Given Jeremy's positive response, and a lack of one from tpot, I'll commit
authorAndrew Bartlett <abartlet@samba.org>
Thu, 23 May 2002 14:02:17 +0000 (14:02 +0000)
committerAndrew Bartlett <abartlet@samba.org>
Thu, 23 May 2002 14:02:17 +0000 (14:02 +0000)
this:

More code cleanup - this lot a bit more dodgy than the last:

The aim is to trim pwd_cache down to size.  Its overly complex, and a
pain to deal with.  With a header comment like this:

'obfusticaion is planned'

I think it deserved to die (at least partly).

This was being done to allow 'cli_establish_connection' to die - its
functionality has been replaced by cli_full_connection(), which does
not duplicate code everywhere for creating names etc.

This also removes the little 'init' fucntions for the various pipes,
becouse they were only used in one place, and even then it was dodgy.

(I've reworked smbcacls not to use anonymous connections any more, as
this will (should) fail with a 'restrict anonymous' PDC).

This allowed me to remove cli_pipe_util.c, which was calling
cli_establish_connection.

tpot:  I'm not sure what direction you were going with the client stuff,
and you may well have been wanting the init functions.  If thats the case,
give me a yell and I'll reimplement them against cli_full_connection.

Andrew Bartlett
(This used to be commit fa67e4626bed623333c571e76e06ccd52cba5cc5)

14 files changed:
source3/Makefile.in
source3/libsmb/cli_dfs.c
source3/libsmb/cli_lsarpc.c
source3/libsmb/cli_netlogon.c
source3/libsmb/cli_pipe_util.c [deleted file]
source3/libsmb/cli_reg.c
source3/libsmb/cli_samr.c
source3/libsmb/cli_spoolss.c
source3/libsmb/cli_srvsvc.c
source3/libsmb/cli_wkssvc.c
source3/libsmb/cliconnect.c
source3/libsmb/pwd_cache.c
source3/rpcclient/samsync.c
source3/utils/smbcacls.c

index fb16344f43a20b6d763c452046ca8b83c6232662..fc2c0506b28f5ccd60a8ebc3e3ad7995d0644153 100644 (file)
@@ -163,7 +163,7 @@ LIBSMB_OBJ = libsmb/clientgen.o libsmb/cliconnect.o libsmb/clifile.o \
 LIBMSRPC_OBJ = libsmb/cli_lsarpc.o libsmb/cli_samr.o libsmb/cli_spoolss.o \
               libsmb/cli_netlogon.o libsmb/cli_srvsvc.o libsmb/cli_wkssvc.o \
               libsmb/cli_dfs.o libsmb/cli_reg.o libsmb/trust_passwd.o\
-              rpc_client/cli_pipe.o libsmb/cli_pipe_util.o
+              rpc_client/cli_pipe.o
 
 LIBMSRPC_PICOBJ = $(LIBMSRPC_OBJ:.o=.po)
 
index 312275926c79abad0b1facef3c67f76d8a0e1bab..7fc27b9c3b2687fcc61ca6354ba0d1c580e315ad 100644 (file)
 
 #include "includes.h"
 
-/* Opens a SMB connection to the netdfs pipe */
-
-struct cli_state *cli_dfs_initialise(struct cli_state *cli, char *system_name,
-                                    struct ntuser_creds *creds)
-{
-        return cli_pipe_initialise(cli, system_name, PIPE_NETDFS, creds);
-}
-
 /* Query DFS support */
 
 NTSTATUS cli_dfs_exist(struct cli_state *cli, TALLOC_CTX *mem_ctx,
index 8eaf6da2ecf80fd0ab9f7bd075b398c38525b886..9d07eb1d1ea958e64f898b0e8718e89dbbb2dc83 100644 (file)
  * security authority", which is half of a password database.
  **/
 
-/** Opens a SMB connection and connects to the LSARPC pipe.
- *
- * @param cli Uninitialised client handle.
- * @param system_name NETBIOS name of the machine to connect to.
- * @param creds User credentials to connect as.
- * @returns Initialised client handle.
- */
-struct cli_state *cli_lsa_initialise(struct cli_state *cli, char *system_name,
-                                    struct ntuser_creds *creds)
-{
-        return cli_pipe_initialise(cli, system_name, PIPE_LSARPC, creds);
-}
-
 /** Open a LSA policy handle
  *
  * @param cli Handle on an initialised SMB connection */
index 12651966d7dcc60a22d19f55d83b28bb823583b6..765f19a5fe70cc18c5aac88a23f43a4164247cb0 100644 (file)
 
 #include "includes.h"
 
-/* Opens a SMB connection to the netlogon pipe */
-
-struct cli_state *cli_netlogon_initialise(struct cli_state *cli, 
-                                         char *system_name,
-                                         struct ntuser_creds *creds)
-{
-        return cli_pipe_initialise(cli, system_name, PIPE_NETLOGON, creds);
-}
-
 /* LSA Request Challenge. Sends our challenge to server, then gets
    server response. These are used to generate the credentials. */
 
diff --git a/source3/libsmb/cli_pipe_util.c b/source3/libsmb/cli_pipe_util.c
deleted file mode 100644 (file)
index de1c832..0000000
+++ /dev/null
@@ -1,82 +0,0 @@
-/* 
-   Unix SMB/CIFS implementation.
-   RPC pipe client utility functions
-   Copyright (C) Tim Potter                        2001,
-   
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2 of the License, or
-   (at your option) any later version.
-   
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-   
-   You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-/** \defgroup rpc_client RPC Client routines
- */
-
-/* Opens a SMB connection to a named pipe */
-
-struct cli_state *cli_pipe_initialise(struct cli_state *cli, char *system_name,
-                                     char *pipe_name, 
-                                      struct ntuser_creds *creds)
-{
-       struct in_addr dest_ip;
-       struct nmb_name calling, called;
-       fstring dest_host;
-       extern pstring global_myname;
-       struct ntuser_creds anon;
-
-       /* Initialise cli_state information */
-
-       if (!cli_initialise(cli)) {
-               return NULL;
-       }
-
-       if (!creds) {
-               ZERO_STRUCT(anon);
-               anon.pwd.null_pwd = 1;
-               creds = &anon;
-       }
-
-       cli_init_creds(cli, creds);
-
-       /* Establish a SMB connection */
-
-       if (!resolve_srv_name(system_name, dest_host, &dest_ip)) {
-               return NULL;
-       }
-
-       make_nmb_name(&called, dns_to_netbios_name(dest_host), 0x20);
-       make_nmb_name(&calling, dns_to_netbios_name(global_myname), 0);
-
-       if (!cli_establish_connection(cli, dest_host, &dest_ip, &calling, 
-                                     &called, "IPC$", "IPC", False, True)) {
-               return NULL;
-       }
-
-       /* Open a NT session thingy */
-
-       if (!cli_nt_session_open(cli, pipe_name)) {
-               cli_shutdown(cli);
-               return NULL;
-       }
-
-       return cli;
-}
-
-/* Shut down a SMB connection to the SAMR pipe */
-
-void cli_pipe_shutdown(struct cli_state *cli)
-{
-       if (cli->fd != -1) cli_ulogoff(cli);
-       cli_shutdown(cli);
-}
index c09ccabb29f61737dd2d4f8a17dddaf581247c8d..aaf18882f7622d62c8455830f98e8c6df0137c3c 100644 (file)
 
 #include "includes.h"
 
-/* Opens a SMB connection to the WINREG pipe */
-
-struct cli_state *cli_winreg_initialise(struct cli_state *cli, 
-                                        char *system_name,
-                                        struct ntuser_creds *creds)
-{
-        return cli_pipe_initialise(cli, system_name, PIPE_WINREG, creds);
-}
-
 /* Shutdown a server */
 
 NTSTATUS cli_reg_shutdown(struct cli_state * cli, TALLOC_CTX *mem_ctx,
index f3560ede5d72eca4fe2cc8433fd3a14748f63e34..9a332aa99e2eb60df079b5bb7c3e79530fee70ea 100644 (file)
 
 #include "includes.h"
 
-/* Opens a SMB connection to the SAMR pipe */
-
-struct cli_state *cli_samr_initialise(struct cli_state *cli, char *system_name,
-                                     struct ntuser_creds *creds)
-{
-        return cli_pipe_initialise(cli, system_name, PIPE_SAMR, creds);
-}
-
 /* Connect to SAMR database */
 
 NTSTATUS cli_samr_connect(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
index 28f4f481fadc8f070042b3e1127707267133bc29..5e33e00c6805c2c250a02548698e7591ac920031 100644 (file)
  * @{
  **/
 
-/** Opens a SMB connection and connects to the SPOOLSS pipe.
- *
- * @param cli Uninitialised client handle.
- * @param system_name NETBIOS name of the machine to connect to.
- * @param creds User credentials to connect as.
- * @returns Initialised client handle.
- */
-struct cli_state *cli_spoolss_initialise(struct cli_state *cli,
-                                        char *system_name,
-                                        struct ntuser_creds *creds)
-{
-        return cli_pipe_initialise(cli, system_name, PIPE_SPOOLSS, creds);
-}
-
 /**********************************************************************
  Initialize a new spoolss buff for use by a client rpc
 **********************************************************************/
index 9d33149540bba50fc9f9e136e7a2dbd9c6efea99..b5b4478684f28df682049888d57647f6cd83d014 100644 (file)
 
 #include "includes.h"
 
-/* Opens a SMB connection to the svrsvc pipe */
-
-struct cli_state *cli_svrsvc_initialise(struct cli_state *cli, 
-                                       char *system_name,
-                                       struct ntuser_creds *creds)
-{
-        return cli_pipe_initialise(cli, system_name, PIPE_SRVSVC, creds);
-}
-
 NTSTATUS cli_srvsvc_net_srv_get_info(struct cli_state *cli, 
                                      TALLOC_CTX *mem_ctx,
                                      uint32 switch_value, SRV_INFO_CTR *ctr)
index 2a84e6b6980b4b7665b983d8dfe78226ecece5c6..756ff61e5b01975aa49047807b44148218585bc2 100644 (file)
 
 #include "includes.h"
 
-/**
- * Opens a SMB connection to the wkssvc pipe
- *
- * @param cli client structure (not yet initialised)
- * @param system_name called rpc server name
- * @param creds user credentials
- *
- * @return client structure with opened pipe
- **/
-
-struct cli_state *cli_wkssvc_initialise(struct cli_state *cli, 
-                                       char *system_name,
-                                       struct ntuser_creds *creds)
-{
-        return cli_pipe_initialise(cli, system_name, PIPE_WKSSVC, creds);
-}
-
-
 /**
  * WksQueryInfo rpc call (like query for server's capabilities)
  *
index ec2c33f419114a2b1d0f0f8838906b12d2fa6a37..f41c3b77010e12cf0215dce8b9aece8bed60fb2d 100644 (file)
@@ -1027,152 +1027,6 @@ BOOL cli_connect(struct cli_state *cli, const char *host, struct in_addr *ip)
        return True;
 }
 
-/****************************************************************************
-establishes a connection right up to doing tconX, password in cache.
-****************************************************************************/
-BOOL cli_establish_connection(struct cli_state *cli, 
-                               char *dest_host, struct in_addr *dest_ip,
-                               struct nmb_name *calling, struct nmb_name *called,
-                               char *service, char *service_type,
-                               BOOL do_shutdown, BOOL do_tcon)
-{
-       DEBUG(5,("cli_establish_connection: %s connecting to %s (%s) - %s [%s]\n",
-                         nmb_namestr(calling), nmb_namestr(called), inet_ntoa(*dest_ip),
-                     cli->user_name, cli->domain));
-
-       /* establish connection */
-
-       if ((!cli->initialised))
-       {
-               return False;
-       }
-
-       /* cli_establish_connection() can't handle spnego yet. Once we get rid of
-          pwd_cache and other horrors we can get rid of this */
-       cli->use_spnego = False;
-
-       if (cli->fd == -1)
-       {
-               if (!cli_connect(cli, dest_host, dest_ip))
-               {
-                       DEBUG(1,("cli_establish_connection: failed to connect to %s (%s)\n",
-                                         nmb_namestr(called), inet_ntoa(*dest_ip)));
-                       return False;
-               }
-       }
-
-       if (!cli_session_request(cli, calling, called))
-       {
-               DEBUG(1,("failed session request\n"));
-               if (do_shutdown)
-                       cli_shutdown(cli);
-               return False;
-       }
-
-       if (!cli_negprot(cli))
-       {
-               DEBUG(1,("failed negprot\n"));
-               if (do_shutdown)
-                       cli_shutdown(cli);
-               return False;
-       }
-
-       if (cli->pwd.cleartext || cli->pwd.null_pwd)
-       {
-               fstring passwd;
-               int pass_len;
-
-               if (cli->pwd.null_pwd)
-               {
-                       /* attempt null session */
-                       passwd[0] = 0;
-                       pass_len = 1;
-               }
-               else
-               {
-                       /* attempt clear-text session */
-                       pwd_get_cleartext(&(cli->pwd), passwd);
-                       pass_len = strlen(passwd);
-               }
-
-               /* attempt clear-text session */
-               if (!cli_session_setup(cli, cli->user_name,
-                              passwd, pass_len,
-                              NULL, 0,
-                              cli->domain))
-               {
-                       DEBUG(1,("failed session setup\n"));
-                       if (do_shutdown)
-                       {
-                               cli_shutdown(cli);
-                       }
-                       return False;
-               }
-               if (do_tcon)
-               {
-                       if (!cli_send_tconX(cli, service, service_type,
-                                           (char*)passwd, strlen(passwd)))
-                       {
-                               DEBUG(1,("failed tcon_X\n"));
-                               if (do_shutdown)
-                               {
-                                       cli_shutdown(cli);
-                               }
-                               return False;
-                       }
-               }
-       }
-       else
-       {
-               /* attempt encrypted session */
-               unsigned char nt_sess_pwd[24];
-               unsigned char lm_sess_pwd[24];
-
-               /* creates (storing a copy of) and then obtains a 24 byte password OWF */
-               pwd_make_lm_nt_owf(&(cli->pwd), cli->secblob.data);
-               pwd_get_lm_nt_owf(&(cli->pwd), lm_sess_pwd, nt_sess_pwd);
-
-               /* attempt encrypted session */
-               if (!cli_session_setup(cli, cli->user_name,
-                              (char*)lm_sess_pwd, sizeof(lm_sess_pwd),
-                              (char*)nt_sess_pwd, sizeof(nt_sess_pwd),
-                              cli->domain))
-               {
-                       DEBUG(1,("failed session setup\n"));
-                       if (do_shutdown)
-                             cli_shutdown(cli);
-                       return False;
-               }
-
-               DEBUG(1,("session setup ok\n"));
-    
-               if (*cli->server_domain || *cli->server_os || *cli->server_type)
-               {
-                       DEBUG(1,("Domain=[%s] OS=[%s] Server=[%s]\n",
-                                cli->server_domain,
-                                cli->server_os,
-                                cli->server_type));
-               }
-               
-               if (do_tcon)
-               {
-                       if (!cli_send_tconX(cli, service, service_type,
-                                           (char*)nt_sess_pwd, sizeof(nt_sess_pwd)))
-                       {
-                               DEBUG(1,("failed tcon_X\n"));
-                               if (do_shutdown)
-                                       cli_shutdown(cli);
-                               return False;
-                       }
-               }
-       }
-
-       if (do_shutdown)
-               cli_shutdown(cli);
-
-       return True;
-}
-
 /* Initialise client credentials for authenticated pipe access */
 
 static void init_creds(struct ntuser_creds *creds, char* username,
@@ -1230,7 +1084,7 @@ again:
        DEBUG(3,("Connecting to host=%s share=%s\n", dest_host, service));
        
        if (!cli_connect(cli, dest_host, &ip)) {
-               DEBUG(1,("cli_establish_connection: failed to connect to %s (%s)\n",
+               DEBUG(1,("cli_full_connection: failed to connect to %s (%s)\n",
                         nmb_namestr(&called), inet_ntoa(*dest_ip)));
                cli_shutdown(cli);
                return NT_STATUS_UNSUCCESSFUL;
index 7d1185d9a7d53ebb441da9457762f13907804743..8b79788fed750f632a1ecba6ee5dc3dfff27c84b 100644 (file)
@@ -24,7 +24,7 @@
  Initialises a password structure.
 ****************************************************************************/
 
-void pwd_init(struct pwd_info *pwd)
+static void pwd_init(struct pwd_info *pwd)
 {
        memset((char *)pwd->password  , '\0', sizeof(pwd->password  ));
        memset((char *)pwd->smb_lm_pwd, '\0', sizeof(pwd->smb_lm_pwd));
@@ -38,89 +38,21 @@ void pwd_init(struct pwd_info *pwd)
 }
 
 /****************************************************************************
- Returns NULL password flag.
-****************************************************************************/
-
-BOOL pwd_is_nullpwd(const struct pwd_info *pwd)
-{
-        return pwd->null_pwd;
-}
-
-/****************************************************************************
- Compares two passwords.  hmm, not as trivial as expected.  hmm.
-****************************************************************************/
-
-BOOL pwd_compare(const struct pwd_info *pwd1, const struct pwd_info *pwd2)
-{
-       if (pwd1->cleartext && pwd2->cleartext) {
-               if (strequal(pwd1->password, pwd2->password))
-                       return True;
-       }
-       if (pwd1->null_pwd && pwd2->null_pwd)
-               return True;
-
-       if (!pwd1->null_pwd  && !pwd2->null_pwd &&
-           !pwd1->cleartext && !pwd2->cleartext) {
-#ifdef DEBUG_PASSWORD
-               DEBUG(100,("pwd compare: nt#\n"));
-               dump_data(100, pwd1->smb_nt_pwd, 16);
-               dump_data(100, pwd2->smb_nt_pwd, 16);
-#endif
-               if (memcmp(pwd1->smb_nt_pwd, pwd2->smb_nt_pwd, 16) == 0)
-                       return True;
-#ifdef DEBUG_PASSWORD
-               DEBUG(100,("pwd compare: lm#\n"));
-               dump_data(100, pwd1->smb_lm_pwd, 16);
-               dump_data(100, pwd2->smb_lm_pwd, 16);
-#endif
-               if (memcmp(pwd1->smb_lm_pwd, pwd2->smb_lm_pwd, 16) == 0)
-                       return True;
-       }
-       return False;
-}
-
-/****************************************************************************
- Reads a password.
+ Makes lm and nt hashed passwords.
 ****************************************************************************/
 
-void pwd_read(struct pwd_info *pwd, char *passwd_report, BOOL do_encrypt)
+static void pwd_make_lm_nt_16(struct pwd_info *pwd, char *clr)
 {
-       /* grab a password */
-       char *user_pass;
+       pstring dos_passwd;
 
        pwd_init(pwd);
 
-       user_pass = (char*)getpass(passwd_report);
-
-       /*
-        * Do not assume that an empty string is a NULL password.
-        * If you do this will break the session key generation for
-        * and account with an emtpy password.  If you wish to use
-        * a NULL password, use the -N option to smbclient and rpcclient
-        * --jerry
-        */
-#if 0
-       if (user_pass == NULL || user_pass[0] == 0)
-               pwd_set_nullpwd(pwd);
-       else if (do_encrypt)
-#endif
-       if (do_encrypt)
-               pwd_make_lm_nt_16(pwd, user_pass);
-       else
-               pwd_set_cleartext(pwd, user_pass);
-}
-
-/****************************************************************************
- Stores a cleartext password.
-****************************************************************************/
-
-void pwd_set_nullpwd(struct pwd_info *pwd)
-{
-       pwd_init(pwd);
+       push_ascii_pstring(dos_passwd, clr);
 
+       nt_lm_owf_gen(dos_passwd, pwd->smb_nt_pwd, pwd->smb_lm_pwd);
+       pwd->null_pwd  = False;
        pwd->cleartext = False;
-       pwd->null_pwd  = True;
-       pwd->crypted   = False;
+       pwd->crypted = False;
 }
 
 /****************************************************************************
@@ -150,29 +82,6 @@ void pwd_get_cleartext(struct pwd_info *pwd, char *clr)
 
 }
 
-/****************************************************************************
- Stores lm and nt hashed passwords.
-****************************************************************************/
-
-void pwd_set_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16])
-{
-       pwd_init(pwd);
-
-       if (lm_pwd)
-               memcpy(pwd->smb_lm_pwd, lm_pwd, 16);
-       else
-               memset((char *)pwd->smb_lm_pwd, '\0', 16);
-
-       if (nt_pwd)
-               memcpy(pwd->smb_nt_pwd, nt_pwd, 16);
-       else
-               memset((char *)pwd->smb_nt_pwd, '\0', 16);
-
-       pwd->null_pwd  = False;
-       pwd->cleartext = False;
-       pwd->crypted   = False;
-}
-
 /****************************************************************************
  Gets lm and nt hashed passwords.
 ****************************************************************************/
@@ -185,24 +94,6 @@ void pwd_get_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16])
                memcpy(nt_pwd, pwd->smb_nt_pwd, 16);
 }
 
-/****************************************************************************
- Makes lm and nt hashed passwords.
-****************************************************************************/
-
-void pwd_make_lm_nt_16(struct pwd_info *pwd, char *clr)
-{
-       pstring dos_passwd;
-
-       pwd_init(pwd);
-
-       push_ascii_pstring(dos_passwd, clr);
-
-       nt_lm_owf_gen(dos_passwd, pwd->smb_nt_pwd, pwd->smb_lm_pwd);
-       pwd->null_pwd  = False;
-       pwd->cleartext = False;
-       pwd->crypted = False;
-}
-
 /****************************************************************************
  Makes lm and nt OWF crypts.
 ****************************************************************************/
@@ -247,3 +138,13 @@ void pwd_get_lm_nt_owf(struct pwd_info *pwd, uchar lm_owf[24], uchar nt_owf[24])
        if (nt_owf != NULL)
                memcpy(nt_owf, pwd->smb_nt_owf, 24);
 }
+
+
+
+
+
+
+
+
+
+
index 14f7ed8953826af07b006909f6b318573dfcd3c6..0b307980709ebc94b6de44c12fd59bee896908af 100644 (file)
@@ -396,51 +396,19 @@ static void usage(void)
        printf("\n");
 }
 
-/* Initialise client credentials for authenticated pipe access */
-
-void init_rpcclient_creds(struct ntuser_creds *creds, char* username,
-                         char* domain, char* password)
-{
-       ZERO_STRUCTP(creds);
-
-       if (lp_encrypted_passwords()) {
-               pwd_make_lm_nt_16(&creds->pwd, password);
-       } else {
-               pwd_set_cleartext(&creds->pwd, password);
-       }
-
-       fstrcpy(creds->user_name, username);
-       fstrcpy(creds->domain, domain);
-
-       if (! *username) {
-               creds->pwd.null_pwd = True;
-       }
-}
-
 /* Connect to primary domain controller */
 
-static struct cli_state *init_connection(struct cli_state *cli,
+static struct cli_state *init_connection(struct cli_state **cli,
                                          char *username, char *domain,
                                          char *password)
 {
-        struct ntuser_creds creds;
         extern pstring global_myname;
         struct in_addr *dest_ip;
-        struct nmb_name calling, called;
         int count;
         fstring dest_host;
 
        /* Initialise cli_state information */
 
-        ZERO_STRUCTP(cli);
-
-       if (!cli_initialise(cli)) {
-               return NULL;
-       }
-
-        init_rpcclient_creds(&creds, username, domain, password);
-       cli_init_creds(cli, &creds);
-
         /* Look up name of PDC controller */
 
         if (!get_dc_list(True, lp_workgroup(), &dest_ip, &count)) {
@@ -456,20 +424,15 @@ static struct cli_state *init_connection(struct cli_state *cli,
                 return NULL;
         }
 
-       get_myname((*global_myname)?NULL:global_myname);
-       strupper(global_myname);
-
-       make_nmb_name(&called, dns_to_netbios_name(dest_host), 0x20);
-       make_nmb_name(&calling, dns_to_netbios_name(global_myname), 0);
-
-       /* Establish a SMB connection */
-
-       if (!cli_establish_connection(cli, dest_host, dest_ip, &calling, 
-                                     &called, "IPC$", "IPC", False, True)) {
+       if (NT_STATUS_IS_OK(cli_full_connection(cli, global_myname, dest_host,
+                                               dest_ip, 0,
+                                               "IPC$", "IPC",  
+                                               username, domain,
+                                               password, strlen(password)))) {
+               return *cli;
+       } else {
                return NULL;
        }
-       
-       return cli;
 }
 
 /* Main function */
@@ -477,7 +440,7 @@ static struct cli_state *init_connection(struct cli_state *cli,
  int main(int argc, char **argv)
 {
         BOOL do_sam_sync = False, do_sam_repl = False;
-        struct cli_state cli;
+        struct cli_state *cli;
         NTSTATUS result;
         int opt;
         pstring logfile;
@@ -605,10 +568,10 @@ static struct cli_state *init_connection(struct cli_state *cli,
                 return 1;
 
         if (do_sam_sync)
-                result = sam_sync(&cli, trust_passwd, do_smbpasswd_output, verbose);
+                result = sam_sync(cli, trust_passwd, do_smbpasswd_output, verbose);
 
         if (do_sam_repl)
-                result = sam_repl(&cli, trust_passwd, low_serial);
+                result = sam_repl(cli, trust_passwd, low_serial);
 
         if (!NT_STATUS_IS_OK(result)) {
                 DEBUG(0, ("%s\n", nt_errstr(result)));
index 017f4035b07fe028b32055d45c8a3882e8491ec6..62ab6357b41e88dd074d086d9d232cd4611b8652 100644 (file)
@@ -42,6 +42,9 @@ enum acl_mode {SMB_ACL_SET, SMB_ACL_DELETE, SMB_ACL_MODIFY, SMB_ACL_ADD };
 enum chown_mode {REQUEST_NONE, REQUEST_CHOWN, REQUEST_CHGRP};
 enum exit_values {EXIT_OK, EXIT_FAILED, EXIT_PARSE_ERROR};
 
+extern pstring global_myname;
+extern fstring global_myworkgroup;
+
 struct perm_value {
        char *perm;
        uint32 mask;
@@ -66,24 +69,25 @@ static struct perm_value standard_values[] = {
        { NULL, 0 },
 };
 
-struct cli_state lsa_cli;
-POLICY_HND pol;
-struct ntuser_creds creds;
-BOOL got_policy_hnd;
+static struct cli_state *global_hack_cli;
+static POLICY_HND pol;
+static BOOL got_policy_hnd;
+
+static struct cli_state *connect_one(char *share);
 
 /* Open cli connection and policy handle */
 
 static BOOL cacls_open_policy_hnd(void)
 {
-       creds.pwd.null_pwd = 1;
-
        /* Initialise cli LSA connection */
 
-       if (!lsa_cli.initialised && 
-           !cli_lsa_initialise(&lsa_cli, server, &creds)) {
-               return False;
+       if (!global_hack_cli) {
+               global_hack_cli = connect_one("IPC$");
+               if (!cli_nt_session_open (global_hack_cli, PIPE_LSARPC)) {
+                               return False;
+               }
        }
-
+       
        /* Open policy handle */
 
        if (!got_policy_hnd) {
@@ -91,7 +95,7 @@ static BOOL cacls_open_policy_hnd(void)
                /* Some systems don't support SEC_RIGHTS_MAXIMUM_ALLOWED,
                   but NT sends 0x2000000 so we might as well do it too. */
 
-               if (!NT_STATUS_IS_OK(cli_lsa_open_policy(&lsa_cli, lsa_cli.mem_ctx, True, 
+               if (!NT_STATUS_IS_OK(cli_lsa_open_policy(global_hack_cli, global_hack_cli->mem_ctx, True, 
                                                         GENERIC_EXECUTE_ACCESS, &pol))) {
                        return False;
                }
@@ -116,7 +120,7 @@ static void SidToString(fstring str, DOM_SID *sid)
        /* Ask LSA to convert the sid to a name */
 
        if (!cacls_open_policy_hnd() ||
-           !NT_STATUS_IS_OK(cli_lsa_lookup_sids(&lsa_cli, lsa_cli.mem_ctx,  
+           !NT_STATUS_IS_OK(cli_lsa_lookup_sids(global_hack_cli, global_hack_cli->mem_ctx,  
                                                 &pol, 1, sid, &domains, 
                                                 &names, &types)) ||
            !domains || !domains[0] || !names || !names[0]) {
@@ -143,7 +147,7 @@ static BOOL StringToSid(DOM_SID *sid, const char *str)
        }
 
        if (!cacls_open_policy_hnd() ||
-           !NT_STATUS_IS_OK(cli_lsa_lookup_names(&lsa_cli, lsa_cli.mem_ctx, 
+           !NT_STATUS_IS_OK(cli_lsa_lookup_names(global_hack_cli, global_hack_cli->mem_ctx, 
                                                  &pol, 1, &str, &sids, 
                                                  &types))) {
                result = False;
@@ -700,80 +704,29 @@ static int cacl_set(struct cli_state *cli, char *filename,
 /***************************************************** 
 return a connection to a server
 *******************************************************/
-struct cli_state *connect_one(char *share)
+static struct cli_state *connect_one(char *share)
 {
        struct cli_state *c;
-       struct nmb_name called, calling;
        struct in_addr ip;
-       extern pstring global_myname;
-
-       fstrcpy(server,share+2);
-       share = strchr_m(server,'\\');
-       if (!share) return NULL;
-       *share = 0;
-       share++;
-
-        zero_ip(&ip);
-
-       make_nmb_name(&calling, global_myname, 0x0);
-       make_nmb_name(&called , server, 0x20);
-
- again:
-        zero_ip(&ip);
-
-       /* have to open a new connection */
-       if (!(c=cli_initialise(NULL)) || !cli_connect(c, server, &ip)) {
-               DEBUG(0,("Connection to %s failed\n", server));
-               cli_shutdown(c);
-               return NULL;
-       }
-
-       if (!cli_session_request(c, &calling, &called)) {
-               DEBUG(0,("session request to %s failed\n", called.name));
-               cli_shutdown(c);
-               if (strcmp(called.name, "*SMBSERVER")) {
-                       make_nmb_name(&called , "*SMBSERVER", 0x20);
-                       goto again;
-               }
-               return NULL;
-       }
-
-       DEBUG(4,(" session request ok\n"));
-
-       if (!cli_negprot(c)) {
-               DEBUG(0,("protocol negotiation failed\n"));
-               cli_shutdown(c);
-               return NULL;
-       }
-
+       zero_ip(&ip);
+       
        if (!got_pass) {
                char *pass = getpass("Password: ");
                if (pass) {
                        pstrcpy(password, pass);
+                       got_pass = True;
                }
        }
 
-       if (!cli_session_setup(c, username, 
-                              password, strlen(password),
-                              password, strlen(password),
-                              lp_workgroup())) {
-               DEBUG(0,("session setup failed: %s\n", cli_errstr(c)));
-               cli_shutdown(c);
-               return NULL;
-       }
-
-       DEBUG(4,(" session setup ok\n"));
-
-       if (!cli_send_tconX(c, share, "?????",
-                           password, strlen(password)+1)) {
-               DEBUG(0,("tree connect failed: %s\n", cli_errstr(c)));
-               cli_shutdown(c);
+       if (NT_STATUS_IS_OK(cli_full_connection(&c, global_myname, server, 
+                                               &ip, 0,
+                                               share, "?????",  
+                                               username, global_myworkgroup,
+                                               password, strlen(password)))) {
+               return c;
+       } else {
                return NULL;
        }
-
-       DEBUG(4,(" tconx ok\n"));
-
-       return c;
 }
 
 
@@ -811,12 +764,13 @@ You can string acls together with spaces, commas or newlines\n\
        extern int optind;
        int opt;
        char *p;
-       struct cli_state *cli=NULL;
        enum acl_mode mode = SMB_ACL_SET;
        char *the_acl = NULL;
        enum chown_mode change_mode = REQUEST_NONE;
        int result;
 
+       struct cli_state *cli;
+
        ctx=talloc_init();
 
        setlinebuf(stdout);
@@ -930,12 +884,20 @@ You can string acls together with spaces, commas or newlines\n\
 
        /* Make connection to server */
 
+       fstrcpy(server,share+2);
+       share = strchr_m(server,'\\');
+       if (!share) return -1;
+       *share = 0;
+       share++;
+
        if (!test_args) {
                cli = connect_one(share);
                if (!cli) {
                        talloc_destroy(ctx);
                        exit(EXIT_FAILED);
                }
+       } else {
+               exit(0);
        }
 
        all_string_sub(filename, "/", "\\", 0);
@@ -960,3 +922,4 @@ You can string acls together with spaces, commas or newlines\n\
 
        return result;
 }
+