diff options
author | Jeremy Allison <jra@samba.org> | 2001-03-11 00:32:10 +0000 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2001-03-11 00:32:10 +0000 |
commit | da3053048c3d224a20d6383ac6682d31059cd46c (patch) | |
tree | e0608d0bb47fcf3b6228db16507d3263afb869bd /source3/rpc_server/srv_netlog_nt.c | |
parent | 1af77d39fa69d201be739e379d8bf4a370fc2df1 (diff) | |
download | samba-da3053048c3d224a20d6383ac6682d31059cd46c.tar.gz samba-da3053048c3d224a20d6383ac6682d31059cd46c.tar.bz2 samba-da3053048c3d224a20d6383ac6682d31059cd46c.zip |
Merge of new 2.2 code into HEAD (Gerald I hate you :-) :-). Allows new SAMR
RPC code to merge with new passdb code.
Currently rpcclient doesn't compile. I'm working on it...
Jeremy.
(This used to be commit 0be41d5158ea4e645e93e8cd30617c038416e549)
Diffstat (limited to 'source3/rpc_server/srv_netlog_nt.c')
-rw-r--r-- | source3/rpc_server/srv_netlog_nt.c | 184 |
1 files changed, 61 insertions, 123 deletions
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 151c72499a..613f8f54b2 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -129,7 +129,8 @@ static void init_net_r_srv_pwset(NET_R_SRV_PWSET *r_s, static BOOL get_md4pw(char *md4pw, char *mach_acct) { - struct smb_passwd *smb_pass; + SAM_ACCOUNT *sampass = NULL; + BYTE *pass; #if 0 /* @@ -150,17 +151,18 @@ static BOOL get_md4pw(char *md4pw, char *mach_acct) #endif /* 0 */ become_root(); - smb_pass = getsmbpwnam(mach_acct); + sampass = pdb_getsampwnam(mach_acct); unbecome_root(); - - if ((smb_pass) != NULL && !(smb_pass->acct_ctrl & ACB_DISABLED) && - (smb_pass->smb_nt_passwd != NULL)) + + if ((sampass) != NULL && !(pdb_get_acct_ctrl(sampass) & ACB_DISABLED) && + ((pass=pdb_get_nt_passwd(sampass)) != NULL)) { - memcpy(md4pw, smb_pass->smb_nt_passwd, 16); + memcpy(md4pw, pass, 16); dump_data(5, md4pw, 16); - + return True; } + DEBUG(0,("get_md4pw: Workstation %s: no account in domain\n", mach_acct)); return False; } @@ -256,11 +258,11 @@ uint32 _net_auth_2(pipes_struct *p, NET_Q_AUTH_2 *q_u, NET_R_AUTH_2 *r_u) uint32 _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET *r_u) { uint16 vuid = p->vuid; - uint32 status = NT_STATUS_NOPROBLEMO; + uint32 status = NT_STATUS_WRONG_PASSWORD; DOM_CRED srv_cred; pstring mach_acct; - struct smb_passwd *smb_pass; - BOOL ret; + SAM_ACCOUNT *sampass; + BOOL ret = False; user_struct *vuser; unsigned char pwd[16]; int i; @@ -282,10 +284,10 @@ uint32 _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET *r_ DEBUG(3,("Server Password Set Wksta:[%s]\n", mach_acct)); become_root(); - smb_pass = getsmbpwnam(mach_acct); + sampass = pdb_getsampwnam(mach_acct); unbecome_root(); - if (smb_pass == NULL) + if (sampass == NULL) return NT_STATUS_NO_SUCH_USER; DEBUG(100,("Server password set : new given value was :\n")); @@ -296,16 +298,16 @@ uint32 _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET *r_ cred_hash3( pwd, q_u->pwd, vuser->dc.sess_key, 0); /* lies! nt and lm passwords are _not_ the same: don't care */ - smb_pass->smb_passwd = pwd; - smb_pass->smb_nt_passwd = pwd; - smb_pass->acct_ctrl = ACB_WSTRUST; - + pdb_set_lanman_passwd (sampass, pwd); + pdb_set_nt_passwd (sampass, pwd); + pdb_set_acct_ctrl (sampass, ACB_WSTRUST); + become_root(); - ret = mod_smbpwd_entry(smb_pass,False); + ret = pdb_update_sam_account (sampass,False); unbecome_root(); - - if (!ret) - status = NT_STATUS_WRONG_PASSWORD; + + if (ret) + status = NT_STATUS_NOPROBLEMO; /* set up the LSA Server Password Set response */ init_net_r_srv_pwset(r_u, &srv_cred, status); @@ -347,7 +349,7 @@ uint32 _net_sam_logoff(pipes_struct *p, NET_Q_SAM_LOGOFF *q_u, NET_R_SAM_LOGOFF net_login_interactive: *************************************************************************/ -static uint32 net_login_interactive(NET_ID_INFO_1 *id1, struct smb_passwd *smb_pass, user_struct *vuser) +static uint32 net_login_interactive(NET_ID_INFO_1 *id1, SAM_ACCOUNT *sampass, user_struct *vuser) { uint32 status = 0x0; @@ -383,9 +385,8 @@ static uint32 net_login_interactive(NET_ID_INFO_1 *id1, struct smb_passwd *smb_p dump_data(100, nt_pwd, 16); #endif - if (memcmp(smb_pass->smb_passwd , lm_pwd, 16) != 0 || - memcmp(smb_pass->smb_nt_passwd, nt_pwd, 16) != 0) - { + if (memcmp(pdb_get_lanman_passwd(sampass), lm_pwd, 16) != 0 || + memcmp(pdb_get_nt_passwd(sampass), nt_pwd, 16) != 0) { status = NT_STATUS_WRONG_PASSWORD; } @@ -396,8 +397,10 @@ static uint32 net_login_interactive(NET_ID_INFO_1 *id1, struct smb_passwd *smb_p _net_login_network: *************************************************************************/ -static uint32 net_login_network(NET_ID_INFO_2 *id2, struct smb_passwd *smb_pass) +static uint32 net_login_network(NET_ID_INFO_2 *id2, SAM_ACCOUNT *sampass) { + BYTE *nt_pwd, *lanman_pwd; + DEBUG(5,("net_login_network: lm_len: %d nt_len: %d\n", id2->hdr_lm_chal_resp.str_str_len, id2->hdr_nt_chal_resp.str_str_len)); @@ -405,13 +408,13 @@ static uint32 net_login_network(NET_ID_INFO_2 *id2, struct smb_passwd *smb_pass) /* JRA. Check the NT password first if it exists - this is a higher quality password, if it exists and it doesn't match - fail. */ - if (id2->hdr_nt_chal_resp.str_str_len == 24 && - smb_pass->smb_nt_passwd != NULL) - { + nt_pwd = pdb_get_nt_passwd(sampass); + lanman_pwd = pdb_get_lanman_passwd(sampass); + + if (id2->hdr_nt_chal_resp.str_str_len == 24 && nt_pwd) { if(smb_password_check((char *)id2->nt_chal_resp.buffer, - smb_pass->smb_nt_passwd, - id2->lm_chal)) - return 0x0; + nt_pwd, id2->lm_chal)) + return NT_STATUS_NOPROBLEMO; else return NT_STATUS_WRONG_PASSWORD; } @@ -424,14 +427,10 @@ static uint32 net_login_network(NET_ID_INFO_2 *id2, struct smb_passwd *smb_pass) not do, for various security-hole reasons). */ - if (id2->hdr_lm_chal_resp.str_str_len == 24 && + if (id2->hdr_lm_chal_resp.str_str_len == 24 && lanman_pwd && smb_password_check((char *)id2->lm_chal_resp.buffer, - smb_pass->smb_passwd, - id2->lm_chal)) - { - return 0x0; - } - + lanman_pwd, id2->lm_chal)) + return NT_STATUS_NOPROBLEMO; /* oops! neither password check succeeded */ @@ -448,11 +447,10 @@ uint32 _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *r_ uint16 vuid = p->vuid; NET_USER_INFO_3 *usr_info = NULL; DOM_CRED srv_cred; - struct smb_passwd *smb_pass = NULL; - struct sam_passwd *sam_pass = NULL; + SAM_ACCOUNT *sampass = NULL; + uint16 acct_ctrl; UNISTR2 *uni_samlogon_user = NULL; fstring nt_username; - struct passwd *pw; user_struct *vuser = NULL; usr_info = (NET_USER_INFO_3 *)talloc(p->mem_ctx, sizeof(NET_USER_INFO_3)); @@ -499,33 +497,30 @@ uint32 _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *r_ map_username(nt_username); - /* - * Do any case conversions. - */ - - pw=Get_Pwnam(nt_username, True); - + /* get the account information */ become_root(); - sam_pass = getsam21pwnam(nt_username); - smb_pass = getsmbpwnam(nt_username); + sampass = pdb_getsampwnam(nt_username); unbecome_root(); - - if (smb_pass == NULL) + + if (sampass == NULL) return NT_STATUS_NO_SUCH_USER; - else if (smb_pass->acct_ctrl & ACB_DISABLED) + + acct_ctrl = pdb_get_acct_ctrl(sampass); + + if (acct_ctrl & ACB_DISABLED) return NT_STATUS_ACCOUNT_DISABLED; /* Validate password - if required. */ - if (!(smb_pass->acct_ctrl & ACB_PWNOTREQ)) { + if (!(acct_ctrl & ACB_PWNOTREQ)) { switch (q_u->sam_id.logon_level) { case INTERACTIVE_LOGON_TYPE: /* interactive login. */ - status = net_login_interactive(&q_u->sam_id.ctr->auth.id1, smb_pass, vuser); + status = net_login_interactive(&q_u->sam_id.ctr->auth.id1, sampass, vuser); break; case NET_LOGON_TYPE: /* network login. lm challenge and 24 byte responses */ - status = net_login_network(&q_u->sam_id.ctr->auth.id2, smb_pass); + status = net_login_network(&q_u->sam_id.ctr->auth.id2, sampass); break; } } @@ -538,58 +533,25 @@ uint32 _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *r_ record that the user is logged in to the domain. */ - /* return the profile plus other bits :-) */ - { DOM_GID *gids = NULL; int num_gids = 0; - NTTIME dummy_time; - pstring logon_script; - pstring profile_path; - pstring home_dir; - pstring home_drive; pstring my_name; pstring my_workgroup; pstring domain_groups; - uint32 r_uid; - uint32 r_gid; - fstring full_name; /* set up pointer indicating user/password failed to be found */ usr_info->ptr_user_info = 0; - dummy_time.low = 0xffffffff; - dummy_time.high = 0x7fffffff; - /* XXXX hack to get standard_sub_basic() to use sam logon username */ /* possibly a better way would be to do a become_user() call */ sam_logon_in_ssb = True; pstrcpy(samlogon_user, nt_username); - pstrcpy(logon_script, sam_pass->logon_script); - standard_sub_advanced(-1, nt_username, "", pw->pw_gid, logon_script); - - pstrcpy(profile_path, sam_pass->profile_path); - standard_sub_advanced(-1, nt_username, "", pw->pw_gid, profile_path); - pstrcpy(my_workgroup, lp_workgroup()); - - pstrcpy(home_drive, sam_pass->dir_drive); - standard_sub_advanced(-1, nt_username, "", pw->pw_gid, home_drive); - - pstrcpy(home_dir, sam_pass->home_dir); - standard_sub_advanced(-1, nt_username, "", pw->pw_gid, home_dir); - pstrcpy(my_name, global_myname); strupper(my_name); - pstrcpy(full_name, sam_pass->full_name ); - if( !*full_name ) { - fstrcpy(full_name, "<Full Name>"); - if (lp_unix_realname()) - fstrcpy(full_name, strtok(pw->pw_gecos, ",")); - } - /* * This is the point at which we get the group * database - we should be getting the gid_t list @@ -608,41 +570,17 @@ uint32 _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *r_ sam_logon_in_ssb = False; - if (pdb_name_to_rid(nt_username, &r_uid, &r_gid)) - init_net_user_info3(p->mem_ctx, usr_info, - &dummy_time, /* logon_time */ - &dummy_time, /* logoff_time */ - &dummy_time, /* kickoff_time */ - &dummy_time, /* pass_last_set_time */ - &dummy_time, /* pass_can_change_time */ - &dummy_time, /* pass_must_change_time */ - - nt_username , /* user_name */ - full_name, /* full_name */ - logon_script , /* logon_script */ - profile_path , /* profile_path */ - home_dir , /* home_dir */ - home_drive , /* dir_drive */ - - 0, /* logon_count */ - 0, /* bad_pw_count */ - - r_uid , /* RID user_id */ - r_gid , /* RID group_id */ - num_gids, /* uint32 num_groups */ - gids , /* DOM_GID *gids */ - 0x20 , /* uint32 user_flgs (?) */ - - NULL, /* char sess_key[16] */ - - my_name , /* char *logon_srv */ - my_workgroup, /* char *logon_dom */ - - &global_sam_sid, /* DOM_SID *dom_sid */ - NULL); /* char *other_sids */ - else - return NT_STATUS_NO_SUCH_USER; - + init_net_user_info3(p->mem_ctx, usr_info, sampass, + 0, /* logon_count */ + 0, /* bad_pw_count */ + num_gids, /* uint32 num_groups */ + gids , /* DOM_GID *gids */ + 0x20 , /* uint32 user_flgs (?) */ + NULL, /* char sess_key[16] */ + my_name , /* char *logon_srv */ + my_workgroup, /* char *logon_dom */ + &global_sam_sid, /* DOM_SID *dom_sid */ + NULL); /* char *other_sids */ } /* XXXX maybe we want to say 'no', reject the client's credentials */ |