summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/challenge.c61
-rw-r--r--source3/smbd/password.c501
-rw-r--r--source3/smbd/reply.c5
-rw-r--r--source3/smbd/server.c12
4 files changed, 76 insertions, 503 deletions
diff --git a/source3/smbd/challenge.c b/source3/smbd/challenge.c
new file mode 100644
index 0000000000..cbb34e6395
--- /dev/null
+++ b/source3/smbd/challenge.c
@@ -0,0 +1,61 @@
+/*
+ Unix SMB/Netbios implementation.
+ Version 1.9.
+ Password and authentication handling
+ Copyright (C) Andrew Tridgell 1992-1998
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+extern int DEBUGLEVEL;
+
+/* Data to do lanman1/2 password challenge. */
+static unsigned char saved_challenge[8];
+static BOOL challenge_sent=False;
+
+/*******************************************************************
+Get the next challenge value - no repeats.
+********************************************************************/
+void generate_next_challenge(char *challenge)
+{
+ unsigned char buf[8];
+ generate_random_buffer(buf,8,False);
+ memcpy(saved_challenge, buf, 8);
+ memcpy(challenge,buf,8);
+ challenge_sent = True;
+}
+
+/*******************************************************************
+set the last challenge sent, usually from a password server
+********************************************************************/
+BOOL set_challenge(unsigned char *challenge)
+{
+ memcpy(saved_challenge,challenge,8);
+ challenge_sent = True;
+ return(True);
+}
+
+/*******************************************************************
+get the last challenge sent
+********************************************************************/
+BOOL last_challenge(unsigned char *challenge)
+{
+ if (!challenge_sent) return False;
+ memcpy(challenge,saved_challenge,8);
+ return(True);
+}
+
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index c14b50d3a6..240ec30c3f 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -31,209 +31,6 @@ extern pstring scope;
extern pstring global_myname;
extern fstring global_myworkgroup;
-/* Data to do lanman1/2 password challenge. */
-static unsigned char saved_challenge[8];
-static BOOL challenge_sent=False;
-
-/*******************************************************************
-Get the next challenge value - no repeats.
-********************************************************************/
-void generate_next_challenge(char *challenge)
-{
-#if 0
- /*
- * Leave this ifdef'd out while we test
- * the new crypto random number generator.
- * JRA.
- */
- unsigned char buf[16];
- static int counter = 0;
- struct timeval tval;
- int v1,v2;
-
- /* get a sort-of random number */
- GetTimeOfDay(&tval);
- v1 = (counter++) + getpid() + tval.tv_sec;
- v2 = (counter++) * getpid() + tval.tv_usec;
- SIVAL(challenge,0,v1);
- SIVAL(challenge,4,v2);
-
- /* mash it up with md4 */
- mdfour(buf, (unsigned char *)challenge, 8);
-#else
- unsigned char buf[8];
-
- generate_random_buffer(buf,8,False);
-#endif
- memcpy(saved_challenge, buf, 8);
- memcpy(challenge,buf,8);
- challenge_sent = True;
-}
-
-/*******************************************************************
-set the last challenge sent, usually from a password server
-********************************************************************/
-BOOL set_challenge(unsigned char *challenge)
-{
- memcpy(saved_challenge,challenge,8);
- challenge_sent = True;
- return(True);
-}
-
-/*******************************************************************
-get the last challenge sent
-********************************************************************/
-static BOOL last_challenge(unsigned char *challenge)
-{
- if (!challenge_sent) return False;
- memcpy(challenge,saved_challenge,8);
- return(True);
-}
-
-/* this holds info on user ids that are already validated for this VC */
-static user_struct *validated_users = NULL;
-static int num_validated_users = 0;
-
-/****************************************************************************
-check if a uid has been validated, and return an pointer to the user_struct
-if it has. NULL if not. vuid is biased by an offset. This allows us to
-tell random client vuid's (normally zero) from valid vuids.
-****************************************************************************/
-user_struct *get_valid_user_struct(uint16 vuid)
-{
- if (vuid == UID_FIELD_INVALID)
- return NULL;
- vuid -= VUID_OFFSET;
- if ((vuid >= (uint16)num_validated_users) ||
- (validated_users[vuid].uid == (uid_t)-1) || (validated_users[vuid].gid == (gid_t)-1))
- return NULL;
- return &validated_users[vuid];
-}
-
-/****************************************************************************
-invalidate a uid
-****************************************************************************/
-void invalidate_vuid(uint16 vuid)
-{
- user_struct *vuser = get_valid_user_struct(vuid);
-
- if (vuser == NULL) return;
-
- vuser->uid = (uid_t)-1;
- vuser->gid = (gid_t)-1;
-
- vuser->n_sids = 0;
-
- /* same number of igroups as groups */
- vuser->n_groups = 0;
-
- if (vuser->groups)
- free((char *)vuser->groups);
-
- if (vuser->sids)
- free((char *)vuser->sids);
-
- vuser->sids = NULL;
- vuser->groups = NULL;
-}
-
-
-/****************************************************************************
-return a validated username
-****************************************************************************/
-char *validated_username(uint16 vuid)
-{
- user_struct *vuser = get_valid_user_struct(vuid);
- if (vuser == NULL)
- return 0;
- return(vuser->name);
-}
-
-
-
-/****************************************************************************
-register a uid/name pair as being valid and that a valid password
-has been given. vuid is biased by an offset. This allows us to
-tell random client vuid's (normally zero) from valid vuids.
-****************************************************************************/
-uint16 register_vuid(uid_t uid,gid_t gid, char *unix_name, char *requested_name, BOOL guest, uchar user_sess_key[16])
-{
- user_struct *vuser;
- struct passwd *pwfile; /* for getting real name from passwd file */
-
- /* Ensure no vuid gets registered in share level security. */
- if(lp_security() == SEC_SHARE)
- return UID_FIELD_INVALID;
-
-#if 0
- /*
- * After observing MS-Exchange services writing to a Samba share
- * I belive this code is incorrect. Each service does its own
- * sessionsetup_and_X for the same user, and as each service shuts
- * down, it does a user_logoff_and_X. As we are consolidating multiple
- * sessionsetup_and_X's onto the same vuid here, when the first service
- * shuts down, it invalidates all the open files for the other services.
- * Hence I am removing this code and forcing each sessionsetup_and_X
- * to get a new vuid.
- * Jeremy Allison. (jallison@whistle.com).
- */
-
- int i;
- for(i = 0; i < num_validated_users; i++) {
- vuser = &validated_users[i];
- if ( vuser->uid == uid )
- return (uint16)(i + VUID_OFFSET); /* User already validated */
- }
-#endif
-
- validated_users = (user_struct *)Realloc(validated_users,
- sizeof(user_struct)*
- (num_validated_users+1));
-
- if (!validated_users)
- {
- DEBUG(0,("Failed to realloc users struct!\n"));
- num_validated_users = 0;
- return UID_FIELD_INVALID;
- }
-
- vuser = &validated_users[num_validated_users];
- num_validated_users++;
-
- vuser->uid = uid;
- vuser->gid = gid;
- vuser->guest = guest;
- fstrcpy(vuser->name,unix_name);
- fstrcpy(vuser->requested_name,requested_name);
- memcpy(vuser->dc.user_sess_key, user_sess_key, sizeof(vuser->dc.user_sess_key));
-
- vuser->n_sids = 0;
- vuser->sids = NULL;
-
- vuser->n_groups = 0;
- vuser->groups = NULL;
-
- /* Find all the groups this uid is in and store them.
- Used by become_user() */
- get_unixgroups(unix_name,uid,gid,
- &vuser->n_groups,
- &vuser->groups);
-
- DEBUG(3,("uid %d registered to name %s\n",(int)uid,unix_name));
-
- DEBUG(3, ("Clearing default real name\n"));
- fstrcpy(vuser->real_name, "<Full Name>\0");
- if (lp_unix_realname()) {
- if ((pwfile=hashed_getpwnam(vuser->name))!= NULL)
- {
- DEBUG(3, ("User name: %s\tReal name: %s\n",vuser->name,pwfile->pw_gecos));
- fstrcpy(vuser->real_name, pwfile->pw_gecos);
- }
- }
-
- return (uint16)((num_validated_users - 1) + VUID_OFFSET);
-}
-
/****************************************************************************
add a name to the session users list
@@ -291,275 +88,6 @@ static BOOL update_smbpassword_file(char *user, char *password)
/****************************************************************************
-core of smb password checking routine.
-****************************************************************************/
-static BOOL smb_pwd_check_ntlmv1(char *password, unsigned char *part_passwd,
- unsigned char *c8,
- uchar sess_key[16])
-{
- /* Finish the encryption of part_passwd. */
- unsigned char p24[24];
-
- if (part_passwd == NULL)
- DEBUG(10,("No password set - allowing access\n"));
- /* No password set - always true ! */
- if (part_passwd == NULL)
- return True;
-
- SMBOWFencrypt(part_passwd, c8, p24);
- if (sess_key != NULL)
- {
- SMBsesskeygen_ntv1(part_passwd, NULL, sess_key);
- }
-
-#if DEBUG_PASSWORD
- DEBUG(100,("Part password (P16) was |"));
- dump_data(100, part_passwd, 16);
- DEBUG(100,("Password from client was |"));
- dump_data(100, password, 24);
- DEBUG(100,("Given challenge was |"));
- dump_data(100, c8, 8);
- DEBUG(100,("Value from encryption was |"));
- dump_data(100, p24, 24);
-#endif
- return (memcmp(p24, password, 24) == 0);
-}
-
-/****************************************************************************
-core of smb password checking routine.
-****************************************************************************/
-static BOOL smb_pwd_check_ntlmv2(char *password, size_t pwd_len,
- unsigned char *part_passwd,
- unsigned char const *c8,
- const char *user, const char *domain,
- char *sess_key)
-{
- /* Finish the encryption of part_passwd. */
- unsigned char kr[16];
- unsigned char resp[16];
-
- if (part_passwd == NULL)
- {
- DEBUG(10,("No password set - allowing access\n"));
- }
- /* No password set - always true ! */
- if (part_passwd == NULL)
- {
- return True;
- }
-
- ntv2_owf_gen(part_passwd, user, domain, kr);
- SMBOWFencrypt_ntv2(kr, c8, 8, password+16, pwd_len-16, resp);
- if (sess_key != NULL)
- {
- SMBsesskeygen_ntv2(kr, resp, sess_key);
- }
-
-#if DEBUG_PASSWORD
- DEBUG(100,("Part password (P16) was |"));
- dump_data(100, part_passwd, 16);
- DEBUG(100,("Password from client was |"));
- dump_data(100, password, pwd_len);
- DEBUG(100,("Given challenge was |"));
- dump_data(100, c8, 8);
- DEBUG(100,("Value from encryption was |"));
- dump_data(100, resp, 16);
-#endif
-
- return (memcmp(resp, password, 16) == 0);
-}
-
-/****************************************************************************
- Do a specific test for an smb password being correct, given a smb_password and
- the lanman and NT responses.
-****************************************************************************/
-BOOL smb_password_ok(struct smb_passwd *smb_pass, uchar chal[8],
- const char *user, const char *domain,
- uchar *lm_pass, size_t lm_pwd_len,
- uchar *nt_pass, size_t nt_pwd_len,
- uchar sess_key[16])
-{
- uchar challenge[8];
-
- if (smb_pass == NULL)
- {
- return False;
- }
-
- DEBUG(4,("Checking SMB password for user %s\n",
- smb_pass->unix_name));
-
- if (smb_pass->acct_ctrl & ACB_DISABLED)
- {
- DEBUG(3,("account for user %s was disabled.\n",
- smb_pass->unix_name));
- return False;
- }
-
- if (chal == NULL)
- {
- DEBUG(5,("use last SMBnegprot challenge\n"));
- if (!last_challenge(challenge))
- {
- DEBUG(1,("no challenge done - password failed\n"));
- return False;
- }
- }
- else
- {
- DEBUG(5,("challenge received\n"));
- memcpy(challenge, chal, 8);
- }
-
- if ((Protocol >= PROTOCOL_NT1) && (smb_pass->smb_nt_passwd != NULL))
- {
- /* We have the NT MD4 hash challenge available - see if we can
- use it (ie. does it exist in the smbpasswd file).
- */
- if (lp_server_ntlmv2() != False && nt_pwd_len > 24)
- {
- DEBUG(4,("smb_password_ok: Check NTLMv2 password\n"));
- if (smb_pwd_check_ntlmv2(nt_pass, nt_pwd_len,
- (uchar *)smb_pass->smb_nt_passwd,
- challenge, user, domain,
- sess_key))
- {
- return True;
- }
- }
- if (lp_server_ntlmv2() != True && nt_pwd_len == 24)
- {
- DEBUG(4,("smb_password_ok: Check NT MD4 password\n"));
- if (smb_pwd_check_ntlmv1((char *)nt_pass,
- (uchar *)smb_pass->smb_nt_passwd,
- challenge,
- sess_key))
- {
- DEBUG(4,("NT MD4 password check succeeded\n"));
- return True;
- }
- }
- DEBUG(4,("NT MD4 password check failed\n"));
- }
-
- if (lp_server_ntlmv2() == True)
- {
- DEBUG(4,("Not checking LM MD4 password\n"));
- return False;
- }
-
- /* Try against the lanman password. smb_pass->smb_passwd == NULL means
- no password, allow access. */
-
- DEBUG(4,("Checking LM MD4 password\n"));
-
- if ((smb_pass->smb_passwd == NULL) &&
- (smb_pass->acct_ctrl & ACB_PWNOTREQ))
- {
- DEBUG(4,("no password required for user %s\n",
- smb_pass->unix_name));
- return True;
- }
-
- if ((smb_pass->smb_passwd != NULL) &&
- smb_pwd_check_ntlmv1((char *)lm_pass,
- (uchar *)smb_pass->smb_passwd,
- challenge, NULL))
- {
- DEBUG(4,("LM MD4 password check succeeded\n"));
- return(True);
- }
-
- DEBUG(4,("LM MD4 password check failed\n"));
-
- return False;
-}
-
-
-/****************************************************************************
-check if a username/password is OK assuming the password is a 24 byte
-SMB hash
-return True if the password is correct, False otherwise
-****************************************************************************/
-
-BOOL pass_check_smb(struct smb_passwd *smb_pass, char *domain, uchar *chal,
- uchar *lm_pwd, size_t lm_pwd_len,
- uchar *nt_pwd, size_t nt_pwd_len,
- struct passwd *pwd, uchar user_sess_key[16])
-{
- const struct passwd *pass;
- struct passwd pw;
- char *user = NULL;
-
- if (smb_pass == NULL)
- {
- DEBUG(3,("Couldn't find user %s in smb_passwd file.\n", user));
- return False;
- }
-
- user = smb_pass->unix_name;
-
- if (lm_pwd == NULL || nt_pwd == NULL)
- {
- return False;
- }
-
- if (pwd != NULL && user == NULL)
- {
- pass = (struct passwd *) pwd;
- user = pass->pw_name;
- }
- else
- {
- pass = Get_Pwnam(user,True);
- if (pass == NULL)
- {
- DEBUG(3,("Couldn't find user %s\n",user));
- return False;
- }
- memcpy(&pw, pass, sizeof(struct passwd));
- pass = &pw;
- }
-
- /* Quit if the account was disabled. */
- if (smb_pass->acct_ctrl & ACB_DISABLED) {
- DEBUG(3,("account for user %s was disabled.\n", user));
- return False;
- }
-
- /* Ensure the uid's match */
- if (smb_pass->unix_uid != pass->pw_uid)
- {
- DEBUG(3,("Error : UNIX (%d) and SMB (%d) uids in password files do not match !\n", pass->pw_uid, smb_pass->unix_uid));
- return False;
- }
-
- if (lm_pwd[0] == '\0' && IS_BITS_SET_ALL(smb_pass->acct_ctrl, ACB_PWNOTREQ) && lp_null_passwords())
- {
- DEBUG(3,("account for user %s has no password and null passwords are allowed.\n", smb_pass->unix_name));
- return(True);
- }
-
- if (smb_password_ok(smb_pass, chal, user, domain,
- lm_pwd, lm_pwd_len,
- nt_pwd, nt_pwd_len,
- user_sess_key))
- {
- if (user_sess_key != NULL)
- {
-#ifdef DEBUG_PASSWORD
- DEBUG(100,("user session key: "));
- dump_data(100, user_sess_key, 16);
-#endif
- }
- return(True);
- }
-
- DEBUG(3,("Error pass_check_smb failed\n"));
- return False;
-}
-
-/****************************************************************************
check if a username/password pair is OK either via the system password
database or the encrypted SMB password database
return True if the password is correct, False otherwise
@@ -589,35 +117,6 @@ BOOL password_ok(char *user, char *password, int pwlen, struct passwd *pwd,
update_smbpassword_file : NULL);
}
-/****************************************************************************
-check if a username is valid
-****************************************************************************/
-BOOL user_ok(char *user,int snum)
-{
- pstring valid, invalid;
- BOOL ret;
-
- StrnCpy(valid, lp_valid_users(snum), sizeof(pstring));
- StrnCpy(invalid, lp_invalid_users(snum), sizeof(pstring));
-
- string_sub(valid,"%S",lp_servicename(snum));
- string_sub(invalid,"%S",lp_servicename(snum));
-
- ret = !user_in_list(user,invalid);
-
- if (ret && valid && *valid) {
- ret = user_in_list(user,valid);
- }
-
- if (ret && lp_onlyuser(snum)) {
- char *user_list = lp_username(snum);
- string_sub(user_list,"%S",lp_servicename(snum));
- ret = user_in_list(user,user_list);
- }
-
- return(ret);
-}
-
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index a0ad2ca20d..81f2a9beb9 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -415,6 +415,7 @@ static int session_trust_account(connection_struct *conn, char *inbuf, char *out
char *smb_nt_passwd, int smb_nt_passlen)
{
struct smb_passwd *smb_trust_acct = NULL; /* check if trust account exists */
+ uchar last_chal[8];
if (lp_security() == SEC_USER)
{
smb_trust_acct = getsmbpwnam(user);
@@ -441,8 +442,8 @@ static int session_trust_account(connection_struct *conn, char *inbuf, char *out
SSVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES);
return(ERROR(0, 0xc0000000|NT_STATUS_LOGON_FAILURE));
}
-
- if (!smb_password_ok(smb_trust_acct, NULL, NULL, NULL,
+ if (!last_challenge(last_chal) ||
+ !smb_password_ok(smb_trust_acct, last_chal, NULL, NULL,
(unsigned char *)smb_passwd, smb_passlen,
(unsigned char *)smb_nt_passwd, smb_nt_passlen, NULL))
{
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index 5512e6e56b..7fde1fc6f6 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -678,6 +678,18 @@ static void usage(char *pname)
}
#endif /* WITH_SSL */
+#if 0
+ start_msrpc_agent("lsarpc");
+#endif
+ add_msrpc_command_processor( "samr", "lsass", api_samr_rpc );
+ add_msrpc_command_processor( "srvsvc", "ntsvcs", api_srvsvc_rpc );
+ add_msrpc_command_processor( "wkssvc", "ntsvcs", api_wkssvc_rpc );
+ add_msrpc_command_processor( "browser", "ntsvcs", api_brs_rpc );
+ add_msrpc_command_processor( "svcctl", "ntsvcs", api_svcctl_rpc );
+ add_msrpc_command_processor( "NETLOGON", "lsass", api_netlog_rpc );
+ add_msrpc_command_processor( "winreg", "winreg", api_reg_rpc );
+ add_msrpc_command_processor( "spoolss", "spoolss", api_spoolss_rpc );
+
codepage_initialise(lp_client_code_page());
if (!pwdb_initialise(True))