From 8433aa437990357a327dbed19afc8033a1ed9be4 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Tue, 11 Jan 2000 02:00:31 +0000 Subject: modified smbd/msrpc credential transfer system. user session key is *missing* from samba cvs main, therefore it is set to all zeros. this will cause, amongst other things, administrator-changing-user-passwords, and setting up new accounts, to fail, as the user's password can only be decoded with the session key (in this case, the administrator's usr sess key). it's never a perfect world, is it? (This used to be commit 3362fcdfa492cfd1d9d4ec35ef2108192302b984) --- source3/include/rpc_creds.h | 4 +++- source3/rpc_parse/parse_creds.c | 19 +++++++++++++++++++ source3/rpc_server/srv_pipe_hnd.c | 10 ++++++++++ 3 files changed, 32 insertions(+), 1 deletion(-) diff --git a/source3/include/rpc_creds.h b/source3/include/rpc_creds.h index c389c64d1d..7869fe339c 100644 --- a/source3/include/rpc_creds.h +++ b/source3/include/rpc_creds.h @@ -53,7 +53,7 @@ typedef struct unixsec_creds typedef struct ntsec_creds { - DOM_SID sid; + DOM_SID sid; uint32 num_grps; uint32 *grp_rids; @@ -66,6 +66,7 @@ typedef struct user_creds uint32 ptr_uxc; uint32 ptr_nts; uint32 ptr_uxs; + uint32 ptr_ssk; CREDS_NT ntc; CREDS_UNIX uxc; @@ -73,6 +74,7 @@ typedef struct user_creds CREDS_NT_SEC nts; CREDS_UNIX_SEC uxs; + uchar usr_sess_key[16]; } CREDS_HYBRID; diff --git a/source3/rpc_parse/parse_creds.c b/source3/rpc_parse/parse_creds.c index 74dac2f011..54c9c48cba 100644 --- a/source3/rpc_parse/parse_creds.c +++ b/source3/rpc_parse/parse_creds.c @@ -334,6 +334,7 @@ BOOL creds_io_hybrid(char *desc, CREDS_HYBRID *r_u, prs_struct *ps, int depth) prs_uint32("ptr_uxc", ps, depth, &(r_u->ptr_uxc)); prs_uint32("ptr_nts", ps, depth, &(r_u->ptr_nts)); prs_uint32("ptr_uxs", ps, depth, &(r_u->ptr_uxs)); + prs_uint32("ptr_ssk", ps, depth, &(r_u->ptr_ssk)); if (r_u->ptr_ntc != 0) { if (!creds_io_nt ("ntc", &r_u->ntc, ps, depth)) return False; @@ -350,6 +351,14 @@ BOOL creds_io_hybrid(char *desc, CREDS_HYBRID *r_u, prs_struct *ps, int depth) { if (!creds_io_unix_sec("uxs", &r_u->uxs, ps, depth)) return False; } + if (r_u->ptr_ssk != 0) + { + prs_uint8s(False, "usr_sess_key", ps, depth, (char*)&r_u->usr_sess_key, sizeof(r_u->usr_sess_key)); + } + else + { + memset(r_u->usr_sess_key, 0, sizeof(r_u->usr_sess_key)); + } return True; } @@ -432,6 +441,9 @@ void copy_nt_creds(struct ntuser_creds *to, safe_strcpy(to->user_name, from->user_name, sizeof(from->user_name)-1); memcpy(&to->pwd, &from->pwd, sizeof(from->pwd)); to->ntlmssp_flags = from->ntlmssp_flags; + DEBUG(10,("copy_nt_creds: user %s domain %s flgs: %x\n", + to->user_name, to->domain, + to->ntlmssp_flags)); }; void copy_user_creds(struct user_creds *to, @@ -444,6 +456,7 @@ void copy_user_creds(struct user_creds *to, to->ptr_uxc = 0; to->ptr_nts = 0; to->ptr_uxs = 0; + to->ptr_ssk = 0; copy_nt_creds(&to->ntc, NULL); copy_unix_creds(&to->uxc, NULL); copy_nt_sec_creds(&to->nts, NULL); @@ -455,6 +468,7 @@ void copy_user_creds(struct user_creds *to, to->ptr_uxs = from->ptr_uxs; to->ptr_ntc = from->ptr_ntc; to->ptr_uxc = from->ptr_uxc; + to->ptr_ssk = from->ptr_ssk; if (to->ptr_ntc != 0) { copy_nt_creds(&to->ntc, &from->ntc); @@ -471,6 +485,11 @@ void copy_user_creds(struct user_creds *to, { copy_unix_sec_creds(&to->uxs, &from->uxs); } + if (to->ptr_ssk != 0) + { + memcpy(to->usr_sess_key, from->usr_sess_key, + sizeof(to->usr_sess_key)); + } to->reuse = from->reuse; }; diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 46beba6316..736d1435d1 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -136,6 +136,16 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, vuser->n_groups, vuser->groups); usr.ptr_uxs = 1; + usr.ptr_ssk = 1; + DEBUG(0,("user session key not available (yet).\n")); + DEBUG(0,("password-change operations may fail.\n")); + +#if USER_SESSION_KEY_DEFINED_IN_VUSER_STRUCT + memcpy(usr.usr_sess_key, vuser->usr_sess_key, sizeof(usr.usr_sess_key)); +#else + memset(usr.usr_sess_key, 0, sizeof(usr.usr_sess_key)); +#endif + /* set up nt credentials from the smb side, to feed over the pipe */ /* lkclXXXX todo! make_creds_nt(&usr.ntc); -- cgit