ABOUT TIME!!!!!!!!

damn, this one is bad. started, at least two days ago, to add an authentication mechanism to the smbd<->msrpc redirector/relay, such that sufficient unix / nt information could be transferred across the unix socket to do a become_user() on the other side of the socket. it is necessary that the msrpc daemon inherit the same unix and nt credentials as the smbd process from which it was spawned, until such time as the msrpc daemon receives an authentication request of its own, whereupon the msrpc daemon is responsible for authenticating the new credentials and doing yet another become_user() etc sequence. (This used to be commit 30c7fdd6ef10ecd35594311c1b250b95ff895489)
author: Luke Leighton <lkcl@samba.org> 1999-12-08 21:43:03 +0000
committer: Luke Leighton <lkcl@samba.org> 1999-12-08 21:43:03 +0000
commit: 4ab9d91428b66bd2fe407b0dba94f4130160b576 (patch)
tree: 2733683a3097225f44e459d2fe73e1ac880b7aba /source3/lib
parent: a0ba234cf9b40adf6b5390e4e67730163a42883f (diff)
download: samba-4ab9d91428b66bd2fe407b0dba94f4130160b576.tar.gz
samba-4ab9d91428b66bd2fe407b0dba94f4130160b576.tar.bz2
samba-4ab9d91428b66bd2fe407b0dba94f4130160b576.zip
4 files changed, 123 insertions, 109 deletions
diff --git a/source3/lib/domain_namemap.c b/source3/lib/domain_namemap.c
index 551c7290ea..9c94783239 100644
--- a/source3/lib/domain_namemap.c
+++ b/source3/lib/domain_namemap.c
@@ -882,8 +882,8 @@ static BOOL lookup_remote_ntname(const char *ntname, DOM_SID *sid, uint8 *type)
 	struct cli_state cli;
 	POLICY_HND lsa_pol;
 	fstring srv_name;
-	extern struct user_credentials *usr_creds;
-	struct user_credentials usr;
+	extern struct ntuser_creds *usr_creds;
+	struct ntuser_creds usr;
 
 	BOOL res3 = True;
 	BOOL res4 = True;
diff --git a/source3/lib/msrpc-agent.c b/source3/lib/msrpc-agent.c
index 0bb9429ecb..9fc592d377 100644
--- a/source3/lib/msrpc-agent.c
+++ b/source3/lib/msrpc-agent.c
@@ -28,7 +28,7 @@ static char packet[BUFFER_SIZE];
 
 /****************************************************************************
 terminate sockent connection
-***********************************************************<*****************/
+****************************************************************************/
 static void free_sock(void *sock)
 {
 	if (sock != NULL)
@@ -41,20 +41,21 @@ static void free_sock(void *sock)
 static struct msrpc_state *init_client_connection(int c)
 {
 	pstring buf;
-	uchar ntpw[16];
-	uchar lmpw[16];
 	fstring pipe_name;
-	struct user_credentials usr;
-	char *p = buf;
+	struct user_creds usr;
 	int rl;
 	uint32 len;
-	uint16 version;
-	uint16 command;
 	BOOL new_con = False;
+	struct msrpc_state *n = NULL;
+
+	CREDS_CMD cmd;
+	prs_struct ps;
 
 	ZERO_STRUCT(usr);
+	ZERO_STRUCT(cmd);
+	cmd.cred = &usr;
 
-	DEBUG(10,("first request\n"));
+	DEBUG(10,("init_client_connection: first request\n"));
 
 	rl = read(c, &buf, sizeof(len));
 
@@ -84,41 +85,30 @@ static struct msrpc_state *init_client_connection(int c)
 #ifdef DEBUG_PASSWORD
 	dump_data(100, buf, rl);
 #endif
-	version = SVAL(p, 0);
-	p += 2;
-	command = SVAL(p, 0);
-	p += 2;
 
-	fstrcpy(pipe_name, p);
-	p = skip_string(p, 1);
-	fstrcpy(usr.user_name, p);
-	p = skip_string(p, 1);
-	fstrcpy(usr.domain, p);
-	p = skip_string(p, 1);
+ 	/* make a static data parsing structure from the api_fd_reply data */
+ 	prs_init(&ps, 0, 4, 0, True);
+ 	mem_create(ps.data, buf, 0, len, 0, False);
 
-	if (PTR_DIFF(p, buf) < rl)
-	{
-		memcpy(lmpw, p, 16);
-		p += 16;
-		memcpy(ntpw, p, 16);
-		p += 16;
-		pwd_set_lm_nt_16(&usr.pwd, lmpw, ntpw);
-	}
-	else
+	if (!creds_io_cmd("creds", &cmd, &ps, 0))
 	{
-		pwd_set_nullpwd(&usr.pwd);
+		DEBUG(0,("Unable to parse credentials\n"));
+		mem_free_data(ps.data);
+		return NULL;
 	}
 
-	if (PTR_DIFF(p, buf) != rl)
+ 	mem_free_data(ps.data);
+
+	if (ps.offset != rl)
 	{
-		DEBUG(0,("Buffer size %d %d!\n",
-			PTR_DIFF(p, buf), rl));
+		DEBUG(0,("Buffer size %d %d!\n", ps.offset, rl));
 		return NULL;
 	}
 
-	switch (command)
+	switch (cmd.command)
 	{
 		case AGENT_CMD_CON:
+		case AGENT_CMD_CON_ANON:
 		{
 			new_con = True;
 			break;
@@ -126,19 +116,17 @@ static struct msrpc_state *init_client_connection(int c)
 		case AGENT_CMD_CON_REUSE:
 		{
 			new_con = True;
-			usr.reuse = True;
 			break;
 		}
 		default:
 		{
-			DEBUG(0,("unknown command %d\n", command));
+			DEBUG(0,("unknown command %d\n", cmd.command));
 			return NULL;
 		}
 	}
 
 	if (new_con)
 	{
-		struct msrpc_state *n;
 		uint32 status = 0;
 		n = msrpc_use_add(pipe_name, &usr, False);
 
@@ -162,9 +150,9 @@ static struct msrpc_state *init_client_connection(int c)
 				n = NULL;
 			}
 		}
-		return n;
 	}
-	return NULL;
+	free_user_creds(&usr);
+	return n;
 }
 
 static BOOL process_cli_sock(struct sock_redir **socks, uint32 num_socks,
@@ -256,6 +244,7 @@ void start_msrpc_agent(char *pipe_name)
 	
 	if (fork() == 0)
 	{
+		/* child */
 		start_agent(&va);
 	}
 }
diff --git a/source3/lib/msrpc-client.c b/source3/lib/msrpc-client.c
index fb82c54700..6e80063862 100644
--- a/source3/lib/msrpc-client.c
+++ b/source3/lib/msrpc-client.c
@@ -134,7 +134,7 @@ BOOL msrpc_connect(struct msrpc_state *msrpc, const char *pipe_name)
 /****************************************************************************
 initialise a msrpcent structure
 ****************************************************************************/
-void msrpc_init_creds(struct msrpc_state *msrpc, const struct user_credentials *usr)
+void msrpc_init_creds(struct msrpc_state *msrpc, const struct user_creds *usr)
 {
 	copy_user_creds(&msrpc->usr, usr);
 }
@@ -161,58 +161,39 @@ void msrpc_sockopt(struct msrpc_state *msrpc, char *options)
 }
 
 
-static BOOL msrpc_init_redirect(struct msrpc_state *msrpc,
-				const char* pipe_name, 
-				const struct user_credentials *usr)
+static BOOL msrpc_authenticate(struct msrpc_state *msrpc,
+				const struct user_creds *usr)
 {
-	int sock;
 	struct msrpc_state msrpc_redir;
-	fstring path;
 
-	pstring data;
+	int sock = msrpc->fd;
+	char *data;
+	prs_struct ps;
 	uint32 len;
-	char *p;
 	char *in = msrpc->inbuf;
 	char *out = msrpc->outbuf;
+	uint16 command;
 
-	slprintf(path, sizeof(path)-1, "/tmp/.msrpc/.%s/agent", pipe_name);
-
-	sock = open_pipe_sock(path);
+	command = usr != NULL ? AGENT_CMD_CON : AGENT_CMD_CON_ANON;
 
-	if (sock < 0)
+	if (usr != NULL)
 	{
-		return False;
+		usr->ptr_ntc = 1;
+		usr->ptr_uxc = 1;
+		usr->ptr_nts = 0;
+		usr->ptr_uxs = 0;
 	}
 
-	ZERO_STRUCT(data);
-
-	p = &data[4];
-	SSVAL(p, 0, 0);
-	p += 2;
-
-	SSVAL(p, 0, usr->reuse ? AGENT_CMD_CON_REUSE : AGENT_CMD_CON);
-	p += 2;
-
-	safe_strcpy(p, pipe_name, 16);
-	p = skip_string(p, 1);
-	safe_strcpy(p, usr != NULL ? usr->user_name : "", 16);
-	p = skip_string(p, 1);
-	safe_strcpy(p, usr != NULL ? usr->domain : "", 16);
-	p = skip_string(p, 1);
-
-	if (usr != NULL && !pwd_is_nullpwd(&usr->pwd))
+	if (!create_user_creds(&ps, msrpc->pipe_name, 0x0, command, usr))
 	{
-		uchar lm16[16];
-		uchar nt16[16];
-
-		pwd_get_lm_nt_16(&usr->pwd, lm16, nt16);
-		memcpy(p, lm16, 16);
-		p += 16;
-		memcpy(p, nt16, 16);
-		p += 16;
+		DEBUG(0,("could not parse credentials\n"));
+		close(sock);
+		return False;
 	}
 
-	len = PTR_DIFF(p, data);
+	len = ps.offset;
+	data = mem_data(&ps.data, 0);
+
 	SIVAL(data, 0, len);
 
 #ifdef DEBUG_PASSWORD
@@ -223,31 +204,67 @@ static BOOL msrpc_init_redirect(struct msrpc_state *msrpc,
 	if (write(sock, data, len) <= 0)
 	{
 		DEBUG(0,("write failed\n"));
-		close(sock);
 		return False;
 	}
 
-	len = read(sock, &msrpc_redir, sizeof(msrpc_redir));
+	if (msrpc->redirect)
+	{
+		len = read(sock, &msrpc_redir, sizeof(msrpc_redir));
 
-	if (len != sizeof(msrpc_redir))
+		if (len != sizeof(msrpc_redir))
+		{
+			DEBUG(0,("read failed\n"));
+			return False;
+		}
+		
+		memcpy(msrpc, &msrpc_redir, sizeof(msrpc_redir));
+		msrpc->inbuf = in;
+		msrpc->outbuf = out;
+		msrpc->fd = sock;
+		msrpc->usr.reuse = False;
+	}
+	else
+	{
+		uint32 status;
+		len = read(sock, &status, sizeof(status));
+
+		return len == sizeof(status) && status == 0x0;
+	}
+	return True;
+}
+
+static BOOL msrpc_init_redirect(struct msrpc_state *msrpc,
+				const char* pipe_name,
+				const struct user_creds *usr)
+{
+	int sock;
+	fstring path;
+
+	slprintf(path, sizeof(path)-1, "/tmp/.msrpc/.%s/agent", pipe_name);
+
+	sock = open_pipe_sock(path);
+
+	if (sock < 0)
 	{
-		DEBUG(0,("read failed\n"));
-		close(sock);
 		return False;
 	}
-	
-	memcpy(msrpc, &msrpc_redir, sizeof(msrpc_redir));
-	msrpc->inbuf = in;
-	msrpc->outbuf = out;
+
 	msrpc->fd = sock;
-	msrpc->usr.reuse = False;
+
+	if (!msrpc_authenticate(msrpc, usr))
+	{
+		DEBUG(0,("authenticate failed\n"));
+		close(msrpc->fd);
+		msrpc->fd = -1;
+		return False;
+	}
 
 	return True;
 }
 
 BOOL msrpc_connect_auth(struct msrpc_state *msrpc,
 				const char* pipename,
-				const struct user_credentials *usr)
+				const struct user_creds *usr)
 {
 	ZERO_STRUCTP(msrpc);
 	if (!msrpc_initialise(msrpc))
@@ -326,7 +343,7 @@ BOOL msrpc_establish_connection(struct msrpc_state *msrpc,
 {
 	DEBUG(5,("msrpc_establish_connection: connecting to %s (%s) - %s\n",
 		          pipe_name,
-	              msrpc->usr.user_name, msrpc->usr.domain));
+	              msrpc->usr.ntc.user_name, msrpc->usr.ntc.domain));
 
 	/* establish connection */
 
@@ -359,6 +376,14 @@ BOOL msrpc_establish_connection(struct msrpc_state *msrpc,
 		}
 	}
 
+	if (!msrpc_authenticate(msrpc, &msrpc->usr))
+	{
+		DEBUG(0,("authenticate failed\n"));
+		close(msrpc->fd);
+		msrpc->fd = -1;
+		return False;
+	}
+
 	return True;
 }
 
diff --git a/source3/lib/msrpc_use.c b/source3/lib/msrpc_use.c
index a8fb009df0..193867e610 100644
--- a/source3/lib/msrpc_use.c
+++ b/source3/lib/msrpc_use.c
@@ -109,18 +109,18 @@ find client state.  server name, user name, domain name and password must all
 match.
 ****************************************************************************/
 static struct msrpc_use *msrpc_find(const char* pipe_name,
-				const struct user_credentials *usr_creds)
+				const struct user_creds *usr_creds)
 {
 	int i;
-	struct user_credentials null_usr;
+	struct user_creds null_usr;
 
 	copy_user_creds(&null_usr, usr_creds);
 	usr_creds = &null_usr;
 		
 	DEBUG(10,("msrpc_find: %s %s %s\n",
 			pipe_name,
-			usr_creds->user_name,
-			usr_creds->domain));
+			usr_creds->ntc.user_name,
+			usr_creds->ntc.domain));
 
 	for (i = 0; i < num_msrpcs; i++)
 	{
@@ -133,28 +133,28 @@ static struct msrpc_use *msrpc_find(const char* pipe_name,
 
 		DEBUG(10,("msrpc_find[%d]: %s %s %s\n",
 				i, msrpc_name,
-		                c->cli->usr.user_name,
-				c->cli->usr.domain));
+		                c->cli->usr.ntc.user_name,
+				c->cli->usr.ntc.domain));
 				
 		if (!strequal(msrpc_name, pipe_name))
 		{
 			continue;
 		}
-		if (!strequal(usr_creds->user_name, c->cli->usr.user_name))
+		if (!strequal(usr_creds->ntc.user_name, c->cli->usr.ntc.user_name))
 		{
 			continue;
 		}
 		if (!usr_creds->reuse &&
-		    !pwd_compare(&usr_creds->pwd, &c->cli->usr.pwd))
+		    !pwd_compare(&usr_creds->ntc.pwd, &c->cli->usr.ntc.pwd))
 		{
 			DEBUG(100,("password doesn't match\n"));
 			continue;
 		}
-		if (usr_creds->domain[0] == 0)
+		if (usr_creds->ntc.domain[0] == 0)
 		{
 			return c;
 		}
-		if (strequal(usr_creds->domain, c->cli->usr.domain))
+		if (strequal(usr_creds->ntc.domain, c->cli->usr.ntc.domain))
 		{
 			return c;
 		}
@@ -167,7 +167,7 @@ static struct msrpc_use *msrpc_find(const char* pipe_name,
 create a new client state from user credentials
 ****************************************************************************/
 static struct msrpc_use *msrpc_use_get(const char* pipe_name,
-				const struct user_credentials *usr_creds)
+				const struct user_creds *usr_creds)
 {
 	struct msrpc_use *cli = (struct msrpc_use*)malloc(sizeof(*cli));
 
@@ -194,7 +194,7 @@ static struct msrpc_use *msrpc_use_get(const char* pipe_name,
 init client state
 ****************************************************************************/
 struct msrpc_state *msrpc_use_add(const char* pipe_name,
-				const struct user_credentials *usr_creds,
+				const struct user_creds *usr_creds,
 				BOOL redir)
 {
 	struct msrpc_use *cli = msrpc_find(pipe_name, usr_creds); 
@@ -236,7 +236,7 @@ struct msrpc_state *msrpc_use_add(const char* pipe_name,
 delete a client state
 ****************************************************************************/
 BOOL msrpc_use_del(const char* pipe_name,
-				const struct user_credentials *usr_creds,
+				const struct user_creds *usr_creds,
 				BOOL force_close,
 				BOOL *connection_closed)
 {
@@ -261,10 +261,10 @@ BOOL msrpc_use_del(const char* pipe_name,
 
 		if (!strequal(msrpc_name, pipe_name)) continue;
 
-		if (strequal(usr_creds->user_name,
-                             msrpcs[i]->cli->usr.user_name) &&
-		    strequal(usr_creds->domain,
-		             msrpcs[i]->cli->usr.domain))
+		if (strequal(usr_creds->ntc.user_name,
+                             msrpcs[i]->cli->usr.ntc.user_name) &&
+		    strequal(usr_creds->ntc.domain,
+		             msrpcs[i]->cli->usr.ntc.domain))
 		{
 			/* decrement number of users */
 			msrpcs[i]->num_users--;
@@ -311,8 +311,8 @@ void msrpc_net_use_enum(uint32 *num_cons, struct use_info ***use)
 		if (item.connected)
 		{
 			item.srv_name  = msrpcs[i]->cli->pipe_name;
-			item.user_name = msrpcs[i]->cli->usr.user_name;
-			item.domain    = msrpcs[i]->cli->usr.domain;
+			item.user_name = msrpcs[i]->cli->usr.ntc.user_name;
+			item.domain    = msrpcs[i]->cli->usr.ntc.domain;
 		}
 
 		add_use_info_to_array(num_cons, use, &item);
author	Luke Leighton <lkcl@samba.org>	1999-12-08 21:43:03 +0000
committer	Luke Leighton <lkcl@samba.org>	1999-12-08 21:43:03 +0000
commit	4ab9d91428b66bd2fe407b0dba94f4130160b576 (patch)
tree	2733683a3097225f44e459d2fe73e1ac880b7aba /source3/lib
parent	a0ba234cf9b40adf6b5390e4e67730163a42883f (diff)
download	samba-4ab9d91428b66bd2fe407b0dba94f4130160b576.tar.gz samba-4ab9d91428b66bd2fe407b0dba94f4130160b576.tar.bz2 samba-4ab9d91428b66bd2fe407b0dba94f4130160b576.zip