diff options
| -rw-r--r-- | source3/include/auth.h | 2 | ||||
| -rw-r--r-- | source3/include/ntdomain.h | 2 | ||||
| -rw-r--r-- | source3/include/smb.h | 2 | ||||
| -rw-r--r-- | source3/passdb/passdb.c | 33 | ||||
| -rw-r--r-- | source3/rpc_server/srv_pipe.c | 2 | ||||
| -rw-r--r-- | source3/rpc_server/srv_pipe_hnd.c | 11 | ||||
| -rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 39 | ||||
| -rw-r--r-- | source3/smbd/password.c | 2 |
8 files changed, 23 insertions, 70 deletions
diff --git a/source3/include/auth.h b/source3/include/auth.h index ed0a4e45f3..a61576fd21 100644 --- a/source3/include/auth.h +++ b/source3/include/auth.h @@ -85,7 +85,7 @@ typedef struct auth_serversupplied_info NT_USER_TOKEN *ptok; - uchar session_key[16]; + uint8 session_key[16]; uint8 first_8_lm_hash[8]; diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h index 9c9d7a4c7a..7950119e50 100644 --- a/source3/include/ntdomain.h +++ b/source3/include/ntdomain.h @@ -200,6 +200,8 @@ typedef struct pipes_struct fstring pipe_user_name; struct current_user pipe_user; + uint8 session_key[16]; + /* * Set to true when an RPC bind has been done on this pipe. */ diff --git a/source3/include/smb.h b/source3/include/smb.h index b80e3d62ec..aa54e38797 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -1629,6 +1629,8 @@ typedef struct user_struct NT_USER_TOKEN *nt_user_token; + uint8 session_key[16]; + int session_id; /* used by utmp and pam session code */ } user_struct; diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index c014c3221f..4460af0545 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -1158,36 +1158,3 @@ account without a valid local system user.\n", user_name); pdb_free_sam(&sam_pass); return True; } - -/*************************************************************************** - Search by uid. Wrapper around pdb_getsampwnam() - **************************************************************************/ - -BOOL pdb_getsampwuid (SAM_ACCOUNT* user, uid_t uid) -{ - struct passwd *pw; - fstring name; - - if (user==NULL) { - DEBUG(0,("pdb_getsampwuid: SAM_ACCOUNT is NULL.\n")); - return False; - } - - /* - * Never trust the uid in the passdb. Lookup the username first - * and then lokup the user by name in the sam. - */ - - if ((pw=getpwuid_alloc(uid)) == NULL) { - DEBUG(0,("pdb_getsampwuid: getpwuid(%d) return NULL. User does not exist in Unix accounts!\n", uid)); - return False; - } - - fstrcpy (name, pw->pw_name); - - passwd_free(&pw); - - return pdb_getsampwnam (user, name); - -} - diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index a38b86f826..2630729281 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -423,6 +423,8 @@ failed authentication on named pipe %s.\n", domain, user_name, wks, p->name )); return False; } + memcpy(p->session_key, server_info->session_key, sizeof(p->session_key)); + uid = pdb_get_uid(server_info->sam_account); gid = pdb_get_gid(server_info->sam_account); diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index a98bcdc6bb..1b3d66bf49 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -252,9 +252,15 @@ static void *make_internal_rpc_pipe_p(char *pipe_name, connection_struct *conn, uint16 vuid) { pipes_struct *p; + user_struct *vuser = get_valid_user_struct(vuid); DEBUG(4,("Create pipe requested %s\n", pipe_name)); + if (!vuser && vuid != UID_FIELD_INVALID) { + DEBUG(0,("ERROR! vuid %d did not map to a valid vuser struct!\n", vuid)); + return NULL; + } + p = (pipes_struct *)malloc(sizeof(*p)); if (!p) @@ -308,6 +314,11 @@ static void *make_internal_rpc_pipe_p(char *pipe_name, p->pipe_user.uid = (uid_t)-1; p->pipe_user.gid = (gid_t)-1; + /* Store the session key */ + if (vuser) { + memcpy(p->session_key, vuser->session_key, sizeof(p->session_key)); + } + /* * Initialize the incoming RPC struct. */ diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 6ac71298fa..cf9be78f3d 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -2439,9 +2439,6 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE { uint32 rid = 0x0; DOM_SID sid; - struct current_user user; - SAM_ACCOUNT *sam_pass=NULL; - unsigned char sess_key[16]; POLICY_HND *pol = &q_u->pol; uint16 switch_value = q_u->switch_value; SAM_USERINFO_CTR *ctr = q_u->ctr; @@ -2451,13 +2448,6 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE r_u->status = NT_STATUS_OK; - if (p->ntlmssp_auth_validated) { - memcpy(&user, &p->pipe_user, sizeof(user)); - } else { - extern struct current_user current_user; - memcpy(&user, ¤t_user, sizeof(user)); - } - /* find the policy handle. open a policy on it. */ if (!get_lsa_policy_samr_sid(p, pol, &sid)) return NT_STATUS_INVALID_HANDLE; @@ -2471,29 +2461,6 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE return NT_STATUS_INVALID_INFO_CLASS; } - - pdb_init_sam(&sam_pass); - - /* - * We need the NT hash of the user who is changing the user's password. - * This NT hash is used to generate a "user session key" - * This "user session key" is in turn used to encrypt/decrypt the user's password. - */ - - become_root(); - ret = pdb_getsampwuid(sam_pass, user.uid); - unbecome_root(); - if(ret == False) { - DEBUG(0,("_samr_set_userinfo: Unable to get smbpasswd entry for uid %u\n", (unsigned int)user.uid )); - pdb_free_sam(&sam_pass); - return NT_STATUS_ACCESS_DENIED; - } - - memset(sess_key, '\0', 16); - mdfour(sess_key, pdb_get_nt_passwd(sam_pass), 16); - - pdb_free_sam(&sam_pass); - /* ok! user info levels (lots: see MSDEV help), off we go... */ switch (switch_value) { case 0x12: @@ -2502,7 +2469,7 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE break; case 24: - SamOEMhash(ctr->info.id24->pass, sess_key, 516); + SamOEMhash(ctr->info.id24->pass, p->session_key, 516); dump_data(100, (char *)ctr->info.id24->pass, 516); @@ -2520,7 +2487,7 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE * info level and W2K SP2 drops down to level 23... JRA. */ - SamOEMhash(ctr->info.id25->pass, sess_key, 532); + SamOEMhash(ctr->info.id25->pass, p->session_key, 532); dump_data(100, (char *)ctr->info.id25->pass, 532); @@ -2531,7 +2498,7 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE return NT_STATUS_INVALID_INFO_CLASS; case 23: - SamOEMhash(ctr->info.id23->pass, sess_key, 516); + SamOEMhash(ctr->info.id23->pass, p->session_key, 516); dump_data(100, (char *)ctr->info.id23->pass, 516); diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 3e942e6f99..27bc15d25a 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -265,6 +265,8 @@ int register_vuid(auth_serversupplied_info *server_info, char *smb_name) } } + memcpy(vuser->session_key, server_info->session_key, sizeof(vuser->session_key)); + DEBUG(10,("register_vuid: (%u,%u) %s %s %s guest=%d\n", (unsigned int)vuser->uid, (unsigned int)vuser->gid, |