source3/samba4-config.mk
source3/torture.tdb
source4/apidocs
-source4/auth/auth_proto.h
+source4/auth/ntlm/auth_proto.h
source4/auth/auth_sam.h
source4/auth/auth_sam_reply.h
source4/auth/credentials/credentials_krb5_proto.h
<!ENTITY person.gd '
<firstname>Guenther</firstname><surname>Deschner</surname>
<affiliation>
- <orgname>SuSE</orgname>
- <address><email>gd@suse.de</email></address>
+ <orgname>Samba Team</orgname>
+ <address><email>gd@samba.org</email></address>
</affiliation>'>
<!ENTITY author.gd '<author>&person.gd;</author>'>
<!ENTITY stdarg.configfile '
<varlistentry>
-<term>-s <configuration file></term>
+<term>-s|--configfile <configuration file></term>
<listitem><para>The file specified contains the
configuration details required by the server. The
information in this file includes server-specific
<!ENTITY stdarg.version '
<varlistentry>
-<term>-V</term>
+<term>-V|--version</term>
<listitem><para>Prints the program version number.
</para></listitem>
</varlistentry>'>
<!ENTITY stdarg.resolve.order '
<varlistentry>
-<term>-R <name resolve order></term>
+<term>-R|--name-resolve <name resolve order></term>
<listitem><para>This option is used to determine what naming
services and in what order to resolve
host names to IP addresses. The option takes a space-separated
<!ENTITY stdarg.netbios.name '
<varlistentry>
-<term>-n <primary NetBIOS name></term>
+<term>-n|--netbiosname <primary NetBIOS name></term>
<listitem><para>This option allows you to override
the NetBIOS name that Samba uses for itself. This is identical
to setting the <smbconfoption><name>netbios name</name></smbconfoption> parameter in the &smb.conf; file.
<!ENTITY stdarg.scope '
<varlistentry>
-<term>-i <scope></term>
+<term>-i|--scope <scope></term>
<listitem><para>This specifies a NetBIOS scope that
<command>nmblookup</command> will use to communicate with when
generating NetBIOS names. For details on the use of NetBIOS
<!ENTITY stdarg.socket.options '
<varlistentry>
-<term>-O socket options</term>
+<term>-O|--socket-options socket options</term>
<listitem><para>TCP socket options to set on the client
socket. See the socket options parameter in
the &smb.conf; manual page for the list of valid
<!ENTITY stdarg.nopass '
<varlistentry>
-<term>-N</term>
+<term>-N|--no-pass</term>
<listitem><para>If specified, this parameter suppresses the normal
password prompt from the client to the user. This is useful when
accessing a service that does not require a password. </para>
<!ENTITY stdarg.kerberos '
<varlistentry>
-<term>-k</term>
+<term>-k|--kerberos</term>
<listitem><para>
Try to authenticate with kerberos. Only useful in
an Active Directory environment.
<varlistentry>
<term>noserverino</term>
- <listitem><para>client generates inode numbers (rather than using the actual one
- from the server) by default.
+ <listitem>
+ <para>
+ Client generates inode numbers (rather than
+ using the actual one from the server) by default.
+ </para>
+ <para>
+ See section <emphasis>INODE NUMBERS</emphasis> for
+ more information.
</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term>nounix</term>
+ <listitem>
+ <para>
+ Disable the CIFS Unix Extensions for this mount. This
+ can be useful in order to turn off multiple settings at once.
+ This includes POSIX acls, POSIX locks, POSIX paths, symlink
+ support and retrieving uids/gids/mode from the server. This
+ can also be useful to work around a bug in a server that
+ supports Unix Extensions.
+ </para>
+ <para>
+ See section <emphasis>INODE NUMBERS</emphasis> for
+ more information.
+ </para> </listitem>
+ </varlistentry>
+
<varlistentry>
<term>nouser_xattr</term>
<listitem><para>(default) Do not allow getfattr/setfattr to get/set xattrs, even if server would support it otherwise. </para></listitem>
</para>
</refsect1>
+<refsect1>
+ <title>INODE NUMBERS</title>
+ <para>
+ When Unix Extensions are enabled, we use the actual inode
+ number provided by the server in response to the POSIX calls as an
+ inode number.
+ </para>
+ <para>
+ When Unix Extensions are disabled and "serverino" mount option
+ is enabled there is no way to get the server inode number. The
+ client typically maps the server-assigned "UniqueID" onto an inode
+ number.
+ </para>
+ <para>
+ Note that the UniqueID is a different value from the server
+ inode number. The UniqueID value is unique over the scope of the entire
+ server and is often greater than 2 power 32. This value often makes
+ programs that are not compiled with LFS (Large File Support), to
+ trigger a glibc EOVERFLOW error as this won't fit in the target
+ structure field. It is strongly recommended to compile your programs
+ with LFS support (i.e. with -D_FILE_OFFSET_BITS=64) to prevent this
+ problem. You can also use "noserverino" mount option to generate inode
+ numbers smaller than 2 power 32 on the client. But you may not be able
+ to detect hardlinks properly.
+ </para>
+</refsect1>
+
<refsect1>
<title>FILE AND DIRECTORY OWNERSHIP AND PERMISSIONS</title>
<refsynopsisdiv>
<cmdsynopsis>
<command>pdbedit</command>
- <arg choice="opt">-L</arg>
- <arg choice="opt">-v</arg>
- <arg choice="opt">-w</arg>
- <arg choice="opt">-u username</arg>
- <arg choice="opt">-f fullname</arg>
- <arg choice="opt">-h homedir</arg>
- <arg choice="opt">-D drive</arg>
- <arg choice="opt">-S script</arg>
- <arg choice="opt">-p profile</arg>
- <arg choice="opt">-a</arg>
- <arg choice="opt">-t, --password-from-stdin</arg>
- <arg choice="opt">-m</arg>
- <arg choice="opt">-r</arg>
- <arg choice="opt">-x</arg>
- <arg choice="opt">-i passdb-backend</arg>
- <arg choice="opt">-e passdb-backend</arg>
+ <arg choice="opt">-a</arg>
<arg choice="opt">-b passdb-backend</arg>
- <arg choice="opt">-g</arg>
+ <arg choice="opt">-c account-control</arg>
+ <arg choice="opt">-C value</arg>
<arg choice="opt">-d debuglevel</arg>
- <arg choice="opt">-s configfile</arg>
+ <arg choice="opt">-D drive</arg>
+ <arg choice="opt">-e passdb-backend</arg>
+ <arg choice="opt">-f fullname</arg>
+ <arg choice="opt">--force-initialized-passwords</arg>
+ <arg choice="opt">-g</arg>
+ <arg choice="opt">-h homedir</arg>
+ <arg choice="opt">-i passdb-backend</arg>
+ <arg choice="opt">-I domain</arg>
+ <arg choice="opt">-L </arg>
+ <arg choice="opt">-m</arg>
+ <arg choice="opt">-M SID|RID</arg>
+ <arg choice="opt">-N description</arg>
<arg choice="opt">-P account-policy</arg>
- <arg choice="opt">-C value</arg>
- <arg choice="opt">-c account-control</arg>
+ <arg choice="opt">-p profile</arg>
+ <arg choice="opt">--policies-reset</arg>
+ <arg choice="opt">-r</arg>
+ <arg choice="opt">-s configfile</arg>
+ <arg choice="opt">-S script</arg>
+ <arg choice="opt">-t</arg>
+ <arg choice="opt">--time-format</arg>
+ <arg choice="opt">-u username</arg>
+ <arg choice="opt">-U SID|RID</arg>
+ <arg choice="opt">-v</arg>
+ <arg choice="opt">-V</arg>
+ <arg choice="opt">-w</arg>
+ <arg choice="opt">-x</arg>
<arg choice="opt">-y</arg>
+ <arg choice="opt">-z</arg>
+ <arg choice="opt">-Z</arg>
</cmdsynopsis>
</refsynopsisdiv>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
- <term>-L</term>
+ <term>-L|--list</term>
<listitem><para>This option lists all the user accounts
present in the users database.
This option prints a list of user/uid pairs separated by
<varlistentry>
- <term>-v</term>
+ <term>-v|--verbose</term>
<listitem><para>This option enables the verbose listing format.
It causes pdbedit to list the users in the database, printing
out the account fields in a descriptive format.</para>
<varlistentry>
- <term>-w</term>
+ <term>-w|--smbpasswd-style</term>
<listitem><para>This option sets the "smbpasswd" listing format.
It will make pdbedit list the users in the database, printing
out the account fields in a format compatible with the
<varlistentry>
- <term>-u username</term>
+ <term>-u|--user username</term>
<listitem><para>This option specifies the username to be
used for the operation requested (listing, adding, removing).
It is <emphasis>required</emphasis> in add, remove and modify
</varlistentry>
<varlistentry>
- <term>-f fullname</term>
+ <term>-f|--fullname fullname</term>
<listitem><para>This option can be used while adding or
modifing a user account. It will specify the user's full
name. </para>
</varlistentry>
<varlistentry>
- <term>-h homedir</term>
+ <term>-h|--homedir homedir</term>
<listitem><para>This option can be used while adding or
modifing a user account. It will specify the user's home
directory network path.</para>
</varlistentry>
<varlistentry>
- <term>-D drive</term>
+ <term>-D|--drive drive</term>
<listitem><para>This option can be used while adding or
modifing a user account. It will specify the windows drive
letter to be used to map the home directory.</para>
<varlistentry>
- <term>-S script</term>
+ <term>-S|--script script</term>
<listitem><para>This option can be used while adding or
modifing a user account. It will specify the user's logon
script path.</para>
<varlistentry>
- <term>-p profile</term>
+ <term>-p|--profile profile</term>
<listitem><para>This option can be used while adding or
modifing a user account. It will specify the user's profile
directory.</para>
</varlistentry>
<varlistentry>
- <term>-G SID|rid</term>
+ <term>-M|'--machine SID' SID|rid</term>
<listitem><para>
- This option can be used while adding or modifying a user account. It
- will specify the users' new primary group SID (Security Identifier) or
+ This option can be used while adding or modifying a machine account. It
+ will specify the machines' new primary group SID (Security Identifier) or
rid. </para>
- <para>Example: <command>-G S-1-5-21-2447931902-1787058256-3961074038-1201</command></para>
+ <para>Example: <command>-M S-1-5-21-2447931902-1787058256-3961074038-1201</command></para>
</listitem>
</varlistentry>
<varlistentry>
- <term>-U SID|rid</term>
+ <term>-U|'--user SID' SID|rid</term>
<listitem><para>
This option can be used while adding or modifying a user account. It
will specify the users' new SID (Security Identifier) or
rid. </para>
<para>Example: <command>-U S-1-5-21-2447931902-1787058256-3961074038-5004</command></para>
+ <para>Example: <command>'--user SID' S-1-5-21-2447931902-1787058256-3961074038-5004</command></para>
+ <para>Example: <command>-U 5004</command></para>
+ <para>Example: <command>'--user SID' 5004</command></para>
</listitem>
</varlistentry>
<varlistentry>
- <term>-c account-control</term>
+ <term>-c|--account-control account-control</term>
<listitem><para>This option can be used while adding or modifying a user
account. It will specify the users' account control property. Possible flags are listed below.
</para>
</varlistentry>
<varlistentry>
- <term>-a</term>
+ <term>-a|--create</term>
<listitem><para>This option is used to add a user into the
database. This command needs a user name specified with
the -u switch. When adding a new user, pdbedit will also
</varlistentry>
<varlistentry>
- <term>-t, --password-from-stdin</term>
+ <term>-t|--password-from-stdin</term>
<listitem><para>This option causes pdbedit to read the password
from standard input, rather than from /dev/tty (like the
<command>passwd(1)</command> program does). The password has
</varlistentry>
<varlistentry>
- <term>-r</term>
+ <term>-r|--modify</term>
<listitem><para>This option is used to modify an existing user
in the database. This command needs a user name specified with the -u
switch. Other options can be specified to modify the properties of
</varlistentry>
<varlistentry>
- <term>-m</term>
+ <term>-m|--machine</term>
<listitem><para>This option may only be used in conjunction
with the <parameter>-a</parameter> option. It will make
pdbedit to add a machine trust account instead of a user
<varlistentry>
- <term>-x</term>
+ <term>-x|--delete</term>
<listitem><para>This option causes pdbedit to delete an account
from the database. It needs a username specified with the
-u switch.</para>
<varlistentry>
- <term>-i passdb-backend</term>
+ <term>-i|--import passdb-backend</term>
<listitem><para>Use a different passdb backend to retrieve users
than the one specified in smb.conf. Can be used to import data into
your local user database.</para>
</varlistentry>
<varlistentry>
- <term>-e passdb-backend</term>
+ <term>-e|--export passdb-backend</term>
<listitem><para>Exports all currently available users to the
specified password database backend.</para>
</varlistentry>
<varlistentry>
- <term>-g</term>
+ <term>-g|--group</term>
<listitem><para>If you specify <parameter>-g</parameter>,
then <parameter>-i in-backend -e out-backend</parameter>
applies to the group mapping instead of the user database.</para>
</varlistentry>
<varlistentry>
- <term>-b passdb-backend</term>
+ <term>-b|--backend passdb-backend</term>
<listitem><para>Use a different default passdb backend. </para>
<para>Example: <command>pdbedit -b xml:/root/pdb-backup.xml -l</command></para>
</varlistentry>
<varlistentry>
- <term>-P account-policy</term>
+ <term>-P|--account-policy account-policy</term>
<listitem><para>Display an account policy</para>
<para>Valid policies are: minimum password age, reset count minutes, disconnect time,
user must logon to change password, password history, lockout duration, min password length,
<varlistentry>
- <term>-C account-policy-value</term>
+ <term>-C|--value account-policy-value</term>
<listitem><para>Sets an account policy to a specified value.
This option may only be used in conjunction
with the <parameter>-P</parameter> option.
</varlistentry>
<varlistentry>
- <term>-y</term>
+ <term>-y|--policies</term>
<listitem><para>If you specify <parameter>-y</parameter>,
then <parameter>-i in-backend -e out-backend</parameter>
applies to the account policies instead of the user database.</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>--force-initialized-passwords</term>
+ <listitem><para>This option forces all users to change their
+ password upon next login.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-N|--account-desc description</term>
+ <listitem><para>This option can be used while adding or
+ modifing a user account. It will specify the user's description
+ field.</para>
+
+ <para>Example: <command>-N "test description"</command>
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-Z|--logon-hours-reset</term>
+ <listitem><para>This option can be used while adding or
+ modifing a user account. It will reset the user's allowed logon
+ hours. A user may login at any time afterwards.</para>
+
+ <para>Example: <command>-Z</command>
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-z|--bad-password-count-reset</term>
+ <listitem><para>This option can be used while adding or
+ modifing a user account. It will reset the stored bad login
+ counter from a specified user.</para>
+
+ <para>Example: <command>-z</command>
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>--policies-reset</term>
+ <listitem><para>This option can be used to reset the general
+ password policies stored for a domain to their
+ default values.</para>
+ <para>Example: <command>--policies-reset</command>
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-I|--domain</term>
+ <listitem><para>This option can be used while adding or
+ modifing a user account. It will specify the user's domain field.</para>
+
+ <para>Example: <command>-I "MYDOMAIN"</command>
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>--time-format</term>
+ <listitem><para>This option is currently not being used.</para>
+ </listitem>
+ </varlistentry>
+
&stdarg.help;
&stdarg.server.debug;
&popt.common.samba;
<arg choice="opt">-s <smb config file></arg>
<arg choice="opt">-U username[%password]</arg>
<arg choice="opt">-W workgroup</arg>
- <arg choice="opt">-N</arg>
<arg choice="opt">-I destinationIP</arg>
<arg choice="req">server</arg>
</cmdsynopsis>
<varlistentry>
- <term>-I IP-address</term>
+ <term>-I|--dest-ip IP-address</term>
<listitem><para><replaceable>IP address</replaceable> is the address of the server to connect to.
It should be specified in standard "a.b.c.d" notation. </para>
above. </para></listitem>
</varlistentry>
+ <varlistentry>
+ <term>-p|--port port</term>
+ <listitem><para>This number is the TCP port number that will be used
+ when making connections to the server. The standard (well-known)
+ TCP port number for an SMB/CIFS server is 139, which is the
+ default. </para></listitem>
+ </varlistentry>
+
&stdarg.server.debug;
&popt.common.samba;
&popt.common.credentials;
<variablelist>
<varlistentry>
- <term>-a acls</term>
+ <term>-a|--add acls</term>
<listitem><para>Add the ACLs specified to the ACL list. Existing
access control entries are unchanged. </para></listitem>
</varlistentry>
<varlistentry>
- <term>-M acls</term>
+ <term>-M|--modify acls</term>
<listitem><para>Modify the mask value (permissions) for the ACLs
specified on the command line. An error will be printed for each
ACL specified that was not already present in the ACL list
<varlistentry>
- <term>-D acls</term>
+ <term>-D|--delete acls</term>
<listitem><para>Delete any ACLs specified on the command line.
An error will be printed for each ACL specified that was not
already present in the ACL list. </para></listitem>
<varlistentry>
- <term>-S acls</term>
+ <term>-S|--set acls</term>
<listitem><para>This command sets the ACLs on the file with
only the ones specified on the command line. All other ACLs are
erased. Note that the ACL specified must contain at least a revision,
<varlistentry>
- <term>-U username</term>
- <listitem><para>Specifies a username used to connect to the
- specified service. The username may be of the form "username" in
- which case the user is prompted to enter in a password and the
- workgroup specified in the <citerefentry><refentrytitle>smb.conf</refentrytitle>
- <manvolnum>5</manvolnum></citerefentry> file is
- used, or "username%password" or "DOMAIN\username%password" and the
- password and workgroup names are used as provided. </para></listitem>
- </varlistentry>
-
-
-
- <varlistentry>
- <term>-C name</term>
+ <term>-C|--chown name</term>
<listitem><para>The owner of a file or directory can be changed
to the name given using the <parameter>-C</parameter> option.
The name can be a sid in the form S-1-x-y-z or a name resolved
<varlistentry>
- <term>-G name</term>
+ <term>-G|--chgrp name</term>
<listitem><para>The group owner of a file or directory can
be changed to the name given using the <parameter>-G</parameter>
option. The name can be a sid in the form S-1-x-y-z or a name
</varlistentry>
<varlistentry>
- <term>-t</term>
+ <term>-t|--test-args</term>
<listitem><para>
Don't actually do anything, only validate the correctness of
the arguments.
&stdarg.help;
&stdarg.server.debug;
&popt.common.samba;
+ &popt.common.credentials;
</variablelist>
</refsect1>
</varlistentry>
<varlistentry>
- <term>-R <name resolve order></term>
+ <term>-R|--name-resolve <name resolve order></term>
<listitem><para>This option is used by the programs in the Samba
suite to determine what naming services and in what order to resolve
host names to IP addresses. The option takes a space-separated
<varlistentry>
- <term>-M NetBIOS name</term>
+ <term>-M|--message NetBIOS name</term>
<listitem><para>This options allows you to send messages, using
the "WinPopup" protocol, to another computer. Once a connection is
established you then type your message, pressing ^D (control-D) to
</varlistentry>
<varlistentry>
- <term>-p port</term>
+ <term>-p|--port port</term>
<listitem><para>This number is the TCP port number that will be used
when making connections to the server. The standard (well-known)
TCP port number for an SMB/CIFS server is 139, which is the
</varlistentry>
<varlistentry>
- <term>-g</term>
+ <term>-g|--grepable</term>
<listitem><para>This parameter provides combined with
<parameter>-L</parameter> easy parseable output that allows processing
with utilities such as grep and cut.
</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term>-m|--max-protocol protocol</term>
+ <listitem><para>This parameter sets the maximum protocol version announced by the client.
+ </para></listitem>
+ </varlistentry>
+
<varlistentry>
<term>-P</term>
<listitem><para>
&stdarg.help;
<varlistentry>
- <term>-I IP-address</term>
+ <term>-I|--ip-address IP-address</term>
<listitem><para><replaceable>IP address</replaceable> is the address of the server to connect to.
It should be specified in standard "a.b.c.d" notation. </para>
</varlistentry>
<varlistentry>
- <term>-E</term>
+ <term>-E|--stderr</term>
<listitem><para>This parameter causes the client to write messages
to the standard error stream (stderr) rather than to the standard
output stream. </para>
</varlistentry>
<varlistentry>
- <term>-L</term>
+ <term>-L|--list</term>
<listitem><para>This option allows you to look at what services
are available on a server. You use it as <command>smbclient -L
host</command> and a list should appear. The <parameter>-I
</varlistentry>
<varlistentry>
- <term>-b buffersize</term>
+ <term>-b|--send-buffer buffersize</term>
<listitem><para>This option changes the transmit/send buffer
size when getting or putting a file from/to the server. The default
is 65520 bytes. Setting this value smaller (to 1200 bytes) has been
&popt.common.connection;
<varlistentry>
- <term>-T tar options</term>
+ <term>-T|--tar tar options</term>
<listitem><para>smbclient may be used to create <command>tar(1)
</command> compatible backups of all the files on an SMB/CIFS
share. The secondary tar flags that can be given to this option
</varlistentry>
<varlistentry>
- <term>-D initial directory</term>
+ <term>-D|--directory initial directory</term>
<listitem><para>Change to initial directory before starting. Probably
only of any use with the tar -T option. </para></listitem>
</varlistentry>
<varlistentry>
- <term>-c command string</term>
+ <term>-c|--comand command string</term>
<listitem><para>command string is a semicolon-separated list of
commands to be executed instead of prompting from stdin. <parameter>
-N</parameter> is implied by <parameter>-c</parameter>.</para>
<arg choice="opt">-q, --quiet</arg>
<arg choice="opt">-v, --verbose</arg>
<arg choice="opt">-b, --blocksize</arg>
+ <arg choice="opt">-O, --stdout</arg>
<arg choice="opt">-?, --help</arg>
<arg choice="opt">--usage</arg>
<arg choice="req">smb://host/share/path/to/file</arg>
<varlistentry>
<term>-o, --outputfile</term>
- <listitem><para>Write the file that is being download to the specified file. Can not be used together with -R.</para></listitem>
+ <listitem><para>Write the file that is being downloaded to the specified file. Can not be used together with -R.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-O, --stdout</term>
+ <listitem><para>Write the file that is being downloaded to standard output.</para></listitem>
</varlistentry>
<varlistentry>
<variablelist>
<varlistentry>
- <term>-b</term>
+ <term>-b|--broadcast</term>
<listitem><para>Query network nodes by sending requests
as broadcasts instead of querying the local master browser.
</para></listitem>
</varlistentry>
<varlistentry>
- <term>-D</term>
+ <term>-D|--domains</term>
<listitem><para>Only print a list of all
the domains known on broadcast or by the
master browser</para></listitem>
</varlistentry>
<varlistentry>
- <term>-S</term>
+ <term>-S|--servers</term>
<listitem><para>Only print a list of
all the domains and servers responding on broadcast or
known by the master browser.
<?xml version="1.0" encoding="iso-8859-1"?>
-<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<refentry id="tdbbackup.8">
<refmeta>
<?xml version="1.0" encoding="iso-8859-1"?>
-<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<refentry id="tdbdump.8">
<refmeta>
<?xml version="1.0" encoding="iso-8859-1"?>
-<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<refentry id="tdbtool.8">
<refmeta>
AC_CHECK_FUNCS(strnlen)
AC_CHECK_FUNCS(strtoull __strtoull strtouq strtoll __strtoll strtoq)
+AC_CHECK_FUNCS(memmem)
+
# this test disabled as we don't actually need __VA_ARGS__ yet
AC_TRY_CPP([
#define eprintf(...) fprintf(stderr, __VA_ARGS__)
return NULL;
}
#endif
+
+
+#ifndef HAVE_MEMMEM
+void *rep_memmem(const void *haystack, size_t haystacklen,
+ const void *needle, size_t needlelen)
+{
+ if (needlelen == 0) {
+ return discard_const(haystack);
+ }
+ while (haystacklen >= needlelen) {
+ char *p = memchr(haystack, *(const char *)needle,
+ haystacklen-(needlelen-1));
+ if (!p) return NULL;
+ if (memcmp(p, needle, needlelen) == 0) {
+ return p;
+ }
+ haystack = p+1;
+ haystacklen -= (p - (const char *)haystack) + 1;
+ }
+ return NULL;
+}
+#endif
+
void *rep_memmove(void *dest,const void *src,int size);
#endif
+#ifndef HAVE_MEMMEM
+#define memmem rep_memmem
+void *rep_memmem(const void *haystack, size_t haystacklen,
+ const void *needle, size_t needlelen);
+#endif
+
#ifndef HAVE_MKTIME
#define mktime rep_mktime
/* prototype is in "system/time.h" */
break;
case 'p':
cnk->type = CNK_PTR;
+ cnk->flags |= DP_F_UNSIGNED;
break;
case 'n':
cnk->type = CNK_NUM;
return true;
}
+static int test_memmem(void)
+{
+ char *s;
+
+ printf("test: memmem\n");
+
+ s = memmem("foo", 3, "fo", 2);
+ if (strcmp(s, "foo") != 0) {
+ printf(__location__ ": Failed memmem\n");
+ return false;
+ }
+
+ s = memmem("foo", 3, "", 0);
+ if (strcmp(s, "foo") != 0) {
+ printf(__location__ ": Failed memmem\n");
+ return false;
+ }
+
+ s = memmem("foo", 4, "o", 1);
+ if (strcmp(s, "oo") != 0) {
+ printf(__location__ ": Failed memmem\n");
+ return false;
+ }
+
+ s = memmem("foobarfodx", 11, "fod", 3);
+ if (strcmp(s, "fodx") != 0) {
+ printf(__location__ ": Failed memmem\n");
+ return false;
+ }
+
+ printf("success: memmem\n");
+
+ return true;
+}
+
+
struct torture_context;
bool torture_local_replace(struct torture_context *ctx)
{
ret &= test_getifaddrs();
ret &= test_utime();
ret &= test_utimes();
+ ret &= test_memmem();
return ret;
}
LIB_PATH_VAR = @LIB_PATH_VAR@
tdbdir = @tdbdir@
+EXTRA_TARGETS = @DOC_TARGET@
+
TDB_OBJ = @TDB_OBJ@ @LIBREPLACEOBJ@
SONAMEFLAG = @SONAMEFLAG@
VERSIONSCRIPT = @VERSIONSCRIPT@
EXPORTSFILE = @EXPORTSFILE@
+XSLTPROC = @XSLTPROC@
+
default: all
include $(tdbdir)/tdb.mk
include $(tdbdir)/rules.mk
-all:: showflags dirs $(PROGS) $(TDB_SOLIB) libtdb.a $(PYTHON_BUILD_TARGET)
+all:: showflags dirs $(PROGS) $(TDB_SOLIB) libtdb.a $(PYTHON_BUILD_TARGET) $(EXTRA_TARGETS)
install:: all
$(TDB_SOLIB): $(TDB_OBJ)
fi
])
+AC_PATH_PROG(XSLTPROC,xsltproc)
+DOC_TARGET=""
+if test -n "$XSLTPROC"; then
+ DOC_TARGET=doc
+fi
+AC_SUBST(DOC_TARGET)
+
m4_include(build_macros.m4)
BUILD_WITH_SHARED_BUILD_DIR
void tdb_enable_seqnum(struct tdb_context *tdb);
void tdb_increment_seqnum_nonblock(struct tdb_context *tdb);
int tdb_check(struct tdb_context *tdb,
- int (*check)(TDB_DATA key, TDB_DATA data, void *private_data),
+ int (*check) (TDB_DATA key, TDB_DATA data, void *private_data),
void *private_data);
/* Low level locking functions: use with care */
--- /dev/null
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
+<refentry id="tdbbackup.8">
+
+<refmeta>
+ <refentrytitle>tdbbackup</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class="source">Samba</refmiscinfo>
+ <refmiscinfo class="manual">System Administration tools</refmiscinfo>
+ <refmiscinfo class="version">3.6</refmiscinfo>
+</refmeta>
+
+
+<refnamediv>
+ <refname>tdbbackup</refname>
+ <refpurpose>tool for backing up and for validating the integrity of samba .tdb files</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+ <cmdsynopsis>
+ <command>tdbbackup</command>
+ <arg choice="opt">-s suffix</arg>
+ <arg choice="opt">-v</arg>
+ <arg choice="opt">-h</arg>
+ </cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+ <title>DESCRIPTION</title>
+
+ <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
+ <manvolnum>1</manvolnum></citerefentry> suite.</para>
+
+ <para><command>tdbbackup</command> is a tool that may be used to backup samba .tdb
+ files. This tool may also be used to verify the integrity of the .tdb files prior
+ to samba startup or during normal operation. If it finds file damage and it finds
+ a prior backup the backup file will be restored.
+ </para>
+</refsect1>
+
+
+<refsect1>
+ <title>OPTIONS</title>
+
+ <variablelist>
+
+ <varlistentry>
+ <term>-h</term>
+ <listitem><para>
+ Get help information.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-s suffix</term>
+ <listitem><para>
+ The <command>-s</command> option allows the adminisistrator to specify a file
+ backup extension. This way it is possible to keep a history of tdb backup
+ files by using a new suffix for each backup.
+ </para> </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-v</term>
+ <listitem><para>
+ The <command>-v</command> will check the database for damages (currupt data)
+ which if detected causes the backup to be restored.
+ </para></listitem>
+ </varlistentry>
+
+ </variablelist>
+</refsect1>
+
+
+<refsect1>
+ <title>COMMANDS</title>
+
+ <para><emphasis>GENERAL INFORMATION</emphasis></para>
+
+ <para>
+ The <command>tdbbackup</command> utility can safely be run at any time. It was designed so
+ that it can be used at any time to validate the integrity of tdb files, even during Samba
+ operation. Typical usage for the command will be:
+ </para>
+
+ <para>tdbbackup [-s suffix] *.tdb</para>
+
+ <para>
+ Before restarting samba the following command may be run to validate .tdb files:
+ </para>
+
+ <para>tdbbackup -v [-s suffix] *.tdb</para>
+
+ <para>
+ Samba .tdb files are stored in various locations, be sure to run backup all
+ .tdb file on the system. Important files includes:
+ </para>
+
+ <itemizedlist>
+ <listitem><para>
+ <command>secrets.tdb</command> - usual location is in the /usr/local/samba/private
+ directory, or on some systems in /etc/samba.
+ </para></listitem>
+
+ <listitem><para>
+ <command>passdb.tdb</command> - usual location is in the /usr/local/samba/private
+ directory, or on some systems in /etc/samba.
+ </para></listitem>
+
+ <listitem><para>
+ <command>*.tdb</command> located in the /usr/local/samba/var directory or on some
+ systems in the /var/cache or /var/lib/samba directories.
+ </para></listitem>
+ </itemizedlist>
+
+</refsect1>
+
+<refsect1>
+ <title>VERSION</title>
+
+ <para>This man page is correct for version 3 of the Samba suite.</para>
+</refsect1>
+
+<refsect1>
+ <title>AUTHOR</title>
+
+ <para>
+ The original Samba software and related utilities were created by Andrew Tridgell.
+ Samba is now developed by the Samba Team as an Open Source project similar to the way
+ the Linux kernel is developed.
+ </para>
+
+ <para>The tdbbackup man page was written by John H Terpstra.</para>
+</refsect1>
+
+</refentry>
--- /dev/null
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
+<refentry id="tdbdump.8">
+
+<refmeta>
+ <refentrytitle>tdbdump</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class="source">Samba</refmiscinfo>
+ <refmiscinfo class="manual">System Administration tools</refmiscinfo>
+ <refmiscinfo class="version">3.6</refmiscinfo>
+</refmeta>
+
+
+<refnamediv>
+ <refname>tdbdump</refname>
+ <refpurpose>tool for printing the contents of a TDB file</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+ <cmdsynopsis>
+ <command>tdbdump</command>
+ <arg choice="req">filename</arg>
+ </cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+ <title>DESCRIPTION</title>
+
+ <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
+ <manvolnum>1</manvolnum></citerefentry> suite.</para>
+
+ <para><command>tdbdump</command> is a very simple utility that 'dumps' the
+ contents of a TDB (Trivial DataBase) file to standard output in a
+ human-readable format.
+ </para>
+
+ <para>This tool can be used when debugging problems with TDB files. It is
+ intended for those who are somewhat familiar with Samba internals.
+ </para>
+</refsect1>
+
+
+<refsect1>
+ <title>VERSION</title>
+
+ <para>This man page is correct for version 3 of the Samba suite.</para>
+</refsect1>
+
+<refsect1>
+ <title>AUTHOR</title>
+
+ <para>
+ The original Samba software and related utilities were created by Andrew Tridgell.
+ Samba is now developed by the Samba Team as an Open Source project similar to the way
+ the Linux kernel is developed.
+ </para>
+
+ <para>The tdbdump man page was written by Jelmer Vernooij.</para>
+</refsect1>
+
+</refentry>
--- /dev/null
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
+<refentry id="tdbtool.8">
+
+<refmeta>
+ <refentrytitle>tdbtool</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class="source">Samba</refmiscinfo>
+ <refmiscinfo class="manual">System Administration tools</refmiscinfo>
+ <refmiscinfo class="version">3.6</refmiscinfo>
+</refmeta>
+
+
+<refnamediv>
+ <refname>tdbtool</refname>
+ <refpurpose>manipulate the contents TDB files</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+
+ <cmdsynopsis>
+ <command>tdbtool</command>
+ </cmdsynopsis>
+
+ <cmdsynopsis>
+ <command>tdbtool</command>
+ <arg choice="plain">
+ <replaceable>TDBFILE</replaceable>
+ </arg>
+ <arg rep="repeat" choice="opt">
+ <replaceable>COMMANDS</replaceable>
+ </arg>
+ </cmdsynopsis>
+
+</refsynopsisdiv>
+
+<refsect1>
+ <title>DESCRIPTION</title>
+
+ <para>This tool is part of the
+ <citerefentry><refentrytitle>samba</refentrytitle>
+ <manvolnum>1</manvolnum></citerefentry> suite.</para>
+
+ <para><command>tdbtool</command> a tool for displaying and
+ altering the contents of Samba TDB (Trivial DataBase) files. Each
+ of the commands listed below can be entered interactively or
+ provided on the command line.</para>
+
+</refsect1>
+
+
+<refsect1>
+ <title>COMMANDS</title>
+
+ <variablelist>
+
+ <varlistentry>
+ <term><option>create</option>
+ <replaceable>TDBFILE</replaceable></term>
+ <listitem><para>Create a new database named
+ <replaceable>TDBFILE</replaceable>.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>open</option>
+ <replaceable>TDBFILE</replaceable></term>
+ <listitem><para>Open an existing database named
+ <replaceable>TDBFILE</replaceable>.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>erase</option></term>
+ <listitem><para>Erase the current database.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>dump</option></term>
+ <listitem><para>Dump the current database as strings.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>cdump</option></term>
+ <listitem><para>Dump the current database as connection records.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>keys</option></term>
+ <listitem><para>Dump the current database keys as strings.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>hexkeys</option></term>
+ <listitem><para>Dump the current database keys as hex values.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>info</option></term>
+ <listitem><para>Print summary information about the
+ current database.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>insert</option>
+ <replaceable>KEY</replaceable>
+ <replaceable>DATA</replaceable>
+ </term>
+ <listitem><para>Insert a record into the
+ current database.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>move</option>
+ <replaceable>KEY</replaceable>
+ <replaceable>TDBFILE</replaceable>
+ </term>
+ <listitem><para>Move a record from the
+ current database into <replaceable>TDBFILE</replaceable>.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>store</option>
+ <replaceable>KEY</replaceable>
+ <replaceable>DATA</replaceable>
+ </term>
+ <listitem><para>Store (replace) a record in the
+ current database.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>show</option>
+ <replaceable>KEY</replaceable>
+ </term>
+ <listitem><para>Show a record by key.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>delete</option>
+ <replaceable>KEY</replaceable>
+ </term>
+ <listitem><para>Delete a record by key.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>list</option>
+ </term>
+ <listitem><para>Print the current database hash table and free list.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>free</option>
+ </term>
+ <listitem><para>Print the current database and free list.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>!</option>
+ <replaceable>COMMAND</replaceable>
+ </term>
+ <listitem><para>Execute the given system command.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <option>first</option>
+ </term>
+ <listitem><para>Print the first record in the current database.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <option>next</option>
+ </term>
+ <listitem><para>Print the next record in the current database.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <option>check</option>
+ </term>
+ <listitem><para>Check the integrity of the current database.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <option>quit</option>
+ </term>
+ <listitem><para>Exit <command>tdbtool</command>.
+ </para></listitem>
+ </varlistentry>
+
+ </variablelist>
+</refsect1>
+
+<refsect1>
+ <title>CAVEATS</title>
+ <para>The contents of the Samba TDB files are private
+ to the implementation and should not be altered with
+ <command>tdbtool</command>.
+ </para>
+</refsect1>
+
+<refsect1>
+ <title>VERSION</title>
+ <para>This man page is correct for version 3.0.25 of the Samba suite.</para>
+</refsect1>
+
+<refsect1>
+ <title>AUTHOR</title>
+
+ <para> The original Samba software and related utilities were
+ created by Andrew Tridgell. Samba is now developed by the
+ Samba Team as an Open Source project similar to the way the
+ Linux kernel is developed.</para>
+</refsect1>
+
+</refentry>
$(SHLD) $(SHLD_FLAGS) -o $@ pytdb.o -L. -ltdb `$(PYTHON_CONFIG) --ldflags`
install:: installdirs installbin installheaders installlibs \
- $(PYTHON_INSTALL_TARGET)
+ $(PYTHON_INSTALL_TARGET) installdocs
+
+doc:: manpages/tdbbackup.8 manpages/tdbdump.8 manpages/tdbtool.8
+
+.SUFFIXES: .8.xml .8
+
+.8.xml.8:
+ -test -z "$(XSLTPROC)" || $(XSLTPROC) -o $@ http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $<
+
+installdocs::
+ ${INSTALLCMD} -d $(DESTDIR)$(mandir)/man1
+ for I in manpages/*.1; do \
+ ${INSTALLCMD} -m 644 $$I $(DESTDIR)$(mandir)/man1 \
+ done
install-python:: build-python
mkdir -p $(DESTDIR)`$(PYTHON) -c "import distutils.sysconfig; print distutils.sysconfig.get_python_lib(1, prefix='$(prefix)')"`
void tdb_setalarm_sigptr (struct tdb_context *, volatile sig_atomic_t *);
void tdb_set_logging_function (struct tdb_context *, const struct tdb_logging_context *);
void tdb_set_max_dead (struct tdb_context *, int);
-int tdb_check (struct tdb_context *, int (*)(TDB_DATA, TDB_DATA, void *), void *);
+int tdb_check (struct tdb_context *, int (*) (TDB_DATA, TDB_DATA, void *), void *);
TDB_DATA tdb_null;
#include "tevent_internal.h"
#include "tevent_util.h"
-#define NUM_SIGNALS 64
+#define TEVENT_NUM_SIGNALS 64
/* maximum number of SA_SIGINFO signals to hold in the queue.
NB. This *MUST* be a power of 2, in order for the ring buffer
wrap to work correctly. Thanks to Petr Vandrovec <petr@vandrovec.name>
for this. */
-#define SA_INFO_QUEUE_COUNT 64
+#define TEVENT_SA_INFO_QUEUE_COUNT 64
-struct sigcounter {
+struct tevent_sigcounter {
uint32_t count;
uint32_t seen;
};
-#define SIG_INCREMENT(s) (s).count++
-#define SIG_SEEN(s, n) (s).seen += (n)
-#define SIG_PENDING(s) ((s).seen != (s).count)
+#define TEVENT_SIG_INCREMENT(s) (s).count++
+#define TEVENT_SIG_SEEN(s, n) (s).seen += (n)
+#define TEVENT_SIG_PENDING(s) ((s).seen != (s).count)
struct tevent_common_signal_list {
struct tevent_common_signal_list *prev, *next;
/*
the poor design of signals means that this table must be static global
*/
-static struct sig_state {
- struct tevent_common_signal_list *sig_handlers[NUM_SIGNALS+1];
- struct sigaction *oldact[NUM_SIGNALS+1];
- struct sigcounter signal_count[NUM_SIGNALS+1];
- struct sigcounter got_signal;
+static struct tevent_sig_state {
+ struct tevent_common_signal_list *sig_handlers[TEVENT_NUM_SIGNALS+1];
+ struct sigaction *oldact[TEVENT_NUM_SIGNALS+1];
+ struct tevent_sigcounter signal_count[TEVENT_NUM_SIGNALS+1];
+ struct tevent_sigcounter got_signal;
#ifdef SA_SIGINFO
/* with SA_SIGINFO we get quite a lot of info per signal */
- siginfo_t *sig_info[NUM_SIGNALS+1];
- struct sigcounter sig_blocked[NUM_SIGNALS+1];
+ siginfo_t *sig_info[TEVENT_NUM_SIGNALS+1];
+ struct tevent_sigcounter sig_blocked[TEVENT_NUM_SIGNALS+1];
#endif
} *sig_state;
/*
return number of sigcounter events not processed yet
*/
-static uint32_t sig_count(struct sigcounter s)
+static uint32_t tevent_sig_count(struct tevent_sigcounter s)
{
return s.count - s.seen;
}
struct tevent_context *ev = NULL;
int saved_errno = errno;
- SIG_INCREMENT(sig_state->signal_count[signum]);
- SIG_INCREMENT(sig_state->got_signal);
+ TEVENT_SIG_INCREMENT(sig_state->signal_count[signum]);
+ TEVENT_SIG_INCREMENT(sig_state->got_signal);
/* Write to each unique event context. */
for (sl = sig_state->sig_handlers[signum]; sl; sl = sl->next) {
static void tevent_common_signal_handler_info(int signum, siginfo_t *info,
void *uctx)
{
- uint32_t count = sig_count(sig_state->signal_count[signum]);
- /* sig_state->signal_count[signum].seen % SA_INFO_QUEUE_COUNT
+ uint32_t count = tevent_sig_count(sig_state->signal_count[signum]);
+ /* sig_state->signal_count[signum].seen % TEVENT_SA_INFO_QUEUE_COUNT
* is the base of the unprocessed signals in the ringbuffer. */
uint32_t ofs = (sig_state->signal_count[signum].seen + count) %
- SA_INFO_QUEUE_COUNT;
+ TEVENT_SA_INFO_QUEUE_COUNT;
sig_state->sig_info[signum][ofs] = *info;
tevent_common_signal_handler(signum);
/* handle SA_SIGINFO */
- if (count+1 == SA_INFO_QUEUE_COUNT) {
+ if (count+1 == TEVENT_SA_INFO_QUEUE_COUNT) {
/* we've filled the info array - block this signal until
these ones are delivered */
sigset_t set;
sigemptyset(&set);
sigaddset(&set, signum);
sigprocmask(SIG_BLOCK, &set, NULL);
- SIG_INCREMENT(sig_state->sig_blocked[signum]);
+ TEVENT_SIG_INCREMENT(sig_state->sig_blocked[signum]);
}
}
#endif
struct tevent_common_signal_list *sl;
sigset_t set, oldset;
- if (signum >= NUM_SIGNALS) {
+ if (signum >= TEVENT_NUM_SIGNALS) {
errno = EINVAL;
return NULL;
}
/* the sig_state needs to be on a global context as it can last across
multiple event contexts */
if (sig_state == NULL) {
- sig_state = talloc_zero(talloc_autofree_context(), struct sig_state);
+ sig_state = talloc_zero(talloc_autofree_context(), struct tevent_sig_state);
if (sig_state == NULL) {
return NULL;
}
act.sa_handler = NULL;
act.sa_sigaction = tevent_common_signal_handler_info;
if (sig_state->sig_info[signum] == NULL) {
- sig_state->sig_info[signum] = talloc_zero_array(sig_state, siginfo_t, SA_INFO_QUEUE_COUNT);
+ sig_state->sig_info[signum] =
+ talloc_zero_array(sig_state, siginfo_t,
+ TEVENT_SA_INFO_QUEUE_COUNT);
if (sig_state->sig_info[signum] == NULL) {
talloc_free(se);
return NULL;
{
int i;
- if (!sig_state || !SIG_PENDING(sig_state->got_signal)) {
+ if (!sig_state || !TEVENT_SIG_PENDING(sig_state->got_signal)) {
return 0;
}
- for (i=0;i<NUM_SIGNALS+1;i++) {
+ for (i=0;i<TEVENT_NUM_SIGNALS+1;i++) {
struct tevent_common_signal_list *sl, *next;
- struct sigcounter counter = sig_state->signal_count[i];
- uint32_t count = sig_count(counter);
+ struct tevent_sigcounter counter = sig_state->signal_count[i];
+ uint32_t count = tevent_sig_count(counter);
#ifdef SA_SIGINFO
/* Ensure we null out any stored siginfo_t entries
* after processing for debugging purposes. */
for (j=0;j<count;j++) {
/* sig_state->signal_count[i].seen
- * % SA_INFO_QUEUE_COUNT is
+ * % TEVENT_SA_INFO_QUEUE_COUNT is
* the base position of the unprocessed
* signals in the ringbuffer. */
uint32_t ofs = (counter.seen + j)
- % SA_INFO_QUEUE_COUNT;
+ % TEVENT_SA_INFO_QUEUE_COUNT;
se->handler(ev, se, i, 1,
(void*)&sig_state->sig_info[i][ofs],
se->private_data);
uint32_t j;
for (j=0;j<count;j++) {
uint32_t ofs = (counter.seen + j)
- % SA_INFO_QUEUE_COUNT;
+ % TEVENT_SA_INFO_QUEUE_COUNT;
memset((void*)&sig_state->sig_info[i][ofs],
'\0',
sizeof(siginfo_t));
}
#endif
- SIG_SEEN(sig_state->signal_count[i], count);
- SIG_SEEN(sig_state->got_signal, count);
+ TEVENT_SIG_SEEN(sig_state->signal_count[i], count);
+ TEVENT_SIG_SEEN(sig_state->got_signal, count);
#ifdef SA_SIGINFO
- if (SIG_PENDING(sig_state->sig_blocked[i])) {
+ if (TEVENT_SIG_PENDING(sig_state->sig_blocked[i])) {
/* We'd filled the queue, unblock the
signal now the queue is empty again.
Note we MUST do this after the
- SIG_SEEN(sig_state->signal_count[i], count)
+ TEVENT_SIG_SEEN(sig_state->signal_count[i], count)
call to prevent a new signal running
out of room in the sig_state->sig_info[i][]
ring buffer. */
sigset_t set;
sigemptyset(&set);
sigaddset(&set, i);
- SIG_SEEN(sig_state->sig_blocked[i],
- sig_count(sig_state->sig_blocked[i]));
+ TEVENT_SIG_SEEN(sig_state->sig_blocked[i],
+ tevent_sig_count(sig_state->sig_blocked[i]));
sigprocmask(SIG_UNBLOCK, &set, NULL);
}
#endif
struct tsocket_address *addr;
struct tsocket_address_bsd *bsda;
+ if (sa_socklen < sizeof(sa->sa_family)) {
+ errno = EINVAL;
+ return -1;
+ }
+
switch (sa->sa_family) {
case AF_UNIX:
- if (sa_socklen < sizeof(struct sockaddr_un)) {
- errno = EINVAL;
- return -1;
+ if (sa_socklen > sizeof(struct sockaddr_un)) {
+ sa_socklen = sizeof(struct sockaddr_un);
}
break;
case AF_INET:
errno = EINVAL;
return -1;
}
+ sa_socklen = sizeof(struct sockaddr_in);
break;
#ifdef HAVE_IPV6
case AF_INET6:
errno = EINVAL;
return -1;
}
+ sa_socklen = sizeof(struct sockaddr_in6);
break;
#endif
default:
#include "includes.h"
#include "../librpc/gen_ndr/ndr_ntlmssp.h"
-#include "libsmb/ntlmssp_ndr.h"
+#include "../libcli/auth/ntlmssp_ndr.h"
#define NTLMSSP_PULL_MESSAGE(type, blob, mem_ctx, ic, r) \
do { \
_PUBLIC_ int GUID_compare(const struct GUID *u1, const struct GUID *u2)
{
if (u1->time_low != u2->time_low) {
- return u1->time_low - u2->time_low;
+ return u1->time_low > u2->time_low ? 1 : -1;
}
if (u1->time_mid != u2->time_mid) {
- return u1->time_mid - u2->time_mid;
+ return u1->time_mid > u2->time_mid ? 1 : -1;
}
if (u1->time_hi_and_version != u2->time_hi_and_version) {
- return u1->time_hi_and_version - u2->time_hi_and_version;
+ return u1->time_hi_and_version > u2->time_hi_and_version ? 1 : -1;
}
if (u1->clock_seq[0] != u2->clock_seq[0]) {
- return u1->clock_seq[0] - u2->clock_seq[0];
+ return u1->clock_seq[0] > u2->clock_seq[0] ? 1 : -1;
}
if (u1->clock_seq[1] != u2->clock_seq[1]) {
- return u1->clock_seq[1] - u2->clock_seq[1];
+ return u1->clock_seq[1] > u2->clock_seq[1] ? 1 : -1;
}
return memcmp(u1->node, u2->node, 6);
Copyright (C) Gerald (Jerry) Carter 2007
Copyright (C) Guenther Deschner 2008
+ Copyright (C) Volker Lendecke 2009
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
return wbc_status;
}
+/*
+ * Trigger a no-op NETLOGON call. Lightweight version of
+ * wbcCheckTrustCredentials
+ */
+wbcErr wbcPingDc(const char *domain, struct wbcAuthErrorInfo **error)
+{
+ struct winbindd_request request;
+ struct winbindd_response response;
+ wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+
+ if (domain) {
+ /*
+ * the current protocol doesn't support
+ * specifying a domain
+ */
+ wbc_status = WBC_ERR_NOT_IMPLEMENTED;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+
+ ZERO_STRUCT(request);
+ ZERO_STRUCT(response);
+
+ /* Send request */
+
+ wbc_status = wbcRequestResponse(WINBINDD_PING_DC,
+ &request,
+ &response);
+ if (response.data.auth.nt_status != 0) {
+ if (error) {
+ wbc_status = wbc_create_error_info(NULL,
+ &response,
+ error);
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+
+ wbc_status = WBC_ERR_AUTH_ERROR;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+ BAIL_ON_WBC_ERROR(wbc_status);
+
+ done:
+ return wbc_status;
+}
+
/* Trigger an extended logoff notification to Winbind for a specific user */
wbcErr wbcLogoffUserEx(const struct wbcLogoffUserParams *params,
struct wbcAuthErrorInfo **error)
wbc_status = WBC_ERR_SUCCESS;
done:
- if (!WBC_ERROR_IS_OK(wbc_status) && blobs) {
+ if (!WBC_ERROR_IS_OK(wbc_status)) {
wbcFreeMemory(*blobs);
}
return wbc_status;
Winbind client API
Copyright (C) Gerald (Jerry) Carter 2007
+ Copyright (C) Volker Lendecke 2009
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
wbcErr wbcChangeTrustCredentials(const char *domain,
struct wbcAuthErrorInfo **error);
+/**
+ * @brief Trigger a no-op call through the NETLOGON pipe. Low-cost
+ * version of wbcCheckTrustCredentials
+ *
+ * @param *domain The name of the domain, only NULL for the default domain is
+ * supported yet. Other values than NULL will result in
+ * WBC_ERR_NOT_IMPLEMENTED.
+ * @param error Output details on WBC_ERR_AUTH_ERROR
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcPingDc(const char *domain, struct wbcAuthErrorInfo **error);
+
/**********************************************************
* Helper functions
**********************************************************/
Copyright (C) Tim Potter 2000-2003
Copyright (C) Andrew Bartlett 2002-2007
+ Copyright (C) Volker Lendecke 2009
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
return true;
}
+/* Check DC connection */
+
+static bool wbinfo_ping_dc(void)
+{
+ wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+ struct wbcAuthErrorInfo *error = NULL;
+
+ wbc_status = wbcPingDc(NULL, &error);
+
+ d_printf("checking the NETLOGON dc connection %s\n",
+ WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
+
+ if (wbc_status == WBC_ERR_AUTH_ERROR) {
+ d_fprintf(stderr, "error code was %s (0x%x)\n",
+ error->nt_string, error->nt_status);
+ wbcFreeMemory(error);
+ }
+ if (!WBC_ERROR_IS_OK(wbc_status)) {
+ return false;
+ }
+
+ return true;
+}
+
/* Convert uid to sid */
static bool wbinfo_uid_to_sid(uid_t uid)
OPT_VERBOSE,
OPT_ONLINESTATUS,
OPT_CHANGE_USER_PASSWORD,
+ OPT_PING_DC,
OPT_SID_TO_FULLNAME,
OPT_NTLMV2,
OPT_LANMAN
{ "remove-gid-mapping", 0, POPT_ARG_STRING, &string_arg, OPT_REMOVE_GID_MAPPING, "Remove gid to sid mapping in idmap", "GID,SID" },
{ "check-secret", 't', POPT_ARG_NONE, 0, 't', "Check shared secret" },
{ "change-secret", 'c', POPT_ARG_NONE, 0, 'c', "Change shared secret" },
+ { "ping-dc", 0, POPT_ARG_NONE, 0, OPT_PING_DC,
+ "Check the NETLOGON connection" },
{ "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm', "List trusted domains" },
{ "all-domains", 0, POPT_ARG_NONE, 0, OPT_LIST_ALL_DOMAINS, "List all domains (trusted and own domain)" },
{ "own-domain", 0, POPT_ARG_NONE, 0, OPT_LIST_OWN_DOMAIN, "List own domain" },
goto done;
}
break;
+ case OPT_PING_DC:
+ if (!wbinfo_ping_dc()) {
+ d_fprintf(stderr, "Could not ping our DC\n");
+ goto done;
+ }
+ break;
case 'm':
if (!wbinfo_list_domains(false, verbose)) {
d_fprintf(stderr,
/* Update this when you change the interface.
* 21: added WINBINDD_GETPWSID
* added WINBINDD_GETSIDALIASES
+ * 22: added WINBINDD_PING_DC
*/
-#define WINBIND_INTERFACE_VERSION 21
+#define WINBIND_INTERFACE_VERSION 22
/* Have to deal with time_t being 4 or 8 bytes due to structure alignment.
On a 64bit Linux box, we have to support a constant structure size
WINBINDD_CHECK_MACHACC, /* Check machine account pw works */
WINBINDD_CHANGE_MACHACC, /* Change machine account pw */
+ WINBINDD_PING_DC, /* Ping the DC through NETLOGON */
WINBINDD_PING, /* Just tell me winbind is running */
WINBINDD_INFO, /* Various bit of info. Currently just tidbits */
WINBINDD_DOMAIN_NAME, /* The domain this winbind server is a member of (lp_workgroup()) */
libsmb/ntlmssp.o \
libsmb/ntlmssp_sign.o \
$(LIBNDR_NTLMSSP_OBJ) \
- libsmb/ntlmssp_ndr.o
+ ../libcli/auth/ntlmssp_ndr.o
LIBSAMBA_OBJ = $(LIBSMB_OBJ0) \
$(LIBSMB_ERR_OBJ)
$(PROFILE_OBJ) $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) \
$(LIBSAMBA_OBJ) $(FNAME_UTIL_OBJ)
-SMBCONTROL_OBJ = utils/smbcontrol.o $(LOCKING_OBJ) $(PARAM_OBJ) \
- $(PROFILE_OBJ) $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) \
- $(LIBSAMBA_OBJ) $(FNAME_UTIL_OBJ) \
- $(PRINTBASE_OBJ)
+SMBCONTROL_OBJ = utils/smbcontrol.o $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \
+ $(LIBSMB_ERR_OBJ) $(POPT_LIB_OBJ) $(PRINTBASE_OBJ)
SMBTREE_OBJ = utils/smbtree.o $(PARAM_OBJ) \
$(PROFILE_OBJ) $(LIB_NONSMBD_OBJ) $(LIBSMB_OBJ) \
WINBINDD_OBJ1 = \
winbindd/winbindd.o \
- winbindd/winbindd_user.o \
winbindd/winbindd_group.o \
winbindd/winbindd_util.o \
winbindd/winbindd_cache.o \
winbindd/winbindd_list_groups.o \
winbindd/winbindd_check_machine_acct.o \
winbindd/winbindd_change_machine_acct.o \
+ winbindd/winbindd_ping_dc.o \
winbindd/winbindd_set_mapping.o \
winbindd/winbindd_remove_mapping.o \
winbindd/winbindd_set_hwm.o \
*/
#include "includes.h"
+#include "ntlmssp.h"
/**
* Return the challenge as determined by the authentication subsystem
* @return an 8 byte random challenge
*/
-static void auth_ntlmssp_get_challenge(const struct ntlmssp_state *ntlmssp_state,
- uint8_t chal[8])
+static NTSTATUS auth_ntlmssp_get_challenge(const struct ntlmssp_state *ntlmssp_state,
+ uint8_t chal[8])
{
AUTH_NTLMSSP_STATE *auth_ntlmssp_state =
(AUTH_NTLMSSP_STATE *)ntlmssp_state->auth_context;
auth_ntlmssp_state->auth_context->get_ntlm_challenge(
auth_ntlmssp_state->auth_context, chal);
+ return NT_STATUS_OK;
}
/**
#include "includes.h"
-bool smb_splice_chain(uint8_t **poutbuf, uint8_t smb_command,
- uint8_t wct, const uint16_t *vwv,
- size_t bytes_alignment,
- uint32_t num_bytes, const uint8_t *bytes);
-
/*
* Fetch an error out of a NBT packet
*/
union {
struct schannel_state *schannel_auth;
- NTLMSSP_STATE *ntlmssp_state;
+ struct ntlmssp_state *ntlmssp_state;
struct kerberos_auth_struct *kerberos_auth;
} a_u;
};
uint16 enc_ctx_num;
bool enc_on;
union {
- NTLMSSP_STATE *ntlmssp_state;
+ struct ntlmssp_state *ntlmssp_state;
#if defined(HAVE_GSSAPI) && defined(HAVE_KRB5)
struct smb_tran_enc_state_gss *gss_state;
#endif
#include "../lib/crypto/arcfour.h"
#include "../lib/crypto/crc32.h"
#include "../lib/crypto/hmacmd5.h"
-#include "ntlmssp.h"
+
+struct ntlmssp_state;
+
#include "auth.h"
#include "ntdomain.h"
#include "reg_objects.h"
*/
/* NTLMSSP mode */
-enum NTLMSSP_ROLE
+enum ntlmssp_role
{
NTLMSSP_SERVER,
NTLMSSP_CLIENT
};
/* NTLMSSP message types */
-enum NTLM_MESSAGE_TYPE
+enum ntlmssp_message_type
{
NTLMSSP_INITIAL = 0 /* samba internal state */,
NTLMSSP_NEGOTIATE = 1,
#define NTLMSSP_FEATURE_SIGN 0x00000002
#define NTLMSSP_FEATURE_SEAL 0x00000004
-typedef struct ntlmssp_state
+struct ntlmssp_state
{
- unsigned int ref_count;
- enum NTLMSSP_ROLE role;
+ enum ntlmssp_role role;
enum server_types server_role;
- uint32 expected_state;
+ uint32_t expected_state;
bool unicode;
bool use_ntlmv2;
DATA_BLOB internal_chal; /* Random challenge as supplied to the client for NTLM authentication */
DATA_BLOB chal; /* Random challenge as input into the actual NTLM (or NTLM2) authentication */
- DATA_BLOB lm_resp;
+ DATA_BLOB lm_resp;
DATA_BLOB nt_resp;
DATA_BLOB session_key;
- uint32 neg_flags; /* the current state of negotiation with the NTLMSSP partner */
+ uint32_t neg_flags; /* the current state of negotiation with the NTLMSSP partner */
void *auth_context;
* Callback to get the 'challenge' used for NTLM authentication.
*
* @param ntlmssp_state This structure
- * @return 8 bytes of challnege data, determined by the server to be the challenge for NTLM authentication
+ * @return 8 bytes of challenge data, determined by the server to be the challenge for NTLM authentication
*
*/
- void (*get_challenge)(const struct ntlmssp_state *ntlmssp_state,
- uint8_t challenge[8]);
+ NTSTATUS (*get_challenge)(const struct ntlmssp_state *ntlmssp_state,
+ uint8_t challenge[8]);
/**
* Callback to find if the challenge used by NTLM authentication may be modified
struct arcfour_state send_seal_arc4_state;
struct arcfour_state recv_seal_arc4_state;
- uint32 ntlm2_send_seq_num;
- uint32 ntlm2_recv_seq_num;
+ uint32_t ntlm2_send_seq_num;
+ uint32_t ntlm2_recv_seq_num;
/* ntlmv1 */
struct arcfour_state ntlmv1_arc4_state;
- uint32 ntlmv1_seq_num;
-
- /* it turns out that we don't always get the
- response in at the time we want to process it.
- Store it here, until we need it */
- DATA_BLOB stored_response;
-} NTLMSSP_STATE;
+ uint32_t ntlmv1_seq_num;
+};
struct event_context *ev,
struct cli_state *cli);
NTSTATUS cli_session_setup_guest_recv(struct tevent_req *req);
-bool cli_ulogoff(struct cli_state *cli);
+struct tevent_req *cli_ulogoff_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli);
+NTSTATUS cli_ulogoff_recv(struct tevent_req *req);
+NTSTATUS cli_ulogoff(struct cli_state *cli);
struct tevent_req *cli_tcon_andx_create(TALLOC_CTX *mem_ctx,
struct event_context *ev,
struct cli_state *cli,
NTSTATUS cli_tcon_andx_recv(struct tevent_req *req);
NTSTATUS cli_tcon_andx(struct cli_state *cli, const char *share,
const char *dev, const char *pass, int passlen);
-bool cli_tdis(struct cli_state *cli);
+struct tevent_req *cli_tdis_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli);
+NTSTATUS cli_tdis_recv(struct tevent_req *req);
+NTSTATUS cli_tdis(struct cli_state *cli);
void cli_negprot_sendsync(struct cli_state *cli);
NTSTATUS cli_negprot(struct cli_state *cli);
struct tevent_req *cli_negprot_send(TALLOC_CTX *mem_ctx,
NTSTATUS check_negative_conn_cache_timeout( const char *domain, const char *server, unsigned int failed_cache_timeout );
NTSTATUS check_negative_conn_cache( const char *domain, const char *server);
void add_failed_connection_entry(const char *domain, const char *server, NTSTATUS result) ;
-void delete_negative_conn_cache(const char *domain, const char *server);
-void flush_negative_conn_cache( void );
void flush_negative_conn_cache_for_domain(const char *domain);
/* The following definitions come from ../librpc/rpc/dcerpc_error.c */
/* The following definitions come from libsmb/ntlmssp.c */
void debug_ntlmssp_flags(uint32 neg_flags);
-NTSTATUS ntlmssp_set_username(NTLMSSP_STATE *ntlmssp_state, const char *user) ;
-NTSTATUS ntlmssp_set_hashes(NTLMSSP_STATE *ntlmssp_state,
+NTSTATUS ntlmssp_set_username(struct ntlmssp_state *ntlmssp_state, const char *user) ;
+NTSTATUS ntlmssp_set_hashes(struct ntlmssp_state *ntlmssp_state,
const unsigned char lm_hash[16],
const unsigned char nt_hash[16]) ;
-NTSTATUS ntlmssp_set_password(NTLMSSP_STATE *ntlmssp_state, const char *password) ;
-NTSTATUS ntlmssp_set_domain(NTLMSSP_STATE *ntlmssp_state, const char *domain) ;
-NTSTATUS ntlmssp_set_workstation(NTLMSSP_STATE *ntlmssp_state, const char *workstation) ;
-NTSTATUS ntlmssp_store_response(NTLMSSP_STATE *ntlmssp_state,
- DATA_BLOB response) ;
-void ntlmssp_want_feature_list(NTLMSSP_STATE *ntlmssp_state, char *feature_list);
-void ntlmssp_want_feature(NTLMSSP_STATE *ntlmssp_state, uint32 feature);
-NTSTATUS ntlmssp_update(NTLMSSP_STATE *ntlmssp_state,
+NTSTATUS ntlmssp_set_password(struct ntlmssp_state *ntlmssp_state, const char *password) ;
+NTSTATUS ntlmssp_set_domain(struct ntlmssp_state *ntlmssp_state, const char *domain) ;
+NTSTATUS ntlmssp_set_workstation(struct ntlmssp_state *ntlmssp_state, const char *workstation) ;
+void ntlmssp_want_feature_list(struct ntlmssp_state *ntlmssp_state, char *feature_list);
+void ntlmssp_want_feature(struct ntlmssp_state *ntlmssp_state, uint32 feature);
+NTSTATUS ntlmssp_update(struct ntlmssp_state *ntlmssp_state,
const DATA_BLOB in, DATA_BLOB *out) ;
-void ntlmssp_end(NTLMSSP_STATE **ntlmssp_state);
-DATA_BLOB ntlmssp_weaken_keys(NTLMSSP_STATE *ntlmssp_state, TALLOC_CTX *mem_ctx);
-NTSTATUS ntlmssp_server_start(NTLMSSP_STATE **ntlmssp_state);
-NTSTATUS ntlmssp_client_start(NTLMSSP_STATE **ntlmssp_state);
+void ntlmssp_end(struct ntlmssp_state **ntlmssp_state);
+DATA_BLOB ntlmssp_weaken_keys(struct ntlmssp_state *ntlmssp_state, TALLOC_CTX *mem_ctx);
+NTSTATUS ntlmssp_server_start(struct ntlmssp_state **ntlmssp_state);
+NTSTATUS ntlmssp_client_start(struct ntlmssp_state **ntlmssp_state);
/* The following definitions come from libsmb/ntlmssp_sign.c */
-NTSTATUS ntlmssp_sign_packet(NTLMSSP_STATE *ntlmssp_state,
+NTSTATUS ntlmssp_sign_packet(struct ntlmssp_state *ntlmssp_state,
const uchar *data, size_t length,
const uchar *whole_pdu, size_t pdu_length,
DATA_BLOB *sig) ;
-NTSTATUS ntlmssp_check_packet(NTLMSSP_STATE *ntlmssp_state,
+NTSTATUS ntlmssp_check_packet(struct ntlmssp_state *ntlmssp_state,
const uchar *data, size_t length,
const uchar *whole_pdu, size_t pdu_length,
const DATA_BLOB *sig) ;
-NTSTATUS ntlmssp_seal_packet(NTLMSSP_STATE *ntlmssp_state,
+NTSTATUS ntlmssp_seal_packet(struct ntlmssp_state *ntlmssp_state,
uchar *data, size_t length,
uchar *whole_pdu, size_t pdu_length,
DATA_BLOB *sig);
-NTSTATUS ntlmssp_unseal_packet(NTLMSSP_STATE *ntlmssp_state,
+NTSTATUS ntlmssp_unseal_packet(struct ntlmssp_state *ntlmssp_state,
uchar *data, size_t length,
uchar *whole_pdu, size_t pdu_length,
DATA_BLOB *sig);
-NTSTATUS ntlmssp_sign_init(NTLMSSP_STATE *ntlmssp_state);
+NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state);
/* The following definitions come from libsmb/passchange.c */
NTSTATUS get_enc_ctx_num(const uint8_t *buf, uint16 *p_enc_ctx_num);
bool common_encryption_on(struct smb_trans_enc_state *es);
-NTSTATUS common_ntlm_decrypt_buffer(NTLMSSP_STATE *ntlmssp_state, char *buf);
-NTSTATUS common_ntlm_encrypt_buffer(NTLMSSP_STATE *ntlmssp_state,
+NTSTATUS common_ntlm_decrypt_buffer(struct ntlmssp_state *ntlmssp_state, char *buf);
+NTSTATUS common_ntlm_encrypt_buffer(struct ntlmssp_state *ntlmssp_state,
uint16 enc_ctx_num,
char *buf,
char **ppbuf_out);
int error_packet(char *outbuf, uint8 eclass, uint32 ecode, NTSTATUS ntstatus, int line, const char *file);
void reply_nt_error(struct smb_request *req, NTSTATUS ntstatus,
int line, const char *file);
-void reply_force_nt_error(struct smb_request *req, NTSTATUS ntstatus,
- int line, const char *file);
-void reply_dos_error(struct smb_request *req, uint8 eclass, uint32 ecode,
+void reply_force_dos_error(struct smb_request *req, uint8 eclass, uint32 ecode,
int line, const char *file);
void reply_both_error(struct smb_request *req, uint8 eclass, uint32 ecode,
NTSTATUS status, int line, const char *file);
void create_file_sids(const SMB_STRUCT_STAT *psbuf, DOM_SID *powner_sid, DOM_SID *pgroup_sid);
bool nt4_compatible_acls(void);
+uint32_t map_canon_ace_perms(int snum,
+ enum security_ace_type *pacl_type,
+ mode_t perms,
+ bool directory_ace);
NTSTATUS unpack_nt_owners(int snum, uid_t *puser, gid_t *pgrp, uint32 security_info_sent, const SEC_DESC *psd);
SMB_ACL_T free_empty_sys_acl(connection_struct *conn, SMB_ACL_T the_acl);
NTSTATUS posix_fget_nt_acl(struct files_struct *fsp, uint32_t security_info,
#define _SMB_H
/* logged when starting the various Samba daemons */
-#define COPYRIGHT_STARTUP_MESSAGE "Copyright Andrew Tridgell and the Samba Team 1992-2009"
+#define COPYRIGHT_STARTUP_MESSAGE "Copyright Andrew Tridgell and the Samba Team 1992-2010"
#if defined(LARGE_SMB_OFF_T)
#define ERROR_BOTH(status,class,code) error_packet(outbuf,class,code,status,__LINE__,__FILE__)
#define reply_nterror(req,status) reply_nt_error(req,status,__LINE__,__FILE__)
-#define reply_force_nterror(req,status) reply_force_nt_error(req,status,__LINE__,__FILE__)
-#define reply_doserror(req,eclass,ecode) reply_dos_error(req,eclass,ecode,__LINE__,__FILE__)
+#define reply_force_doserror(req,eclass,ecode) reply_force_dos_error(req,eclass,ecode,__LINE__,__FILE__)
#define reply_botherror(req,status,eclass,ecode) reply_both_error(req,eclass,ecode,status,__LINE__,__FILE__)
#if 0
Tallocs a duplicate SID.
********************************************************************/
-DOM_SID *sid_dup_talloc(TALLOC_CTX *ctx, const DOM_SID *src)
+struct dom_sid *sid_dup_talloc(TALLOC_CTX *ctx, const struct dom_sid *src)
{
- DOM_SID *dst;
-
- if(!src)
+ struct dom_sid *dst;
+
+ if (src == NULL) {
return NULL;
-
- if((dst = TALLOC_ZERO_P(ctx, DOM_SID)) != NULL) {
- sid_copy( dst, src);
}
-
+ dst = talloc_zero(ctx, struct dom_sid);
+ if (dst == NULL) {
+ return NULL;
+ }
+ sid_copy(dst, src);
return dst;
}
#include "includes.h"
#include "../libcli/auth/spnego.h"
+#include "ntlmssp.h"
#ifdef HAVE_LDAP
return r.out.result;
}
+struct rpccli_wbint_PingDc_state {
+ struct wbint_PingDc orig;
+ struct wbint_PingDc tmp;
+ TALLOC_CTX *out_mem_ctx;
+ NTSTATUS (*dispatch_recv)(struct tevent_req *req, TALLOC_CTX *mem_ctx);
+};
+
+static void rpccli_wbint_PingDc_done(struct tevent_req *subreq);
+
+struct tevent_req *rpccli_wbint_PingDc_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct rpc_pipe_client *cli)
+{
+ struct tevent_req *req;
+ struct rpccli_wbint_PingDc_state *state;
+ struct tevent_req *subreq;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct rpccli_wbint_PingDc_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->out_mem_ctx = NULL;
+ state->dispatch_recv = cli->dispatch_recv;
+
+ /* In parameters */
+
+ /* Out parameters */
+
+ /* Result */
+ ZERO_STRUCT(state->orig.out.result);
+
+ /* make a temporary copy, that we pass to the dispatch function */
+ state->tmp = state->orig;
+
+ subreq = cli->dispatch_send(state, ev, cli,
+ &ndr_table_wbint,
+ NDR_WBINT_PINGDC,
+ &state->tmp);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, rpccli_wbint_PingDc_done, req);
+ return req;
+}
+
+static void rpccli_wbint_PingDc_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct rpccli_wbint_PingDc_state *state = tevent_req_data(
+ req, struct rpccli_wbint_PingDc_state);
+ NTSTATUS status;
+ TALLOC_CTX *mem_ctx;
+
+ if (state->out_mem_ctx) {
+ mem_ctx = state->out_mem_ctx;
+ } else {
+ mem_ctx = state;
+ }
+
+ status = state->dispatch_recv(subreq, mem_ctx);
+ TALLOC_FREE(subreq);
+ if (!NT_STATUS_IS_OK(status)) {
+ tevent_req_nterror(req, status);
+ return;
+ }
+
+ /* Copy out parameters */
+
+ /* Copy result */
+ state->orig.out.result = state->tmp.out.result;
+
+ /* Reset temporary structure */
+ ZERO_STRUCT(state->tmp);
+
+ tevent_req_done(req);
+}
+
+NTSTATUS rpccli_wbint_PingDc_recv(struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ NTSTATUS *result)
+{
+ struct rpccli_wbint_PingDc_state *state = tevent_req_data(
+ req, struct rpccli_wbint_PingDc_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ tevent_req_received(req);
+ return status;
+ }
+
+ /* Steal possbile out parameters to the callers context */
+ talloc_steal(mem_ctx, state->out_mem_ctx);
+
+ /* Return result */
+ *result = state->orig.out.result;
+
+ tevent_req_received(req);
+ return NT_STATUS_OK;
+}
+
+NTSTATUS rpccli_wbint_PingDc(struct rpc_pipe_client *cli,
+ TALLOC_CTX *mem_ctx)
+{
+ struct wbint_PingDc r;
+ NTSTATUS status;
+
+ /* In parameters */
+
+ status = cli->dispatch(cli,
+ mem_ctx,
+ &ndr_table_wbint,
+ NDR_WBINT_PINGDC,
+ &r);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ if (NT_STATUS_IS_ERR(status)) {
+ return status;
+ }
+
+ /* Return variables */
+
+ /* Return result */
+ return r.out.result;
+}
+
struct rpccli_wbint_SetMapping_state {
struct wbint_SetMapping orig;
struct wbint_SetMapping tmp;
NTSTATUS *result);
NTSTATUS rpccli_wbint_ChangeMachineAccount(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx);
+struct tevent_req *rpccli_wbint_PingDc_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct rpc_pipe_client *cli);
+NTSTATUS rpccli_wbint_PingDc_recv(struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ NTSTATUS *result);
+NTSTATUS rpccli_wbint_PingDc(struct rpc_pipe_client *cli,
+ TALLOC_CTX *mem_ctx);
struct tevent_req *rpccli_wbint_SetMapping_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct rpc_pipe_client *cli,
ndr->depth--;
}
+static enum ndr_err_code ndr_push_wbint_PingDc(struct ndr_push *ndr, int flags, const struct wbint_PingDc *r)
+{
+ if (flags & NDR_IN) {
+ }
+ if (flags & NDR_OUT) {
+ NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+ }
+ return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_wbint_PingDc(struct ndr_pull *ndr, int flags, struct wbint_PingDc *r)
+{
+ if (flags & NDR_IN) {
+ }
+ if (flags & NDR_OUT) {
+ NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+ }
+ return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_wbint_PingDc(struct ndr_print *ndr, const char *name, int flags, const struct wbint_PingDc *r)
+{
+ ndr_print_struct(ndr, name, "wbint_PingDc");
+ ndr->depth++;
+ if (flags & NDR_SET_VALUES) {
+ ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+ }
+ if (flags & NDR_IN) {
+ ndr_print_struct(ndr, "in", "wbint_PingDc");
+ ndr->depth++;
+ ndr->depth--;
+ }
+ if (flags & NDR_OUT) {
+ ndr_print_struct(ndr, "out", "wbint_PingDc");
+ ndr->depth++;
+ ndr_print_NTSTATUS(ndr, "result", r->out.result);
+ ndr->depth--;
+ }
+ ndr->depth--;
+}
+
static enum ndr_err_code ndr_push_wbint_SetMapping(struct ndr_push *ndr, int flags, const struct wbint_SetMapping *r)
{
if (flags & NDR_IN) {
(ndr_print_function_t) ndr_print_wbint_ChangeMachineAccount,
false,
},
+ {
+ "wbint_PingDc",
+ sizeof(struct wbint_PingDc),
+ (ndr_push_flags_fn_t) ndr_push_wbint_PingDc,
+ (ndr_pull_flags_fn_t) ndr_pull_wbint_PingDc,
+ (ndr_print_function_t) ndr_print_wbint_PingDc,
+ false,
+ },
{
"wbint_SetMapping",
sizeof(struct wbint_SetMapping),
NDR_WBINT_VERSION
},
.helpstring = NDR_WBINT_HELPSTRING,
- .num_calls = 23,
+ .num_calls = 24,
.calls = wbint_calls,
.endpoints = &wbint_endpoints,
.authservices = &wbint_authservices
#define NDR_WBINT_CHANGEMACHINEACCOUNT (0x13)
-#define NDR_WBINT_SETMAPPING (0x14)
+#define NDR_WBINT_PINGDC (0x14)
-#define NDR_WBINT_REMOVEMAPPING (0x15)
+#define NDR_WBINT_SETMAPPING (0x15)
-#define NDR_WBINT_SETHWM (0x16)
+#define NDR_WBINT_REMOVEMAPPING (0x16)
-#define NDR_WBINT_CALL_COUNT (23)
+#define NDR_WBINT_SETHWM (0x17)
+
+#define NDR_WBINT_CALL_COUNT (24)
enum ndr_err_code ndr_push_wbint_userinfo(struct ndr_push *ndr, int ndr_flags, const struct wbint_userinfo *r);
enum ndr_err_code ndr_pull_wbint_userinfo(struct ndr_pull *ndr, int ndr_flags, struct wbint_userinfo *r);
void ndr_print_wbint_userinfo(struct ndr_print *ndr, const char *name, const struct wbint_userinfo *r);
void ndr_print_wbint_LookupRids(struct ndr_print *ndr, const char *name, int flags, const struct wbint_LookupRids *r);
void ndr_print_wbint_CheckMachineAccount(struct ndr_print *ndr, const char *name, int flags, const struct wbint_CheckMachineAccount *r);
void ndr_print_wbint_ChangeMachineAccount(struct ndr_print *ndr, const char *name, int flags, const struct wbint_ChangeMachineAccount *r);
+void ndr_print_wbint_PingDc(struct ndr_print *ndr, const char *name, int flags, const struct wbint_PingDc *r);
void ndr_print_wbint_SetMapping(struct ndr_print *ndr, const char *name, int flags, const struct wbint_SetMapping *r);
void ndr_print_wbint_RemoveMapping(struct ndr_print *ndr, const char *name, int flags, const struct wbint_RemoveMapping *r);
void ndr_print_wbint_SetHWM(struct ndr_print *ndr, const char *name, int flags, const struct wbint_SetHWM *r);
return true;
}
+static bool api_wbint_PingDc(pipes_struct *p)
+{
+ const struct ndr_interface_call *call;
+ struct ndr_pull *pull;
+ struct ndr_push *push;
+ enum ndr_err_code ndr_err;
+ DATA_BLOB blob;
+ struct wbint_PingDc *r;
+
+ call = &ndr_table_wbint.calls[NDR_WBINT_PINGDC];
+
+ r = talloc(talloc_tos(), struct wbint_PingDc);
+ if (r == NULL) {
+ return false;
+ }
+
+ if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+ talloc_free(r);
+ return false;
+ }
+
+ pull = ndr_pull_init_blob(&blob, r, NULL);
+ if (pull == NULL) {
+ talloc_free(r);
+ return false;
+ }
+
+ pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+ ndr_err = call->ndr_pull(pull, NDR_IN, r);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ talloc_free(r);
+ return false;
+ }
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(wbint_PingDc, r);
+ }
+
+ r->out.result = _wbint_PingDc(p, r);
+
+ if (p->rng_fault_state) {
+ talloc_free(r);
+ /* Return true here, srv_pipe_hnd.c will take care */
+ return true;
+ }
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(wbint_PingDc, r);
+ }
+
+ push = ndr_push_init_ctx(r, NULL);
+ if (push == NULL) {
+ talloc_free(r);
+ return false;
+ }
+
+ ndr_err = call->ndr_push(push, NDR_OUT, r);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ talloc_free(r);
+ return false;
+ }
+
+ blob = ndr_push_blob(push);
+ if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+ talloc_free(r);
+ return false;
+ }
+
+ talloc_free(r);
+
+ return true;
+}
+
static bool api_wbint_SetMapping(pipes_struct *p)
{
const struct ndr_interface_call *call;
{"WBINT_LOOKUPRIDS", NDR_WBINT_LOOKUPRIDS, api_wbint_LookupRids},
{"WBINT_CHECKMACHINEACCOUNT", NDR_WBINT_CHECKMACHINEACCOUNT, api_wbint_CheckMachineAccount},
{"WBINT_CHANGEMACHINEACCOUNT", NDR_WBINT_CHANGEMACHINEACCOUNT, api_wbint_ChangeMachineAccount},
+ {"WBINT_PINGDC", NDR_WBINT_PINGDC, api_wbint_PingDc},
{"WBINT_SETMAPPING", NDR_WBINT_SETMAPPING, api_wbint_SetMapping},
{"WBINT_REMOVEMAPPING", NDR_WBINT_REMOVEMAPPING, api_wbint_RemoveMapping},
{"WBINT_SETHWM", NDR_WBINT_SETHWM, api_wbint_SetHWM},
return NT_STATUS_OK;
}
+ case NDR_WBINT_PINGDC: {
+ struct wbint_PingDc *r = (struct wbint_PingDc *)_r;
+ r->out.result = _wbint_PingDc(cli->pipes_struct, r);
+ return NT_STATUS_OK;
+ }
+
case NDR_WBINT_SETMAPPING: {
struct wbint_SetMapping *r = (struct wbint_SetMapping *)_r;
r->out.result = _wbint_SetMapping(cli->pipes_struct, r);
NTSTATUS _wbint_LookupRids(pipes_struct *p, struct wbint_LookupRids *r);
NTSTATUS _wbint_CheckMachineAccount(pipes_struct *p, struct wbint_CheckMachineAccount *r);
NTSTATUS _wbint_ChangeMachineAccount(pipes_struct *p, struct wbint_ChangeMachineAccount *r);
+NTSTATUS _wbint_PingDc(pipes_struct *p, struct wbint_PingDc *r);
NTSTATUS _wbint_SetMapping(pipes_struct *p, struct wbint_SetMapping *r);
NTSTATUS _wbint_RemoveMapping(pipes_struct *p, struct wbint_RemoveMapping *r);
NTSTATUS _wbint_SetHWM(pipes_struct *p, struct wbint_SetHWM *r);
NTSTATUS _wbint_LookupRids(pipes_struct *p, struct wbint_LookupRids *r);
NTSTATUS _wbint_CheckMachineAccount(pipes_struct *p, struct wbint_CheckMachineAccount *r);
NTSTATUS _wbint_ChangeMachineAccount(pipes_struct *p, struct wbint_ChangeMachineAccount *r);
+NTSTATUS _wbint_PingDc(pipes_struct *p, struct wbint_PingDc *r);
NTSTATUS _wbint_SetMapping(pipes_struct *p, struct wbint_SetMapping *r);
NTSTATUS _wbint_RemoveMapping(pipes_struct *p, struct wbint_RemoveMapping *r);
NTSTATUS _wbint_SetHWM(pipes_struct *p, struct wbint_SetHWM *r);
};
+struct wbint_PingDc {
+ struct {
+ NTSTATUS result;
+ } out;
+
+};
+
+
struct wbint_SetMapping {
struct {
struct dom_sid *sid;/* [ref] */
NTSTATUS wbint_ChangeMachineAccount(
);
+ NTSTATUS wbint_PingDc(
+ );
+
typedef [public] enum {
WBINT_ID_TYPE_NOT_SPECIFIED,
WBINT_ID_TYPE_UID,
return;
}
-/**
- * @brief Find the smb_cmd offset of the last command pushed
- * @param[in] buf The buffer we're building up
- * @retval Where can we put our next andx cmd?
- *
- * While chaining requests, the "next" request we're looking at needs to put
- * its SMB_Command before the data the previous request already built up added
- * to the chain. Find the offset to the place where we have to put our cmd.
- */
-
-static bool find_andx_cmd_ofs(uint8_t *buf, size_t *pofs)
-{
- uint8_t cmd;
- size_t ofs;
-
- cmd = CVAL(buf, smb_com);
-
- SMB_ASSERT(is_andx_req(cmd));
-
- ofs = smb_vwv0;
-
- while (CVAL(buf, ofs) != 0xff) {
-
- if (!is_andx_req(CVAL(buf, ofs))) {
- return false;
- }
-
- /*
- * ofs is from start of smb header, so add the 4 length
- * bytes. The next cmd is right after the wct field.
- */
- ofs = SVAL(buf, ofs+2) + 4 + 1;
-
- SMB_ASSERT(ofs+4 < talloc_get_size(buf));
- }
-
- *pofs = ofs;
- return true;
-}
-
-/**
- * @brief Do the smb chaining at a buffer level
- * @param[in] poutbuf Pointer to the talloc'ed buffer to be modified
- * @param[in] smb_command The command that we want to issue
- * @param[in] wct How many words?
- * @param[in] vwv The words, already in network order
- * @param[in] bytes_alignment How shall we align "bytes"?
- * @param[in] num_bytes How many bytes?
- * @param[in] bytes The data the request ships
- *
- * smb_splice_chain() adds the vwv and bytes to the request already present in
- * *poutbuf.
- */
-
-bool smb_splice_chain(uint8_t **poutbuf, uint8_t smb_command,
- uint8_t wct, const uint16_t *vwv,
- size_t bytes_alignment,
- uint32_t num_bytes, const uint8_t *bytes)
-{
- uint8_t *outbuf;
- size_t old_size, new_size;
- size_t ofs;
- size_t chain_padding = 0;
- size_t bytes_padding = 0;
- bool first_request;
-
- old_size = talloc_get_size(*poutbuf);
-
- /*
- * old_size == smb_wct means we're pushing the first request in for
- * libsmb/
- */
-
- first_request = (old_size == smb_wct);
-
- if (!first_request && ((old_size % 4) != 0)) {
- /*
- * Align the wct field of subsequent requests to a 4-byte
- * boundary
- */
- chain_padding = 4 - (old_size % 4);
- }
-
- /*
- * After the old request comes the new wct field (1 byte), the vwv's
- * and the num_bytes field. After at we might need to align the bytes
- * given to us to "bytes_alignment", increasing the num_bytes value.
- */
-
- new_size = old_size + chain_padding + 1 + wct * sizeof(uint16_t) + 2;
-
- if ((bytes_alignment != 0) && ((new_size % bytes_alignment) != 0)) {
- bytes_padding = bytes_alignment - (new_size % bytes_alignment);
- }
-
- new_size += bytes_padding + num_bytes;
-
- if ((smb_command != SMBwriteX) && (new_size > 0xffff)) {
- DEBUG(1, ("splice_chain: %u bytes won't fit\n",
- (unsigned)new_size));
- return false;
- }
-
- outbuf = TALLOC_REALLOC_ARRAY(NULL, *poutbuf, uint8_t, new_size);
- if (outbuf == NULL) {
- DEBUG(0, ("talloc failed\n"));
- return false;
- }
- *poutbuf = outbuf;
-
- if (first_request) {
- SCVAL(outbuf, smb_com, smb_command);
- } else {
- size_t andx_cmd_ofs;
-
- if (!find_andx_cmd_ofs(outbuf, &andx_cmd_ofs)) {
- DEBUG(1, ("invalid command chain\n"));
- *poutbuf = TALLOC_REALLOC_ARRAY(
- NULL, *poutbuf, uint8_t, old_size);
- return false;
- }
-
- if (chain_padding != 0) {
- memset(outbuf + old_size, 0, chain_padding);
- old_size += chain_padding;
- }
-
- SCVAL(outbuf, andx_cmd_ofs, smb_command);
- SSVAL(outbuf, andx_cmd_ofs + 2, old_size - 4);
- }
-
- ofs = old_size;
-
- /*
- * Push the chained request:
- *
- * wct field
- */
-
- SCVAL(outbuf, ofs, wct);
- ofs += 1;
-
- /*
- * vwv array
- */
-
- memcpy(outbuf + ofs, vwv, sizeof(uint16_t) * wct);
- ofs += sizeof(uint16_t) * wct;
-
- /*
- * bcc (byte count)
- */
-
- SSVAL(outbuf, ofs, num_bytes + bytes_padding);
- ofs += sizeof(uint16_t);
-
- /*
- * padding
- */
-
- if (bytes_padding != 0) {
- memset(outbuf + ofs, 0, bytes_padding);
- ofs += bytes_padding;
- }
-
- /*
- * The bytes field
- */
-
- memcpy(outbuf + ofs, bytes, num_bytes);
-
- return true;
-}
-
/**
* Figure out if there is an andx command behind the current one
* @param[in] buf The smb buffer to look at
{
struct tevent_req *result;
struct cli_smb_state *state;
+ struct timeval endtime;
if (iov_count > MAX_SMB_IOV) {
/*
}
state->iov_count = iov_count + 3;
+ endtime = timeval_current_ofs(0, cli->timeout * 1000);
+ if (!tevent_req_set_endtime(result, ev, endtime)) {
+ tevent_req_nomem(NULL, result);
+ }
return result;
}
}
iov[0].iov_base = (void *)buf;
iov[0].iov_len = talloc_get_size(buf);
- subreq = writev_send(state, state->ev, state->cli->outgoing,
- state->cli->fd, false, iov, 1);
- } else {
- subreq = writev_send(state, state->ev, state->cli->outgoing,
- state->cli->fd, false, iov, iov_count);
+ iov_count = 1;
}
+ subreq = writev_send(state, state->ev, state->cli->outgoing,
+ state->cli->fd, false, iov, iov_count);
if (subreq == NULL) {
return NT_STATUS_NO_MEMORY;
}
status = cli_pull_error((char *)state->inbuf);
- if (!have_andx_command((char *)state->inbuf, wct_ofs)
- && NT_STATUS_IS_ERR(status)) {
- /*
- * The last command takes the error code. All further commands
- * down the requested chain will get a
- * NT_STATUS_REQUEST_ABORTED.
- */
- return status;
+ if (!have_andx_command((char *)state->inbuf, wct_ofs)) {
+
+ if ((cmd == SMBsesssetupX)
+ && NT_STATUS_EQUAL(
+ status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ /*
+ * NT_STATUS_MORE_PROCESSING_REQUIRED is a
+ * valid return code for session setup
+ */
+ goto no_err;
+ }
+
+ if (NT_STATUS_IS_ERR(status)) {
+ /*
+ * The last command takes the error code. All
+ * further commands down the requested chain
+ * will get a NT_STATUS_REQUEST_ABORTED.
+ */
+ return status;
+ }
}
+no_err:
+
wct = CVAL(state->inbuf, wct_ofs);
bytes_offset = wct_ofs + 1 + wct * sizeof(uint16_t);
num_bytes = SVAL(state->inbuf, bytes_offset);
*pbytes = (uint8_t *)state->inbuf + bytes_offset + 2;
}
- return NT_STATUS_OK;
+ return status;
}
size_t cli_smb_wct_ofs(struct tevent_req **reqs, int num_reqs)
client connect/disconnect routines
Copyright (C) Andrew Tridgell 1994-1998
Copyright (C) Andrew Bartlett 2001-2003
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "../libcli/auth/libcli_auth.h"
#include "../libcli/auth/spnego.h"
#include "smb_krb5.h"
+#include "ntlmssp.h"
static const struct {
int prot;
cli_set_message(cli->outbuf,10, 0, True);
SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
cli_setup_packet(cli);
-
+
SCVAL(cli->outbuf,smb_vwv0,0xFF);
SSVAL(cli->outbuf,smb_vwv2,cli->max_xmit);
SSVAL(cli->outbuf,smb_vwv3,2);
if (cli_is_error(cli)) {
return cli_nt_error(cli);
}
-
+
/* use the returned vuid from now on */
cli->vuid = SVAL(cli->inbuf,smb_uid);
status = cli_set_username(cli, user);
char *p;
NTSTATUS status;
fstring lanman;
-
+
fstr_sprintf( lanman, "Samba %s", samba_version_string());
memset(cli->outbuf, '\0', smb_size);
cli_set_message(cli->outbuf,13,0,True);
SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
cli_setup_packet(cli);
-
+
SCVAL(cli->outbuf,smb_vwv0,0xFF);
SSVAL(cli->outbuf,smb_vwv2,CLI_BUFFER_SIZE);
SSVAL(cli->outbuf,smb_vwv3,2);
SSVAL(cli->outbuf,smb_vwv8,0);
SIVAL(cli->outbuf,smb_vwv11,capabilities);
p = smb_buf(cli->outbuf);
-
+
/* check wether to send the ASCII or UNICODE version of the password */
-
+
if ( (capabilities & CAP_UNICODE) == 0 ) {
p += clistr_push(cli, p, pass, -1, STR_TERMINATE); /* password */
SSVAL(cli->outbuf,smb_vwv7,PTR_DIFF(p, smb_buf(cli->outbuf)));
p += clistr_push(cli, p, pass, -1, STR_UNICODE|STR_TERMINATE); /* unicode password */
SSVAL(cli->outbuf,smb_vwv8,PTR_DIFF(p, smb_buf(cli->outbuf))-1);
}
-
+
p += clistr_push(cli, p, user, -1, STR_TERMINATE); /* username */
p += clistr_push(cli, p, workgroup, -1, STR_TERMINATE); /* workgroup */
p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
if (!cli_send_smb(cli) || !cli_receive_smb(cli)) {
return cli_nt_error(cli);
}
-
+
show_msg(cli->inbuf);
-
+
if (cli_is_error(cli)) {
return cli_nt_error(cli);
}
cli_set_message(cli->outbuf,13,0,True);
SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
cli_setup_packet(cli);
-
+
SCVAL(cli->outbuf,smb_vwv0,0xFF);
SSVAL(cli->outbuf,smb_vwv2,CLI_BUFFER_SIZE);
SSVAL(cli->outbuf,smb_vwv3,2);
/* use the returned vuid from now on */
cli->vuid = SVAL(cli->inbuf,smb_uid);
-
+
p = smb_buf(cli->inbuf);
p += clistr_pull(cli->inbuf, cli->server_os, p, sizeof(fstring),
-1, STR_TERMINATE);
return result;
}
-/****************************************************************************
- Send a extended security session setup blob
-****************************************************************************/
+/* The following is calculated from :
+ * (smb_size-4) = 35
+ * (smb_wcnt * 2) = 24 (smb_wcnt == 12 in cli_session_setup_blob_send() )
+ * (strlen("Unix") + 1 + strlen("Samba") + 1) * 2 = 22 (unicode strings at
+ * end of packet.
+ */
-static bool cli_session_setup_blob_send(struct cli_state *cli, DATA_BLOB blob)
-{
- uint32 capabilities = cli_session_setup_capabilities(cli);
- char *p;
+#define BASE_SESSSETUP_BLOB_PACKET_SIZE (35 + 24 + 22)
- capabilities |= CAP_EXTENDED_SECURITY;
+struct cli_sesssetup_blob_state {
+ struct tevent_context *ev;
+ struct cli_state *cli;
+ DATA_BLOB blob;
+ uint16_t max_blob_size;
+ uint16_t vwv[12];
+ uint8_t *buf;
- /* send a session setup command */
- memset(cli->outbuf,'\0',smb_size);
+ NTSTATUS status;
+ char *inbuf;
+ DATA_BLOB ret_blob;
+};
- cli_set_message(cli->outbuf,12,0,True);
- SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
+static bool cli_sesssetup_blob_next(struct cli_sesssetup_blob_state *state,
+ struct tevent_req **psubreq);
+static void cli_sesssetup_blob_done(struct tevent_req *subreq);
- cli_setup_packet(cli);
+static struct tevent_req *cli_sesssetup_blob_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ DATA_BLOB blob)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_sesssetup_blob_state *state;
- SCVAL(cli->outbuf,smb_vwv0,0xFF);
- SSVAL(cli->outbuf,smb_vwv2,CLI_BUFFER_SIZE);
- SSVAL(cli->outbuf,smb_vwv3,2);
- SSVAL(cli->outbuf,smb_vwv4,1);
- SIVAL(cli->outbuf,smb_vwv5,0);
- SSVAL(cli->outbuf,smb_vwv7,blob.length);
- SIVAL(cli->outbuf,smb_vwv10,capabilities);
- p = smb_buf(cli->outbuf);
- memcpy(p, blob.data, blob.length);
- p += blob.length;
- p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
- p += clistr_push(cli, p, "Samba", -1, STR_TERMINATE);
- cli_setup_bcc(cli, p);
- return cli_send_smb(cli);
-}
+ req = tevent_req_create(mem_ctx, &state,
+ struct cli_sesssetup_blob_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->blob = blob;
+ state->cli = cli;
-/****************************************************************************
- Send a extended security session setup blob, returning a reply blob.
-****************************************************************************/
+ if (cli->max_xmit < BASE_SESSSETUP_BLOB_PACKET_SIZE + 1) {
+ DEBUG(1, ("cli_session_setup_blob: cli->max_xmit too small "
+ "(was %u, need minimum %u)\n",
+ (unsigned int)cli->max_xmit,
+ BASE_SESSSETUP_BLOB_PACKET_SIZE));
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ return tevent_req_post(req, ev);
+ }
+ state->max_blob_size =
+ MIN(cli->max_xmit - BASE_SESSSETUP_BLOB_PACKET_SIZE, 0xFFFF);
-static DATA_BLOB cli_session_setup_blob_receive(struct cli_state *cli)
+ if (!cli_sesssetup_blob_next(state, &subreq)) {
+ tevent_req_nomem(NULL, req);
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_sesssetup_blob_done, req);
+ return req;
+}
+
+static bool cli_sesssetup_blob_next(struct cli_sesssetup_blob_state *state,
+ struct tevent_req **psubreq)
{
- DATA_BLOB blob2 = data_blob_null;
- char *p;
- size_t len;
+ struct tevent_req *subreq;
+ uint16_t thistime;
+
+ SCVAL(state->vwv+0, 0, 0xFF);
+ SCVAL(state->vwv+0, 1, 0);
+ SSVAL(state->vwv+1, 0, 0);
+ SSVAL(state->vwv+2, 0, CLI_BUFFER_SIZE);
+ SSVAL(state->vwv+3, 0, 2);
+ SSVAL(state->vwv+4, 0, 1);
+ SIVAL(state->vwv+5, 0, 0);
+
+ thistime = MIN(state->blob.length, state->max_blob_size);
+ SSVAL(state->vwv+7, 0, thistime);
+
+ SSVAL(state->vwv+8, 0, 0);
+ SSVAL(state->vwv+9, 0, 0);
+ SIVAL(state->vwv+10, 0,
+ cli_session_setup_capabilities(state->cli)
+ | CAP_EXTENDED_SECURITY);
+
+ state->buf = (uint8_t *)talloc_memdup(state, state->blob.data,
+ thistime);
+ if (state->buf == NULL) {
+ return false;
+ }
+ state->blob.data += thistime;
+ state->blob.length -= thistime;
- if (!cli_receive_smb(cli))
- return blob2;
+ state->buf = smb_bytes_push_str(state->buf, cli_ucs2(state->cli),
+ "Unix", 5, NULL);
+ state->buf = smb_bytes_push_str(state->buf, cli_ucs2(state->cli),
+ "Samba", 6, NULL);
+ if (state->buf == NULL) {
+ return false;
+ }
+ subreq = cli_smb_send(state, state->ev, state->cli, SMBsesssetupX, 0,
+ 12, state->vwv,
+ talloc_get_size(state->buf), state->buf);
+ if (subreq == NULL) {
+ return false;
+ }
+ *psubreq = subreq;
+ return true;
+}
- show_msg(cli->inbuf);
+static void cli_sesssetup_blob_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_sesssetup_blob_state *state = tevent_req_data(
+ req, struct cli_sesssetup_blob_state);
+ struct cli_state *cli = state->cli;
+ uint8_t wct;
+ uint16_t *vwv;
+ uint32_t num_bytes;
+ uint8_t *bytes;
+ NTSTATUS status;
+ uint8_t *p;
+ uint16_t blob_length;
- if (cli_is_error(cli) && !NT_STATUS_EQUAL(cli_nt_error(cli),
- NT_STATUS_MORE_PROCESSING_REQUIRED)) {
- return blob2;
+ status = cli_smb_recv(subreq, 1, &wct, &vwv, &num_bytes, &bytes);
+ if (!NT_STATUS_IS_OK(status)
+ && !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ TALLOC_FREE(subreq);
+ tevent_req_nterror(req, status);
+ return;
}
- /* use the returned vuid from now on */
- cli->vuid = SVAL(cli->inbuf,smb_uid);
+ state->status = status;
+ TALLOC_FREE(state->buf);
- p = smb_buf(cli->inbuf);
+ state->inbuf = (char *)cli_smb_inbuf(subreq);
+ cli->vuid = SVAL(state->inbuf, smb_uid);
+
+ blob_length = SVAL(vwv+3, 0);
+ if (blob_length > num_bytes) {
+ TALLOC_FREE(subreq);
+ tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+ state->ret_blob = data_blob_const(bytes, blob_length);
- blob2 = data_blob(p, SVAL(cli->inbuf, smb_vwv3));
+ p = bytes + blob_length;
- p += blob2.length;
- p += clistr_pull(cli->inbuf, cli->server_os, p, sizeof(fstring),
- -1, STR_TERMINATE);
+ p += clistr_pull(state->inbuf, cli->server_os,
+ (char *)p, sizeof(fstring),
+ bytes+num_bytes-p, STR_TERMINATE);
+ p += clistr_pull(state->inbuf, cli->server_type,
+ (char *)p, sizeof(fstring),
+ bytes+num_bytes-p, STR_TERMINATE);
+ p += clistr_pull(state->inbuf, cli->server_domain,
+ (char *)p, sizeof(fstring),
+ bytes+num_bytes-p, STR_TERMINATE);
- /* w2k with kerberos doesn't properly null terminate this field */
- len = smb_bufrem(cli->inbuf, p);
- if (p + len < cli->inbuf + cli->bufsize+SAFETY_MARGIN - 2) {
- char *end_of_buf = p + len;
+ if (strstr(cli->server_type, "Samba")) {
+ cli->is_samba = True;
+ }
- SSVAL(p, len, 0);
- /* Now it's null terminated. */
- p += clistr_pull(cli->inbuf, cli->server_type, p, sizeof(fstring),
- -1, STR_TERMINATE);
+ if (state->blob.length != 0) {
+ TALLOC_FREE(subreq);
/*
- * See if there's another string. If so it's the
- * server domain (part of the 'standard' Samba
- * server signature).
+ * More to send
*/
- if (p < end_of_buf) {
- p += clistr_pull(cli->inbuf, cli->server_domain, p, sizeof(fstring),
- -1, STR_TERMINATE);
+ if (!cli_sesssetup_blob_next(state, &subreq)) {
+ tevent_req_nomem(NULL, req);
+ return;
}
- } else {
- /*
- * No room to null terminate so we can't see if there
- * is another string (server_domain) afterwards.
- */
- p += clistr_pull(cli->inbuf, cli->server_type, p, sizeof(fstring),
- len, 0);
+ tevent_req_set_callback(subreq, cli_sesssetup_blob_done, req);
+ return;
}
- return blob2;
+ tevent_req_done(req);
}
-#ifdef HAVE_KRB5
-/****************************************************************************
- Send a extended security session setup blob, returning a reply blob.
-****************************************************************************/
-
-/* The following is calculated from :
- * (smb_size-4) = 35
- * (smb_wcnt * 2) = 24 (smb_wcnt == 12 in cli_session_setup_blob_send() )
- * (strlen("Unix") + 1 + strlen("Samba") + 1) * 2 = 22 (unicode strings at
- * end of packet.
- */
-
-#define BASE_SESSSETUP_BLOB_PACKET_SIZE (35 + 24 + 22)
-
-static bool cli_session_setup_blob(struct cli_state *cli, DATA_BLOB blob)
+static NTSTATUS cli_sesssetup_blob_recv(struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ DATA_BLOB *pblob,
+ char **pinbuf)
{
- int32 remaining = blob.length;
- int32 cur = 0;
- DATA_BLOB send_blob = data_blob_null;
- int32 max_blob_size = 0;
- DATA_BLOB receive_blob = data_blob_null;
+ struct cli_sesssetup_blob_state *state = tevent_req_data(
+ req, struct cli_sesssetup_blob_state);
+ NTSTATUS status;
+ char *inbuf;
- if (cli->max_xmit < BASE_SESSSETUP_BLOB_PACKET_SIZE + 1) {
- DEBUG(0,("cli_session_setup_blob: cli->max_xmit too small "
- "(was %u, need minimum %u)\n",
- (unsigned int)cli->max_xmit,
- BASE_SESSSETUP_BLOB_PACKET_SIZE));
- cli_set_nt_error(cli, NT_STATUS_INVALID_PARAMETER);
- return False;
+ if (tevent_req_is_nterror(req, &status)) {
+ state->cli->vuid = 0;
+ return status;
}
- max_blob_size = cli->max_xmit - BASE_SESSSETUP_BLOB_PACKET_SIZE;
-
- while ( remaining > 0) {
- if (remaining >= max_blob_size) {
- send_blob.length = max_blob_size;
- remaining -= max_blob_size;
- } else {
- send_blob.length = remaining;
- remaining = 0;
- }
-
- send_blob.data = &blob.data[cur];
- cur += send_blob.length;
-
- DEBUG(10, ("cli_session_setup_blob: Remaining (%u) sending (%u) current (%u)\n",
- (unsigned int)remaining,
- (unsigned int)send_blob.length,
- (unsigned int)cur ));
-
- if (!cli_session_setup_blob_send(cli, send_blob)) {
- DEBUG(0, ("cli_session_setup_blob: send failed\n"));
- return False;
- }
-
- receive_blob = cli_session_setup_blob_receive(cli);
- data_blob_free(&receive_blob);
-
- if (cli_is_error(cli) &&
- !NT_STATUS_EQUAL( cli_get_nt_error(cli),
- NT_STATUS_MORE_PROCESSING_REQUIRED)) {
- DEBUG(0, ("cli_session_setup_blob: receive failed "
- "(%s)\n", nt_errstr(cli_get_nt_error(cli))));
- cli->vuid = 0;
- return False;
- }
+ inbuf = talloc_move(mem_ctx, &state->inbuf);
+ if (pblob != NULL) {
+ *pblob = state->ret_blob;
}
-
- return True;
+ if (pinbuf != NULL) {
+ *pinbuf = inbuf;
+ }
+ /* could be NT_STATUS_MORE_PROCESSING_REQUIRED */
+ return state->status;
}
+#ifdef HAVE_KRB5
+
/****************************************************************************
Use in-memory credentials cache
****************************************************************************/
Do a spnego/kerberos encrypted session setup.
****************************************************************************/
-static ADS_STATUS cli_session_setup_kerberos(struct cli_state *cli, const char *principal, const char *workgroup)
-{
+struct cli_session_setup_kerberos_state {
+ struct cli_state *cli;
DATA_BLOB negTokenTarg;
DATA_BLOB session_key_krb5;
- NTSTATUS nt_status;
- int rc;
+ ADS_STATUS ads_status;
+};
- cli_temp_set_signing(cli);
+static void cli_session_setup_kerberos_done(struct tevent_req *subreq);
+
+static struct tevent_req *cli_session_setup_kerberos_send(
+ TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct cli_state *cli,
+ const char *principal, const char *workgroup)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_session_setup_kerberos_state *state;
+ int rc;
DEBUG(2,("Doing kerberos session setup\n"));
- /* generate the encapsulated kerberos5 ticket */
- rc = spnego_gen_negTokenTarg(principal, 0, &negTokenTarg, &session_key_krb5, 0, NULL);
+ req = tevent_req_create(mem_ctx, &state,
+ struct cli_session_setup_kerberos_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->cli = cli;
+ state->ads_status = ADS_SUCCESS;
+
+ cli_temp_set_signing(cli);
+ /*
+ * Ok, this is cheated: spnego_gen_negTokenTarg can block if
+ * we have to acquire a ticket. To be fixed later :-)
+ */
+ rc = spnego_gen_negTokenTarg(principal, 0, &state->negTokenTarg,
+ &state->session_key_krb5, 0, NULL);
if (rc) {
- DEBUG(1, ("cli_session_setup_kerberos: spnego_gen_negTokenTarg failed: %s\n",
- error_message(rc)));
- return ADS_ERROR_KRB5(rc);
+ DEBUG(1, ("cli_session_setup_kerberos: "
+ "spnego_gen_negTokenTarg failed: %s\n",
+ error_message(rc)));
+ state->ads_status = ADS_ERROR_KRB5(rc);
+ tevent_req_nterror(req, NT_STATUS_UNSUCCESSFUL);
+ return tevent_req_post(req, ev);
}
#if 0
- file_save("negTokenTarg.dat", negTokenTarg.data, negTokenTarg.length);
+ file_save("negTokenTarg.dat", state->negTokenTarg.data,
+ state->negTokenTarg.length);
#endif
- if (!cli_session_setup_blob(cli, negTokenTarg)) {
- nt_status = cli_nt_error(cli);
- goto nt_error;
+ subreq = cli_sesssetup_blob_send(state, ev, cli, state->negTokenTarg);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
}
+ tevent_req_set_callback(subreq, cli_session_setup_kerberos_done, req);
+ return req;
+}
- if (cli_is_error(cli)) {
- nt_status = cli_nt_error(cli);
- if (NT_STATUS_IS_OK(nt_status)) {
- nt_status = NT_STATUS_UNSUCCESSFUL;
- }
- goto nt_error;
- }
+static void cli_session_setup_kerberos_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_session_setup_kerberos_state *state = tevent_req_data(
+ req, struct cli_session_setup_kerberos_state);
+ char *inbuf = NULL;
+ NTSTATUS status;
- cli_set_session_key(cli, session_key_krb5);
+ status = cli_sesssetup_blob_recv(subreq, talloc_tos(), NULL, &inbuf);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(subreq);
+ tevent_req_nterror(req, status);
+ return;
+ }
- if (cli_simple_set_signing(
- cli, session_key_krb5, data_blob_null)) {
+ cli_set_session_key(state->cli, state->session_key_krb5);
- if (!cli_check_sign_mac(cli, cli->inbuf, 1)) {
- nt_status = NT_STATUS_ACCESS_DENIED;
- goto nt_error;
- }
+ if (cli_simple_set_signing(state->cli, state->session_key_krb5,
+ data_blob_null)
+ && !cli_check_sign_mac(state->cli, inbuf, 1)) {
+ TALLOC_FREE(subreq);
+ tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
+ return;
}
+ TALLOC_FREE(subreq);
+ tevent_req_done(req);
+}
+
+static ADS_STATUS cli_session_setup_kerberos_recv(struct tevent_req *req)
+{
+ struct cli_session_setup_kerberos_state *state = tevent_req_data(
+ req, struct cli_session_setup_kerberos_state);
+ NTSTATUS status;
- data_blob_free(&negTokenTarg);
- data_blob_free(&session_key_krb5);
+ if (tevent_req_is_nterror(req, &status)) {
+ return ADS_ERROR_NT(status);
+ }
+ return state->ads_status;
+}
- return ADS_ERROR_NT(NT_STATUS_OK);
+static ADS_STATUS cli_session_setup_kerberos(struct cli_state *cli,
+ const char *principal,
+ const char *workgroup)
+{
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ ADS_STATUS status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
-nt_error:
- data_blob_free(&negTokenTarg);
- data_blob_free(&session_key_krb5);
- cli->vuid = 0;
- return ADS_ERROR_NT(nt_status);
+ if (cli_has_async_calls(cli)) {
+ return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
+ }
+ ev = tevent_context_init(talloc_tos());
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_session_setup_kerberos_send(ev, ev, cli, principal,
+ workgroup);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll(req, ev)) {
+ status = ADS_ERROR_SYSTEM(errno);
+ goto fail;
+ }
+ status = cli_session_setup_kerberos_recv(req);
+fail:
+ TALLOC_FREE(ev);
+ return status;
}
#endif /* HAVE_KRB5 */
-
/****************************************************************************
Do a spnego/NTLMSSP encrypted session setup.
****************************************************************************/
-static NTSTATUS cli_session_setup_ntlmssp(struct cli_state *cli, const char *user,
- const char *pass, const char *domain)
-{
+struct cli_session_setup_ntlmssp_state {
+ struct tevent_context *ev;
+ struct cli_state *cli;
struct ntlmssp_state *ntlmssp_state;
- NTSTATUS nt_status;
- int turn = 1;
- DATA_BLOB msg1;
- DATA_BLOB blob = data_blob_null;
- DATA_BLOB blob_in = data_blob_null;
- DATA_BLOB blob_out = data_blob_null;
+ int turn;
+ DATA_BLOB blob_out;
+};
- cli_temp_set_signing(cli);
+static int cli_session_setup_ntlmssp_state_destructor(
+ struct cli_session_setup_ntlmssp_state *state)
+{
+ if (state->ntlmssp_state != NULL) {
+ ntlmssp_end(&state->ntlmssp_state);
+ }
+ return 0;
+}
- if (!NT_STATUS_IS_OK(nt_status = ntlmssp_client_start(&ntlmssp_state))) {
- return nt_status;
+static void cli_session_setup_ntlmssp_done(struct tevent_req *req);
+
+static struct tevent_req *cli_session_setup_ntlmssp_send(
+ TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct cli_state *cli,
+ const char *user, const char *pass, const char *domain)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_session_setup_ntlmssp_state *state;
+ NTSTATUS status;
+ DATA_BLOB blob_out;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct cli_session_setup_ntlmssp_state);
+ if (req == NULL) {
+ return NULL;
}
- ntlmssp_want_feature(ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY);
+ state->ev = ev;
+ state->cli = cli;
+ state->turn = 1;
- if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_username(ntlmssp_state, user))) {
- return nt_status;
+ state->ntlmssp_state = NULL;
+ talloc_set_destructor(
+ state, cli_session_setup_ntlmssp_state_destructor);
+
+ cli_temp_set_signing(cli);
+
+ status = ntlmssp_client_start(&state->ntlmssp_state);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
}
- if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_domain(ntlmssp_state, domain))) {
- return nt_status;
+ ntlmssp_want_feature(state->ntlmssp_state,
+ NTLMSSP_FEATURE_SESSION_KEY);
+ status = ntlmssp_set_username(state->ntlmssp_state, user);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
}
- if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_password(ntlmssp_state, pass))) {
- return nt_status;
+ status = ntlmssp_set_domain(state->ntlmssp_state, domain);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+ status = ntlmssp_set_password(state->ntlmssp_state, pass);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+ status = ntlmssp_update(state->ntlmssp_state, data_blob_null,
+ &blob_out);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ goto fail;
}
- do {
- nt_status = ntlmssp_update(ntlmssp_state,
- blob_in, &blob_out);
- data_blob_free(&blob_in);
- if (NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED) || NT_STATUS_IS_OK(nt_status)) {
- if (turn == 1) {
- /* and wrap it in a SPNEGO wrapper */
- msg1 = gen_negTokenInit(OID_NTLMSSP, blob_out);
- } else {
- /* wrap it in SPNEGO */
- msg1 = spnego_gen_auth(blob_out);
- }
-
- /* now send that blob on its way */
- if (!cli_session_setup_blob_send(cli, msg1)) {
- DEBUG(3, ("Failed to send NTLMSSP/SPNEGO blob to server!\n"));
- nt_status = NT_STATUS_UNSUCCESSFUL;
- } else {
- blob = cli_session_setup_blob_receive(cli);
-
- nt_status = cli_nt_error(cli);
- if (cli_is_error(cli) && NT_STATUS_IS_OK(nt_status)) {
- if (cli->smb_rw_error == SMB_READ_BAD_SIG) {
- nt_status = NT_STATUS_ACCESS_DENIED;
- } else {
- nt_status = NT_STATUS_UNSUCCESSFUL;
- }
- }
- }
- data_blob_free(&msg1);
- }
+ state->blob_out = gen_negTokenInit(OID_NTLMSSP, blob_out);
+ data_blob_free(&blob_out);
- if (!blob.length) {
- if (NT_STATUS_IS_OK(nt_status)) {
- nt_status = NT_STATUS_UNSUCCESSFUL;
- }
- } else if ((turn == 1) &&
- NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
- DATA_BLOB tmp_blob = data_blob_null;
- /* the server might give us back two challenges */
- if (!spnego_parse_challenge(blob, &blob_in,
- &tmp_blob)) {
- DEBUG(3,("Failed to parse challenges\n"));
- nt_status = NT_STATUS_INVALID_PARAMETER;
- }
- data_blob_free(&tmp_blob);
- } else {
- if (!spnego_parse_auth_response(blob, nt_status, OID_NTLMSSP,
- &blob_in)) {
- DEBUG(3,("Failed to parse auth response\n"));
- if (NT_STATUS_IS_OK(nt_status)
- || NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED))
- nt_status = NT_STATUS_INVALID_PARAMETER;
- }
- }
- data_blob_free(&blob);
- data_blob_free(&blob_out);
- turn++;
- } while (NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED));
+ subreq = cli_sesssetup_blob_send(state, ev, cli, state->blob_out);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_session_setup_ntlmssp_done, req);
+ return req;
+fail:
+ tevent_req_nterror(req, status);
+ return tevent_req_post(req, ev);
+}
- data_blob_free(&blob_in);
+static void cli_session_setup_ntlmssp_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_session_setup_ntlmssp_state *state = tevent_req_data(
+ req, struct cli_session_setup_ntlmssp_state);
+ DATA_BLOB blob_in, msg_in, blob_out;
+ char *inbuf = NULL;
+ bool parse_ret;
+ NTSTATUS status;
- if (NT_STATUS_IS_OK(nt_status)) {
+ status = cli_sesssetup_blob_recv(subreq, talloc_tos(), &blob_in,
+ &inbuf);
+ TALLOC_FREE(subreq);
+ data_blob_free(&state->blob_out);
- if (cli->server_domain[0] == '\0') {
- fstrcpy(cli->server_domain, ntlmssp_state->server_domain);
+ if (NT_STATUS_IS_OK(status)) {
+ if (state->cli->server_domain[0] == '\0') {
+ fstrcpy(state->cli->server_domain,
+ state->ntlmssp_state->server_domain);
}
- cli_set_session_key(cli, ntlmssp_state->session_key);
+ cli_set_session_key(
+ state->cli, state->ntlmssp_state->session_key);
if (cli_simple_set_signing(
- cli, ntlmssp_state->session_key, data_blob_null)) {
+ state->cli, state->ntlmssp_state->session_key,
+ data_blob_null)
+ && !cli_check_sign_mac(state->cli, inbuf, 1)) {
+ TALLOC_FREE(subreq);
+ tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
+ return;
+ }
+ TALLOC_FREE(subreq);
+ ntlmssp_end(&state->ntlmssp_state);
+ tevent_req_done(req);
+ return;
+ }
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ tevent_req_nterror(req, status);
+ return;
+ }
- if (!cli_check_sign_mac(cli, cli->inbuf, 1)) {
- nt_status = NT_STATUS_ACCESS_DENIED;
- }
+ if (blob_in.length == 0) {
+ tevent_req_nterror(req, NT_STATUS_UNSUCCESSFUL);
+ return;
+ }
+
+ if ((state->turn == 1)
+ && NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ DATA_BLOB tmp_blob = data_blob_null;
+ /* the server might give us back two challenges */
+ parse_ret = spnego_parse_challenge(blob_in, &msg_in,
+ &tmp_blob);
+ data_blob_free(&tmp_blob);
+ } else {
+ parse_ret = spnego_parse_auth_response(blob_in, status,
+ OID_NTLMSSP, &msg_in);
+ }
+ state->turn += 1;
+
+ if (!parse_ret) {
+ DEBUG(3,("Failed to parse auth response\n"));
+ if (NT_STATUS_IS_OK(status)
+ || NT_STATUS_EQUAL(status,
+ NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ tevent_req_nterror(
+ req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
}
}
- /* we have a reference conter on ntlmssp_state, if we are signing
- then the state will be kept by the signing engine */
+ status = ntlmssp_update(state->ntlmssp_state, msg_in, &blob_out);
- ntlmssp_end(&ntlmssp_state);
+ if (!NT_STATUS_IS_OK(status)
+ && !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ TALLOC_FREE(subreq);
+ ntlmssp_end(&state->ntlmssp_state);
+ tevent_req_nterror(req, status);
+ return;
+ }
- if (!NT_STATUS_IS_OK(nt_status)) {
- cli->vuid = 0;
+ state->blob_out = spnego_gen_auth(blob_out);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nomem(state->blob_out.data, req)) {
+ return;
+ }
+
+ subreq = cli_sesssetup_blob_send(state, state->ev, state->cli,
+ state->blob_out);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, cli_session_setup_ntlmssp_done, req);
+}
+
+static NTSTATUS cli_session_setup_ntlmssp_recv(struct tevent_req *req)
+{
+ struct cli_session_setup_ntlmssp_state *state = tevent_req_data(
+ req, struct cli_session_setup_ntlmssp_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ state->cli->vuid = 0;
+ return status;
+ }
+ return NT_STATUS_OK;
+}
+
+static NTSTATUS cli_session_setup_ntlmssp(struct cli_state *cli,
+ const char *user,
+ const char *pass,
+ const char *domain)
+{
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ if (cli_has_async_calls(cli)) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ ev = tevent_context_init(talloc_tos());
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_session_setup_ntlmssp_send(ev, ev, cli, user, pass, domain);
+ if (req == NULL) {
+ goto fail;
}
- return nt_status;
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_session_setup_ntlmssp_recv(req);
+fail:
+ TALLOC_FREE(ev);
+ if (!NT_STATUS_IS_OK(status)) {
+ cli_set_error(cli, status);
+ }
+ return status;
}
/****************************************************************************
Send a uloggoff.
*****************************************************************************/
-bool cli_ulogoff(struct cli_state *cli)
+struct cli_ulogoff_state {
+ struct cli_state *cli;
+ uint16_t vwv[2];
+};
+
+static void cli_ulogoff_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_ulogoff_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli)
{
- memset(cli->outbuf,'\0',smb_size);
- cli_set_message(cli->outbuf,2,0,True);
- SCVAL(cli->outbuf,smb_com,SMBulogoffX);
- cli_setup_packet(cli);
- SSVAL(cli->outbuf,smb_vwv0,0xFF);
- SSVAL(cli->outbuf,smb_vwv2,0); /* no additional info */
+ struct tevent_req *req, *subreq;
+ struct cli_ulogoff_state *state;
- cli_send_smb(cli);
- if (!cli_receive_smb(cli))
- return False;
+ req = tevent_req_create(mem_ctx, &state, struct cli_ulogoff_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->cli = cli;
- if (cli_is_error(cli)) {
- return False;
+ SCVAL(state->vwv+0, 0, 0xFF);
+ SCVAL(state->vwv+1, 0, 0);
+ SSVAL(state->vwv+2, 0, 0);
+
+ subreq = cli_smb_send(state, ev, cli, SMBulogoffX, 0, 2, state->vwv,
+ 0, NULL);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_ulogoff_done, req);
+ return req;
+}
+
+static void cli_ulogoff_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_ulogoff_state *state = tevent_req_data(
+ req, struct cli_ulogoff_state);
+ NTSTATUS status;
+
+ status = cli_smb_recv(subreq, 0, NULL, NULL, NULL, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ tevent_req_nterror(req, status);
+ return;
}
+ state->cli->vuid = -1;
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_ulogoff_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+NTSTATUS cli_ulogoff(struct cli_state *cli)
+{
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
- cli->vuid = -1;
- return True;
+ if (cli_has_async_calls(cli)) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ ev = tevent_context_init(talloc_tos());
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_ulogoff_send(ev, ev, cli);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_ulogoff_recv(req);
+fail:
+ TALLOC_FREE(ev);
+ if (!NT_STATUS_IS_OK(status)) {
+ cli_set_error(cli, status);
+ }
+ return status;
}
/****************************************************************************
Send a tree disconnect.
****************************************************************************/
-bool cli_tdis(struct cli_state *cli)
+struct cli_tdis_state {
+ struct cli_state *cli;
+};
+
+static void cli_tdis_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_tdis_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli)
{
- memset(cli->outbuf,'\0',smb_size);
- cli_set_message(cli->outbuf,0,0,True);
- SCVAL(cli->outbuf,smb_com,SMBtdis);
- SSVAL(cli->outbuf,smb_tid,cli->cnum);
- cli_setup_packet(cli);
+ struct tevent_req *req, *subreq;
+ struct cli_tdis_state *state;
- cli_send_smb(cli);
- if (!cli_receive_smb(cli))
- return False;
+ req = tevent_req_create(mem_ctx, &state, struct cli_tdis_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->cli = cli;
- if (cli_is_error(cli)) {
- return False;
+ subreq = cli_smb_send(state, ev, cli, SMBtdis, 0, 0, NULL, 0, NULL);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
}
+ tevent_req_set_callback(subreq, cli_tdis_done, req);
+ return req;
+}
- cli->cnum = -1;
- return True;
+static void cli_tdis_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_tdis_state *state = tevent_req_data(
+ req, struct cli_tdis_state);
+ NTSTATUS status;
+
+ status = cli_smb_recv(subreq, 0, NULL, NULL, NULL, NULL);
+ TALLOC_FREE(subreq);
+ if (!NT_STATUS_IS_OK(status)) {
+ tevent_req_nterror(req, status);
+ return;
+ }
+ state->cli->cnum = -1;
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_tdis_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+NTSTATUS cli_tdis(struct cli_state *cli)
+{
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ if (cli_has_async_calls(cli)) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ ev = tevent_context_init(talloc_tos());
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_tdis_send(ev, ev, cli);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_tdis_recv(req);
+fail:
+ TALLOC_FREE(ev);
+ if (!NT_STATUS_IS_OK(status)) {
+ cli_set_error(cli, status);
+ }
+ return status;
}
/****************************************************************************
status = cli_smb_recv(subreq, 1, &wct, &vwv, &num_bytes, &bytes);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(subreq);
+ tevent_req_nterror(req, status);
return;
}
bool res;
uint16 cnum;
char *newextrapath = NULL;
+ NTSTATUS status;
if (!cli || !sharename) {
return false;
}
if (force_encrypt) {
- NTSTATUS status = cli_cm_force_encryption(cli,
+ status = cli_cm_force_encryption(cli,
username,
password,
lp_workgroup(),
res = cli_dfs_get_referral(ctx, cli, fullpath, &refs, &num_refs, &consumed);
- if (!cli_tdis(cli)) {
+ status = cli_tdis(cli);
+ if (!NT_STATUS_IS_OK(status)) {
return false;
}
#include "includes.h"
#include "../libcli/auth/spnego.h"
+#include "ntlmssp.h"
/****************************************************************************
Get UNIX extensions version info.
Copyright (C) Andrew Bartlett 2002
Copyright (C) Gerald (Jerry) Carter 2003
Copyright (C) Marc VanHeyningen 2008
-
+ Copyright (C) Volker Lendecke 2009
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
*/
-/**
- * prefix used for all entries put into the general cache
- */
-static const char NEGATIVE_CONN_CACHE_PREFIX[] = "NEG_CONN_CACHE";
-
/**
* Marshalls the domain and server name into the key for the gencache
* record
*/
static char *negative_conn_cache_keystr(const char *domain, const char *server)
{
- const char NEGATIVE_CONN_CACHE_KEY_FMT[] = "%s/%s,%s";
char *keystr = NULL;
- SMB_ASSERT(domain != NULL);
+ if (domain == NULL) {
+ return NULL;
+ }
if (server == NULL)
server = "";
- keystr = talloc_asprintf(talloc_tos(),NEGATIVE_CONN_CACHE_KEY_FMT,
- NEGATIVE_CONN_CACHE_PREFIX, domain, server);
+ keystr = talloc_asprintf(talloc_tos(), "NEG_CONN_CACHE/%s,%s",
+ domain, server);
if (keystr == NULL) {
DEBUG(0, ("negative_conn_cache_keystr: malloc error\n"));
}
*/
static NTSTATUS negative_conn_cache_valuedecode(const char *value)
{
- NTSTATUS result = NT_STATUS_OK;
+ unsigned int v = NT_STATUS_V(NT_STATUS_INTERNAL_ERROR);;
- SMB_ASSERT(value != NULL);
- if (sscanf(value, "%x", &(NT_STATUS_V(result))) != 1)
- DEBUG(0, ("negative_conn_cache_valuestr: unable to parse "
+ if (value != NULL) {
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+ if (sscanf(value, "%x", &v) != 1) {
+ DEBUG(0, ("negative_conn_cache_valuedecode: unable to parse "
"value field '%s'\n", value));
- return result;
+ }
+ return NT_STATUS(v);
}
/**
if (key == NULL)
goto done;
- if (gencache_get(key, &value, (time_t *) NULL))
+ if (gencache_get(key, &value, NULL))
result = negative_conn_cache_valuedecode(value);
done:
DEBUG(9,("check_negative_conn_cache returning result %d for domain %s "
return result;
}
-/**
- * Delete any negative cache entry for the given domain/server
- *
- * @param[in] domain
- * @param[in] server may be either a FQDN or an IP address
- */
-void delete_negative_conn_cache(const char *domain, const char *server)
-{
- char *key = NULL;
-
- key = negative_conn_cache_keystr(domain, server);
- if (key == NULL)
- goto done;
-
- gencache_del(key);
- DEBUG(9,("delete_negative_conn_cache removing domain %s server %s\n",
- domain, server));
- done:
- TALLOC_FREE(key);
- return;
-}
-
-
/**
* Add an entry to the failed connection cache
*
char *key = NULL;
char *value = NULL;
- SMB_ASSERT(!NT_STATUS_IS_OK(result));
+ if (NT_STATUS_IS_OK(result)) {
+ /* Nothing failed here */
+ return;
+ }
key = negative_conn_cache_keystr(domain, server);
if (key == NULL) {
}
if (gencache_set(key, value,
- time((time_t *) NULL)
- + FAILED_CONNECTION_CACHE_TIMEOUT))
+ time(NULL) + FAILED_CONNECTION_CACHE_TIMEOUT))
DEBUG(9,("add_failed_connection_entry: added domain %s (%s) "
"to failed conn cache\n", domain, server ));
else
DEBUG(1,("add_failed_connection_entry: failed to add "
"domain %s (%s) to failed conn cache\n",
domain, server));
-
+
done:
TALLOC_FREE(key);
TALLOC_FREE(value);
return;
}
-/**
- * Deletes all records from the negative connection cache in all domains
- */
-void flush_negative_conn_cache( void )
-{
- flush_negative_conn_cache_for_domain("*");
-}
-
-
/**
* Deletes all records for a specified domain from the negative connection
* cache
goto done;
}
- gencache_iterate(delete_matches, (void *) NULL, key_pattern);
+ gencache_iterate(delete_matches, NULL, key_pattern);
DEBUG(8, ("flush_negative_conn_cache_for_domain: flushed domain %s\n",
domain));
-
+
done:
TALLOC_FREE(key_pattern);
return;
{ERRDOS, 87, NT_STATUS_BAD_WORKING_SET_LIMIT},
{ERRDOS, 87, NT_STATUS_INCOMPATIBLE_FILE_MAP},
{ERRDOS, 87, NT_STATUS_SECTION_PROTECTION},
- {ERRDOS, 282, NT_STATUS_EAS_NOT_SUPPORTED},
+ {ERRDOS, ERReasnotsupported, NT_STATUS_EAS_NOT_SUPPORTED},
{ERRDOS, 255, NT_STATUS_EA_TOO_LARGE},
{ERRHRD, ERRgeneral, NT_STATUS_NONEXISTENT_EA_ENTRY},
{ERRHRD, ERRgeneral, NT_STATUS_NO_EAS_ON_FILE},
{ERRDOS, 276, NT_STATUS_NONEXISTENT_EA_ENTRY},
{ERRDOS, 277, NT_STATUS_NONEXISTENT_EA_ENTRY},
{ERRDOS, 278, NT_STATUS_NONEXISTENT_EA_ENTRY},
- {ERRDOS, 282, NT_STATUS_EAS_NOT_SUPPORTED},
+ {ERRDOS, ERReasnotsupported, NT_STATUS_EAS_NOT_SUPPORTED},
{ERRDOS, 288, NT_STATUS_MUTANT_NOT_OWNED},
{ERRDOS, 298, NT_STATUS_SEMAPHORE_LIMIT_EXCEEDED},
{ERRDOS, 299, NT_STATUS(0x8000000d)},
{ERRHRD, 276, NT_STATUS_NONEXISTENT_EA_ENTRY},
{ERRHRD, 277, NT_STATUS_NONEXISTENT_EA_ENTRY},
{ERRHRD, 278, NT_STATUS_NONEXISTENT_EA_ENTRY},
- {ERRHRD, 282, NT_STATUS_EAS_NOT_SUPPORTED},
+ {ERRHRD, ERReasnotsupported, NT_STATUS_EAS_NOT_SUPPORTED},
{ERRHRD, 288, NT_STATUS_MUTANT_NOT_OWNED},
{ERRHRD, 298, NT_STATUS_SEMAPHORE_LIMIT_EXCEEDED},
{ERRHRD, 299, NT_STATUS(0x8000000d)},
* attribute server connection) is cool.
*/
if (smbc_getOptionOneSharePerServer(context)) {
+ NTSTATUS status;
/*
* The currently connected share name
* doesn't match the requested share, so
* disconnect from the current share.
*/
- if (! cli_tdis(srv->server->cli)) {
+ status = cli_tdis(srv->server->cli);
+ if (!NT_STATUS_IS_OK(status)) {
/* Sigh. Couldn't disconnect. */
cli_shutdown(srv->server->cli);
srv->server->cli = NULL;
*/
#include "includes.h"
+#include "ntlmssp.h"
#include "../libcli/auth/libcli_auth.h"
#include "../librpc/gen_ndr/ndr_ntlmssp.h"
-#include "libsmb/ntlmssp_ndr.h"
+#include "../libcli/auth/ntlmssp_ndr.h"
static NTSTATUS ntlmssp_client_initial(struct ntlmssp_state *ntlmssp_state,
DATA_BLOB reply, DATA_BLOB *next_request);
*/
static const struct ntlmssp_callbacks {
- enum NTLMSSP_ROLE role;
- enum NTLM_MESSAGE_TYPE ntlmssp_command;
+ enum ntlmssp_role role;
+ enum ntlmssp_message_type ntlmssp_command;
NTSTATUS (*fn)(struct ntlmssp_state *ntlmssp_state,
DATA_BLOB in, DATA_BLOB *out);
} ntlmssp_callbacks[] = {
*
*/
-static void get_challenge(const struct ntlmssp_state *ntlmssp_state,
- uint8_t chal[8])
+static NTSTATUS get_challenge(const struct ntlmssp_state *ntlmssp_state,
+ uint8_t chal[8])
{
generate_random_buffer(chal, 8);
+ return NT_STATUS_OK;
}
/**
*
*/
-NTSTATUS ntlmssp_set_username(NTLMSSP_STATE *ntlmssp_state, const char *user)
+NTSTATUS ntlmssp_set_username(struct ntlmssp_state *ntlmssp_state, const char *user)
{
ntlmssp_state->user = talloc_strdup(ntlmssp_state, user ? user : "" );
if (!ntlmssp_state->user) {
* Store NT and LM hashes on an NTLMSSP context - ensures they are talloc()ed
*
*/
-NTSTATUS ntlmssp_set_hashes(NTLMSSP_STATE *ntlmssp_state,
+NTSTATUS ntlmssp_set_hashes(struct ntlmssp_state *ntlmssp_state,
const unsigned char lm_hash[16],
const unsigned char nt_hash[16])
{
* Converts a password to the hashes on an NTLMSSP context.
*
*/
-NTSTATUS ntlmssp_set_password(NTLMSSP_STATE *ntlmssp_state, const char *password)
+NTSTATUS ntlmssp_set_password(struct ntlmssp_state *ntlmssp_state, const char *password)
{
if (!password) {
ntlmssp_state->lm_hash = NULL;
* Set a domain on an NTLMSSP context - ensures it is talloc()ed
*
*/
-NTSTATUS ntlmssp_set_domain(NTLMSSP_STATE *ntlmssp_state, const char *domain)
+NTSTATUS ntlmssp_set_domain(struct ntlmssp_state *ntlmssp_state, const char *domain)
{
ntlmssp_state->domain = talloc_strdup(ntlmssp_state,
domain ? domain : "" );
* Set a workstation on an NTLMSSP context - ensures it is talloc()ed
*
*/
-NTSTATUS ntlmssp_set_workstation(NTLMSSP_STATE *ntlmssp_state, const char *workstation)
+NTSTATUS ntlmssp_set_workstation(struct ntlmssp_state *ntlmssp_state, const char *workstation)
{
ntlmssp_state->workstation = talloc_strdup(ntlmssp_state, workstation);
if (!ntlmssp_state->workstation) {
return NT_STATUS_OK;
}
-/**
- * Store a DATA_BLOB containing an NTLMSSP response, for use later.
- * This copies the data blob
- */
-
-NTSTATUS ntlmssp_store_response(NTLMSSP_STATE *ntlmssp_state,
- DATA_BLOB response)
-{
- ntlmssp_state->stored_response = data_blob_talloc(ntlmssp_state,
- response.data,
- response.length);
- return NT_STATUS_OK;
-}
-
/**
* Request features for the NTLMSSP negotiation
*
* @param ntlmssp_state NTLMSSP state
* @param feature_list List of space seperated features requested from NTLMSSP.
*/
-void ntlmssp_want_feature_list(NTLMSSP_STATE *ntlmssp_state, char *feature_list)
+void ntlmssp_want_feature_list(struct ntlmssp_state *ntlmssp_state, char *feature_list)
{
/*
* We need to set this to allow a later SetPassword
* @param ntlmssp_state NTLMSSP state
* @param feature Bit flag specifying the requested feature
*/
-void ntlmssp_want_feature(NTLMSSP_STATE *ntlmssp_state, uint32 feature)
+void ntlmssp_want_feature(struct ntlmssp_state *ntlmssp_state, uint32 feature)
{
/* As per JRA's comment above */
if (feature & NTLMSSP_FEATURE_SESSION_KEY) {
* @return Errors, NT_STATUS_MORE_PROCESSING_REQUIRED or NT_STATUS_OK.
*/
-NTSTATUS ntlmssp_update(NTLMSSP_STATE *ntlmssp_state,
- const DATA_BLOB in, DATA_BLOB *out)
+NTSTATUS ntlmssp_update(struct ntlmssp_state *ntlmssp_state,
+ const DATA_BLOB input, DATA_BLOB *out)
{
- DATA_BLOB input;
uint32 ntlmssp_command;
int i;
*out = data_blob_null;
- if (!in.length && ntlmssp_state->stored_response.length) {
- input = ntlmssp_state->stored_response;
-
- /* we only want to read the stored response once - overwrite it */
- ntlmssp_state->stored_response = data_blob_null;
- } else {
- input = in;
- }
-
if (!input.length) {
switch (ntlmssp_state->role) {
case NTLMSSP_CLIENT:
* @param ntlmssp_state NTLMSSP State, free()ed by this function
*/
-void ntlmssp_end(NTLMSSP_STATE **ntlmssp_state)
+void ntlmssp_end(struct ntlmssp_state **ntlmssp_state)
{
- (*ntlmssp_state)->ref_count--;
-
- if ((*ntlmssp_state)->ref_count == 0) {
- data_blob_free(&(*ntlmssp_state)->chal);
- data_blob_free(&(*ntlmssp_state)->lm_resp);
- data_blob_free(&(*ntlmssp_state)->nt_resp);
- TALLOC_FREE(*ntlmssp_state);
- }
+ data_blob_free(&(*ntlmssp_state)->chal);
+ data_blob_free(&(*ntlmssp_state)->lm_resp);
+ data_blob_free(&(*ntlmssp_state)->nt_resp);
+ TALLOC_FREE(*ntlmssp_state);
*ntlmssp_state = NULL;
return;
by the client lanman auth/lanman auth parameters, it isn't too bad.
*/
-DATA_BLOB ntlmssp_weaken_keys(NTLMSSP_STATE *ntlmssp_state, TALLOC_CTX *mem_ctx)
+DATA_BLOB ntlmssp_weaken_keys(struct ntlmssp_state *ntlmssp_state, TALLOC_CTX *mem_ctx)
{
DATA_BLOB weakened_key = data_blob_talloc(mem_ctx,
ntlmssp_state->session_key.data,
const char *target_name;
struct NEGOTIATE_MESSAGE negotiate;
struct CHALLENGE_MESSAGE challenge;
+ NTSTATUS status;
/* parse the NTLMSSP packet */
#if 0
ntlmssp_handle_neg_flags(ntlmssp_state, neg_flags, lp_lanman_auth());
/* Ask our caller what challenge they would like in the packet */
- ntlmssp_state->get_challenge(ntlmssp_state, cryptkey);
+ status = ntlmssp_state->get_challenge(ntlmssp_state, cryptkey);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
/* Check if we may set the challenge */
if (!ntlmssp_state->may_set_challenge(ntlmssp_state)) {
* @param ntlmssp_state NTLMSSP State, allocated by this function
*/
-NTSTATUS ntlmssp_server_start(NTLMSSP_STATE **ntlmssp_state)
+NTSTATUS ntlmssp_server_start(struct ntlmssp_state **ntlmssp_state)
{
- *ntlmssp_state = TALLOC_ZERO_P(NULL, NTLMSSP_STATE);
+ *ntlmssp_state = TALLOC_ZERO_P(NULL, struct ntlmssp_state);
if (!*ntlmssp_state) {
DEBUG(0,("ntlmssp_server_start: talloc failed!\n"));
talloc_destroy(*ntlmssp_state);
(*ntlmssp_state)->expected_state = NTLMSSP_NEGOTIATE;
- (*ntlmssp_state)->ref_count = 1;
-
(*ntlmssp_state)->neg_flags =
NTLMSSP_NEGOTIATE_128 |
NTLMSSP_NEGOTIATE_56 |
return nt_status;
}
-NTSTATUS ntlmssp_client_start(NTLMSSP_STATE **ntlmssp_state)
+NTSTATUS ntlmssp_client_start(struct ntlmssp_state **ntlmssp_state)
{
- *ntlmssp_state = TALLOC_ZERO_P(NULL, NTLMSSP_STATE);
+ *ntlmssp_state = TALLOC_ZERO_P(NULL, struct ntlmssp_state);
if (!*ntlmssp_state) {
DEBUG(0,("ntlmssp_client_start: talloc failed!\n"));
talloc_destroy(*ntlmssp_state);
(*ntlmssp_state)->expected_state = NTLMSSP_INITIAL;
- (*ntlmssp_state)->ref_count = 1;
-
(*ntlmssp_state)->neg_flags =
NTLMSSP_NEGOTIATE_128 |
NTLMSSP_NEGOTIATE_ALWAYS_SIGN |
*/
#include "includes.h"
+#include "ntlmssp.h"
#include "../libcli/auth/libcli_auth.h"
#define CLI_SIGN "session key to client-to-server signing key magic constant"
NTLMSSP_RECEIVE
};
-static NTSTATUS ntlmssp_make_packet_signature(NTLMSSP_STATE *ntlmssp_state,
+static NTSTATUS ntlmssp_make_packet_signature(struct ntlmssp_state *ntlmssp_state,
const uchar *data, size_t length,
const uchar *whole_pdu, size_t pdu_length,
enum ntlmssp_direction direction,
}
switch (direction) {
- case NTLMSSP_SEND:
- DEBUG(100,("ntlmssp_make_packet_signature: SEND seq = %u, len = %u, pdu_len = %u\n",
- ntlmssp_state->ntlm2_send_seq_num,
- (unsigned int)length,
- (unsigned int)pdu_length));
-
- SIVAL(seq_num, 0, ntlmssp_state->ntlm2_send_seq_num);
- ntlmssp_state->ntlm2_send_seq_num++;
- hmac_md5_init_limK_to_64(ntlmssp_state->send_sign_key, 16, &ctx);
- break;
- case NTLMSSP_RECEIVE:
+ case NTLMSSP_SEND:
+ DEBUG(100,("ntlmssp_make_packet_signature: SEND seq = %u, len = %u, pdu_len = %u\n",
+ ntlmssp_state->ntlm2_send_seq_num,
+ (unsigned int)length,
+ (unsigned int)pdu_length));
+
+ SIVAL(seq_num, 0, ntlmssp_state->ntlm2_send_seq_num);
+ ntlmssp_state->ntlm2_send_seq_num++;
+ hmac_md5_init_limK_to_64(ntlmssp_state->send_sign_key, 16, &ctx);
+ break;
+ case NTLMSSP_RECEIVE:
- DEBUG(100,("ntlmssp_make_packet_signature: RECV seq = %u, len = %u, pdu_len = %u\n",
- ntlmssp_state->ntlm2_recv_seq_num,
- (unsigned int)length,
- (unsigned int)pdu_length));
+ DEBUG(100,("ntlmssp_make_packet_signature: RECV seq = %u, len = %u, pdu_len = %u\n",
+ ntlmssp_state->ntlm2_recv_seq_num,
+ (unsigned int)length,
+ (unsigned int)pdu_length));
- SIVAL(seq_num, 0, ntlmssp_state->ntlm2_recv_seq_num);
- ntlmssp_state->ntlm2_recv_seq_num++;
- hmac_md5_init_limK_to_64(ntlmssp_state->recv_sign_key, 16, &ctx);
- break;
+ SIVAL(seq_num, 0, ntlmssp_state->ntlm2_recv_seq_num);
+ ntlmssp_state->ntlm2_recv_seq_num++;
+ hmac_md5_init_limK_to_64(ntlmssp_state->recv_sign_key, 16, &ctx);
+ break;
}
dump_data_pw("pdu data ", whole_pdu, pdu_length);
return NT_STATUS_OK;
}
-NTSTATUS ntlmssp_sign_packet(NTLMSSP_STATE *ntlmssp_state,
+NTSTATUS ntlmssp_sign_packet(struct ntlmssp_state *ntlmssp_state,
const uchar *data, size_t length,
const uchar *whole_pdu, size_t pdu_length,
DATA_BLOB *sig)
*
*/
-NTSTATUS ntlmssp_check_packet(NTLMSSP_STATE *ntlmssp_state,
+NTSTATUS ntlmssp_check_packet(struct ntlmssp_state *ntlmssp_state,
const uchar *data, size_t length,
const uchar *whole_pdu, size_t pdu_length,
const DATA_BLOB *sig)
*
*/
-NTSTATUS ntlmssp_seal_packet(NTLMSSP_STATE *ntlmssp_state,
+NTSTATUS ntlmssp_seal_packet(struct ntlmssp_state *ntlmssp_state,
uchar *data, size_t length,
uchar *whole_pdu, size_t pdu_length,
DATA_BLOB *sig)
*
*/
-NTSTATUS ntlmssp_unseal_packet(NTLMSSP_STATE *ntlmssp_state,
+NTSTATUS ntlmssp_unseal_packet(struct ntlmssp_state *ntlmssp_state,
uchar *data, size_t length,
uchar *whole_pdu, size_t pdu_length,
DATA_BLOB *sig)
/**
Initialise the state for NTLMSSP signing.
*/
-NTSTATUS ntlmssp_sign_init(NTLMSSP_STATE *ntlmssp_state)
+NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state)
{
- unsigned char p24[24];
TALLOC_CTX *mem_ctx;
- ZERO_STRUCT(p24);
mem_ctx = talloc_init("weak_keys");
if (!mem_ctx) {
*/
#include "includes.h"
+#include "ntlmssp.h"
/******************************************************************************
Pull out the encryption context for this packet. 0 means global context.
output, so cope with the same for compatibility.
******************************************************************************/
-NTSTATUS common_ntlm_decrypt_buffer(NTLMSSP_STATE *ntlmssp_state, char *buf)
+NTSTATUS common_ntlm_decrypt_buffer(struct ntlmssp_state *ntlmssp_state, char *buf)
{
NTSTATUS status;
size_t buf_len = smb_len(buf) + 4; /* Don't forget the 4 length bytes. */
output, so do the same for compatibility.
******************************************************************************/
-NTSTATUS common_ntlm_encrypt_buffer(NTLMSSP_STATE *ntlmssp_state,
+NTSTATUS common_ntlm_encrypt_buffer(struct ntlmssp_state *ntlmssp_state,
uint16 enc_ctx_num,
char *buf,
char **ppbuf_out)
# net message translation (german).
# Copyright (C) 2009 Kai Blin <kai@samba.org>
+# Copyright (C) 2009 André Hentschel <nerv@dawncrow.de>
# This file is distributed under the same license as the samba package.
#
#, fuzzy
"Project-Id-Version: @PACKAGE@\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2009-08-11 09:01+0200\n"
-"PO-Revision-Date: 2009-08-06 20:45+0200\n"
-"Last-Translator: Kai Blin <kai@samba.org>\n"
+"PO-Revision-Date: 2009-12-26 19:20+0100\n"
+"Last-Translator: André Hentschel <nerv@dawncrow.de>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
+"Language-Team: \n"
#: ../../utils/net.c:103
msgid "Enter machine password: "
"This function will change the ADS Domain member machine account password in the secrets.tdb file!\n"
msgstr ""
-#: ../../utils/net.c:150 ../../utils/net.c:228
+#: ../../utils/net.c:150
+#: ../../utils/net.c:228
#, c-format
msgid "Unable to open secrets.tdb. Can't fetch domain SID for name: %s\n"
msgstr ""
-#: ../../utils/net.c:163 ../../utils/net.c:251
+#: ../../utils/net.c:163
+#: ../../utils/net.c:251
#, c-format
msgid "SID for domain %s is: %s\n"
msgstr ""
#: ../../utils/net.c:317
msgid "Run functions using RPC transport"
-msgstr ""
+msgstr "RPC Protokoll nutzen"
#: ../../utils/net.c:318
msgid " Use 'net help rpc' to get more extensive information about 'net rpc' commands."
#: ../../utils/net.c:325
msgid "Run functions using RAP transport"
-msgstr ""
+msgstr "RAP Protokoll nutzen"
#: ../../utils/net.c:326
msgid " Use 'net help rap' to get more extensive information about 'net rap' commands."
#: ../../utils/net.c:333
msgid "Run functions using ADS transport"
-msgstr ""
+msgstr "ADS Protokoll nutzen"
#: ../../utils/net.c:334
msgid " Use 'net help ads' to get more extensive information about 'net ads' commands."
#: ../../utils/net.c:343
msgid "Functions on remote opened files"
-msgstr ""
+msgstr "Freigegebene Dateien verwalten"
#: ../../utils/net.c:344
msgid " Use 'net help file' to get more information about 'net file' commands."
#: ../../utils/net.c:351
msgid "Functions on shares"
-msgstr ""
+msgstr "Freigaben verwalten"
#: ../../utils/net.c:352
msgid " Use 'net help share' to get more information about 'net share' commands."
#: ../../utils/net.c:359
msgid "Manage sessions"
-msgstr ""
+msgstr "Sitzungen verwalten"
#: ../../utils/net.c:360
msgid " Use 'net help session' to get more information about 'net session' commands."
msgstr ""
-#: ../../utils/net.c:367 ../../utils/net_rap.c:1291
+#: ../../utils/net.c:367
+#: ../../utils/net_rap.c:1291
msgid "List servers in workgroup"
-msgstr ""
+msgstr "Server der Arbeitsgruppe auflisten"
#: ../../utils/net.c:368
msgid " Use 'net help server' to get more information about 'net server' commands."
#: ../../utils/net.c:375
msgid "List domains/workgroups on network"
-msgstr ""
+msgstr "Domänen/Arbeitsgruppen im Netzwerk auflisten"
#: ../../utils/net.c:376
msgid " Use 'net help domain' to get more information about 'net domain' commands."
#: ../../utils/net.c:391
msgid "Manage users"
-msgstr ""
+msgstr "Benutzer verwalten"
#: ../../utils/net.c:392
msgid " Use 'net help user' to get more information about 'net user' commands."
#: ../../utils/net.c:399
msgid "Manage groups"
-msgstr ""
+msgstr "Gruppen verwalten"
#: ../../utils/net.c:400
msgid " Use 'net help group' to get more information about 'net group' commands."
#: ../../utils/net.c:407
msgid "Manage group mappings"
-msgstr ""
+msgstr "Gruppenzuweisungen verwalten"
#: ../../utils/net.c:408
msgid " Use 'net help groupmap' to get more information about 'net groupmap' commands."
#: ../../utils/net.c:431
msgid "Modify group memberships"
-msgstr ""
+msgstr "Gruppenzugehörigkeiten verwalten"
#: ../../utils/net.c:432
msgid " Use 'net help groupmember' to get more information about 'net groupmember' commands."
#: ../../utils/net.c:438
msgid "Execute remote command on a remote OS/2 server"
-msgstr ""
+msgstr "Befehl auf einem entfernten OS/2 Server ausführen"
#: ../../utils/net.c:439
msgid " Use 'net help admin' to get more information about 'net admin' commands."
#: ../../utils/net.c:445
msgid "List/modify running services"
-msgstr ""
+msgstr "Zeige/Ändere laufende Dienste"
#: ../../utils/net.c:446
msgid " Use 'net help service' to get more information about 'net service' commands."
#: ../../utils/net.c:467
msgid "Change the secret password"
-msgstr ""
+msgstr "Das geheime Passwort ändern"
#: ../../utils/net.c:468
msgid ""
#: ../../utils/net.c:477
msgid "Show/set time"
-msgstr ""
+msgstr "Zeigt/Setzt die Systemzeit"
#: ../../utils/net.c:478
msgid " Use 'net help time' to get more information about 'net time' commands."
#: ../../utils/net.c:491
msgid "Join a domain/AD"
-msgstr ""
+msgstr "Einer Domäne/AD beitreten"
#: ../../utils/net.c:492
msgid " Use 'net help join' to get more information about 'net join'."
#: ../../utils/net.c:549
msgid "Display server status"
-msgstr ""
+msgstr "Zeigt den Server Status"
#: ../../utils/net.c:550
msgid " Use 'net help status' to get more information about 'net status' commands."
#: ../../utils/net.c:556
msgid "Manage user-modifiable shares"
-msgstr ""
+msgstr "Benutzerfreigaben verwalten"
#: ../../utils/net.c:557
msgid " Use 'net help usershare to get more information about 'net usershare' commands."
#: ../../utils/net.c:563
msgid "Display list of all users with SID"
-msgstr ""
+msgstr "Zeigt eine Liste aller SID-Benutzer"
#: ../../utils/net.c:564
msgid " Use 'net help usersidlist' to get more information about 'net usersidlist'."
#: ../../utils/net.c:570
msgid "Manage Samba registry based configuration"
-msgstr ""
+msgstr "Konfiguration ändern"
#: ../../utils/net.c:571
msgid " Use 'net help conf' to get more information about 'net conf' commands."
#: ../../utils/net.c:591
msgid "Process Win32 *.evt eventlog files"
-msgstr ""
+msgstr "Arbeitet mit Win32 *.evt Eventlog Dateien"
#: ../../utils/net.c:592
msgid " Use 'net help eventlog' to get more information about 'net eventlog' commands."
#: ../../utils/net.c:609
msgid "Print usage information"
-msgstr ""
+msgstr "Zeigt die Hilfe an"
#: ../../utils/net.c:610
msgid " Use 'net help help' to list usage information for 'net' commands."
"\n"
"Ungültige Option %s: %s\n"
-#: ../../utils/net_ads.c:52 ../../utils/net_ads.c:392
+#: ../../utils/net_ads.c:52
+#: ../../utils/net_ads.c:392
msgid "CLDAP query failed!\n"
msgstr ""
"\tIs NT6 DC that has all secrets: %s\n"
msgstr ""
-#: ../../utils/net_ads.c:87 ../../utils/net_ads.c:88 ../../utils/net_ads.c:89 ../../utils/net_ads.c:90 ../../utils/net_ads.c:91 ../../utils/net_ads.c:92 ../../utils/net_ads.c:93 ../../utils/net_ads.c:94 ../../utils/net_ads.c:95 ../../utils/net_ads.c:96
-#: ../../utils/net_ads.c:97 ../../utils/net_ads.c:98 ../../utils/net_rap.c:376 ../../utils/net_rpc_sh_acct.c:203 ../../utils/net_rpc_sh_acct.c:206
+#: ../../utils/net_ads.c:87
+#: ../../utils/net_ads.c:88
+#: ../../utils/net_ads.c:89
+#: ../../utils/net_ads.c:90
+#: ../../utils/net_ads.c:91
+#: ../../utils/net_ads.c:92
+#: ../../utils/net_ads.c:93
+#: ../../utils/net_ads.c:94
+#: ../../utils/net_ads.c:95
+#: ../../utils/net_ads.c:96
+#: ../../utils/net_ads.c:97
+#: ../../utils/net_ads.c:98
+#: ../../utils/net_rap.c:376
+#: ../../utils/net_rpc_sh_acct.c:203
+#: ../../utils/net_rpc_sh_acct.c:206
msgid "yes"
-msgstr ""
-
-#: ../../utils/net_ads.c:87 ../../utils/net_ads.c:88 ../../utils/net_ads.c:89 ../../utils/net_ads.c:90 ../../utils/net_ads.c:91 ../../utils/net_ads.c:92 ../../utils/net_ads.c:93 ../../utils/net_ads.c:94 ../../utils/net_ads.c:95 ../../utils/net_ads.c:96
-#: ../../utils/net_ads.c:97 ../../utils/net_ads.c:98 ../../utils/net_rap.c:376 ../../utils/net_rpc_sh_acct.c:203 ../../utils/net_rpc_sh_acct.c:206
+msgstr "Ja"
+
+#: ../../utils/net_ads.c:87
+#: ../../utils/net_ads.c:88
+#: ../../utils/net_ads.c:89
+#: ../../utils/net_ads.c:90
+#: ../../utils/net_ads.c:91
+#: ../../utils/net_ads.c:92
+#: ../../utils/net_ads.c:93
+#: ../../utils/net_ads.c:94
+#: ../../utils/net_ads.c:95
+#: ../../utils/net_ads.c:96
+#: ../../utils/net_ads.c:97
+#: ../../utils/net_ads.c:98
+#: ../../utils/net_rap.c:376
+#: ../../utils/net_rpc_sh_acct.c:203
+#: ../../utils/net_rpc_sh_acct.c:206
msgid "no"
-msgstr ""
+msgstr "Nein"
#: ../../utils/net_ads.c:101
#, c-format
#: ../../utils/net_ads.c:102
#, c-format
msgid "Domain:\t\t\t%s\n"
-msgstr ""
+msgstr "Domäne:\t\t\t%s\n"
#: ../../utils/net_ads.c:103
#, c-format
#: ../../utils/net_ads.c:113
#, c-format
msgid "NT Version: %d\n"
-msgstr ""
+msgstr "NT Version: %d\n"
#: ../../utils/net_ads.c:114
#, c-format
" Find the ADS DC using CLDAP lookup.\n"
msgstr ""
-#: ../../utils/net_ads.c:137 ../../utils/net_ads.c:381
+#: ../../utils/net_ads.c:137
+#: ../../utils/net_ads.c:381
msgid "Didn't find the cldap server!\n"
msgstr ""
" Display information about an Active Directory server.\n"
msgstr ""
-#: ../../utils/net_ads.c:168 ../../utils/net_ads.c:173
+#: ../../utils/net_ads.c:168
+#: ../../utils/net_ads.c:173
msgid "Didn't find the ldap server!\n"
msgstr ""
msgid "Could not add user %s: %s\n"
msgstr ""
-#: ../../utils/net_ads.c:484 ../../utils/net_ads.c:497
+#: ../../utils/net_ads.c:484
+#: ../../utils/net_ads.c:497
#, c-format
msgid "User %s added\n"
msgstr ""
" List AD users\n"
msgstr ""
-#: ../../utils/net_ads.c:711 ../../utils/net_rap.c:901 ../../utils/net_rpc.c:852
+#: ../../utils/net_ads.c:711
+#: ../../utils/net_rap.c:901
+#: ../../utils/net_rpc.c:852
msgid ""
"\n"
"User name Comment\n"
#: ../../utils/net_ads.c:828
msgid "Add an AD group"
-msgstr ""
+msgstr "AD Gruppe hinzufügen"
#: ../../utils/net_ads.c:829
msgid ""
"net ads group add\n"
" Add an AD group"
msgstr ""
+"net ads group add\n"
+" AD Gruppe hinzufügen"
#: ../../utils/net_ads.c:836
msgid "Delete an AD group"
-msgstr ""
+msgstr "AD Gruppe entfernen"
#: ../../utils/net_ads.c:837
msgid ""
"net ads group delete\n"
" Delete an AD group"
msgstr ""
+"net ads group delete\n"
+" AD Gruppe entfernen"
#: ../../utils/net_ads.c:850
msgid ""
" List AD groups\n"
msgstr ""
-#: ../../utils/net_ads.c:862 ../../utils/net_rpc.c:2230
+#: ../../utils/net_ads.c:862
+#: ../../utils/net_rpc.c:2230
msgid ""
"\n"
"Group name Comment\n"
"-----------------------------\n"
msgstr ""
+"\n"
+"Gruppenname Kommentar\n"
+"-----------------------------\n"
#: ../../utils/net_ads.c:884
msgid ""
msgid "No realm set, are we joined ?\n"
msgstr ""
-#: ../../utils/net_ads.c:938 ../../utils/net_ads.c:1260
+#: ../../utils/net_ads.c:938
+#: ../../utils/net_ads.c:1260
msgid "Could not initialise talloc context.\n"
msgstr ""
msgstr ""
#: ../../utils/net_ads.c:1049
-#, c-format
+#, fuzzy, c-format
msgid "Join is OK\n"
-msgstr ""
+msgstr "Beitritt ist OK\n"
#: ../../utils/net_ads.c:1060
msgid "Host is not configured as a member server.\n"
msgstr ""
-#: ../../utils/net_ads.c:1065 ../../utils/net_rpc.c:436
+#: ../../utils/net_ads.c:1065
+#: ../../utils/net_rpc.c:436
#, c-format
msgid "Our netbios name can be at most 15 chars long, \"%s\" is %u chars long\n"
msgstr ""
msgid "Joined '%s' to domain '%s'\n"
msgstr ""
-#: ../../utils/net_ads.c:1377 ../../utils/net_ads.c:1433
+#: ../../utils/net_ads.c:1377
+#: ../../utils/net_ads.c:1433
msgid "DNS update failed!\n"
msgstr ""
#. issue an overall failure message at the end.
-#: ../../utils/net_ads.c:1391 ../../utils/net_dom.c:198
+#: ../../utils/net_ads.c:1391
+#: ../../utils/net_dom.c:198
#, c-format
msgid "Failed to join domain: %s\n"
msgstr ""
msgid "Server '%s' not found: %s\n"
msgstr ""
-#: ../../utils/net_ads.c:1611 ../../utils/net_ads.c:1794
+#: ../../utils/net_ads.c:1611
+#: ../../utils/net_ads.c:1794
#, c-format
msgid "Printer '%s' not found\n"
msgstr ""
msgid "Could not find machine account for server %s\n"
msgstr ""
-#: ../../utils/net_ads.c:1704 ../../utils/net_ads.c:1713
+#: ../../utils/net_ads.c:1704
+#: ../../utils/net_ads.c:1713
msgid "Internal error, out of memory!"
msgstr ""
msgid "Didn't find the kerberos server!\n"
msgstr ""
-#: ../../utils/net_ads.c:1923 ../../utils/net_rpc.c:756
+#: ../../utils/net_ads.c:1923
+#: ../../utils/net_rpc.c:756
#, c-format
msgid "Enter new password for %s:"
msgstr "Bitte neues Passwort für %s eingeben: "
-#: ../../utils/net_ads.c:1933 ../../utils/net_ads.c:1982
+#: ../../utils/net_ads.c:1933
+#: ../../utils/net_ads.c:1982
#, c-format
msgid "Password change failed: %s\n"
msgstr ""
"\n"
msgstr ""
-#: ../../utils/net_ads.c:2046 ../../utils/net_ads.c:2107 ../../utils/net_ads.c:2171 ../../utils/net_ads_gpo.c:250
+#: ../../utils/net_ads.c:2046
+#: ../../utils/net_ads.c:2107
+#: ../../utils/net_ads.c:2171
+#: ../../utils/net_ads_gpo.c:250
#, c-format
msgid "search failed: %s\n"
-msgstr ""
+msgstr "Suche fehlgeschlagen: %s\n"
-#: ../../utils/net_ads.c:2051 ../../utils/net_ads.c:2176 ../../utils/net_ads_gpo.c:256
+#: ../../utils/net_ads.c:2051
+#: ../../utils/net_ads.c:2176
+#: ../../utils/net_ads_gpo.c:256
#, c-format
msgid ""
"Got %d replies\n"
" Display machine account details"
msgstr ""
-#: ../../utils/net_ads.c:2509 ../../utils/net_rpc.c:7110
+#: ../../utils/net_ads.c:2509
+#: ../../utils/net_rpc.c:7110
msgid "List/modify users"
msgstr ""
" List/modify users"
msgstr ""
-#: ../../utils/net_ads.c:2517 ../../utils/net_rpc.c:7127
+#: ../../utils/net_ads.c:2517
+#: ../../utils/net_rpc.c:7127
msgid "List/modify groups"
msgstr ""
" Change user passwords"
msgstr ""
-#: ../../utils/net_ads.c:2541 ../../utils/net_rpc.c:7159
+#: ../../utils/net_ads.c:2541
+#: ../../utils/net_rpc.c:7159
msgid "Change trust account password"
msgstr "Trust account Passwort ändern"
"\n"
msgstr ""
-#: ../../utils/net_ads_gpo.c:71 ../../utils/net_ads_gpo.c:328
+#: ../../utils/net_ads_gpo.c:71
+#: ../../utils/net_ads_gpo.c:328
msgid "machine"
msgstr ""
-#: ../../utils/net_ads_gpo.c:71 ../../utils/net_ads_gpo.c:328
+#: ../../utils/net_ads_gpo.c:71
+#: ../../utils/net_ads_gpo.c:328
msgid "user"
msgstr ""
msgid "* fetching token "
msgstr ""
-#: ../../utils/net_ads_gpo.c:82 ../../utils/net_ads_gpo.c:90 ../../utils/net_ads_gpo.c:102 ../../utils/net_ads_gpo.c:113 ../../utils/net_ads_gpo.c:158
+#: ../../utils/net_ads_gpo.c:82
+#: ../../utils/net_ads_gpo.c:90
+#: ../../utils/net_ads_gpo.c:102
+#: ../../utils/net_ads_gpo.c:113
+#: ../../utils/net_ads_gpo.c:158
#, c-format
msgid "failed: %s\n"
msgstr ""
-#: ../../utils/net_ads_gpo.c:85 ../../utils/net_ads_gpo.c:94 ../../utils/net_ads_gpo.c:105 ../../utils/net_ads_gpo.c:118 ../../utils/net_ads_gpo.c:163
+#: ../../utils/net_ads_gpo.c:85
+#: ../../utils/net_ads_gpo.c:94
+#: ../../utils/net_ads_gpo.c:105
+#: ../../utils/net_ads_gpo.c:118
+#: ../../utils/net_ads_gpo.c:163
msgid "finished\n"
msgstr ""
#: ../../utils/net_afs.c:48
#, c-format
msgid "Could not open %s\n"
-msgstr ""
+msgstr "Konnte %s nicht öffnen\n"
#: ../../utils/net_afs.c:53
msgid "Could not read keyfile\n"
" List all cache entries.\n"
msgstr ""
-#: ../../utils/net_cache.c:293 ../../utils/net_cache.c:306
+#: ../../utils/net_cache.c:293
+#: ../../utils/net_cache.c:306
msgid ""
"Usage:\n"
"net cache flush\n"
msgid "Error getting config: %s\n"
msgstr ""
-#: ../../utils/net_conf.c:305 ../../utils/net_conf.c:318 ../../utils/net_conf.c:614 ../../utils/net_conf.c:742 ../../utils/net_conf.c:780 ../../utils/net_conf.c:786 ../../utils/net_conf.c:860 ../../utils/net_conf.c:866 ../../utils/net_conf.c:916
-#: ../../utils/net_conf.c:970 ../../utils/net_conf.c:1010 ../../utils/net_conf.c:1050
+#: ../../utils/net_conf.c:305
+#: ../../utils/net_conf.c:318
+#: ../../utils/net_conf.c:614
+#: ../../utils/net_conf.c:742
+#: ../../utils/net_conf.c:780
+#: ../../utils/net_conf.c:786
+#: ../../utils/net_conf.c:860
+#: ../../utils/net_conf.c:866
+#: ../../utils/net_conf.c:916
+#: ../../utils/net_conf.c:970
+#: ../../utils/net_conf.c:1010
+#: ../../utils/net_conf.c:1050
msgid "error: out of memory!\n"
msgstr ""
"\n"
msgstr ""
-#: ../../utils/net_conf.c:346 ../../utils/net_conf.c:382 ../../utils/net_conf.c:407 ../../utils/net_conf.c:793
+#: ../../utils/net_conf.c:346
+#: ../../utils/net_conf.c:382
+#: ../../utils/net_conf.c:407
+#: ../../utils/net_conf.c:793
#, c-format
msgid "error starting transaction: %s\n"
msgstr ""
-#: ../../utils/net_conf.c:400 ../../utils/net_conf.c:416 ../../utils/net_conf.c:817
+#: ../../utils/net_conf.c:400
+#: ../../utils/net_conf.c:416
+#: ../../utils/net_conf.c:817
#, c-format
msgid "error committing transaction: %s\n"
msgstr ""
-#: ../../utils/net_conf.c:427 ../../utils/net_conf.c:828
+#: ../../utils/net_conf.c:427
+#: ../../utils/net_conf.c:828
#, c-format
msgid "error cancelling transaction: %s\n"
msgstr ""
msgid "Error creating share %s: %s\n"
msgstr ""
-#: ../../utils/net_conf.c:690 ../../utils/net_conf.c:699 ../../utils/net_conf.c:707 ../../utils/net_conf.c:715
+#: ../../utils/net_conf.c:690
+#: ../../utils/net_conf.c:699
+#: ../../utils/net_conf.c:707
+#: ../../utils/net_conf.c:715
#, c-format
msgid "Error setting parameter %s: %s\n"
msgstr ""
msgid "Error setting value '%s': %s\n"
msgstr ""
-#: ../../utils/net_conf.c:874 ../../utils/net_conf.c:930
+#: ../../utils/net_conf.c:874
+#: ../../utils/net_conf.c:930
#, c-format
msgid "Error: given service '%s' does not exist.\n"
msgstr ""
-#: ../../utils/net_conf.c:879 ../../utils/net_conf.c:935
+#: ../../utils/net_conf.c:879
+#: ../../utils/net_conf.c:935
#, c-format
msgid "Error: given parameter '%s' is not set.\n"
msgstr ""
msgid "error deleting includes: %s\n"
msgstr ""
-#: ../../utils/net_conf.c:1136 ../../utils/net_help.c:36 ../../utils/net_rap.c:161 ../../utils/net_rap.c:302 ../../utils/net_rap.c:467 ../../utils/net_rap.c:750 ../../utils/net_rap.c:891 ../../utils/net_rap.c:1002 ../../utils/net_rap.c:1193
-#: ../../utils/net_rpc.c:960 ../../utils/net_rpc.c:2801 ../../utils/net_rpc.c:4897 ../../utils/net_rpc.c:6933 ../../utils/net_rpc.c:7038
+#: ../../utils/net_conf.c:1136
+#: ../../utils/net_help.c:36
+#: ../../utils/net_rap.c:161
+#: ../../utils/net_rap.c:302
+#: ../../utils/net_rap.c:467
+#: ../../utils/net_rap.c:750
+#: ../../utils/net_rap.c:891
+#: ../../utils/net_rap.c:1002
+#: ../../utils/net_rap.c:1193
+#: ../../utils/net_rpc.c:960
+#: ../../utils/net_rpc.c:2801
+#: ../../utils/net_rpc.c:4897
+#: ../../utils/net_rpc.c:6933
+#: ../../utils/net_rpc.c:7038
msgid "Usage:\n"
msgstr ""
msgid "Failed to unjoin domain: %s\n"
msgstr ""
-#: ../../utils/net_dom.c:97 ../../utils/net_dom.c:204
+#: ../../utils/net_dom.c:97
+#: ../../utils/net_dom.c:204
msgid "Shutting down due to a domain membership change"
msgstr ""
msgid "usage: net eventlog dump <file.evt>\n"
msgstr ""
-#: ../../utils/net_eventlog.c:52 ../../utils/net_eventlog.c:108
+#: ../../utils/net_eventlog.c:52
+#: ../../utils/net_eventlog.c:108
#, c-format
msgid "failed to load evt file: %s\n"
msgstr ""
-#: ../../utils/net_eventlog.c:59 ../../utils/net_eventlog.c:129
+#: ../../utils/net_eventlog.c:59
+#: ../../utils/net_eventlog.c:129
#, c-format
msgid "evt pull failed: %s\n"
msgstr ""
msgid "input file is wrapped, cannot proceed\n"
msgstr ""
-#: ../../utils/net_eventlog.c:138 ../../utils/net_eventlog.c:203
+#: ../../utils/net_eventlog.c:138
+#: ../../utils/net_eventlog.c:203
#, c-format
msgid "can't open the eventlog TDB (%s)\n"
msgstr ""
"\n"
msgstr ""
-#: ../../utils/net_group.c:44 ../../utils/net_user.c:41
+#: ../../utils/net_group.c:44
+#: ../../utils/net_user.c:41
msgid "\t-C or --comment=<comment>\tdescriptive comment (for add only)\n"
msgstr ""
-#: ../../utils/net_group.c:46 ../../utils/net_user.c:43
+#: ../../utils/net_group.c:46
+#: ../../utils/net_user.c:43
msgid "\t-c or --container=<container>\tLDAP container, defaults to cn=Users (for add in ADS only)\n"
msgstr ""
" sid\tSID of group to list"
msgstr ""
-#: ../../utils/net_groupmap.c:91 ../../utils/net_groupmap.c:271 ../../utils/net_groupmap.c:356 ../../utils/net_groupmap.c:412 ../../utils/net_groupmap.c:495 ../../utils/net_groupmap.c:522
+#: ../../utils/net_groupmap.c:91
+#: ../../utils/net_groupmap.c:271
+#: ../../utils/net_groupmap.c:356
+#: ../../utils/