During the helper conversion to C++ I found that the various SMB lookup
helpers had a lot of duplicate code as each included the entire
smbval/smblib validation library as inline code.
I've managed to consolidate just about all of the files into a shared
library but there remains two problems:
1) the MSNT helper which performs proper domain-controller lookups
make use of the available domain and encryption details. And a few other
things the smb_lm helper did not.
unidiff patch attached if anyone who knows what SMB is meant to do can
give their opinion on the best way to merge these bits.
2) I'm unable to actually test the merged code still works. A lot of
castings and void* types have been removed in the upgrade so I want to
be really sure before it gets merged in.
Is anyone able to pull down the lp:~yadi/squid/helpers branch and
give the new basic_msnt_auth and ntlm_smb_lm_auth helpers a whirl?
NP: there is a fair bit of header cleanups still to be done/ongoing
which will require another test later, but I'd like some confidence that
the basic code still works.
Amos
--- valid.cc 2009-12-09 01:08:18.000000000 +1300
+++ valid.cc.MSNT 2009-12-07 17:49:38.000000000 +1300
@@ -16,22 +13,24 @@
#include <string.h>
#endif
+#include "smblib-priv.h"
+#include "smblib.h"
+#include "valid.h"
+
int
Valid_User(char *username, char *password, char *server, char *backup, char *domain)
{
- int pass_is_precrypted_p = 0;
- char const *supportedDialects[] = {
- /* "PC NETWORK PROGRAM 1.0", */
- /* "MICROSOFT NETWORKS 1.03", */
- /* "MICROSOFT NETWORKS 3.0", */
- "LANMAN1.0",
- "LM1.2X002",
- "Samba",
- /* "NT LM 0.12", */
- /* "NT LANMAN 1.0", */
- NULL
- };
- SMB_Handle_Type con;
+ const char *SMB_Prots[] = {"PC NETWORK PROGRAM 1.0",
+ "MICROSOFT NETWORKS 1.03",
+ "MICROSOFT NETWORKS 3.0",
+ "LANMAN1.0",
+ "LM1.2X002",
+ "Samba",
+ "NT LM 0.12",
+ "NT LANMAN 1.0",
+ NULL
+ };
+ void *con;
SMB_Init();
con = SMB_Connect_Server(NULL, server, domain);
@@ -41,16 +40,11 @@
return (NTV_SERVER_ERROR);
}
}
- if (SMB_Negotiate(con, supportedDialects) < 0) { /* An error */
- SMB_Discon(con, 0);
- return (NTV_PROTOCOL_ERROR);
- }
- /* Test for a server in share level mode do not authenticate against it */
- if (con->Security == 0) {
+ if (SMB_Negotiate(con, SMB_Prots) < 0) { /* An error */
SMB_Discon(con, 0);
return (NTV_PROTOCOL_ERROR);
}
- if (SMB_Logon_Server(con, username, password, domain, pass_is_precrypted_p) < 0) {
+ if (SMB_Logon_Server(con, username, password) < 0) {
SMB_Discon(con, 0);
return (NTV_LOGON_ERROR);
}
--- smblib.cc 2009-12-07 16:43:51.000000000 +1300
+++ smblib.cc.MSNT 2009-12-07 17:21:00.000000000 +1300
@@ -145,17 +145,7 @@
strcpy(con->LMType, SMBLIB_DEFAULT_LMTYPE);
con->first_tree = con->last_tree = NULL;
- /* ugh. This is horribly broken. */
- /* SMB_Get_My_Name(con -> myname, sizeof(con -> myname)); */
- /* hacked by Kinkie */
- if (-1 == gethostname(con->myname, sizeof(con->myname))) {
- strcpy(con->myname, "unknown");
- } else {
- if (NULL != (address = strchr(con->myname, '.'))) {
- *address = '\0'; /* truncate at first '.' */
- }
- }
-
+ SMB_Get_My_Name(con->myname, sizeof(con->myname));
con->port = 0; /* No port selected */
@@ -324,7 +314,7 @@
int
SMB_Logon_Server(SMB_Handle_Type Con_Handle, char *UserName,
- char *PassWord, char *UserDomain, int precrypted)
+ char *PassWord)
{
struct RFCNB_Pkt *pkt;
int param_len, pkt_len, pass_len;
@@ -340,24 +330,22 @@
return (SMBlibE_BAD);
}
- if (precrypted) {
+ strcpy(pword, PassWord);
+#ifdef PAM_SMB_ENC_PASS
+ if (Con_Handle->encrypt_passwords) {
pass_len = 24;
- memcpy(pword, PassWord, 24);
- } else {
- strcpy(pword, PassWord);
- if (Con_Handle->encrypt_passwords) {
- pass_len = 24;
- SMBencrypt((uchar *) PassWord, (uchar *) Con_Handle->Encrypt_Key, (uchar *) pword);
- } else
- pass_len = strlen(pword);
- }
+ SMBencrypt((uchar *) PassWord, (uchar *) Con_Handle->Encrypt_Key, (uchar *) pword);
+ } else
+#endif
+ pass_len = strlen(pword);
+
/* Now build the correct structure */
if (Con_Handle->protocol < SMB_P_NT1) {
param_len = strlen(UserName) + 1 + pass_len + 1 +
- strlen(UserDomain) + 1 +
+ strlen(Con_Handle->PDomain) + 1 +
strlen(Con_Handle->OSName) + 1;
pkt_len = SMB_ssetpLM_len + param_len;
@@ -405,8 +393,8 @@
p = p + 1;
- strcpy(p, UserDomain);
- p = p + strlen(UserDomain);
+ strcpy(p, Con_Handle->PDomain);
+ p = p + strlen(Con_Handle->PDomain);
*p = 0;
p = p + 1;
@@ -419,7 +407,7 @@
/* We don't admit to UNICODE support ... */
param_len = strlen(UserName) + 1 + pass_len +
- strlen(UserDomain) + 1 +
+ strlen(Con_Handle->PDomain) + 1 +
strlen(Con_Handle->OSName) + 1 +
strlen(Con_Handle->LMType) + 1;
@@ -446,7 +434,7 @@
SSVAL(SMB_Hdr(pkt), SMB_ssetpNTLM_mbs_offset, SMBLIB_MAX_XMIT);
SSVAL(SMB_Hdr(pkt), SMB_ssetpNTLM_mmc_offset, 0);
- SSVAL(SMB_Hdr(pkt), SMB_ssetpNTLM_vcn_offset, 1); /* Thanks Tridge! */
+ SSVAL(SMB_Hdr(pkt), SMB_ssetpNTLM_vcn_offset, 0);
SIVAL(SMB_Hdr(pkt), SMB_ssetpNTLM_snk_offset, 0);
SSVAL(SMB_Hdr(pkt), SMB_ssetpNTLM_cipl_offset, pass_len);
SSVAL(SMB_Hdr(pkt), SMB_ssetpNTLM_cspl_offset, 0);
@@ -470,8 +458,8 @@
p = p + 1;
- strcpy(p, UserDomain);
- p = p + strlen(UserDomain);
+ strcpy(p, Con_Handle->PDomain);
+ p = p + strlen(Con_Handle->PDomain);
*p = 0;
p = p + 1;
@@ -528,15 +516,6 @@
return (SMBlibE_BAD);
}
- /** @@@ mdz: check for guest login { **/
- if (SVAL(SMB_Hdr(pkt), SMB_ssetpr_act_offset) & 0x1) {
- /* do we allow guest login? NO! */
- return (SMBlibE_BAD);
-
- }
- /** @@@ mdz: } **/
-
-
#ifdef DEBUG
fprintf(stderr, "SessSetupAndX response. Action = %i\n",
SVAL(SMB_Hdr(pkt), SMB_ssetpr_act_offset));
