summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/auth.h2
-rw-r--r--source3/include/ntdomain.h2
-rw-r--r--source3/include/smb.h2
-rw-r--r--source3/passdb/passdb.c33
-rw-r--r--source3/rpc_server/srv_pipe.c2
-rw-r--r--source3/rpc_server/srv_pipe_hnd.c11
-rw-r--r--source3/rpc_server/srv_samr_nt.c39
-rw-r--r--source3/smbd/password.c2
8 files changed, 23 insertions, 70 deletions
diff --git a/source3/include/auth.h b/source3/include/auth.h
index ed0a4e45f3..a61576fd21 100644
--- a/source3/include/auth.h
+++ b/source3/include/auth.h
@@ -85,7 +85,7 @@ typedef struct auth_serversupplied_info
NT_USER_TOKEN *ptok;
- uchar session_key[16];
+ uint8 session_key[16];
uint8 first_8_lm_hash[8];
diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h
index 9c9d7a4c7a..7950119e50 100644
--- a/source3/include/ntdomain.h
+++ b/source3/include/ntdomain.h
@@ -200,6 +200,8 @@ typedef struct pipes_struct
fstring pipe_user_name;
struct current_user pipe_user;
+ uint8 session_key[16];
+
/*
* Set to true when an RPC bind has been done on this pipe.
*/
diff --git a/source3/include/smb.h b/source3/include/smb.h
index b80e3d62ec..aa54e38797 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -1629,6 +1629,8 @@ typedef struct user_struct
NT_USER_TOKEN *nt_user_token;
+ uint8 session_key[16];
+
int session_id; /* used by utmp and pam session code */
} user_struct;
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index c014c3221f..4460af0545 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -1158,36 +1158,3 @@ account without a valid local system user.\n", user_name);
pdb_free_sam(&sam_pass);
return True;
}
-
-/***************************************************************************
- Search by uid. Wrapper around pdb_getsampwnam()
- **************************************************************************/
-
-BOOL pdb_getsampwuid (SAM_ACCOUNT* user, uid_t uid)
-{
- struct passwd *pw;
- fstring name;
-
- if (user==NULL) {
- DEBUG(0,("pdb_getsampwuid: SAM_ACCOUNT is NULL.\n"));
- return False;
- }
-
- /*
- * Never trust the uid in the passdb. Lookup the username first
- * and then lokup the user by name in the sam.
- */
-
- if ((pw=getpwuid_alloc(uid)) == NULL) {
- DEBUG(0,("pdb_getsampwuid: getpwuid(%d) return NULL. User does not exist in Unix accounts!\n", uid));
- return False;
- }
-
- fstrcpy (name, pw->pw_name);
-
- passwd_free(&pw);
-
- return pdb_getsampwnam (user, name);
-
-}
-
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index a38b86f826..2630729281 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -423,6 +423,8 @@ failed authentication on named pipe %s.\n", domain, user_name, wks, p->name ));
return False;
}
+ memcpy(p->session_key, server_info->session_key, sizeof(p->session_key));
+
uid = pdb_get_uid(server_info->sam_account);
gid = pdb_get_gid(server_info->sam_account);
diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c
index a98bcdc6bb..1b3d66bf49 100644
--- a/source3/rpc_server/srv_pipe_hnd.c
+++ b/source3/rpc_server/srv_pipe_hnd.c
@@ -252,9 +252,15 @@ static void *make_internal_rpc_pipe_p(char *pipe_name,
connection_struct *conn, uint16 vuid)
{
pipes_struct *p;
+ user_struct *vuser = get_valid_user_struct(vuid);
DEBUG(4,("Create pipe requested %s\n", pipe_name));
+ if (!vuser && vuid != UID_FIELD_INVALID) {
+ DEBUG(0,("ERROR! vuid %d did not map to a valid vuser struct!\n", vuid));
+ return NULL;
+ }
+
p = (pipes_struct *)malloc(sizeof(*p));
if (!p)
@@ -308,6 +314,11 @@ static void *make_internal_rpc_pipe_p(char *pipe_name,
p->pipe_user.uid = (uid_t)-1;
p->pipe_user.gid = (gid_t)-1;
+ /* Store the session key */
+ if (vuser) {
+ memcpy(p->session_key, vuser->session_key, sizeof(p->session_key));
+ }
+
/*
* Initialize the incoming RPC struct.
*/
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 6ac71298fa..cf9be78f3d 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -2439,9 +2439,6 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE
{
uint32 rid = 0x0;
DOM_SID sid;
- struct current_user user;
- SAM_ACCOUNT *sam_pass=NULL;
- unsigned char sess_key[16];
POLICY_HND *pol = &q_u->pol;
uint16 switch_value = q_u->switch_value;
SAM_USERINFO_CTR *ctr = q_u->ctr;
@@ -2451,13 +2448,6 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE
r_u->status = NT_STATUS_OK;
- if (p->ntlmssp_auth_validated) {
- memcpy(&user, &p->pipe_user, sizeof(user));
- } else {
- extern struct current_user current_user;
- memcpy(&user, &current_user, sizeof(user));
- }
-
/* find the policy handle. open a policy on it. */
if (!get_lsa_policy_samr_sid(p, pol, &sid))
return NT_STATUS_INVALID_HANDLE;
@@ -2471,29 +2461,6 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE
return NT_STATUS_INVALID_INFO_CLASS;
}
-
- pdb_init_sam(&sam_pass);
-
- /*
- * We need the NT hash of the user who is changing the user's password.
- * This NT hash is used to generate a "user session key"
- * This "user session key" is in turn used to encrypt/decrypt the user's password.
- */
-
- become_root();
- ret = pdb_getsampwuid(sam_pass, user.uid);
- unbecome_root();
- if(ret == False) {
- DEBUG(0,("_samr_set_userinfo: Unable to get smbpasswd entry for uid %u\n", (unsigned int)user.uid ));
- pdb_free_sam(&sam_pass);
- return NT_STATUS_ACCESS_DENIED;
- }
-
- memset(sess_key, '\0', 16);
- mdfour(sess_key, pdb_get_nt_passwd(sam_pass), 16);
-
- pdb_free_sam(&sam_pass);
-
/* ok! user info levels (lots: see MSDEV help), off we go... */
switch (switch_value) {
case 0x12:
@@ -2502,7 +2469,7 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE
break;
case 24:
- SamOEMhash(ctr->info.id24->pass, sess_key, 516);
+ SamOEMhash(ctr->info.id24->pass, p->session_key, 516);
dump_data(100, (char *)ctr->info.id24->pass, 516);
@@ -2520,7 +2487,7 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE
* info level and W2K SP2 drops down to level 23... JRA.
*/
- SamOEMhash(ctr->info.id25->pass, sess_key, 532);
+ SamOEMhash(ctr->info.id25->pass, p->session_key, 532);
dump_data(100, (char *)ctr->info.id25->pass, 532);
@@ -2531,7 +2498,7 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE
return NT_STATUS_INVALID_INFO_CLASS;
case 23:
- SamOEMhash(ctr->info.id23->pass, sess_key, 516);
+ SamOEMhash(ctr->info.id23->pass, p->session_key, 516);
dump_data(100, (char *)ctr->info.id23->pass, 516);
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 3e942e6f99..27bc15d25a 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -265,6 +265,8 @@ int register_vuid(auth_serversupplied_info *server_info, char *smb_name)
}
}
+ memcpy(vuser->session_key, server_info->session_key, sizeof(vuser->session_key));
+
DEBUG(10,("register_vuid: (%u,%u) %s %s %s guest=%d\n",
(unsigned int)vuser->uid,
(unsigned int)vuser->gid,