summaryrefslogtreecommitdiff
path: root/source3/rpc_server
diff options
context:
space:
mode:
Diffstat (limited to 'source3/rpc_server')
-rw-r--r--source3/rpc_server/srv_netlog_nt.c6
-rw-r--r--source3/rpc_server/srv_samr_nt.c82
-rw-r--r--source3/rpc_server/srv_srvsvc_nt.c64
3 files changed, 105 insertions, 47 deletions
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index 45acd3ed48..038690d0f1 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -1402,10 +1402,10 @@ NTSTATUS _netr_LogonSamLogonWithFlags(pipes_struct *p,
/****************************************************************
****************************************************************/
-WERROR _netr_NETRSERVERGETTRUSTINFO(pipes_struct *p,
- struct netr_NETRSERVERGETTRUSTINFO *r)
+NTSTATUS _netr_ServerGetTrustInfo(pipes_struct *p,
+ struct netr_ServerGetTrustInfo *r)
{
p->rng_fault_state = true;
- return WERR_NOT_SUPPORTED;
+ return NT_STATUS_NOT_IMPLEMENTED;
}
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index cbcd4de60c..342f432c4e 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -2079,7 +2079,7 @@ NTSTATUS _samr_LookupRids(pipes_struct *p,
return NT_STATUS_INVALID_HANDLE;
status = access_check_samr_function(acc_granted,
- SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS,
+ 0, /* Don't know the acc_bits yet */
"_samr_LookupRids");
if (!NT_STATUS_IS_OK(status)) {
return status;
@@ -2430,8 +2430,10 @@ static NTSTATUS get_user_info_18(pipes_struct *p,
return NT_STATUS_ACCOUNT_DISABLED;
}
- init_samr_user_info18(r, pdb_get_lanman_passwd(smbpass),
- pdb_get_nt_passwd(smbpass));
+ init_samr_user_info18(r,
+ pdb_get_lanman_passwd(smbpass),
+ pdb_get_nt_passwd(smbpass),
+ 0 /* FIXME */);
TALLOC_FREE(smbpass);
@@ -2607,8 +2609,8 @@ static NTSTATUS get_user_info_21(TALLOC_CTX *mem_ctx,
pdb_get_logon_count(pw),
0, /* country_code */
0, /* code_page */
- 0, /* nt_password_set */
0, /* lm_password_set */
+ 0, /* nt_password_set */
password_expired);
return NT_STATUS_OK;
@@ -2634,7 +2636,7 @@ NTSTATUS _samr_QueryUserInfo(pipes_struct *p,
return NT_STATUS_INVALID_HANDLE;
status = access_check_samr_function(info->acc_granted,
- SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
+ SAMR_USER_ACCESS_GET_ATTRIBUTES,
"_samr_QueryUserInfo");
if (!NT_STATUS_IS_OK(status)) {
return status;
@@ -3699,29 +3701,62 @@ static bool set_user_info_16(struct samr_UserInfo16 *id16,
set_user_info_18
********************************************************************/
-static bool set_user_info_18(struct samr_UserInfo18 *id18,
- struct samu *pwd)
+static NTSTATUS set_user_info_18(struct samr_UserInfo18 *id18,
+ TALLOC_CTX *mem_ctx,
+ DATA_BLOB *session_key,
+ struct samu *pwd)
{
if (id18 == NULL) {
DEBUG(2, ("set_user_info_18: id18 is NULL\n"));
- return False;
+ return NT_STATUS_INVALID_PARAMETER;
}
- if (!pdb_set_lanman_passwd (pwd, id18->lm_pwd.hash, PDB_CHANGED)) {
- return False;
+ if (id18->nt_pwd_active || id18->lm_pwd_active) {
+ if (!session_key->length) {
+ return NT_STATUS_NO_USER_SESSION_KEY;
+ }
}
- if (!pdb_set_nt_passwd (pwd, id18->nt_pwd.hash, PDB_CHANGED)) {
- return False;
+
+ if (id18->nt_pwd_active) {
+
+ DATA_BLOB in, out;
+
+ in = data_blob_const(id18->nt_pwd.hash, 16);
+ out = data_blob_talloc_zero(mem_ctx, 16);
+
+ sess_crypt_blob(&out, &in, session_key, false);
+
+ if (!pdb_set_nt_passwd(pwd, out.data, PDB_CHANGED)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ pdb_set_pass_last_set_time(pwd, time(NULL), PDB_CHANGED);
}
- if (!pdb_set_pass_last_set_time (pwd, time(NULL), PDB_CHANGED)) {
- return False;
+
+ if (id18->lm_pwd_active) {
+
+ DATA_BLOB in, out;
+
+ in = data_blob_const(id18->lm_pwd.hash, 16);
+ out = data_blob_talloc_zero(mem_ctx, 16);
+
+ sess_crypt_blob(&out, &in, session_key, false);
+
+ if (!pdb_set_lanman_passwd(pwd, out.data, PDB_CHANGED)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ pdb_set_pass_last_set_time(pwd, time(NULL), PDB_CHANGED);
}
- if(!NT_STATUS_IS_OK(pdb_update_sam_account(pwd))) {
- return False;
- }
+ if (id18->password_expired) {
+ pdb_set_pass_last_set_time(pwd, 0, PDB_CHANGED);
+ } else {
+ /* FIXME */
+ pdb_set_pass_last_set_time(pwd, time(NULL), PDB_CHANGED);
+ }
- return True;
+ return pdb_update_sam_account(pwd);
}
/*******************************************************************
@@ -3856,8 +3891,8 @@ static NTSTATUS set_user_info_23(TALLOC_CTX *mem_ctx,
return NT_STATUS_ACCESS_DENIED;
}
- if ((id23->info.fields_present & SAMR_FIELD_PASSWORD) ||
- (id23->info.fields_present & SAMR_FIELD_PASSWORD2)) {
+ if ((id23->info.fields_present & SAMR_FIELD_NT_PASSWORD_PRESENT) ||
+ (id23->info.fields_present & SAMR_FIELD_LM_PASSWORD_PRESENT)) {
DEBUG(5, ("Attempting administrator password change (level 23) for user %s\n",
pdb_get_username(pwd)));
@@ -4178,9 +4213,10 @@ NTSTATUS _samr_SetUserInfo(pipes_struct *p,
case 18:
/* Used by AS/U JRA. */
- if (!set_user_info_18(&info->info18, pwd)) {
- status = NT_STATUS_ACCESS_DENIED;
- }
+ status = set_user_info_18(&info->info18,
+ p->mem_ctx,
+ &p->server_info->user_session_key,
+ pwd);
break;
case 20:
diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c
index bf3669022d..15af963c4c 100644
--- a/source3/rpc_server/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srv_srvsvc_nt.c
@@ -493,6 +493,19 @@ static bool is_hidden_share(int snum)
}
/*******************************************************************
+ Verify user is allowed to view share, access based enumeration
+********************************************************************/
+static bool is_enumeration_allowed(pipes_struct *p,
+ int snum)
+{
+ if (!lp_access_based_share_enum(snum))
+ return true;
+
+ return share_access_check(p->server_info->ptok, lp_servicename(snum),
+ FILE_READ_DATA);
+}
+
+/*******************************************************************
Fill in a share info structure.
********************************************************************/
@@ -509,6 +522,7 @@ static WERROR init_srv_share_info_ctr(pipes_struct *p,
TALLOC_CTX *ctx = p->mem_ctx;
int i = 0;
int valid_share_count = 0;
+ bool *allowed = 0;
union srvsvc_NetShareCtr ctr;
uint32_t resume_handle = resume_handle_p ? *resume_handle_p : 0;
@@ -521,15 +535,21 @@ static WERROR init_srv_share_info_ctr(pipes_struct *p,
num_services = lp_numservices();
unbecome_root();
- /* Count the number of entries. */
- for (snum = 0; snum < num_services; snum++) {
- if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) {
- DEBUG(10, ("counting service %s\n", lp_servicename(snum)));
- num_entries++;
- } else {
- DEBUG(10, ("NOT counting service %s\n", lp_servicename(snum)));
- }
- }
+ allowed = TALLOC_ZERO_ARRAY(ctx, bool, num_services);
+ W_ERROR_HAVE_NO_MEMORY(allowed);
+
+ /* Count the number of entries. */
+ for (snum = 0; snum < num_services; snum++) {
+ if (lp_browseable(snum) && lp_snum_ok(snum) &&
+ is_enumeration_allowed(p, snum) &&
+ (all_shares || !is_hidden_share(snum)) ) {
+ DEBUG(10, ("counting service %s\n", lp_servicename(snum)));
+ allowed[snum] = true;
+ num_entries++;
+ } else {
+ DEBUG(10, ("NOT counting service %s\n", lp_servicename(snum)));
+ }
+ }
if (!num_entries || (resume_handle >= num_entries)) {
return WERR_OK;
@@ -547,7 +567,7 @@ static WERROR init_srv_share_info_ctr(pipes_struct *p,
W_ERROR_HAVE_NO_MEMORY(ctr.ctr0->array);
for (snum = 0; snum < num_services; snum++) {
- if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+ if (allowed[snum] &&
(resume_handle <= (i + valid_share_count++)) ) {
init_srv_share_info_0(p, &ctr.ctr0->array[i++], snum);
}
@@ -564,7 +584,7 @@ static WERROR init_srv_share_info_ctr(pipes_struct *p,
W_ERROR_HAVE_NO_MEMORY(ctr.ctr1->array);
for (snum = 0; snum < num_services; snum++) {
- if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+ if (allowed[snum] &&
(resume_handle <= (i + valid_share_count++)) ) {
init_srv_share_info_1(p, &ctr.ctr1->array[i++], snum);
}
@@ -581,7 +601,7 @@ static WERROR init_srv_share_info_ctr(pipes_struct *p,
W_ERROR_HAVE_NO_MEMORY(ctr.ctr2->array);
for (snum = 0; snum < num_services; snum++) {
- if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+ if (allowed[snum] &&
(resume_handle <= (i + valid_share_count++)) ) {
init_srv_share_info_2(p, &ctr.ctr2->array[i++], snum);
}
@@ -598,7 +618,7 @@ static WERROR init_srv_share_info_ctr(pipes_struct *p,
W_ERROR_HAVE_NO_MEMORY(ctr.ctr501->array);
for (snum = 0; snum < num_services; snum++) {
- if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+ if (allowed[snum] &&
(resume_handle <= (i + valid_share_count++)) ) {
init_srv_share_info_501(p, &ctr.ctr501->array[i++], snum);
}
@@ -615,7 +635,7 @@ static WERROR init_srv_share_info_ctr(pipes_struct *p,
W_ERROR_HAVE_NO_MEMORY(ctr.ctr502->array);
for (snum = 0; snum < num_services; snum++) {
- if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+ if (allowed[snum] &&
(resume_handle <= (i + valid_share_count++)) ) {
init_srv_share_info_502(p, &ctr.ctr502->array[i++], snum);
}
@@ -632,7 +652,7 @@ static WERROR init_srv_share_info_ctr(pipes_struct *p,
W_ERROR_HAVE_NO_MEMORY(ctr.ctr1004->array);
for (snum = 0; snum < num_services; snum++) {
- if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+ if (allowed[snum] &&
(resume_handle <= (i + valid_share_count++)) ) {
init_srv_share_info_1004(p, &ctr.ctr1004->array[i++], snum);
}
@@ -649,7 +669,7 @@ static WERROR init_srv_share_info_ctr(pipes_struct *p,
W_ERROR_HAVE_NO_MEMORY(ctr.ctr1005->array);
for (snum = 0; snum < num_services; snum++) {
- if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+ if (allowed[snum] &&
(resume_handle <= (i + valid_share_count++)) ) {
init_srv_share_info_1005(p, &ctr.ctr1005->array[i++], snum);
}
@@ -666,7 +686,7 @@ static WERROR init_srv_share_info_ctr(pipes_struct *p,
W_ERROR_HAVE_NO_MEMORY(ctr.ctr1006->array);
for (snum = 0; snum < num_services; snum++) {
- if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+ if (allowed[snum] &&
(resume_handle <= (i + valid_share_count++)) ) {
init_srv_share_info_1006(p, &ctr.ctr1006->array[i++], snum);
}
@@ -683,7 +703,7 @@ static WERROR init_srv_share_info_ctr(pipes_struct *p,
W_ERROR_HAVE_NO_MEMORY(ctr.ctr1007->array);
for (snum = 0; snum < num_services; snum++) {
- if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+ if (allowed[snum] &&
(resume_handle <= (i + valid_share_count++)) ) {
init_srv_share_info_1007(p, &ctr.ctr1007->array[i++], snum);
}
@@ -700,7 +720,7 @@ static WERROR init_srv_share_info_ctr(pipes_struct *p,
W_ERROR_HAVE_NO_MEMORY(ctr.ctr1501->array);
for (snum = 0; snum < num_services; snum++) {
- if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) &&
+ if (allowed[snum] &&
(resume_handle <= (i + valid_share_count++)) ) {
init_srv_share_info_1501(p, &ctr.ctr1501->array[i++], snum);
}
@@ -2048,11 +2068,12 @@ WERROR _srvsvc_NetGetFileSecurity(pipes_struct *p,
goto error_exit;
}
- nt_status = create_file(
+ nt_status = SMB_VFS_CREATE_FILE(
conn, /* conn */
NULL, /* req */
0, /* root_dir_fid */
r->in.file, /* fname */
+ CFF_DOS_PATH, /* create_file_flags */
FILE_READ_ATTRIBUTES, /* access_mask */
FILE_SHARE_READ|FILE_SHARE_WRITE, /* share_access */
FILE_OPEN, /* create_disposition*/
@@ -2162,11 +2183,12 @@ WERROR _srvsvc_NetSetFileSecurity(pipes_struct *p,
goto error_exit;
}
- nt_status = create_file(
+ nt_status = SMB_VFS_CREATE_FILE(
conn, /* conn */
NULL, /* req */
0, /* root_dir_fid */
r->in.file, /* fname */
+ CFF_DOS_PATH, /* create_file_flags */
FILE_WRITE_ATTRIBUTES, /* access_mask */
FILE_SHARE_READ|FILE_SHARE_WRITE, /* share_access */
FILE_OPEN, /* create_disposition*/
generated by cgit (git 2.34.1) at 2024-08-25 16:21:13 +0000