From 5d7c8375e4ffb017ef0f9eed7e619e533b3e8d12 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 24 Mar 1998 00:37:53 +0000 Subject: clientgen.c ipc.c smbpasswd.c: Fixes for warnings (from Herb). quotas.c: Linux quota fix. util.c: Ensure smb_read_error is zero in all calls that can set it. lib/rpc/include/rpc_misc.h lib/rpc/include/rpc_netlogon.h lib/rpc/parse/parse_misc.c lib/rpc/parse/parse_net.c lib/rpc/server/srv_netlog.c : Modify Luke's code to call SamOEMhash(). Jeremy. (This used to be commit 7f749708383b8b36c3f23a5fbc5cbdf39bc8e555) --- source3/include/proto.h | 4 +-- source3/include/rpc_misc.h | 6 ++-- source3/include/rpc_netlogon.h | 4 +-- source3/lib/util.c | 4 +++ source3/libsmb/clientgen.c | 2 +- source3/rpc_parse/parse_misc.c | 12 ++++---- source3/rpc_parse/parse_net.c | 68 +++++++++++++++-------------------------- source3/rpc_server/srv_netlog.c | 25 ++++++--------- source3/smbd/ipc.c | 3 +- source3/smbd/quotas.c | 2 ++ source3/utils/smbpasswd.c | 39 ++++++++++++++++++++--- 11 files changed, 91 insertions(+), 78 deletions(-) diff --git a/source3/include/proto.h b/source3/include/proto.h index 209004e90a..a643996d3c 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -293,8 +293,8 @@ void make_clnt_info(DOM_CLNT_INFO *clnt, void smb_io_clnt_info(char *desc, DOM_CLNT_INFO *clnt, prs_struct *ps, int depth); void make_logon_id(DOM_LOGON_ID *log, uint32 log_id_low, uint32 log_id_high); void smb_io_logon_id(char *desc, DOM_LOGON_ID *log, prs_struct *ps, int depth); -void make_arc4_owf(ARC4_OWF *hash, uint8 data[16]); -void smb_io_arc4_owf(char *desc, ARC4_OWF *hash, prs_struct *ps, int depth); +void make_owf_info(OWF_INFO *hash, uint8 data[16]); +void smb_io_owf_info(char *desc, OWF_INFO *hash, prs_struct *ps, int depth); void smb_io_gid(char *desc, DOM_GID *gid, prs_struct *ps, int depth); void smb_io_pol_hnd(char *desc, POLICY_HND *pol, prs_struct *ps, int depth); void smb_io_dom_query_3(char *desc, DOM_QUERY_3 *d_q, prs_struct *ps, int depth); diff --git a/source3/include/rpc_misc.h b/source3/include/rpc_misc.h index 5d4e385875..c6e0d8d5ee 100644 --- a/source3/include/rpc_misc.h +++ b/source3/include/rpc_misc.h @@ -243,12 +243,12 @@ typedef struct logon_info } DOM_LOGON_ID; -/* ARC4_OWF */ -typedef struct arc4_owf_info +/* OWF INFO */ +typedef struct owf_info { uint8 data[16]; -} ARC4_OWF; +} OWF_INFO; /* DOM_GID - group id + user attributes */ diff --git a/source3/include/rpc_netlogon.h b/source3/include/rpc_netlogon.h index 1808649328..1fc6596821 100644 --- a/source3/include/rpc_netlogon.h +++ b/source3/include/rpc_netlogon.h @@ -293,8 +293,8 @@ typedef struct id_info_1 DOM_LOGON_ID logon_id; /* logon ID */ UNIHDR hdr_user_name; /* user name unicode header */ UNIHDR hdr_wksta_name; /* workstation name unicode header */ - ARC4_OWF arc4_lm_owf; /* arc4 LM OWF Password */ - ARC4_OWF arc4_nt_owf; /* arc4 NT OWF Password */ + OWF_INFO lm_owf; /* LM OWF Password */ + OWF_INFO nt_owf; /* NT OWF Password */ UNISTR2 uni_domain_name; /* domain name unicode string */ UNISTR2 uni_user_name; /* user name unicode string */ UNISTR2 uni_wksta_name; /* workgroup name unicode string */ diff --git a/source3/lib/util.c b/source3/lib/util.c index 306e80c307..2d3f8cc916 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -2492,6 +2492,8 @@ BOOL receive_local_message(int fd, char *buffer, int buffer_len, int timeout) int fromlen = sizeof(from); int32 msg_len = 0; + smb_read_error = 0; + if(timeout != 0) { struct timeval to; @@ -2643,6 +2645,8 @@ BOOL receive_message_or_smb(int smbfd, int oplock_fd, int selrtn; struct timeval to; + smb_read_error = 0; + *got_smb = False; /* diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c index dcebf70455..4f57c08a95 100644 --- a/source3/libsmb/clientgen.c +++ b/source3/libsmb/clientgen.c @@ -1280,7 +1280,7 @@ BOOL cli_oem_change_password(struct cli_state *cli, char *user, char *new_passwo E_P16((uchar *)upper_case_new_pw, new_pw_hash); - E_old_pw_hash( new_pw_hash, old_pw_hash, &data[516]); + E_old_pw_hash( new_pw_hash, old_pw_hash, (uchar *)&data[516]); data_len = 532; diff --git a/source3/rpc_parse/parse_misc.c b/source3/rpc_parse/parse_misc.c index 225754903f..78524201ff 100644 --- a/source3/rpc_parse/parse_misc.c +++ b/source3/rpc_parse/parse_misc.c @@ -848,13 +848,13 @@ void smb_io_logon_id(char *desc, DOM_LOGON_ID *log, prs_struct *ps, int depth) } /******************************************************************* -makes an ARC4_OWF structure. +makes an OWF_INFO structure. ********************************************************************/ -void make_arc4_owf(ARC4_OWF *hash, uint8 data[16]) +void make_owf_info(OWF_INFO *hash, uint8 data[16]) { if (hash == NULL) return; - DEBUG(5,("make_arc4_owf: %d\n", __LINE__)); + DEBUG(5,("make_owf_info: %d\n", __LINE__)); if (data != NULL) { @@ -867,13 +867,13 @@ void make_arc4_owf(ARC4_OWF *hash, uint8 data[16]) } /******************************************************************* -reads or writes an ARC4_OWF structure. +reads or writes an OWF_INFO structure. ********************************************************************/ -void smb_io_arc4_owf(char *desc, ARC4_OWF *hash, prs_struct *ps, int depth) +void smb_io_owf_info(char *desc, OWF_INFO *hash, prs_struct *ps, int depth) { if (hash == NULL) return; - prs_debug(ps, depth, desc, "smb_io_arc4_owf"); + prs_debug(ps, depth, desc, "smb_io_owf_info"); depth++; prs_align(ps); diff --git a/source3/rpc_parse/parse_net.c b/source3/rpc_parse/parse_net.c index 69d6ac08ed..529cd37105 100644 --- a/source3/rpc_parse/parse_net.c +++ b/source3/rpc_parse/parse_net.c @@ -580,8 +580,8 @@ void make_id_info1(NET_ID_INFO_1 *id, char *domain_name, int len_user_name = strlen(user_name ); int len_wksta_name = strlen(wksta_name ); - unsigned char arc4_lm_owf[16]; - unsigned char arc4_nt_owf[16]; + unsigned char lm_owf[16]; + unsigned char nt_owf[16]; if (id == NULL) return; @@ -597,12 +597,10 @@ void make_id_info1(NET_ID_INFO_1 *id, char *domain_name, make_uni_hdr(&(id->hdr_user_name ), len_user_name , len_user_name , 4); make_uni_hdr(&(id->hdr_wksta_name ), len_wksta_name , len_wksta_name , 4); -#ifdef USE_ARCFOUR - if (lm_cypher && nt_cypher) { void arcfour(uint8 key[16], uint8 out[16], uint8 in[16]); - unsigned char arc4_key[16]; + unsigned char owf_key[16]; #ifdef DEBUG_PASSWORD DEBUG(100,("lm cypher:")); dump_data(100, lm_cypher, 16); @@ -611,43 +609,27 @@ void make_id_info1(NET_ID_INFO_1 *id, char *domain_name, dump_data(100, nt_cypher, 16); #endif - memset(arc4_key, 0, 16); - memcpy(arc4_key, sess_key, 16); + memcpy(owf_key, sess_key, 16); - arcfour(arc4_key, arc4_lm_owf, lm_cypher); - arcfour(arc4_key, arc4_nt_owf, nt_cypher); + memcpy(lm_owf, lm_cypher, 16); + memcpy(nt_owf, nt_cypher, 16); + SamOEMhash(lm_owf, owf_key, False); + SamOEMhash(nt_owf, owf_key, False); #ifdef DEBUG_PASSWORD - DEBUG(100,("arcfour encrypt of lm owf password:")); - dump_data(100, arc4_lm_owf, 16); + DEBUG(100,("hash of lm owf password:")); + dump_data(100, lm_owf, 16); - DEBUG(100,("arcfour encrypt of nt owf password:")); - dump_data(100, arc4_nt_owf, 16); + DEBUG(100,("hash of nt owf password:")); + dump_data(100, nt_owf, 16); #endif - /* set up pointers to cypher blocks */ - lm_cypher = arc4_lm_owf; - nt_cypher = arc4_nt_owf; - } - -#else - - if (lm_cypher) - { - /* oops. can only send what-ever-it-is direct */ - memcpy(arc4_lm_owf, lm_cypher, 16); - lm_cypher = arc4_lm_owf; + /* set up pointers to blocks */ + lm_cypher = lm_owf; + nt_cypher = nt_owf; } - if (nt_cypher) - { - /* oops. can only send what-ever-it-is direct */ - memcpy(arc4_nt_owf, nt_cypher, 16); - nt_cypher = arc4_nt_owf; - } - -#endif - make_arc4_owf(&(id->arc4_lm_owf), lm_cypher); - make_arc4_owf(&(id->arc4_nt_owf), nt_cypher); + make_owf_info(&(id->lm_owf), lm_cypher); + make_owf_info(&(id->nt_owf), nt_cypher); make_unistr2(&(id->uni_domain_name), domain_name, len_domain_name); make_unistr2(&(id->uni_user_name ), user_name , len_user_name ); @@ -678,8 +660,8 @@ void net_io_id_info1(char *desc, NET_ID_INFO_1 *id, prs_struct *ps, int depth) smb_io_unihdr("unihdr", &(id->hdr_user_name ), ps, depth); smb_io_unihdr("unihdr", &(id->hdr_wksta_name ), ps, depth); - smb_io_arc4_owf("", &(id->arc4_lm_owf), ps, depth); - smb_io_arc4_owf("", &(id->arc4_nt_owf), ps, depth); + smb_io_owf_info("", &(id->lm_owf), ps, depth); + smb_io_owf_info("", &(id->nt_owf), ps, depth); smb_io_unistr2("unistr2", &(id->uni_domain_name), id->hdr_domain_name.buffer, ps, depth); smb_io_unistr2("unistr2", &(id->uni_user_name ), id->hdr_user_name.buffer, ps, depth); @@ -701,8 +683,8 @@ void make_id_info2(NET_ID_INFO_2 *id, char *domain_name, int len_user_name = strlen(user_name ); int len_wksta_name = strlen(wksta_name ); - unsigned char arc4_lm_owf[24]; - unsigned char arc4_nt_owf[24]; + unsigned char lm_owf[24]; + unsigned char nt_owf[24]; if (id == NULL) return; @@ -721,14 +703,14 @@ void make_id_info2(NET_ID_INFO_2 *id, char *domain_name, if (nt_chal_resp) { /* oops. can only send what-ever-it-is direct */ - memcpy(arc4_nt_owf, nt_chal_resp, 24); - nt_chal_resp = arc4_nt_owf; + memcpy(nt_owf, nt_chal_resp, 24); + nt_chal_resp = nt_owf; } if (lm_chal_resp) { /* oops. can only send what-ever-it-is direct */ - memcpy(arc4_lm_owf, lm_chal_resp, 24); - lm_chal_resp = arc4_lm_owf; + memcpy(lm_owf, lm_chal_resp, 24); + lm_chal_resp = lm_owf; } memcpy(&(id->lm_chal), lm_challenge, sizeof(id->lm_chal)); diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c index f85330fd3c..d7a1b9e421 100644 --- a/source3/rpc_server/srv_netlog.c +++ b/source3/rpc_server/srv_netlog.c @@ -485,22 +485,22 @@ static uint32 net_login_interactive(NET_ID_INFO_1 *id1, { uint32 status = 0x0; -#ifdef USE_ARCFOUR - extern void arcfour(uint8 key[16], uint8 out[16], uint8 in[16]); char nt_pwd[16]; char lm_pwd[16]; - unsigned char arc4_key[16]; - memset(arc4_key, 0, 16); - memcpy(arc4_key, vuser->dc.sess_key, 8); + unsigned char key[16]; + memset(key, 0, 16); + memcpy(key, vuser->dc.sess_key, 8); - arcfour(arc4_key, lm_pwd, id1->arc4_lm_owf.data); - arcfour(arc4_key, nt_pwd, id1->arc4_nt_owf.data); + memcpy(lm_pwd, id1->lm_owf.data, 16); + memcpy(nt_pwd, id1->nt_owf.data, 16); + SamOEMhash(lm_pwd, key, False); + SamOEMhash(nt_pwd, key, False); #ifdef DEBUG_PASSWORD - DEBUG(100,("arcfour decrypt of lm owf password:")); + DEBUG(100,("decrypt of lm owf password:")); dump_data(100, lm_pwd, 16); - DEBUG(100,("arcfour decrypt of nt owf password:")); + DEBUG(100,("decrypt of nt owf password:")); dump_data(100, nt_pwd, 16); #endif @@ -509,13 +509,6 @@ static uint32 net_login_interactive(NET_ID_INFO_1 *id1, { status = 0xC0000000 | NT_STATUS_WRONG_PASSWORD; } -#else -/* sorry. have to assume that the password is always ok. - this _is_ ok, because the LSA SAM Logon is nothing to do - with SMB connections to shares. - */ -DEBUG(3,("SAM Logon. Password not being checked\n")); -#endif return status; } diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 89b3e36f52..4798188454 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -1701,7 +1701,8 @@ static BOOL api_SamOEMChangePassword(int cnum,uint16 vuid, char *param,char *dat fstrcpy(user,p); p = skip_string(p,1); - if(check_oem_password( user, data, &smbpw, new_passwd, sizeof(new_passwd)) == False) { + if(check_oem_password( user, (unsigned char *)data, &smbpw, + new_passwd, (int)sizeof(new_passwd)) == False) { return True; } diff --git a/source3/smbd/quotas.c b/source3/smbd/quotas.c index 0a366e5ee6..df85f79b9b 100644 --- a/source3/smbd/quotas.c +++ b/source3/smbd/quotas.c @@ -115,6 +115,8 @@ BOOL disk_quotas(char *path, int *bsize, int *dfree, int *dsize) return(False); } else { + if (D.dqb_bsoftlimit == 0) + D.dqb_bsoftlimit = D.dqb_bhardlimit; *dfree = D.dqb_bsoftlimit - D.dqb_curblocks; *dsize = D.dqb_bsoftlimit; } diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c index 5b5f86c5e1..9a244a28b5 100644 --- a/source3/utils/smbpasswd.c +++ b/source3/utils/smbpasswd.c @@ -248,6 +248,7 @@ int main(int argc, char **argv) int pwfd; char ascii_p16[66]; char c; + int ch; int ret, i, err, writelen; int lockfd = -1; char *pfile = SMB_PASSWD_FILE; @@ -257,6 +258,7 @@ int main(int argc, char **argv) char *remote_machine = NULL; BOOL add_user = False; BOOL got_new_pass = False; + BOOL machine_account = False; pstring servicesf = CONFIGFILE; new_passwd[0] = '\0'; @@ -290,14 +292,17 @@ int main(int argc, char **argv) is_root = (real_uid == 0); - while ((c = getopt(argc, argv, "ahr:")) != EOF) { - switch(c) { + while ((ch = getopt(argc, argv, "ahr:m:")) != EOF) { + switch(ch) { case 'a': add_user = True; break; case 'r': remote_machine = optarg; break; + case 'm': + machine_account = True; + break; case 'h': default: usage(prog_name, is_root); @@ -314,6 +319,14 @@ int main(int argc, char **argv) if(add_user && (remote_machine != NULL)) usage(prog_name, True); + /* + * If we are adding a machine account then pretend + * we already have the new password, we will be using + * the machinename as the password. + */ + if(add_user && machine_account) + got_new_pass = True; + if( is_root ) { /* @@ -488,6 +501,24 @@ int main(int argc, char **argv) exit(0); } + /* + * Check for a machine account flag - make sure the username ends in + * a '$' etc.... + */ + + if(machine_account) { + int username_len = strlen(user_name); + if(username_len >= sizeof(pstring) - 1) { + fprintf(stderr, "%s: machine account name too long.\n", user_name); + exit(1); + } + + if(user_name[username_len] != '$') { + user_name[username_len] = '$'; + user_name[username_len+1] = '\0'; + } + } + /* Calculate the MD4 hash (NT compatible) of the old and new passwords */ memset(old_nt_p16, '\0', 16); E_md4hash((uchar *)old_passwd, old_nt_p16); @@ -575,13 +606,13 @@ int main(int argc, char **argv) if((offpos = lseek(fd, 0, SEEK_END)) == -1) { fprintf(stderr, "%s: Failed to add entry for user %s to file %s. \ -Error was %s\n", prog_name, pwd->pw_name, pfile, strerror(errno)); +Error was %s\n", prog_name, user_name, pfile, strerror(errno)); fclose(fp); pw_file_unlock(lockfd); exit(1); } - new_entry_length = strlen(pwd->pw_name) + 1 + 15 + 1 + + new_entry_length = strlen(user_name) + 1 + 15 + 1 + 32 + 1 + 32 + 1 + strlen(pwd->pw_gecos) + 1 + strlen(pwd->pw_dir) + 1 + strlen(pwd->pw_shell) + 1; -- cgit