summaryrefslogtreecommitdiff
path: root/source3/rpc_server/srv_netlog.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/rpc_server/srv_netlog.c')
-rw-r--r--source3/rpc_server/srv_netlog.c177
1 files changed, 83 insertions, 94 deletions
diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c
index 9f5d84ee1f..8e2b3819cb 100644
--- a/source3/rpc_server/srv_netlog.c
+++ b/source3/rpc_server/srv_netlog.c
@@ -264,7 +264,8 @@ static BOOL net_reply_sam_logoff(NET_Q_SAM_LOGOFF *q_s, prs_struct *rdata,
static BOOL get_md4pw(char *md4pw, char *mach_name, char *mach_acct)
{
- struct smb_passwd *smb_pass;
+ SAM_ACCOUNT *sampass = NULL;
+ BYTE *pass = NULL;
#if 0
/*
@@ -285,13 +286,13 @@ static BOOL get_md4pw(char *md4pw, char *mach_name, char *mach_acct)
#endif /* 0 */
become_root();
- smb_pass = getsmbpwnam(mach_acct);
+ sampass = pdb_getsampwnam(mach_acct);
unbecome_root();
- if ((smb_pass) != NULL && !(smb_pass->acct_ctrl & ACB_DISABLED) &&
- (smb_pass->smb_nt_passwd != NULL))
+ if ((sampass) != NULL && !(pdb_get_acct_ctrl(sampass) & ACB_DISABLED) &&
+ ((pass=pdb_get_nt_passwd(sampass)) != NULL))
{
- memcpy(md4pw, smb_pass->smb_nt_passwd, 16);
+ memcpy(md4pw, pass, 16);
dump_data(5, md4pw, 16);
return True;
@@ -425,7 +426,7 @@ static BOOL api_net_srv_pwset(pipes_struct *p)
uint32 status = NT_STATUS_WRONG_PASSWORD;
DOM_CRED srv_cred;
pstring mach_acct;
- struct smb_passwd *smb_pass;
+ SAM_ACCOUNT *sampass;
BOOL ret;
user_struct *vuser;
prs_struct *data = &p->in_data.data;
@@ -454,10 +455,10 @@ static BOOL api_net_srv_pwset(pipes_struct *p)
DEBUG(3,("Server Password Set Wksta:[%s]\n", mach_acct));
become_root();
- smb_pass = getsmbpwnam(mach_acct);
+ sampass = pdb_getsampwnam(mach_acct);
unbecome_root();
- if (smb_pass != NULL) {
+ if (sampass != NULL) {
unsigned char pwd[16];
int i;
@@ -469,12 +470,12 @@ static BOOL api_net_srv_pwset(pipes_struct *p)
cred_hash3( pwd, q_a.pwd, vuser->dc.sess_key, 0);
/* lies! nt and lm passwords are _not_ the same: don't care */
- smb_pass->smb_passwd = pwd;
- smb_pass->smb_nt_passwd = pwd;
- smb_pass->acct_ctrl = ACB_WSTRUST;
+ pdb_set_lanman_passwd (sampass, pwd);
+ pdb_set_nt_passwd (sampass, pwd);
+ pdb_set_acct_ctrl (sampass, ACB_WSTRUST);
- become_root();
- ret = mod_smbpwd_entry(smb_pass,False);
+ become_root();
+ ret = pdb_update_sam_account (sampass,False);
unbecome_root();
if (ret) {
@@ -542,8 +543,8 @@ static BOOL api_net_sam_logoff(pipes_struct *p)
net_login_interactive:
*************************************************************************/
-static uint32 net_login_interactive(NET_ID_INFO_1 *id1, struct smb_passwd *smb_pass,
- user_struct *vuser)
+static uint32 net_login_interactive(NET_ID_INFO_1 *id1, SAM_ACCOUNT *sampass,
+ user_struct *vuser)
{
uint32 status = 0x0;
@@ -579,8 +580,8 @@ static uint32 net_login_interactive(NET_ID_INFO_1 *id1, struct smb_passwd *smb_p
dump_data(100, nt_pwd, 16);
#endif
- if (memcmp(smb_pass->smb_passwd , lm_pwd, 16) != 0 ||
- memcmp(smb_pass->smb_nt_passwd, nt_pwd, 16) != 0)
+ if (memcmp(pdb_get_lanman_passwd(sampass) ,lm_pwd, 16) != 0 ||
+ memcmp(pdb_get_nt_passwd(sampass) ,nt_pwd, 16) != 0)
{
status = NT_STATUS_WRONG_PASSWORD;
}
@@ -592,8 +593,10 @@ static uint32 net_login_interactive(NET_ID_INFO_1 *id1, struct smb_passwd *smb_p
net_login_network:
*************************************************************************/
-static uint32 net_login_network(NET_ID_INFO_2 *id2, struct smb_passwd *smb_pass)
+static uint32 net_login_network(NET_ID_INFO_2 *id2, SAM_ACCOUNT *sampass)
{
+ BYTE *nt_pwd, *lanman_pwd;
+
DEBUG(5,("net_login_network: lm_len: %d nt_len: %d\n",
id2->hdr_lm_chal_resp.str_str_len,
id2->hdr_nt_chal_resp.str_str_len));
@@ -601,11 +604,12 @@ static uint32 net_login_network(NET_ID_INFO_2 *id2, struct smb_passwd *smb_pass)
/* JRA. Check the NT password first if it exists - this is a higher quality
password, if it exists and it doesn't match - fail. */
+ nt_pwd = pdb_get_nt_passwd (sampass);
+ lanman_pwd = pdb_get_lanman_passwd (sampass);
if (id2->hdr_nt_chal_resp.str_str_len == 24 &&
- smb_pass->smb_nt_passwd != NULL)
+ nt_pwd != NULL)
{
- if(smb_password_check((char *)id2->nt_chal_resp.buffer,
- smb_pass->smb_nt_passwd,
+ if(smb_password_check((char *)id2->nt_chal_resp.buffer, nt_pwd,
id2->lm_chal))
return 0x0;
else
@@ -622,8 +626,7 @@ static uint32 net_login_network(NET_ID_INFO_2 *id2, struct smb_passwd *smb_pass)
if (id2->hdr_lm_chal_resp.str_str_len == 24 &&
smb_password_check((char *)id2->lm_chal_resp.buffer,
- smb_pass->smb_passwd,
- id2->lm_chal))
+ lanman_pwd, id2->lm_chal))
{
return 0x0;
}
@@ -646,21 +649,20 @@ static BOOL api_net_sam_logon(pipes_struct *p)
NET_USER_INFO_3 usr_info;
uint32 status = 0x0;
DOM_CRED srv_cred;
- struct smb_passwd *smb_pass = NULL;
+ SAM_ACCOUNT *sampass = NULL;
+ uint16 acct_ctrl;
UNISTR2 *uni_samlogon_user = NULL;
fstring nt_username;
- struct passwd *pw;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
+ prs_struct *data = &p->in_data.data;
+ prs_struct *rdata = &p->out_data.rdata;
user_struct *vuser = NULL;
if ((vuser = get_valid_user_struct(vuid)) == NULL)
return False;
- memset(&q_l, '\0', sizeof(q_l));
- memset(&ctr, '\0', sizeof(ctr));
- memset(&usr_info, '\0', sizeof(usr_info));
+ ZERO_STRUCT(q_l);
+ ZERO_STRUCT(ctr);
+ ZERO_STRUCT(usr_info);
q_l.sam_id.ctr = &ctr;
@@ -682,8 +684,7 @@ static BOOL api_net_sam_logon(pipes_struct *p)
case INTERACTIVE_LOGON_TYPE:
uni_samlogon_user = &q_l.sam_id.ctr->auth.id1.uni_user_name;
- DEBUG(3,("SAM Logon (Interactive). Domain:[%s]. ",
- lp_workgroup()));
+ DEBUG(3,("SAM Logon (Interactive). Domain:[%s]. ", lp_workgroup()));
break;
case NET_LOGON_TYPE:
uni_samlogon_user = &q_l.sam_id.ctr->auth.id2.uni_user_name;
@@ -699,7 +700,8 @@ static BOOL api_net_sam_logon(pipes_struct *p)
/* check username exists */
- if (status == 0) {
+ if (status == 0)
+ {
pstrcpy(nt_username, dos_unistrn2(uni_samlogon_user->buffer,
uni_samlogon_user->uni_str_len));
@@ -709,40 +711,37 @@ static BOOL api_net_sam_logon(pipes_struct *p)
* Convert to a UNIX username.
*/
map_username(nt_username);
-
- /*
- * Do any case conversions.
- */
- pw=Get_Pwnam(nt_username, True);
+ /* get the account information */
become_root();
- smb_pass = getsmbpwnam(nt_username);
+ sampass = pdb_getsampwnam(nt_username);
unbecome_root();
- if (smb_pass == NULL)
+ acct_ctrl = pdb_get_acct_ctrl(sampass);
+ if (sampass == NULL)
status = NT_STATUS_NO_SUCH_USER;
- else if (smb_pass->acct_ctrl & ACB_PWNOTREQ)
+ else if (acct_ctrl & ACB_PWNOTREQ)
status = 0;
- else if (smb_pass->acct_ctrl & ACB_DISABLED)
+ else if (acct_ctrl & ACB_DISABLED)
status = NT_STATUS_ACCOUNT_DISABLED;
}
/* Validate password - if required. */
- if ((status == 0) && !(smb_pass->acct_ctrl & ACB_PWNOTREQ)) {
+ if ((status == 0) && !(acct_ctrl & ACB_PWNOTREQ)) {
switch (q_l.sam_id.logon_level) {
case INTERACTIVE_LOGON_TYPE:
/* interactive login. */
status = net_login_interactive(&q_l.sam_id.ctr->auth.id1,
- smb_pass, vuser);
+ sampass, vuser);
break;
case NET_LOGON_TYPE:
/* network login. lm challenge and 24 byte responses */
- status = net_login_network(&q_l.sam_id.ctr->auth.id2, smb_pass);
+ status = net_login_network(&q_l.sam_id.ctr->auth.id2, sampass);
break;
}
}
-
+
/* lkclXXXX this is the point at which, if the login was
successful, that the SAM Local Security Authority should
record that the user is logged in to the domain.
@@ -753,49 +752,47 @@ static BOOL api_net_sam_logon(pipes_struct *p)
if (status == 0) {
DOM_GID *gids = NULL;
int num_gids = 0;
- NTTIME dummy_time;
- pstring logon_script;
- pstring profile_path;
- pstring home_dir;
- pstring home_drive;
pstring my_name;
pstring my_workgroup;
pstring domain_groups;
- uint32 r_uid;
- uint32 r_gid;
- fstring full_name;
/* set up pointer indicating user/password failed to be found */
usr_info.ptr_user_info = 0;
-
- dummy_time.low = 0xffffffff;
- dummy_time.high = 0x7fffffff;
-
+
/* XXXX hack to get standard_sub_basic() to use sam logon username */
/* possibly a better way would be to do a become_user() call */
+
+ /*
+ * All this information should be filled in from the
+ * passdb information
+ */
sam_logon_in_ssb = True;
pstrcpy(samlogon_user, nt_username);
- pstrcpy(logon_script, lp_logon_script());
- standard_sub_advanced(-1, nt_username, "", pw->pw_gid, logon_script);
+#if 0
+ gid = pdb_get_gid(sampass);
- pstrcpy(profile_path, lp_logon_path());
- standard_sub_advanced(-1, nt_username, "", pw->pw_gid, profile_path);
-
- pstrcpy(my_workgroup, lp_workgroup());
+ pstrcpy(str, pdb_get_logon_script(sampass));
+ standard_sub_advanced(-1, nt_username, "", gid, str);
+ pdb_set_logon_script(sampass, str);
+
+ pstrcpy(str, pdb_get_profile_path(sampass));
+ standard_sub_advanced(-1, nt_username, "", gid, str);
+ pdb_set_profile_path(sampass, str);
+
+ pstrcpy(str, pdb_get_homedir(sampass));
+ standard_sub_advanced(-1, nt_username, "", gid, str);
+ pdb_set_homedir(sampass, str);
- pstrcpy(home_drive, lp_logon_drive());
- standard_sub_advanced(-1, nt_username, "", pw->pw_gid, home_drive);
+ fstrcpy(full_name, "<Full Name>");
+ if (lp_unix_realname())
+ fstrcpy(full_name, pdb_get_fullname(sampass));
+#endif
- pstrcpy(home_dir, lp_logon_home());
- standard_sub_advanced(-1, nt_username, "", pw->pw_gid, home_dir);
-
+ pstrcpy(my_workgroup, lp_workgroup());
pstrcpy(my_name, global_myname);
strupper(my_name);
- fstrcpy(full_name, "<Full Name>");
- if (lp_unix_realname())
- fstrcpy(full_name, pw->pw_gecos);
/*
* This is the point at which we get the group
@@ -815,40 +812,32 @@ static BOOL api_net_sam_logon(pipes_struct *p)
sam_logon_in_ssb = False;
+ /*
+ * This next call is where the 'domain admin users' parameter
+ * gets mapped. I'm leaving it out for now. The user and group rid
+ * has already been mapped into the SAM_ACCOUNT struct. I don't
+ * think this should be overridden here. The correct solution
+ * is proper group memberships and mapping. --jerry
+ */
+#if 0
if (pdb_name_to_rid(nt_username, &r_uid, &r_gid))
- init_net_user_info3(&usr_info,
- &dummy_time, /* logon_time */
- &dummy_time, /* logoff_time */
- &dummy_time, /* kickoff_time */
- &dummy_time, /* pass_last_set_time */
- &dummy_time, /* pass_can_change_time */
- &dummy_time, /* pass_must_change_time */
-
- nt_username , /* user_name */
- full_name, /* full_name */
- logon_script , /* logon_script */
- profile_path , /* profile_path */
- home_dir , /* home_dir */
- home_drive , /* dir_drive */
-
+#endif
+ init_net_user_info3(&usr_info, sampass,
0, /* logon_count */
0, /* bad_pw_count */
-
- r_uid , /* RID user_id */
- r_gid , /* RID group_id */
num_gids, /* uint32 num_groups */
gids , /* DOM_GID *gids */
0x20 , /* uint32 user_flgs (?) */
-
NULL, /* char sess_key[16] */
-
my_name , /* char *logon_srv */
my_workgroup, /* char *logon_dom */
-
&global_sam_sid, /* DOM_SID *dom_sid */
NULL); /* char *other_sids */
+
+#if 0
else
status = NT_STATUS_NO_SUCH_USER;
+#endif
/* Free any allocated groups array. */
if(gids)
generated by cgit (git 2.34.1) at 2025-03-04 11:10:21 +0000