diff options
-rw-r--r-- | source3/include/proto.h | 11 | ||||
-rw-r--r-- | source3/lib/sids.c | 14 | ||||
-rw-r--r-- | source3/lib/util.c | 1 | ||||
-rw-r--r-- | source3/libsmb/clientgen.c | 154 |
4 files changed, 147 insertions, 33 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h index ff74fd90e1..df1adedf70 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -304,6 +304,7 @@ BOOL create_sidmap_table(void); BOOL generate_sam_sid(char *domain_name, DOM_SID *sid); BOOL map_domain_name_to_sid(DOM_SID *sid, char **nt_domain); BOOL map_domain_sid_to_name(DOM_SID *sid, char *nt_domain); +BOOL map_domain_sid_to_any_dc(DOM_SID *sid, char *dc_name); BOOL split_domain_name(const char *fullname, char *domain, char *name); BOOL enumtrustdoms(char ***doms, uint32 *num_entries); BOOL enumdomains(char ***doms, uint32 *num_entries); @@ -485,6 +486,7 @@ void reg_get_subkey(char *full_keyname, char *key_name, char *subkey_name); BOOL reg_split_key(const char *full_keyname, uint32 *reg_type, char *key_name); BOOL become_user_permanently(uid_t uid, gid_t gid); char *get_trusted_serverlist(const char* domain); +BOOL get_any_dc_name(const char *domain, char *srv_name); /*The following definitions come from lib/util_array.c */ @@ -764,10 +766,17 @@ void cli_sockopt(struct cli_state *cli, char *options); uint16 cli_setpid(struct cli_state *cli, uint16 pid); BOOL cli_reestablish_connection(struct cli_state *cli); BOOL cli_establish_connection(struct cli_state *cli, - char *dest_host, struct in_addr *dest_ip, + const char *dest_host, struct in_addr *dest_ip, struct nmb_name *calling, struct nmb_name *called, char *service, char *service_type, BOOL do_shutdown, BOOL do_tcon); +BOOL cli_connect_auth(struct cli_state *cli, + const char* desthost, + struct in_addr *dest_ip, + const struct user_credentials *usr); +BOOL cli_connect_servers_auth(struct cli_state *cli, + char *p, + const struct user_credentials *usr); BOOL cli_connect_serverlist(struct cli_state *cli, char *p); int cli_printjob_del(struct cli_state *cli, int job); int cli_print_queue(struct cli_state *cli, diff --git a/source3/lib/sids.c b/source3/lib/sids.c index e46d3782cb..0f9b32f49d 100644 --- a/source3/lib/sids.c +++ b/source3/lib/sids.c @@ -434,6 +434,20 @@ BOOL map_domain_sid_to_name(DOM_SID *sid, char *nt_domain) return False; } +/************************************************************************** + turns a domain SID into a domain controller name. +***************************************************************************/ +BOOL map_domain_sid_to_any_dc(DOM_SID *sid, char *dc_name) +{ + fstring domain; + + if (!map_domain_sid_to_name(sid, domain)) + { + return False; + } + + return get_any_dc_name(domain, dc_name); +} /************************************************************************** splits a name of format \DOMAIN\name or name into its two components. diff --git a/source3/lib/util.c b/source3/lib/util.c index b0d6e82970..9a9f87d473 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -3262,3 +3262,4 @@ char *get_trusted_serverlist(const char* domain) return NULL; } + diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c index 5a0363185f..7124211286 100644 --- a/source3/libsmb/clientgen.c +++ b/source3/libsmb/clientgen.c @@ -2935,7 +2935,7 @@ BOOL cli_reestablish_connection(struct cli_state *cli) establishes a connection right up to doing tconX, reading in a password. ****************************************************************************/ BOOL cli_establish_connection(struct cli_state *cli, - char *dest_host, struct in_addr *dest_ip, + const char *dest_host, struct in_addr *dest_ip, struct nmb_name *calling, struct nmb_name *called, char *service, char *service_type, BOOL do_shutdown, BOOL do_tcon) @@ -3328,17 +3328,104 @@ BOOL cli_establish_connection(struct cli_state *cli, return True; } +BOOL cli_connect_auth(struct cli_state *cli, + const char* desthost, + struct in_addr *dest_ip, + const struct user_credentials *usr) +{ + extern pstring global_myname; + extern pstring scope; + struct nmb_name calling, called; + if (!cli_initialise(cli)) + { + DEBUG(0,("unable to initialise client connection.\n")); + return False; + } + + make_nmb_name(&calling, global_myname, 0x0 , scope); + make_nmb_name(&called , desthost , 0x20, scope); + + cli_init_creds(cli, usr); + + if (!cli_establish_connection(cli, desthost, dest_ip, + &calling, &called, + "IPC$", "IPC", + False, True)) + { + cli_shutdown(cli); + return False; + } + + return True; +} + +/**************************************************************************** + connect to one of multiple servers: don't care which +****************************************************************************/ +BOOL cli_connect_servers_auth(struct cli_state *cli, + char *p, + const struct user_credentials *usr) +{ + fstring remote_host; + BOOL connected_ok = False; + + /* + * Treat each name in the 'password server =' line as a potential + * PDC/BDC. Contact each in turn and try and authenticate. + */ + + while(p && next_token(&p,remote_host,LIST_SEP,sizeof(remote_host))) + { + fstring desthost; + struct in_addr dest_ip; + strupper(remote_host); + + if (!resolve_srv_name( remote_host, desthost, &dest_ip)) + { + DEBUG(1,("Can't resolve address for %s\n", remote_host)); + continue; + } + + if (!cli_connect_auth(cli, desthost, &dest_ip, usr) && + !cli_connect_auth(cli, "*SMBSERVER", &dest_ip, usr)) + { + continue; + } + + if (cli->protocol < PROTOCOL_LANMAN2 || + !IS_BITS_SET_ALL(cli->sec_mode, 1)) + { + DEBUG(1,("machine %s not in user level security mode\n", + remote_host)); + cli_shutdown(cli); + continue; + } + + /* + * We have an anonymous connection to IPC$. + */ + + connected_ok = True; + break; + } + + if (!connected_ok) + { + DEBUG(0,("Domain password server not available.\n")); + cli_shutdown(cli); + } + + return connected_ok; +} + /**************************************************************************** connect to one of multiple servers: don't care which ****************************************************************************/ BOOL cli_connect_serverlist(struct cli_state *cli, char *p) { - extern pstring global_myname; - extern pstring scope; - fstring remote_machine; + fstring remote_host; fstring desthost; struct in_addr dest_ip; - struct nmb_name calling, called, stupid_smbserver_called; BOOL connected_ok = False; /* @@ -3346,58 +3433,43 @@ BOOL cli_connect_serverlist(struct cli_state *cli, char *p) * PDC/BDC. Contact each in turn and try and authenticate. */ - while(p && next_token(&p,remote_machine,LIST_SEP,sizeof(remote_machine))) + while(p && next_token(&p,remote_host,LIST_SEP,sizeof(remote_host))) { ZERO_STRUCTP(cli); if (!cli_initialise(cli)) { - DEBUG(0,("cli_connect_serverlist: unable to initialize client connection.\n")); + DEBUG(0,("cli_connect_serverlist: unable to initialise client connection.\n")); return False; } - standard_sub_basic(remote_machine); - strupper(remote_machine); + standard_sub_basic(remote_host); + strupper(remote_host); - if (!resolve_srv_name( remote_machine, desthost, &dest_ip)) + if (!resolve_srv_name( remote_host, desthost, &dest_ip)) { - DEBUG(1,("cli_connect_serverlist: Can't resolve address for %s\n", remote_machine)); + DEBUG(1,("cli_connect_serverlist: Can't resolve address for %s\n", remote_host)); continue; } if ((lp_security() != SEC_USER) && (ismyip(dest_ip))) { - DEBUG(1,("cli_connect_serverlist: Password server loop - not using password server %s\n", remote_machine)); + DEBUG(1,("cli_connect_serverlist: Password server loop - not using password server %s\n", remote_host)); continue; } - make_nmb_name(&calling, global_myname, 0x0 , scope); - make_nmb_name(&called , desthost , 0x20, scope); - /* stupid microsoft destruction of the ability of netbios - * to provide multiple netbios servers on one host. - */ - make_nmb_name(&stupid_smbserver_called , "*SMBSERVER", 0x20, scope); - - pwd_set_nullpwd(&cli->usr.pwd); - - if (!cli_establish_connection(cli, desthost, &dest_ip, - &calling, &called, - "IPC$", "IPC", - False, True) && - !cli_establish_connection(cli, desthost, &dest_ip, - &calling, &stupid_smbserver_called, - "IPC$", "IPC", - False, True)) + if (!cli_connect_auth(cli, remote_host , &dest_ip, NULL) && + !cli_connect_auth(cli, "*SMBSERVER", &dest_ip, NULL)) { - cli_shutdown(cli); continue; - } + } + if (cli->protocol < PROTOCOL_LANMAN2 || !IS_BITS_SET_ALL(cli->sec_mode, 1)) { DEBUG(1,("cli_connect_serverlist: machine %s isn't in user level security mode\n", - remote_machine)); + remote_host)); cli_shutdown(cli); continue; } @@ -3679,3 +3751,21 @@ BOOL cli_dskattr(struct cli_state *cli, int *bsize, int *total, int *avail) return True; } +BOOL get_any_dc_name(const char *domain, char *srv_name) +{ + struct cli_state cli; + + if (!cli_connect_servers_auth(&cli, + get_trusted_serverlist(domain), NULL)) + { + return False; + } + + fstrcpy(srv_name, "\\\\"); + fstrcat(srv_name, cli.desthost); + strupper(srv_name); + + cli_shutdown(&cli); + + return True; +} |