fnum, files_used));
if (req != NULL) {
req->chain_fsp = fsp;
}
/* A new fsp invalidates the positive and
negative fsp_fi_cache as the new fsp is pushed
at the start of the list and we search from
a cache hit to the *end* of the list. */
ZERO_STRUCT(fsp_fi_cache);
conn->num_files_open++;
*result = fsp;
return NT_STATUS_OK;
}
smb_np_struct *open_rpc_pipe_p(char *pipe_name,
connection_struct *conn, uint16 vuid)
{
int i;
smb_np_struct *p, *p_it;
static int next_pipe;
BOOL is_spoolss_pipe = False;
DEBUG(4,("Open pipe requested %s (pipes_open=%d)\n",
pipe_name, pipes_open));
if (strstr(pipe_name, "spoolss")) {
is_spoolss_pipe = True;
}
if (is_spoolss_pipe && current_spoolss_pipes_open >= MAX_OPEN_SPOOLSS_PIPES) {
DEBUG(10,("open_rpc_pipe_p: spooler bug workaround. Denying open on pipe %s\n",
pipe_name ));
return NULL;
}
/* not repeating pipe numbers makes it easier to track things in
log files and prevents client bugs where pipe numbers are reused
over connection restarts */
if (next_pipe == 0) {
next_pipe = (sys_getpid() ^ time(NULL)) % MAX_OPEN_PIPES;
}
i = bitmap_find(bmap, next_pipe);
if (i == -1) {
DEBUG(0,("ERROR! Out of pipe structures\n"));
return NULL;
}
next_pipe = (i+1) % MAX_OPEN_PIPES;
for (p = Pipes; p; p = p->next) {
DEBUG(5,("open_rpc_pipe_p: name %s pnum=%x\n", p->name, p->pnum));
}
p = SMB_MALLOC_P(smb_np_struct);
if (!p) {
DEBUG(0,("ERROR! no memory for pipes_struct!\n"));
return NULL;
}
ZERO_STRUCTP(p);
/* add a dso mechanism instead of this, here */
p->namedpipe_create = make_internal_rpc_pipe_p;
p->namedpipe_read = read_from_internal_pipe;
p->namedpipe_write = write_to_internal_pipe;
p->namedpipe_close = close_internal_rpc_pipe_hnd;
p->np_state = p->namedpipe_create(pipe_name, conn, vuid);
if (p->np_state == NULL) {
DEBUG(0,("open_rpc_pipe_p: make_internal_rpc_pipe_p failed.\n"));
SAFE_FREE(p);
return NULL;
}
DLIST_ADD(Pipes, p);
/*
* Initialize the incoming RPC data buffer with one PDU worth of memory.
* We cheat here and say we're marshalling, as we intend to add incoming
* data directly into the prs_struct and we want it to auto grow. We will
* change the type to UNMARSALLING before processing the stream.
*/
bitmap_set(bmap, i);
i += pipe_handle_offset;
pipes_open++;
p->pnum = i;
p->open = True;
p->device_state = 0;
p->priority = 0;
p->conn = conn;
p->vuid = vuid;
p->max_trans_reply = 0;
fstrcpy(p->name, pipe_name);
DEBUG(4,("Opened pipe %s with handle %x (pipes_open=%d)\n",
pipe_name, i, pipes_open));
chain_p = p;
/* Iterate over p_it as a temp variable, to display all open pipes */
for (p_it = Pipes; p_it; p_it = p_it->next) {
DEBUG(5,("open pipes: name %s pnum=%x\n", p_it->name, p_it->pnum));
}
return chain_p;
}
static DOM_SID *pdb_generate_sam_sid(void)
{
DOM_SID domain_sid;
char *fname = NULL;
BOOL is_dc = False;
DOM_SID *sam_sid;
if(!(sam_sid=SMB_MALLOC_P(DOM_SID)))
return NULL;
generate_wellknown_sids();
switch (lp_server_role()) {
case ROLE_DOMAIN_PDC:
case ROLE_DOMAIN_BDC:
is_dc = True;
break;
default:
is_dc = False;
break;
}
if (is_dc) {
if (secrets_fetch_domain_sid(lp_workgroup(), &domain_sid)) {
sid_copy(sam_sid, &domain_sid);
return sam_sid;
}
}
if (secrets_fetch_domain_sid(global_myname(), sam_sid)) {
/* We got our sid. If not a pdc/bdc, we're done. */
if (!is_dc)
return sam_sid;
if (!secrets_fetch_domain_sid(lp_workgroup(), &domain_sid)) {
/* No domain sid and we're a pdc/bdc. Store it */
if (!secrets_store_domain_sid(lp_workgroup(), sam_sid)) {
DEBUG(0,("pdb_generate_sam_sid: Can't store domain SID as a pdc/bdc.\n"));
SAFE_FREE(sam_sid);
return NULL;
}
return sam_sid;
}
if (!sid_equal(&domain_sid, sam_sid)) {
/* Domain name sid doesn't match global sam sid. Re-store domain sid as 'local' sid. */
DEBUG(0,("pdb_generate_sam_sid: Mismatched SIDs as a pdc/bdc.\n"));
if (!secrets_store_domain_sid(global_myname(), &domain_sid)) {
DEBUG(0,("pdb_generate_sam_sid: Can't re-store domain SID for local sid as PDC/BDC.\n"));
SAFE_FREE(sam_sid);
return NULL;
}
return sam_sid;
}
return sam_sid;
}
/* check for an old MACHINE.SID file for backwards compatibility */
asprintf(&fname, "%s/MACHINE.SID", lp_private_dir());
if (read_sid_from_file(fname, sam_sid)) {
/* remember it for future reference and unlink the old MACHINE.SID */
if (!secrets_store_domain_sid(global_myname(), sam_sid)) {
DEBUG(0,("pdb_generate_sam_sid: Failed to store SID from file.\n"));
SAFE_FREE(fname);
SAFE_FREE(sam_sid);
return NULL;
}
unlink(fname);
if (is_dc) {
if (!secrets_store_domain_sid(lp_workgroup(), sam_sid)) {
DEBUG(0,("pdb_generate_sam_sid: Failed to store domain SID from file.\n"));
SAFE_FREE(fname);
SAFE_FREE(sam_sid);
return NULL;
}
}
/* Stored the old sid from MACHINE.SID successfully.*/
SAFE_FREE(fname);
return sam_sid;
}
SAFE_FREE(fname);
/* we don't have the SID in secrets.tdb, we will need to
generate one and save it */
generate_random_sid(sam_sid);
if (!secrets_store_domain_sid(global_myname(), sam_sid)) {
DEBUG(0,("pdb_generate_sam_sid: Failed to store generated machine SID.\n"));
SAFE_FREE(sam_sid);
return NULL;
}
if (is_dc) {
if (!secrets_store_domain_sid(lp_workgroup(), sam_sid)) {
DEBUG(0,("pdb_generate_sam_sid: Failed to store generated domain SID.\n"));
SAFE_FREE(sam_sid);
return NULL;
}
}
return sam_sid;
}
static void *make_internal_rpc_pipe_p(char *pipe_name,
connection_struct *conn, uint16 vuid)
{
pipes_struct *p;
user_struct *vuser = get_valid_user_struct(vuid);
DEBUG(4,("Create pipe requested %s\n", pipe_name));
if (!vuser && vuid != UID_FIELD_INVALID) {
DEBUG(0,("ERROR! vuid %d did not map to a valid vuser struct!\n", vuid));
return NULL;
}
p = SMB_MALLOC_P(pipes_struct);
if (!p) {
DEBUG(0,("ERROR! no memory for pipes_struct!\n"));
return NULL;
}
ZERO_STRUCTP(p);
if ((p->mem_ctx = talloc_init("pipe %s %p", pipe_name, p)) == NULL) {
DEBUG(0,("open_rpc_pipe_p: talloc_init failed.\n"));
SAFE_FREE(p);
return NULL;
}
if ((p->pipe_state_mem_ctx = talloc_init("pipe_state %s %p", pipe_name, p)) == NULL) {
DEBUG(0,("open_rpc_pipe_p: talloc_init failed.\n"));
talloc_destroy(p->mem_ctx);
SAFE_FREE(p);
return NULL;
}
if (!init_pipe_handle_list(p, pipe_name)) {
DEBUG(0,("open_rpc_pipe_p: init_pipe_handles failed.\n"));
talloc_destroy(p->mem_ctx);
talloc_destroy(p->pipe_state_mem_ctx);
SAFE_FREE(p);
return NULL;
}
/*
* Initialize the incoming RPC data buffer with one PDU worth of memory.
* We cheat here and say we're marshalling, as we intend to add incoming
* data directly into the prs_struct and we want it to auto grow. We will
* change the type to UNMARSALLING before processing the stream.
*/
if(!prs_init(&p->in_data.data, RPC_MAX_PDU_FRAG_LEN, p->mem_ctx, MARSHALL)) {
DEBUG(0,("open_rpc_pipe_p: malloc fail for in_data struct.\n"));
talloc_destroy(p->mem_ctx);
talloc_destroy(p->pipe_state_mem_ctx);
close_policy_by_pipe(p);
SAFE_FREE(p);
return NULL;
}
DLIST_ADD(InternalPipes, p);
p->conn = conn;
p->vuid = vuid;
p->endian = RPC_LITTLE_ENDIAN;
ZERO_STRUCT(p->pipe_user);
p->pipe_user.ut.uid = (uid_t)-1;
p->pipe_user.ut.gid = (gid_t)-1;
/* Store the session key and NT_TOKEN */
if (vuser) {
p->session_key = data_blob(vuser->session_key.data, vuser->session_key.length);
p->pipe_user.nt_user_token = dup_nt_token(
NULL, vuser->nt_user_token);
}
/*
* Initialize the outgoing RPC data buffer with no memory.
*/
prs_init(&p->out_data.rdata, 0, p->mem_ctx, MARSHALL);
fstrcpy(p->name, pipe_name);
DEBUG(4,("Created internal pipe %s (pipes_open=%d)\n",
pipe_name, pipes_open));
return (void*)p;
}
/*
* Connect to a server for getting/setting attributes, possibly on an existing
* connection. This works similarly to SMBC_server().
*/
SMBCSRV *
SMBC_attr_server(TALLOC_CTX *ctx,
SMBCCTX *context,
const char *server,
uint16_t port,
const char *share,
char **pp_workgroup,
char **pp_username,
char **pp_password)
{
int flags;
struct cli_state *ipc_cli = NULL;
struct rpc_pipe_client *pipe_hnd = NULL;
NTSTATUS nt_status;
SMBCSRV *srv=NULL;
SMBCSRV *ipc_srv=NULL;
/*
* Use srv->cli->desthost and srv->cli->share instead of
* server and share below to connect to the actual share,
* i.e., a normal share or a referred share from
* 'msdfs proxy' share.
*/
srv = SMBC_server(ctx, context, true, server, port, share,
pp_workgroup, pp_username, pp_password);
if (!srv) {
return NULL;
}
server = smbXcli_conn_remote_name(srv->cli->conn);
share = srv->cli->share;
/*
* See if we've already created this special connection. Reference
* our "special" share name '*IPC$', which is an impossible real share
* name due to the leading asterisk.
*/
ipc_srv = SMBC_find_server(ctx, context, server, "*IPC$",
pp_workgroup, pp_username, pp_password);
if (!ipc_srv) {
int signing_state = SMB_SIGNING_DEFAULT;
/* We didn't find a cached connection. Get the password */
if (!*pp_password || (*pp_password)[0] == '\0') {
/* ... then retrieve it now. */
SMBC_call_auth_fn(ctx, context, server, share,
pp_workgroup,
pp_username,
pp_password);
if (!*pp_workgroup || !*pp_username || !*pp_password) {
errno = ENOMEM;
return NULL;
}
}
flags = 0;
if (smbc_getOptionUseKerberos(context)) {
flags |= CLI_FULL_CONNECTION_USE_KERBEROS;
}
if (smbc_getOptionUseCCache(context)) {
flags |= CLI_FULL_CONNECTION_USE_CCACHE;
}
if (context->internal->smb_encryption_level != SMBC_ENCRYPTLEVEL_NONE) {
signing_state = SMB_SIGNING_REQUIRED;
}
nt_status = cli_full_connection(&ipc_cli,
lp_netbios_name(), server,
NULL, 0, "IPC$", "?????",
*pp_username,
*pp_workgroup,
*pp_password,
flags,
signing_state);
if (! NT_STATUS_IS_OK(nt_status)) {
DEBUG(1,("cli_full_connection failed! (%s)\n",
nt_errstr(nt_status)));
errno = ENOTSUP;
return NULL;
}
if (context->internal->smb_encryption_level) {
/* Attempt UNIX smb encryption. */
if (!NT_STATUS_IS_OK(cli_force_encryption(ipc_cli,
*pp_username,
*pp_password,
*pp_workgroup))) {
/*
* context->smb_encryption_level ==
* 1 means don't fail if encryption can't be
* negotiated, == 2 means fail if encryption
* can't be negotiated.
*/
DEBUG(4,(" SMB encrypt failed on IPC$\n"));
if (context->internal->smb_encryption_level == 2) {
cli_shutdown(ipc_cli);
errno = EPERM;
return NULL;
}
}
DEBUG(4,(" SMB encrypt ok on IPC$\n"));
}
ipc_srv = SMB_MALLOC_P(SMBCSRV);
if (!ipc_srv) {
errno = ENOMEM;
cli_shutdown(ipc_cli);
return NULL;
}
ZERO_STRUCTP(ipc_srv);
DLIST_ADD(ipc_srv->cli, ipc_cli);
nt_status = cli_rpc_pipe_open_noauth(
ipc_srv->cli, &ndr_table_lsarpc, &pipe_hnd);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(1, ("cli_nt_session_open fail!\n"));
errno = ENOTSUP;
cli_shutdown(ipc_srv->cli);
free(ipc_srv);
return NULL;
}
/*
* Some systems don't support
* SEC_FLAG_MAXIMUM_ALLOWED, but NT sends 0x2000000
* so we might as well do it too.
*/
nt_status = rpccli_lsa_open_policy(
pipe_hnd,
talloc_tos(),
True,
GENERIC_EXECUTE_ACCESS,
&ipc_srv->pol);
if (!NT_STATUS_IS_OK(nt_status)) {
errno = SMBC_errno(context, ipc_srv->cli);
cli_shutdown(ipc_srv->cli);
free(ipc_srv);
return NULL;
}
/* now add it to the cache (internal or external) */
errno = 0; /* let cache function set errno if it likes */
if (smbc_getFunctionAddCachedServer(context)(context, ipc_srv,
server,
"*IPC$",
*pp_workgroup,
*pp_username)) {
DEBUG(3, (" Failed to add server to cache\n"));
if (errno == 0) {
errno = ENOMEM;
}
cli_shutdown(ipc_srv->cli);
free(ipc_srv);
return NULL;
}
DLIST_ADD(context->internal->servers, ipc_srv);
}
return ipc_srv;
}
static krb5_error_code ads_secrets_verify_ticket(krb5_context context,
krb5_auth_context auth_context,
krb5_principal host_princ,
const DATA_BLOB *ticket,
krb5_ticket **pp_tkt,
krb5_keyblock **keyblock,
krb5_error_code *perr)
{
krb5_error_code ret = 0;
bool auth_ok = False;
char *password_s = NULL;
krb5_data password;
krb5_enctype enctypes[] = {
#if defined(ENCTYPE_ARCFOUR_HMAC)
ENCTYPE_ARCFOUR_HMAC,
#endif
ENCTYPE_DES_CBC_CRC,
ENCTYPE_DES_CBC_MD5,
ENCTYPE_NULL
};
krb5_data packet;
int i;
*pp_tkt = NULL;
*keyblock = NULL;
*perr = 0;
if (!secrets_init()) {
DEBUG(1,("ads_secrets_verify_ticket: secrets_init failed\n"));
*perr = KRB5_CONFIG_CANTOPEN;
return False;
}
password_s = secrets_fetch_machine_password(lp_workgroup(), NULL, NULL);
if (!password_s) {
DEBUG(1,("ads_secrets_verify_ticket: failed to fetch machine password\n"));
*perr = KRB5_LIBOS_CANTREADPWD;
return False;
}
password.data = password_s;
password.length = strlen(password_s);
/* CIFS doesn't use addresses in tickets. This would break NAT. JRA */
packet.length = ticket->length;
packet.data = (char *)ticket->data;
/* We need to setup a auth context with each possible encoding type in turn. */
for (i=0;enctypes[i];i++) {
krb5_keyblock *key = NULL;
if (!(key = SMB_MALLOC_P(krb5_keyblock))) {
ret = ENOMEM;
goto out;
}
if (create_kerberos_key_from_string(context, host_princ, &password, key, enctypes[i], false)) {
SAFE_FREE(key);
continue;
}
krb5_auth_con_setuseruserkey(context, auth_context, key);
if (!(ret = krb5_rd_req(context, &auth_context, &packet,
NULL,
NULL, NULL, pp_tkt))) {
DEBUG(10,("ads_secrets_verify_ticket: enc type [%u] decrypted message !\n",
(unsigned int)enctypes[i] ));
auth_ok = True;
krb5_copy_keyblock(context, key, keyblock);
krb5_free_keyblock(context, key);
break;
}
DEBUG((ret != KRB5_BAD_ENCTYPE) ? 3 : 10,
("ads_secrets_verify_ticket: enc type [%u] failed to decrypt with error %s\n",
(unsigned int)enctypes[i], error_message(ret)));
/* successfully decrypted but ticket is just not valid at the moment */
if (ret == KRB5KRB_AP_ERR_TKT_NYV ||
ret == KRB5KRB_AP_ERR_TKT_EXPIRED ||
ret == KRB5KRB_AP_ERR_SKEW) {
krb5_free_keyblock(context, key);
break;
}
krb5_free_keyblock(context, key);
}
out:
SAFE_FREE(password_s);
*perr = ret;
return auth_ok;
}
