Re: SMB help needed

2009-12-12 Thread Henrik Nordstrom
tor 2009-12-10 klockan 00:34 +1300 skrev Amos Jeffries:

 A few months ago we had this argument out and decided to keep them for 
 the people who still don't want to or can't install Samba.

Indeed. The SMB helpers are easier to get going as one does not need to
join the domain or anything, just being able to speak to the SMB port of
a server in the domain.

But other than that the helpers are in quite crappy shape..

Regards
Henrik



Re: SMB help needed

2009-12-12 Thread Robert Collins
On Sat, 2009-12-12 at 23:33 +0100, Henrik Nordstrom wrote:
 tor 2009-12-10 klockan 00:34 +1300 skrev Amos Jeffries:
 
  A few months ago we had this argument out and decided to keep them for 
  the people who still don't want to or can't install Samba.
 
 Indeed. The SMB helpers are easier to get going as one does not need to
 join the domain or anything, just being able to speak to the SMB port of
 a server in the domain.
 
 But other than that the helpers are in quite crappy shape..

They are easier in that sense, but worse in the following:
 - they put more load on the domain
 - can't do NTLM reliably
 - very old, very crufty code

I know we had the argument, but I'm not at all convinced that keeping
them is the right answer.

I think a better answer is to talk to samba to find out if winbindd can
be used outside a domain, which is the only usecase these helpers are
'better' at, and if it can - or if it could be changed to do so, then do
that, and get rid of the cruft as at that point it won't offer anything.

-Rob


signature.asc
Description: This is a digitally signed message part


Re: SMB help needed

2009-12-09 Thread Robert Collins
On Wed, 2009-12-09 at 17:40 +1300, Amos Jeffries wrote:
 
 
 During the helper conversion to C++ I found that the various SMB
 lookup 
 helpers had a lot of duplicate code as each included the entire 
 smbval/smblib validation library as inline code. 

Delete them. Samba project ships helpers that speak to winbindd and do a
hellishly better job :-)

-Rob


signature.asc
Description: This is a digitally signed message part


Re: SMB help needed

2009-12-09 Thread Amos Jeffries

Robert Collins wrote:

On Wed, 2009-12-09 at 17:40 +1300, Amos Jeffries wrote:


During the helper conversion to C++ I found that the various SMB
lookup 
helpers had a lot of duplicate code as each included the entire 
smbval/smblib validation library as inline code. 


Delete them. Samba project ships helpers that speak to winbindd and do a
hellishly better job :-)



I wish.

A few months ago we had this argument out and decided to keep them for 
the people who still don't want to or can't install Samba.



Amos
--
Please be using
  Current Stable Squid 2.7.STABLE7 or 3.0.STABLE20
  Current Beta Squid 3.1.0.15


SMB help needed

2009-12-08 Thread Amos Jeffries
During the helper conversion to C++ I found that the various SMB lookup 
helpers had a lot of duplicate code as each included the entire 
smbval/smblib validation library as inline code.


I've managed to consolidate just about all of the files into a shared 
library but there remains two problems:


 1) the MSNT helper which performs proper domain-controller lookups 
make use of the available domain and encryption details. And a few other 
things the smb_lm helper did not.
 unidiff patch attached if anyone who knows what SMB is meant to do can 
give their opinion on the best way to merge these bits.


 2) I'm unable to actually test the merged code still works. A lot of 
castings and void* types have been removed in the upgrade so I want to 
be really sure before it gets merged in.
   Is anyone able to pull down the lp:~yadi/squid/helpers branch and 
give the new basic_msnt_auth and ntlm_smb_lm_auth helpers a whirl?
   NP: there is a fair bit of header cleanups still to be done/ongoing 
which will require another test later, but I'd like some confidence that 
the basic code still works.


Amos
--- valid.cc	2009-12-09 01:08:18.0 +1300
+++ valid.cc.MSNT	2009-12-07 17:49:38.0 +1300
@@ -16,22 +13,24 @@
 #include string.h
 #endif
 
+#include smblib-priv.h
+#include smblib.h
+#include valid.h
+
 int
 Valid_User(char *username, char *password, char *server, char *backup, char *domain)
 {
-int pass_is_precrypted_p = 0;
-char const *supportedDialects[] = {
-/*  PC NETWORK PROGRAM 1.0, */
-/*  MICROSOFT NETWORKS 1.03, */
-/*  MICROSOFT NETWORKS 3.0, */
-LANMAN1.0,
-LM1.2X002,
-Samba,
-/*  NT LM 0.12, */
-/*  NT LANMAN 1.0, */
-NULL
-};
-SMB_Handle_Type con;
+const char *SMB_Prots[] = {PC NETWORK PROGRAM 1.0,
+   MICROSOFT NETWORKS 1.03,
+   MICROSOFT NETWORKS 3.0,
+   LANMAN1.0,
+   LM1.2X002,
+   Samba,
+   NT LM 0.12,
+   NT LANMAN 1.0,
+   NULL
+  };
+void *con;
 
 SMB_Init();
 con = SMB_Connect_Server(NULL, server, domain);
@@ -41,16 +40,11 @@
 return (NTV_SERVER_ERROR);
 }
 }
-if (SMB_Negotiate(con, supportedDialects)  0) {	/* An error */
-SMB_Discon(con, 0);
-return (NTV_PROTOCOL_ERROR);
-}
-/* Test for a server in share level mode do not authenticate against it */
-if (con-Security == 0) {
+if (SMB_Negotiate(con, SMB_Prots)  0) {	/* An error */
 SMB_Discon(con, 0);
 return (NTV_PROTOCOL_ERROR);
 }
-if (SMB_Logon_Server(con, username, password, domain, pass_is_precrypted_p)  0) {
+if (SMB_Logon_Server(con, username, password)  0) {
 SMB_Discon(con, 0);
 return (NTV_LOGON_ERROR);
 }
--- smblib.cc	2009-12-07 16:43:51.0 +1300
+++ smblib.cc.MSNT	2009-12-07 17:21:00.0 +1300
@@ -145,17 +145,7 @@
 strcpy(con-LMType, SMBLIB_DEFAULT_LMTYPE);
 con-first_tree = con-last_tree = NULL;
 
-/* ugh. This is horribly broken. */
-/*   SMB_Get_My_Name(con - myname, sizeof(con - myname)); */
-/* hacked by Kinkie */
-if (-1 == gethostname(con-myname, sizeof(con-myname))) {
-strcpy(con-myname, unknown);
-} else {
-if (NULL != (address = strchr(con-myname, '.'))) {
-*address = '\0';	/* truncate at first '.' */
-}
-}
-
+SMB_Get_My_Name(con-myname, sizeof(con-myname));
 
 con-port = 0;		/* No port selected */
 
@@ -324,7 +314,7 @@
 
 int
 SMB_Logon_Server(SMB_Handle_Type Con_Handle, char *UserName,
- char *PassWord, char *UserDomain, int precrypted)
+ char *PassWord)
 {
 struct RFCNB_Pkt *pkt;
 int param_len, pkt_len, pass_len;
@@ -340,24 +330,22 @@
 return (SMBlibE_BAD);
 
 }
-if (precrypted) {
+strcpy(pword, PassWord);
+#ifdef PAM_SMB_ENC_PASS
+if (Con_Handle-encrypt_passwords) {
 pass_len = 24;
-memcpy(pword, PassWord, 24);
-} else {
-strcpy(pword, PassWord);
-if (Con_Handle-encrypt_passwords) {
-pass_len = 24;
-SMBencrypt((uchar *) PassWord, (uchar *) Con_Handle-Encrypt_Key, (uchar *) pword);
-} else
-pass_len = strlen(pword);
-}
+SMBencrypt((uchar *) PassWord, (uchar *) Con_Handle-Encrypt_Key, (uchar *) pword);
+} else
+#endif
+pass_len = strlen(pword);
+
 
 /* Now build the correct structure */
 
 if (Con_Handle-protocol  SMB_P_NT1) {
 
 param_len = strlen(UserName) + 1 + pass_len + 1 +
-strlen(UserDomain) + 1 +
+strlen(Con_Handle-PDomain) + 1 +