password talloc'ed strings within the cli_struct.
Jeremy.
libsmb/clireadwrite.o libsmb/clilist.o libsmb/cliprint.o \
libsmb/clitrans.o libsmb/clisecdesc.o libsmb/clidgram.o \
libsmb/clistr.o libsmb/cliquota.o libsmb/clifsinfo.o libsmb/clidfs.o \
- libsmb/credentials.o libsmb/pwd_cache.o \
+ libsmb/credentials.o \
libsmb/clioplock.o libsmb/clirap2.o \
libsmb/smb_seal.o libsmb/async_smb.o \
$(LIBSAMBA_OBJ) \
fstring desthost;
/* The credentials used to open the cli_state connection. */
- fstring domain;
- fstring user_name;
- struct pwd_info pwd;
+ char *domain;
+ char *user_name;
+ char *password; /* Can be null to force use of zero NTLMSSP session key. */
/*
* The following strings are the
void cli_setup_packet_buf(struct cli_state *cli, char *buf);
void cli_setup_packet(struct cli_state *cli);
void cli_setup_bcc(struct cli_state *cli, void *p);
-void cli_init_creds(struct cli_state *cli, const char *username, const char *domain, const char *password);
+NTSTATUS cli_set_domain(struct cli_state *cli, const char *domain);
+NTSTATUS cli_set_username(struct cli_state *cli, const char *username);
+NTSTATUS cli_set_password(struct cli_state *cli, const char *password);
+NTSTATUS cli_init_creds(struct cli_state *cli, const char *username, const char *domain, const char *password);
struct cli_state *cli_initialise(void);
struct cli_state *cli_initialise_ex(int signing_state);
void cli_nt_pipes_close(struct cli_state *cli);
const char *old_passwd, const char *new_passwd,
char **err_str);
-/* The following definitions come from libsmb/pwd_cache.c */
-
-void pwd_set_cleartext(struct pwd_info *pwd, const char *clr);
-void pwd_get_cleartext(struct pwd_info *pwd, fstring clr);
-
/* The following definitions come from libsmb/samlogon_cache.c */
bool netsamlogon_cache_init(void);
/* There really is more here ... */
};
-struct pwd_info {
- bool null_pwd;
- bool cleartext;
-
- fstring password;
-};
-
/* For split krb5 SPNEGO blobs. */
struct pending_auth_data {
struct pending_auth_data *prev, *next;
{
DATA_BLOB session_key = data_blob_null;
DATA_BLOB lm_response = data_blob_null;
+ NTSTATUS status;
fstring pword;
char *p;
/* use the returned vuid from now on */
cli->vuid = SVAL(cli->inbuf,smb_uid);
- fstrcpy(cli->user_name, user);
+ status = cli_set_username(cli, user);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
if (session_key.data) {
/* Have plaintext orginal */
cli->is_samba = True;
}
- fstrcpy(cli->user_name, "");
+ status = cli_set_username(cli, "");
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
return NT_STATUS_OK;
}
{
uint32 capabilities = cli_session_setup_capabilities(cli);
char *p;
+ NTSTATUS status;
fstring lanman;
fstr_sprintf( lanman, "Samba %s", samba_version_string());
-1, STR_TERMINATE);
p += clistr_pull(cli->inbuf, cli->server_domain, p, sizeof(fstring),
-1, STR_TERMINATE);
- fstrcpy(cli->user_name, user);
-
+ status = cli_set_username(cli, user);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
if (strstr(cli->server_type, "Samba")) {
cli->is_samba = True;
}
cli->is_samba = True;
}
- fstrcpy(cli->user_name, user);
+ result = cli_set_username(cli, user);
+ if (!NT_STATUS_IS_OK(result)) {
+ goto end;
+ }
if (session_key.data) {
/* Have plaintext orginal */
DATA_BLOB blob;
const char *p = NULL;
char *account = NULL;
+ NTSTATUS status;
DEBUG(3,("Doing spnego session setup (blob length=%lu)\n", (unsigned long)cli->secblob.length));
DEBUG(3,("got principal=%s\n", principal ? principal : "<null>"));
- fstrcpy(cli->user_name, user);
+ status = cli_set_username(cli, user);
+ if (!NT_STATUS_IS_OK(status)) {
+ return ADS_ERROR_NT(status);
+ }
#ifdef HAVE_KRB5
/* If password is set we reauthenticate to kerberos server
}
}
- cli_init_creds(cli, user, domain, password);
+ nt_status = cli_init_creds(cli, user, domain, password);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ cli_shutdown(cli);
+ return nt_status;
+ }
*output_cli = cli;
return NT_STATUS_OK;
set_message_bcc(cli->outbuf, PTR_DIFF(p, smb_buf(cli->outbuf)));
}
+/****************************************************************************
+ Initialize Domain, user or password.
+****************************************************************************/
+
+NTSTATUS cli_set_domain(struct cli_state *cli, const char *domain)
+{
+ TALLOC_FREE(cli->domain);
+ cli->domain = talloc_strdup(cli, domain ? domain : "");
+ if (cli->domain == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ return NT_STATUS_OK;
+}
+
+NTSTATUS cli_set_username(struct cli_state *cli, const char *username)
+{
+ TALLOC_FREE(cli->user_name);
+ cli->user_name = talloc_strdup(cli, username ? username : "");
+ if (cli->user_name == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ return NT_STATUS_OK;
+}
+
+NTSTATUS cli_set_password(struct cli_state *cli, const char *password)
+{
+ TALLOC_FREE(cli->password);
+
+ /* Password can be NULL. */
+ if (password) {
+ cli->password = talloc_strdup(cli, password);
+ if (cli->password == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ } else {
+ /* Use zero NTLMSSP hashes and session key. */
+ cli->password = NULL;
+ }
+
+ return NT_STATUS_OK;
+}
+
/****************************************************************************
Initialise credentials of a client structure.
****************************************************************************/
-void cli_init_creds(struct cli_state *cli, const char *username, const char *domain, const char *password)
+NTSTATUS cli_init_creds(struct cli_state *cli, const char *username, const char *domain, const char *password)
{
- fstrcpy(cli->domain, domain);
- fstrcpy(cli->user_name, username);
- pwd_set_cleartext(&cli->pwd, password);
- if (!*username) {
- cli->pwd.null_pwd = true;
+ NTSTATUS status = cli_set_username(cli, username);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ status = cli_set_domain(cli, domain);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
+ DEBUG(10,("cli_init_creds: user %s domain %s\n", cli->user_name, cli->domain));
- DEBUG(10,("cli_init_creds: user %s domain %s\n", cli->user_name, cli->domain));
+ return cli_set_password(cli, password);
}
/****************************************************************************
return result;
}
- cli_init_creds(cli, "", "", NULL);
+ result = cli_init_creds(cli, "", "", NULL);
+ if (!NT_STATUS_IS_OK(result)) {
+ cli_shutdown(cli);
+ return result;
+ }
} else {
- cli_init_creds(cli, user_name, "", old_passwd);
+ result = cli_init_creds(cli, user_name, "", old_passwd);
+ if (!NT_STATUS_IS_OK(result)) {
+ cli_shutdown(cli);
+ return result;
+ }
}
result = cli_tcon_andx(cli, "IPC$", "IPC", "", 1);
TALLOC_FREE(pipe_hnd);
/* Try anonymous NTLMSSP... */
- cli_init_creds(cli, "", "", NULL);
+ result = cli_init_creds(cli, "", "", NULL);
+ if (!NT_STATUS_IS_OK(result)) {
+ cli_shutdown(cli);
+ return result;
+ }
result = NT_STATUS_UNSUCCESSFUL;
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
- Password cacheing. obfuscation is planned
- Copyright (C) Luke Kenneth Casson Leighton 1996-1998
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "includes.h"
-
-/****************************************************************************
- Initialises a password structure.
-****************************************************************************/
-
-static void pwd_init(struct pwd_info *pwd)
-{
- memset((char *)pwd->password , '\0', sizeof(pwd->password ));
-
- pwd->null_pwd = True; /* safest option... */
-}
-
-/****************************************************************************
- Stores a cleartext password.
-****************************************************************************/
-
-void pwd_set_cleartext(struct pwd_info *pwd, const char *clr)
-{
- pwd_init(pwd);
- if (clr) {
- fstrcpy(pwd->password, clr);
- pwd->null_pwd = False;
- } else {
- pwd->null_pwd = True;
- }
-
- pwd->cleartext = True;
-}
-
-/****************************************************************************
- Gets a cleartext password.
-****************************************************************************/
-
-void pwd_get_cleartext(struct pwd_info *pwd, fstring clr)
-{
- if (pwd->cleartext)
- fstrcpy(clr, pwd->password);
- else
- clr[0] = 0;
-
-}
if (cli == NULL) {
return false;
}
- E_md4hash(cli->pwd.password, nt_hash);
+ E_md4hash(cli->password ? cli->password : "", nt_hash);
return true;
}
status = rpccli_ntlmssp_bind_data(
result, auth_type, auth_level, domain, username,
- cli->pwd.null_pwd ? NULL : password, &auth);
+ password, &auth);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("rpccli_ntlmssp_bind_data returned %s\n",
nt_errstr(status)));
uint16 old_vuid = cli->vuid;
fstring old_user_name;
size_t passlen = strlen(password);
+ NTSTATUS status;
bool ret;
fstrcpy(old_user_name, cli->user_name);
workgroup));
*new_vuid = cli->vuid;
cli->vuid = old_vuid;
- fstrcpy(cli->user_name, old_user_name);
+ status = cli_set_username(cli, old_user_name);
+ if (!NT_STATUS_IS_OK(status)) {
+ return false;
+ }
return ret;
}
result = ads_ntstatus(ads_status);
if (NT_STATUS_IS_OK(result)) {
/* Ensure creds are stored for NTLMSSP authenticated pipe access. */
- cli_init_creds(*cli, machine_account, lp_workgroup(), machine_password);
+ result = cli_init_creds(*cli, machine_account, lp_workgroup(), machine_password);
+ if (!NT_STATUS_IS_OK(result)) {
+ goto done;
+ }
goto session_setup_done;
}
}
result = ads_ntstatus(ads_status);
if (NT_STATUS_IS_OK(result)) {
/* Ensure creds are stored for NTLMSSP authenticated pipe access. */
- cli_init_creds(*cli, machine_account, lp_workgroup(), machine_password);
+ result = cli_init_creds(*cli, machine_account, lp_workgroup(), machine_password);
+ if (!NT_STATUS_IS_OK(result)) {
+ goto done;
+ }
goto session_setup_done;
}
}
ipc_password, strlen(ipc_password)+1,
ipc_domain))) {
/* Successful logon with given username. */
- cli_init_creds(*cli, ipc_username, ipc_domain, ipc_password);
+ result = cli_init_creds(*cli, ipc_username, ipc_domain, ipc_password);
+ if (!NT_STATUS_IS_OK(result)) {
+ goto done;
+ }
goto session_setup_done;
} else {
DEBUG(4, ("authenticated session setup with user %s\\%s failed.\n",
if (NT_STATUS_IS_OK(cli_session_setup(*cli, "", NULL, 0,
NULL, 0, ""))) {
DEBUG(5, ("Connected anonymously\n"));
- cli_init_creds(*cli, "", "", "");
+ result = cli_init_creds(*cli, "", "", "");
+ if (!NT_STATUS_IS_OK(result)) {
+ goto done;
+ }
goto session_setup_done;
}
*retry = False;
/* set the domain if empty; needed for schannel connections */
- if ( !*(*cli)->domain ) {
- fstrcpy( (*cli)->domain, domain->name );
+ if ( !(*cli)->domain[0] ) {
+ result = cli_set_domain((*cli), domain->name);
+ if (!NT_STATUS_IS_OK(result)) {
+ return result;
+ }
}
result = NT_STATUS_OK;
{
struct winbindd_cm_conn *conn;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- fstring conn_pwd;
struct dcinfo *p_dcinfo;
char *machine_password = NULL;
char *machine_account = NULL;
* anonymous.
*/
- pwd_get_cleartext(&conn->cli->pwd, conn_pwd);
if ((conn->cli->user_name[0] == '\0') ||
(conn->cli->domain[0] == '\0') ||
- (conn_pwd[0] == '\0'))
+ (conn->cli->password == NULL || conn->cli->password[0] == '\0'))
{
result = get_trust_creds(domain, &machine_password,
&machine_account, NULL);
}
domain_name = domain->name;
} else {
- machine_password = SMB_STRDUP(conn_pwd);
+ machine_password = SMB_STRDUP(conn->cli->password);
machine_account = SMB_STRDUP(conn->cli->user_name);
domain_name = conn->cli->domain;
}
{
struct winbindd_cm_conn *conn;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- fstring conn_pwd;
struct dcinfo *p_dcinfo;
result = init_dc_connection(domain);
goto done;
}
- pwd_get_cleartext(&conn->cli->pwd, conn_pwd);
if ((conn->cli->user_name[0] == '\0') ||
(conn->cli->domain[0] == '\0') ||
- (conn_pwd[0] == '\0')) {
+ (conn->cli->password == NULL || conn->cli->password[0] == '\0')) {
DEBUG(10, ("cm_connect_lsa: No no user available for "
"domain %s, trying schannel\n", conn->cli->domain));
goto schannel;
result = cli_rpc_pipe_open_spnego_ntlmssp
(conn->cli, &ndr_table_lsarpc.syntax_id,
PIPE_AUTH_LEVEL_PRIVACY,
- conn->cli->domain, conn->cli->user_name, conn_pwd,
+ conn->cli->domain, conn->cli->user_name, conn->cli->password,
&conn->lsa_pipe);
if (!NT_STATUS_IS_OK(result)) {