From 986372901e85a79343ba32f590a4a3e7658d2565 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 3 Aug 2001 13:09:23 +0000 Subject: This is my 'Authentication Rewrite' version 1.01, mostly as submitted to samba-technical a few weeks ago. The idea here is to standardize the checking of user names and passwords, thereby ensuring that all authtentications pass the same standards. The interface currently implemented in as nt_status = check_password(user_info, server_info) where user_info contains (mostly) the authentication data, and server_info contains things like the user-id they got, and their resolved user name. The current ugliness with the way the structures are created will be killed the next revision, when they will be created and malloced by creator functions. This patch also includes the first implementation of NTLMv2 in HEAD, but which needs some more testing. We also add a hack to allow plaintext passwords to be compared with smbpasswd, not the system password database. Finally, this patch probably reintroduces the PAM accounts bug we had in 2.2.0, I'll fix that once this hits the tree. (I've just finished testing it on a wide variety of platforms, so I want to get this patch in). (This used to be commit b30b6202f31d339b48d51c0d38174cafd1cfcd42) --- source3/auth/auth_server.c | 244 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 244 insertions(+) create mode 100644 source3/auth/auth_server.c (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c new file mode 100644 index 0000000000..dc1d924b3c --- /dev/null +++ b/source3/auth/auth_server.c @@ -0,0 +1,244 @@ +/* + Unix SMB/Netbios implementation. + Version 1.9. + Authenticate to a remote server + Copyright (C) Andrew Tridgell 1992-1998 + Copyright (C) Andrew Bartlett 2001 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +extern int DEBUGLEVEL; + +extern pstring global_myname; + +/**************************************************************************** + Return the client state structure. +****************************************************************************/ + +struct cli_state *server_client(void) +{ + static struct cli_state pw_cli; + return &pw_cli; +} + +/**************************************************************************** + Support for server level security. +****************************************************************************/ + +struct cli_state *server_cryptkey(void) +{ + struct cli_state *cli; + fstring desthost; + struct in_addr dest_ip; + char *p, *pserver; + BOOL connected_ok = False; + + cli = server_client(); + + if (!cli_initialise(cli)) + return NULL; + + pserver = strdup(lp_passwordserver()); + p = pserver; + + while(next_token( &p, desthost, LIST_SEP, sizeof(desthost))) { + standard_sub_basic(desthost); + strupper(desthost); + + if(!resolve_name( desthost, &dest_ip, 0x20)) { + DEBUG(1,("server_cryptkey: Can't resolve address for %s\n",desthost)); + continue; + } + + if (ismyip(dest_ip)) { + DEBUG(1,("Password server loop - disabling password server %s\n",desthost)); + continue; + } + + if (cli_connect(cli, desthost, &dest_ip)) { + DEBUG(3,("connected to password server %s\n",desthost)); + connected_ok = True; + break; + } + } + + free(pserver); + + if (!connected_ok) { + DEBUG(0,("password server not available\n")); + cli_shutdown(cli); + return NULL; + } + + if (!attempt_netbios_session_request(cli, global_myname, desthost, &dest_ip)) + return NULL; + + DEBUG(3,("got session\n")); + + if (!cli_negprot(cli)) { + DEBUG(1,("%s rejected the negprot\n",desthost)); + cli_shutdown(cli); + return NULL; + } + + if (cli->protocol < PROTOCOL_LANMAN2 || + !(cli->sec_mode & 1)) { + DEBUG(1,("%s isn't in user level security mode\n",desthost)); + cli_shutdown(cli); + return NULL; + } + + DEBUG(3,("password server OK\n")); + + return cli; +} + + +/**************************************************************************** + Validate a password with the password server. +****************************************************************************/ + +static uint32 server_validate(const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info) +{ + struct cli_state *cli; + static unsigned char badpass[24]; + static fstring baduser; + static BOOL tested_password_server = False; + static BOOL bad_password_server = False; + uint32 nt_status = NT_STATUS_LOGON_FAILURE; + + cli = server_client(); + + if (!cli->initialised) { + DEBUG(1,("password server %s is not connected\n", cli->desthost)); + return(NT_STATUS_LOGON_FAILURE); + } + + if(badpass[0] == 0) + memset(badpass, 0x1f, sizeof(badpass)); + + if((user_info->nt_resp.len == sizeof(badpass)) && + !memcmp(badpass, user_info->nt_resp.buffer, sizeof(badpass))) { + /* + * Very unlikely, our random bad password is the same as the users + * password. + */ + memset(badpass, badpass[0]+1, sizeof(badpass)); + } + + if(baduser[0] == 0) { + fstrcpy(baduser, INVALID_USER_PREFIX); + fstrcat(baduser, global_myname); + } + + /* + * Attempt a session setup with a totally incorrect password. + * If this succeeds with the guest bit *NOT* set then the password + * server is broken and is not correctly setting the guest bit. We + * need to detect this as some versions of NT4.x are broken. JRA. + */ + + /* I sure as hell hope that there arn't servers out there that take + * NTLMv2 and have this bug, as we don't test for that... + * - abartlet@samba.org + */ + + if(!tested_password_server) { + if (cli_session_setup(cli, baduser, (char *)badpass, sizeof(badpass), + (char *)badpass, sizeof(badpass), user_info->domain.str)) { + + /* + * We connected to the password server so we + * can say we've tested it. + */ + tested_password_server = True; + + if ((SVAL(cli->inbuf,smb_vwv2) & 1) == 0) { + DEBUG(0,("server_validate: password server %s allows users as non-guest \ +with a bad password.\n", cli->desthost)); + DEBUG(0,("server_validate: This is broken (and insecure) behaviour. Please do not \ +use this machine as the password server.\n")); + cli_ulogoff(cli); + + /* + * Password server has the bug. + */ + bad_password_server = True; + return NT_STATUS_LOGON_FAILURE; + } + cli_ulogoff(cli); + } + } else { + + /* + * We have already tested the password server. + * Fail immediately if it has the bug. + */ + + if(bad_password_server) { + DEBUG(0,("server_validate: [1] password server %s allows users as non-guest \ +with a bad password.\n", cli->desthost)); + DEBUG(0,("server_validate: [1] This is broken (and insecure) behaviour. Please do not \ +use this machine as the password server.\n")); + return NT_STATUS_LOGON_FAILURE; + } + } + + /* + * Now we know the password server will correctly set the guest bit, or is + * not guest enabled, we can try with the real password. + */ + + if (!cli_session_setup(cli, user_info->smb_username.str, + user_info->lm_resp.buffer, + user_info->lm_resp.len, + user_info->nt_resp.buffer, + user_info->nt_resp.len, + user_info->domain.str)) { + DEBUG(1,("password server %s rejected the password\n", cli->desthost)); + nt_status = NT_STATUS_LOGON_FAILURE; + } else { + nt_status = NT_STATUS_NOPROBLEMO; + } + + /* if logged in as guest then reject */ + if ((SVAL(cli->inbuf,smb_vwv2) & 1) != 0) { + DEBUG(1,("password server %s gave us guest only\n", cli->desthost)); + nt_status = NT_STATUS_LOGON_FAILURE; + } + + cli_ulogoff(cli); + + return(nt_status); +} + +/**************************************************************************** + Check for a valid username and password in security=server mode. +****************************************************************************/ + +uint32 check_server_security(const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info) +{ + + if(lp_security() != SEC_SERVER) + return NT_STATUS_LOGON_FAILURE; + + return server_validate(user_info, server_info); + +} + + -- cgit From 578a39d44f532a211169a7635043e2dfc18b3c65 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 17 Aug 2001 07:03:27 +0000 Subject: smbd/auth_server: Doco, we want to use cli_nt_error here soon smbd/password.c: We don't use globals here anymore smbd/reply.c: Tidyness, global_myworkgroup must die! smbd/service.c: Move some of the make_connection code into a helper function. (This used to be commit 15c87e404fcaff9e360a40b8b673938c6e611daf) --- source3/auth/auth_server.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index dc1d924b3c..1960fc1cfb 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -211,6 +211,7 @@ use this machine as the password server.\n")); user_info->nt_resp.len, user_info->domain.str)) { DEBUG(1,("password server %s rejected the password\n", cli->desthost)); + /* Make this cli_nt_error() when the conversion is in */ nt_status = NT_STATUS_LOGON_FAILURE; } else { nt_status = NT_STATUS_NOPROBLEMO; -- cgit From 252742f2b021e8d7a06c8c86e099e616511f9996 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 21 Aug 2001 02:58:07 +0000 Subject: Add a new option to disable our paranoid server check. Defaults to ON, ie checking (This used to be commit bd3010263be24425206587abfdb41164089e2157) --- source3/auth/auth_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 1960fc1cfb..0711b056bd 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -158,7 +158,7 @@ static uint32 server_validate(const auth_usersupplied_info *user_info, auth_serv * - abartlet@samba.org */ - if(!tested_password_server) { + if ((!tested_password_server) && (lp_paranoid_server_security())) { if (cli_session_setup(cli, baduser, (char *)badpass, sizeof(badpass), (char *)badpass, sizeof(badpass), user_info->domain.str)) { -- cgit From 717533483b41ef975953f58e0c6be04828a3d467 Mon Sep 17 00:00:00 2001 From: Herb Lewis Date: Fri, 24 Aug 2001 20:32:01 +0000 Subject: get rid of compiler warnings (This used to be commit 0768991d04ea03e774ca8662c9cae5e1951b88e0) --- source3/auth/auth_server.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 0711b056bd..ad66f0c4ac 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -205,9 +205,9 @@ use this machine as the password server.\n")); */ if (!cli_session_setup(cli, user_info->smb_username.str, - user_info->lm_resp.buffer, + (char *)user_info->lm_resp.buffer, user_info->lm_resp.len, - user_info->nt_resp.buffer, + (char *)user_info->nt_resp.buffer, user_info->nt_resp.len, user_info->domain.str)) { DEBUG(1,("password server %s rejected the password\n", cli->desthost)); -- cgit From b031af348c7dcc8c74bf49945211c466b8eca079 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 27 Aug 2001 19:46:22 +0000 Subject: converted another bunch of stuff to NTSTATUS (This used to be commit 1d36250e338ae0ff9fbbf86019809205dd97d05e) --- source3/auth/auth_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index ad66f0c4ac..9636094fa3 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -214,7 +214,7 @@ use this machine as the password server.\n")); /* Make this cli_nt_error() when the conversion is in */ nt_status = NT_STATUS_LOGON_FAILURE; } else { - nt_status = NT_STATUS_NOPROBLEMO; + nt_status = NT_STATUS_OK; } /* if logged in as guest then reject */ -- cgit From 19fea3242cf6234786b6cbb60631e0071f31ff9f Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 4 Sep 2001 07:13:01 +0000 Subject: the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but the client code still needs some work (This used to be commit dcd6e735f709a9231860ceb9682db40ff26c9a66) --- source3/auth/auth_server.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 9636094fa3..b279152f74 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -113,14 +113,14 @@ struct cli_state *server_cryptkey(void) Validate a password with the password server. ****************************************************************************/ -static uint32 server_validate(const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info) +static NTSTATUS server_validate(const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info) { struct cli_state *cli; static unsigned char badpass[24]; static fstring baduser; static BOOL tested_password_server = False; static BOOL bad_password_server = False; - uint32 nt_status = NT_STATUS_LOGON_FAILURE; + NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE; cli = server_client(); @@ -232,14 +232,13 @@ use this machine as the password server.\n")); Check for a valid username and password in security=server mode. ****************************************************************************/ -uint32 check_server_security(const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info) +NTSTATUS check_server_security(const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info) { if(lp_security() != SEC_SERVER) return NT_STATUS_LOGON_FAILURE; return server_validate(user_info, server_info); - } -- cgit From b7a0c132894e15712a55aaa92175df73fb8814a9 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 14 Sep 2001 10:38:40 +0000 Subject: Now that we always get back an NTSTATUS code actually pass it on to the auth subsytem. Also kill off the (unneeded) wrapper fuction. Andrew Bartlett (This used to be commit 96f06b490ac5e9fd86debccf8d41675fa41f7726) --- source3/auth/auth_server.c | 20 ++++---------------- 1 file changed, 4 insertions(+), 16 deletions(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index b279152f74..7ed4cf60ad 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -110,10 +110,11 @@ struct cli_state *server_cryptkey(void) /**************************************************************************** - Validate a password with the password server. + Check for a valid username and password in security=server mode. + - Validate a password with the password server. ****************************************************************************/ -static NTSTATUS server_validate(const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info) +NTSTATUS check_server_security(const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info) { struct cli_state *cli; static unsigned char badpass[24]; @@ -212,7 +213,7 @@ use this machine as the password server.\n")); user_info->domain.str)) { DEBUG(1,("password server %s rejected the password\n", cli->desthost)); /* Make this cli_nt_error() when the conversion is in */ - nt_status = NT_STATUS_LOGON_FAILURE; + nt_status = cli_nt_error(cli); } else { nt_status = NT_STATUS_OK; } @@ -228,17 +229,4 @@ use this machine as the password server.\n")); return(nt_status); } -/**************************************************************************** - Check for a valid username and password in security=server mode. -****************************************************************************/ - -NTSTATUS check_server_security(const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info) -{ - - if(lp_security() != SEC_SERVER) - return NT_STATUS_LOGON_FAILURE; - - return server_validate(user_info, server_info); -} - -- cgit From 61b2794968faa35dc91edce17e9b91e5366c3514 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 17 Sep 2001 11:25:41 +0000 Subject: move to SAFE_FREE() (This used to be commit a95943fde0ad89ae3f2deca2f7ba9cb5ab612b74) --- source3/auth/auth_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 7ed4cf60ad..e4c91c4dcb 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -77,7 +77,7 @@ struct cli_state *server_cryptkey(void) } } - free(pserver); + SAFE_FREE(pserver); if (!connected_ok) { DEBUG(0,("password server not available\n")); -- cgit From dc1fc3ee8ec2199bc73bb5d7ec711c6800f61d65 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 2 Oct 2001 04:29:50 +0000 Subject: Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header. (This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e) --- source3/auth/auth_server.c | 4 ---- 1 file changed, 4 deletions(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index e4c91c4dcb..2574a52ef3 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -22,8 +22,6 @@ #include "includes.h" -extern int DEBUGLEVEL; - extern pstring global_myname; /**************************************************************************** @@ -228,5 +226,3 @@ use this machine as the password server.\n")); return(nt_status); } - - -- cgit From 1f829e19eb3b81ad1c4451fe9a90617e6cee7dd7 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 30 Oct 2001 13:54:54 +0000 Subject: Spnego on the 'server' end of security=server just does not work, so set the flags so we just do a 'normal' session setup. Also add some parinoia code to detect when sombody attempts to do a 'normal' session setup when spnego had been negoitiated. Andrew Bartlett (This used to be commit 190898586fa218c952fbd5bea56155d04e6f248b) --- source3/auth/auth_server.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 2574a52ef3..520417e3e0 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -51,6 +51,9 @@ struct cli_state *server_cryptkey(void) if (!cli_initialise(cli)) return NULL; + /* security = server just can't function with spnego */ + cli->use_spnego = False; + pserver = strdup(lp_passwordserver()); p = pserver; -- cgit From 60f0627afb167faad57385d44f0b587186a7ac2b Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 31 Oct 2001 10:46:25 +0000 Subject: This is a farily large patch (3300 lines) and reworks most of the AuthRewrite code. In particular this assists tpot in some of his work, becouse it provides the connection between the authenticaion and the vuid generation. Major Changes: - Fully malloc'ed structures. - Massive rework of the code so that all structures are made and destroyed using malloc and free, rather than hanging around on the stack. - SAM_ACCOUNT unix uids and gids are now pointers to the same, to allow them to be declared 'invalid' without the chance that people might get ROOT by default. - kill off some of the "DOMAIN\user" lookups. These can be readded at a more appropriate place (probably domain_client_validate.c) in the future. They don't belong in session setups. - Massive introduction of DATA_BLOB structures, particularly for passwords. - Use NTLMSSP flags to tell the backend what its getting, rather than magic lenghths. - Fix winbind back up again, but tpot is redoing this soon anyway. - Abstract much of the work in srv_netlog_nt back into auth helper functions. This is a LARGE change, and any assistance is testing it is appriciated. Domain logons are still broken (as far as I can tell) but other functionality seems intact. Needs testing with a wide variety of MS clients. Andrew Bartlett (This used to be commit f70fb819b2f57bd57232b51808345e2319d52f6c) --- source3/auth/auth_server.c | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 520417e3e0..ddbc284d50 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -115,7 +115,7 @@ struct cli_state *server_cryptkey(void) - Validate a password with the password server. ****************************************************************************/ -NTSTATUS check_server_security(const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info) +NTSTATUS check_server_security(const auth_usersupplied_info *user_info, auth_serversupplied_info **server_info) { struct cli_state *cli; static unsigned char badpass[24]; @@ -134,8 +134,8 @@ NTSTATUS check_server_security(const auth_usersupplied_info *user_info, auth_ser if(badpass[0] == 0) memset(badpass, 0x1f, sizeof(badpass)); - if((user_info->nt_resp.len == sizeof(badpass)) && - !memcmp(badpass, user_info->nt_resp.buffer, sizeof(badpass))) { + if((user_info->nt_resp.length == sizeof(badpass)) && + !memcmp(badpass, user_info->nt_resp.data, sizeof(badpass))) { /* * Very unlikely, our random bad password is the same as the users * password. @@ -206,11 +206,11 @@ use this machine as the password server.\n")); * not guest enabled, we can try with the real password. */ - if (!cli_session_setup(cli, user_info->smb_username.str, - (char *)user_info->lm_resp.buffer, - user_info->lm_resp.len, - (char *)user_info->nt_resp.buffer, - user_info->nt_resp.len, + if (!cli_session_setup(cli, user_info->smb_name.str, + (char *)user_info->lm_resp.data, + user_info->lm_resp.length, + (char *)user_info->nt_resp.data, + user_info->nt_resp.length, user_info->domain.str)) { DEBUG(1,("password server %s rejected the password\n", cli->desthost)); /* Make this cli_nt_error() when the conversion is in */ @@ -227,5 +227,16 @@ use this machine as the password server.\n")); cli_ulogoff(cli); + if NT_STATUS_IS_OK(nt_status) { + struct passwd *pass = Get_Pwnam(user_info->internal_username.str); + if (pass) { + if (!make_server_info_pw(server_info, pass)) { + nt_status = NT_STATUS_NO_MEMORY; + } + } else { + nt_status = NT_STATUS_NO_SUCH_USER; + } + } + return(nt_status); } -- cgit From d0a2faf78d316fec200497f5f7997df4c477a1e1 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 24 Nov 2001 12:12:38 +0000 Subject: This is another rather major change to the samba authenticaion subystem. The particular aim is to modularized the interface - so that we can have arbitrary password back-ends. This code adds one such back-end, a 'winbind' module to authenticate against the winbind_auth_crap functionality. While fully-functional this code is mainly useful as a demonstration, because we don't get back the info3 as we would for direct ntdomain authentication. This commit introduced the new 'auth methods' parameter, in the spirit of the 'auth order' discussed on the lists. It is renamed because not all the methods may be consulted, even if previous methods fail - they may not have a suitable challenge for example. Also, we have a 'local' authentication method, for old-style 'unix if plaintext, sam if encrypted' authentication and a 'guest' module to handle guest logins in a single place. While this current design is not ideal, I feel that it does provide a better infrastructure than the current design, and can be built upon. The following parameters have changed: - use rhosts = This has been replaced by the 'rhosts' authentication method, and can be specified like 'auth methods = guest rhosts' - hosts equiv = This needs both this parameter and an 'auth methods' entry to be effective. (auth methods = guest hostsequiv ....) - plaintext to smbpasswd = This is replaced by specifying 'sam' rather than 'local' in the auth methods. The security = parameter is unchanged, and now provides defaults for the 'auth methods' parameter. The available auth methods are: guest rhosts hostsequiv sam (passdb direct hash access) unix (PAM, crypt() etc) local (the combination of the above, based on encryption) smbserver (old security=server) ntdomain (old security=domain) winbind (use winbind to cache DC connections) Assistance in testing, or the production of new and interesting authentication modules is always appreciated. Andrew Bartlett (This used to be commit 8d31eae52a9757739711dbb82035a4dfe6b40c99) --- source3/auth/auth_server.c | 172 +++++++++++++++++++++++++++++++++++++-------- 1 file changed, 142 insertions(+), 30 deletions(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index ddbc284d50..067b5b2997 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -24,31 +24,19 @@ extern pstring global_myname; -/**************************************************************************** - Return the client state structure. -****************************************************************************/ - -struct cli_state *server_client(void) -{ - static struct cli_state pw_cli; - return &pw_cli; -} - /**************************************************************************** Support for server level security. ****************************************************************************/ -struct cli_state *server_cryptkey(void) +static struct cli_state *server_cryptkey(void) { - struct cli_state *cli; + struct cli_state *cli = NULL; fstring desthost; struct in_addr dest_ip; char *p, *pserver; BOOL connected_ok = False; - cli = server_client(); - - if (!cli_initialise(cli)) + if (!(cli = cli_initialise(cli))) return NULL; /* security = server just can't function with spnego */ @@ -88,7 +76,11 @@ struct cli_state *server_cryptkey(void) if (!attempt_netbios_session_request(cli, global_myname, desthost, &dest_ip)) return NULL; - + + if (strequal(desthost,myhostname())) { + exit_server("Password server loop!"); + } + DEBUG(3,("got session\n")); if (!cli_negprot(cli)) { @@ -109,13 +101,82 @@ struct cli_state *server_cryptkey(void) return cli; } +/**************************************************************************** + Clean up our allocated cli. +****************************************************************************/ + +static void free_server_private_data(void **private_data_pointer) +{ + struct cli_state **cli = (struct cli_state **)private_data_pointer; + if (*cli && (*cli)->initialised) { + cli_shutdown(*cli); + + SAFE_FREE(*cli); + } +} + +/**************************************************************************** + Send a 'keepalive' packet down the cli pipe. +****************************************************************************/ + +static void send_server_keepalive(void **private_data_pointer) +{ + struct cli_state **cli = (struct cli_state **)private_data_pointer; + + /* also send a keepalive to the password server if its still + connected */ + if (cli && *cli && (*cli)->initialised) { + if (!send_keepalive((*cli)->fd)) { + DEBUG( 2, ( "password server keepalive failed.\n")); + cli_shutdown(*cli); + SAFE_FREE(*cli); + } + } +} + +/**************************************************************************** + Get the challange out of a password server. +****************************************************************************/ + +static DATA_BLOB auth_get_challange_server(void **my_private_data, const struct authsupplied_info *auth_info) +{ + struct cli_state *cli = server_cryptkey(); + + if (cli) { + DEBUG(3,("using password server validation\n")); + if ((cli->sec_mode & 2) == 0) { + /* We can't work with unencrypted password servers + unless 'encrypt passwords = no' */ + DEBUG(5,("make_auth_info_server: Server is unencrypted, no challange available..\n")); + + *my_private_data = (void *)cli; + return data_blob(NULL, 0); + + } else if (cli->secblob.length < 8) { + /* We can't do much if we don't get a full challange */ + DEBUG(2,("make_auth_info_server: Didn't receive a full challange from server\n")); + cli_shutdown(cli); + return data_blob(NULL, 0); + } + + *my_private_data = (void *)cli; + + return data_blob(cli->secblob.data,8); + } else { + return data_blob(NULL, 0); + } +} + /**************************************************************************** Check for a valid username and password in security=server mode. - Validate a password with the password server. ****************************************************************************/ -NTSTATUS check_server_security(const auth_usersupplied_info *user_info, auth_serversupplied_info **server_info) +static NTSTATUS check_smbserver_security(void *my_private_data, + const auth_usersupplied_info *user_info, + const auth_authsupplied_info *auth_info, + auth_serversupplied_info **server_info) { struct cli_state *cli; static unsigned char badpass[24]; @@ -123,13 +184,32 @@ NTSTATUS check_server_security(const auth_usersupplied_info *user_info, auth_ser static BOOL tested_password_server = False; static BOOL bad_password_server = False; NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE; + BOOL locally_made_cli = False; - cli = server_client(); + cli = my_private_data; + + if (cli) { + } else { + cli = server_cryptkey(); + locally_made_cli = True; + } - if (!cli->initialised) { + if (!cli || !cli->initialised) { DEBUG(1,("password server %s is not connected\n", cli->desthost)); - return(NT_STATUS_LOGON_FAILURE); + return NT_STATUS_LOGON_FAILURE; } + + if ((cli->sec_mode & 2) == 0) { + if (user_info->encrypted) { + DEBUG(1,("password server %s is plaintext, but we are encrypted. This just can't work :-(\n", cli->desthost)); + return NT_STATUS_LOGON_FAILURE; + } + } else { + if (memcmp(cli->secblob.data, auth_info->challange.data, 8) != 0) { + DEBUG(1,("the challange that the password server (%s) supplied us is not the one we gave our client. This just can't work :-(\n", cli->desthost)); + return NT_STATUS_LOGON_FAILURE; + } + } if(badpass[0] == 0) memset(badpass, 0x1f, sizeof(badpass)); @@ -206,17 +286,32 @@ use this machine as the password server.\n")); * not guest enabled, we can try with the real password. */ - if (!cli_session_setup(cli, user_info->smb_name.str, - (char *)user_info->lm_resp.data, - user_info->lm_resp.length, - (char *)user_info->nt_resp.data, - user_info->nt_resp.length, - user_info->domain.str)) { - DEBUG(1,("password server %s rejected the password\n", cli->desthost)); - /* Make this cli_nt_error() when the conversion is in */ - nt_status = cli_nt_error(cli); + if (!user_info->encrypted) { + /* Plaintext available */ + if (!cli_session_setup(cli, user_info->smb_name.str, + (char *)user_info->plaintext_password.data, + user_info->plaintext_password.length, + NULL, 0, + user_info->domain.str)) { + DEBUG(1,("password server %s rejected the password\n", cli->desthost)); + /* Make this cli_nt_error() when the conversion is in */ + nt_status = cli_nt_error(cli); + } else { + nt_status = NT_STATUS_OK; + } } else { - nt_status = NT_STATUS_OK; + if (!cli_session_setup(cli, user_info->smb_name.str, + (char *)user_info->lm_resp.data, + user_info->lm_resp.length, + (char *)user_info->nt_resp.data, + user_info->nt_resp.length, + user_info->domain.str)) { + DEBUG(1,("password server %s rejected the password\n", cli->desthost)); + /* Make this cli_nt_error() when the conversion is in */ + nt_status = cli_nt_error(cli); + } else { + nt_status = NT_STATUS_OK; + } } /* if logged in as guest then reject */ @@ -238,5 +333,22 @@ use this machine as the password server.\n")); } } + if (locally_made_cli) { + cli_shutdown(cli); + SAFE_FREE(cli); + } + return(nt_status); } + +BOOL auth_init_smbserver(auth_methods **auth_method) +{ + if (!make_auth_methods(auth_method)) { + return False; + } + (*auth_method)->auth = check_smbserver_security; + (*auth_method)->get_chal = auth_get_challange_server; + (*auth_method)->send_keepalive = send_server_keepalive; + (*auth_method)->free_private_data = free_server_private_data; + return True; +} -- cgit From 178f6a64b26d828db6b516392d7072e9c29f6233 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Mon, 26 Nov 2001 04:05:28 +0000 Subject: challange -> challenge (This used to be commit d6318add27f6bca5be00cbedf2226b642341297a) --- source3/auth/auth_server.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 067b5b2997..a3cfc3a0e6 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -135,10 +135,10 @@ static void send_server_keepalive(void **private_data_pointer) } /**************************************************************************** - Get the challange out of a password server. + Get the challenge out of a password server. ****************************************************************************/ -static DATA_BLOB auth_get_challange_server(void **my_private_data, const struct authsupplied_info *auth_info) +static DATA_BLOB auth_get_challenge_server(void **my_private_data, const struct authsupplied_info *auth_info) { struct cli_state *cli = server_cryptkey(); @@ -147,14 +147,14 @@ static DATA_BLOB auth_get_challange_server(void **my_private_data, const struct if ((cli->sec_mode & 2) == 0) { /* We can't work with unencrypted password servers unless 'encrypt passwords = no' */ - DEBUG(5,("make_auth_info_server: Server is unencrypted, no challange available..\n")); + DEBUG(5,("make_auth_info_server: Server is unencrypted, no challenge available..\n")); *my_private_data = (void *)cli; return data_blob(NULL, 0); } else if (cli->secblob.length < 8) { - /* We can't do much if we don't get a full challange */ - DEBUG(2,("make_auth_info_server: Didn't receive a full challange from server\n")); + /* We can't do much if we don't get a full challenge */ + DEBUG(2,("make_auth_info_server: Didn't receive a full challenge from server\n")); cli_shutdown(cli); return data_blob(NULL, 0); } @@ -205,8 +205,8 @@ static NTSTATUS check_smbserver_security(void *my_private_data, return NT_STATUS_LOGON_FAILURE; } } else { - if (memcmp(cli->secblob.data, auth_info->challange.data, 8) != 0) { - DEBUG(1,("the challange that the password server (%s) supplied us is not the one we gave our client. This just can't work :-(\n", cli->desthost)); + if (memcmp(cli->secblob.data, auth_info->challenge.data, 8) != 0) { + DEBUG(1,("the challenge that the password server (%s) supplied us is not the one we gave our client. This just can't work :-(\n", cli->desthost)); return NT_STATUS_LOGON_FAILURE; } } @@ -347,7 +347,7 @@ BOOL auth_init_smbserver(auth_methods **auth_method) return False; } (*auth_method)->auth = check_smbserver_security; - (*auth_method)->get_chal = auth_get_challange_server; + (*auth_method)->get_chal = auth_get_challenge_server; (*auth_method)->send_keepalive = send_server_keepalive; (*auth_method)->free_private_data = free_server_private_data; return True; -- cgit From 4499007e45637f172c4afb0ec2e048cf795a3cbe Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 26 Nov 2001 06:47:04 +0000 Subject: A number of things to clean up the auth subsytem a bit... We now default encrypt passwords = yes We now check plaintext passwords (however aquired) with the 'sam' backend rather than unix, if encrypt passwords = yes. (this kills off the 'local' backed. The sam backend may be renamed in its place) The new 'samstrict' wrapper backend checks that the user's domain is one of our netbios aliases - this ensures that we don't get fallback crazies with security = domain. Similarly, the code in the 'ntdomain' and 'smbserver' backends now checks that the user was not local before contacting the DC. The default ordering has changed, we now check the local stuff first - but becouse of the changes above, we will really only ever contact one auth source. Andrew Bartlett (This used to be commit e89b47f65e7eaf5eb288a3d6ba2d3d115c628e7e) --- source3/auth/auth_server.c | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index a3cfc3a0e6..d061a5a84f 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -186,6 +186,17 @@ static NTSTATUS check_smbserver_security(void *my_private_data, NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE; BOOL locally_made_cli = False; + /* + * Check that the requested domain is not our own machine name. + * If it is, we should never check the PDC here, we use our own local + * password file. + */ + + if(is_netbios_alias_or_name(user_info->domain.str)) { + DEBUG(3,("check_ntdomain_security: Requested domain was for this machine.\n")); + return NT_STATUS_LOGON_FAILURE; + } + cli = my_private_data; if (cli) { -- cgit From f1db6a0c6cb6898699426700a10721acc4ad4407 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 26 Nov 2001 07:23:51 +0000 Subject: Fix debug (This used to be commit 44224ae156394dac1055c68764c84f758cea6540) --- source3/auth/auth_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index d061a5a84f..628e672608 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -193,7 +193,7 @@ static NTSTATUS check_smbserver_security(void *my_private_data, */ if(is_netbios_alias_or_name(user_info->domain.str)) { - DEBUG(3,("check_ntdomain_security: Requested domain was for this machine.\n")); + DEBUG(3,("check_smbserver_security: Requested domain was for this machine.\n")); return NT_STATUS_LOGON_FAILURE; } -- cgit From eec9e8a052407611df223fec982588e7a2bd7f49 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 28 Nov 2001 03:56:30 +0000 Subject: fix a bunch of places where we can double-free a cli structure (This used to be commit e2ba2383c9f679c076749a8f4fccefc3559e37ec) --- source3/auth/auth_server.c | 4 ---- 1 file changed, 4 deletions(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 628e672608..4608c639eb 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -110,8 +110,6 @@ static void free_server_private_data(void **private_data_pointer) struct cli_state **cli = (struct cli_state **)private_data_pointer; if (*cli && (*cli)->initialised) { cli_shutdown(*cli); - - SAFE_FREE(*cli); } } @@ -129,7 +127,6 @@ static void send_server_keepalive(void **private_data_pointer) if (!send_keepalive((*cli)->fd)) { DEBUG( 2, ( "password server keepalive failed.\n")); cli_shutdown(*cli); - SAFE_FREE(*cli); } } } @@ -346,7 +343,6 @@ use this machine as the password server.\n")); if (locally_made_cli) { cli_shutdown(cli); - SAFE_FREE(cli); } return(nt_status); -- cgit From e0066d2dd4d9a657d1fbcb474e66a304a64e2a31 Mon Sep 17 00:00:00 2001 From: Jean-François Micouleau Date: Thu, 6 Dec 2001 13:09:15 +0000 Subject: again an intrusive patch: - removed the ugly as hell sam_logon_in_ssb variable, I changed a bit the definition of standard_sub_basic() to cope with that. - removed the smb.conf: 'domain admin group' and 'domain guest group' parameters ! We're not playing anymore with the user's group RIDs ! - in get_domain_user_groups(), if the user's gid is a group, put it first in the group RID list. I just have to write an HOWTO now ;-) J.F. (This used to be commit fef52c4b96c987115fb1818c00c2352c67790e50) --- source3/auth/auth_server.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 4608c639eb..8d9b9f9819 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -23,6 +23,7 @@ #include "includes.h" extern pstring global_myname; +extern userdom_struct current_user_info; /**************************************************************************** Support for server level security. @@ -46,7 +47,7 @@ static struct cli_state *server_cryptkey(void) p = pserver; while(next_token( &p, desthost, LIST_SEP, sizeof(desthost))) { - standard_sub_basic(desthost); + standard_sub_basic(current_user_info.smb_name, desthost); strupper(desthost); if(!resolve_name( desthost, &dest_ip, 0x20)) { -- cgit From 22a76a063213bdc514816440d3838e145c4ec340 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 8 Dec 2001 02:25:25 +0000 Subject: Fix segfault, and add a comment. (This used to be commit ff91131ef9b384765de3e4f22202d1e493f02efc) --- source3/auth/auth_server.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 8d9b9f9819..7e43d529d2 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -142,11 +142,14 @@ static DATA_BLOB auth_get_challenge_server(void **my_private_data, const struct if (cli) { DEBUG(3,("using password server validation\n")); + if ((cli->sec_mode & 2) == 0) { /* We can't work with unencrypted password servers unless 'encrypt passwords = no' */ DEBUG(5,("make_auth_info_server: Server is unencrypted, no challenge available..\n")); - + + /* However, it is still a perfectly fine connection + to pass that unencrypted password over */ *my_private_data = (void *)cli; return data_blob(NULL, 0); @@ -204,7 +207,7 @@ static NTSTATUS check_smbserver_security(void *my_private_data, } if (!cli || !cli->initialised) { - DEBUG(1,("password server %s is not connected\n", cli->desthost)); + DEBUG(1,("password server is not connected (cli not initilised)\n")); return NT_STATUS_LOGON_FAILURE; } -- cgit From 4a6d1318bd9123f5a9c1d72721a9175320356fbe Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 1 Jan 2002 03:10:32 +0000 Subject: A farily large commit: - Move rpc_client/cli_trust.c to smbd/change_trust_pw.c - It hasn't been used by anything else since smbpasswd lost its -j - Add a TALLOC_CTX to the auth subsytem. These are only valid for the length of the calls to the individual modules, if you want a longer context hide it in your private data. Similarly, all returns (like the server_info) should still be malloced. - Move the 'ntdomain' module (security=domain in oldspeak) over to use the new libsmb domain logon code. Also rework much of the code to use some better helper functions for the connection - getting us much better error returns (the new code is NTSTATUS). The only remaining thing to do is to figure out if tpot's 0xdead 0xbeef for the LUID feilds is sufficient, or if we should do random LUIDs as per the old code. Similarly, I'll move winbind over to this when I get a chance. This leaves the SPOOLSS code and some cli_pipe code as the only stuff still in rpc_client, at least as far as smbd is concerned. While I've given this a basic rundown, any testing is as always appriciated. Andrew Bartlett (This used to be commit d870edce76ecca259230fbdbdacd0c86793b4837) --- source3/auth/auth_server.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 7e43d529d2..7178e3147c 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -29,7 +29,7 @@ extern userdom_struct current_user_info; Support for server level security. ****************************************************************************/ -static struct cli_state *server_cryptkey(void) +static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) { struct cli_state *cli = NULL; fstring desthost; @@ -43,7 +43,7 @@ static struct cli_state *server_cryptkey(void) /* security = server just can't function with spnego */ cli->use_spnego = False; - pserver = strdup(lp_passwordserver()); + pserver = talloc_strdup(mem_ctx, lp_passwordserver()); p = pserver; while(next_token( &p, desthost, LIST_SEP, sizeof(desthost))) { @@ -67,8 +67,6 @@ static struct cli_state *server_cryptkey(void) } } - SAFE_FREE(pserver); - if (!connected_ok) { DEBUG(0,("password server not available\n")); cli_shutdown(cli); @@ -136,9 +134,11 @@ static void send_server_keepalive(void **private_data_pointer) Get the challenge out of a password server. ****************************************************************************/ -static DATA_BLOB auth_get_challenge_server(void **my_private_data, const struct authsupplied_info *auth_info) +static DATA_BLOB auth_get_challenge_server(void **my_private_data, + TALLOC_CTX *mem_ctx, + const struct authsupplied_info *auth_info) { - struct cli_state *cli = server_cryptkey(); + struct cli_state *cli = server_cryptkey(mem_ctx); if (cli) { DEBUG(3,("using password server validation\n")); @@ -175,9 +175,10 @@ static DATA_BLOB auth_get_challenge_server(void **my_private_data, const struct ****************************************************************************/ static NTSTATUS check_smbserver_security(void *my_private_data, - const auth_usersupplied_info *user_info, - const auth_authsupplied_info *auth_info, - auth_serversupplied_info **server_info) + TALLOC_CTX *mem_ctx, + const auth_usersupplied_info *user_info, + const auth_authsupplied_info *auth_info, + auth_serversupplied_info **server_info) { struct cli_state *cli; static unsigned char badpass[24]; @@ -202,7 +203,7 @@ static NTSTATUS check_smbserver_security(void *my_private_data, if (cli) { } else { - cli = server_cryptkey(); + cli = server_cryptkey(mem_ctx); locally_made_cli = True; } -- cgit From 2e28f8ff0e3bb50ac5b2742c7678c39cb65bcd95 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 5 Jan 2002 04:55:41 +0000 Subject: I've decided to move the auth code around a bit more... The auth_authsupplied_info typedef is now just a plain struct - auth_context, but it has been modified to contain the function pointers to the rest of the auth subsystem's components. (Who needs non-static functions anyway?) In working all this mess out, I fixed a number of memory leaks and moved the entire auth subsystem over to talloc(). Note that the TALLOC_CTX attached to the auth_context can be rather long-lived, it is provided for things that are intended to live as long. (The global_negprot_auth_context lasts the whole life of the smbd). I've also adjusted a few things in auth_domain.c, mainly passing the domain as a paramater to a few functions instead of looking up lp_workgroup(). I'm hopign to make this entire thing a bit more trusted domains (as PDC) freindly in the near future. Other than that, I moved a bit of the code around, hence the rather messy diff. Andrew Bartlett (This used to be commit 12f5515f556cf39fea98134fe3e2ac4540501048) --- source3/auth/auth_server.c | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 7178e3147c..c83230b716 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -134,9 +134,9 @@ static void send_server_keepalive(void **private_data_pointer) Get the challenge out of a password server. ****************************************************************************/ -static DATA_BLOB auth_get_challenge_server(void **my_private_data, - TALLOC_CTX *mem_ctx, - const struct authsupplied_info *auth_info) +static DATA_BLOB auth_get_challenge_server(const struct auth_context *auth_context, + void **my_private_data, + TALLOC_CTX *mem_ctx) { struct cli_state *cli = server_cryptkey(mem_ctx); @@ -161,8 +161,10 @@ static DATA_BLOB auth_get_challenge_server(void **my_private_data, } *my_private_data = (void *)cli; - - return data_blob(cli->secblob.data,8); + + /* The return must be allocated on the caller's mem_ctx, as our own will be + destoyed just after the call. */ + return data_blob_talloc(auth_context->mem_ctx, cli->secblob.data,8); } else { return data_blob(NULL, 0); } @@ -174,10 +176,10 @@ static DATA_BLOB auth_get_challenge_server(void **my_private_data, - Validate a password with the password server. ****************************************************************************/ -static NTSTATUS check_smbserver_security(void *my_private_data, +static NTSTATUS check_smbserver_security(const struct auth_context *auth_context, + void *my_private_data, TALLOC_CTX *mem_ctx, const auth_usersupplied_info *user_info, - const auth_authsupplied_info *auth_info, auth_serversupplied_info **server_info) { struct cli_state *cli; @@ -218,7 +220,7 @@ static NTSTATUS check_smbserver_security(void *my_private_data, return NT_STATUS_LOGON_FAILURE; } } else { - if (memcmp(cli->secblob.data, auth_info->challenge.data, 8) != 0) { + if (memcmp(cli->secblob.data, auth_context->challenge.data, 8) != 0) { DEBUG(1,("the challenge that the password server (%s) supplied us is not the one we gave our client. This just can't work :-(\n", cli->desthost)); return NT_STATUS_LOGON_FAILURE; } @@ -353,9 +355,9 @@ use this machine as the password server.\n")); return(nt_status); } -BOOL auth_init_smbserver(auth_methods **auth_method) +BOOL auth_init_smbserver(struct auth_context *auth_context, auth_methods **auth_method) { - if (!make_auth_methods(auth_method)) { + if (!make_auth_methods(auth_context, auth_method)) { return False; } (*auth_method)->auth = check_smbserver_security; -- cgit From cd68afe31256ad60748b34f7318a180cfc2127cc Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Wed, 30 Jan 2002 06:08:46 +0000 Subject: Removed version number from file header. Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa) --- source3/auth/auth_server.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index c83230b716..5190d45c20 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -1,6 +1,5 @@ /* - Unix SMB/Netbios implementation. - Version 1.9. + Unix SMB/CIFS implementation. Authenticate to a remote server Copyright (C) Andrew Tridgell 1992-1998 Copyright (C) Andrew Bartlett 2001 -- cgit From e90b65284812aaa5ff9e9935ce9bbad7791cbbcd Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 15 Jul 2002 10:35:28 +0000 Subject: updated the 3.0 branch from the head branch - ready for alpha18 (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce) --- source3/auth/auth_server.c | 57 ++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 47 insertions(+), 10 deletions(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 5190d45c20..23faedc0ba 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -21,6 +21,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_AUTH + extern pstring global_myname; extern userdom_struct current_user_info; @@ -46,7 +49,7 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) p = pserver; while(next_token( &p, desthost, LIST_SEP, sizeof(desthost))) { - standard_sub_basic(current_user_info.smb_name, desthost); + standard_sub_basic(current_user_info.smb_name, desthost, sizeof(desthost)); strupper(desthost); if(!resolve_name( desthost, &dest_ip, 0x20)) { @@ -59,6 +62,15 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) continue; } + /* we use a mutex to prevent two connections at once - when a + Win2k PDC get two connections where one hasn't completed a + session setup yet it will send a TCP reset to the first + connection (tridge) */ + + if (!grab_server_mutex(desthost)) { + return NULL; + } + if (cli_connect(cli, desthost, &dest_ip)) { DEBUG(3,("connected to password server %s\n",desthost)); connected_ok = True; @@ -67,13 +79,19 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) } if (!connected_ok) { + release_server_mutex(); DEBUG(0,("password server not available\n")); cli_shutdown(cli); return NULL; } - - if (!attempt_netbios_session_request(cli, global_myname, desthost, &dest_ip)) + + if (!attempt_netbios_session_request(cli, global_myname, + desthost, &dest_ip)) { + release_server_mutex(); + DEBUG(1,("password server fails session request\n")); + cli_shutdown(cli); return NULL; + } if (strequal(desthost,myhostname())) { exit_server("Password server loop!"); @@ -83,19 +101,37 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) if (!cli_negprot(cli)) { DEBUG(1,("%s rejected the negprot\n",desthost)); + release_server_mutex(); cli_shutdown(cli); return NULL; } if (cli->protocol < PROTOCOL_LANMAN2 || - !(cli->sec_mode & 1)) { + !(cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL)) { DEBUG(1,("%s isn't in user level security mode\n",desthost)); + release_server_mutex(); cli_shutdown(cli); return NULL; } - DEBUG(3,("password server OK\n")); + /* Get the first session setup done quickly, to avoid silly + Win2k bugs. (The next connection to the server will kill + this one... + */ + if (!cli_session_setup(cli, "", "", 0, "", 0, + "")) { + DEBUG(0,("%s rejected the initial session setup (%s)\n", + desthost, cli_errstr(cli))); + release_server_mutex(); + cli_shutdown(cli); + return NULL; + } + + release_server_mutex(); + + DEBUG(3,("password server OK\n")); + return cli; } @@ -142,7 +178,7 @@ static DATA_BLOB auth_get_challenge_server(const struct auth_context *auth_conte if (cli) { DEBUG(3,("using password server validation\n")); - if ((cli->sec_mode & 2) == 0) { + if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0) { /* We can't work with unencrypted password servers unless 'encrypt passwords = no' */ DEBUG(5,("make_auth_info_server: Server is unencrypted, no challenge available..\n")); @@ -213,7 +249,7 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context return NT_STATUS_LOGON_FAILURE; } - if ((cli->sec_mode & 2) == 0) { + if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0) { if (user_info->encrypted) { DEBUG(1,("password server %s is plaintext, but we are encrypted. This just can't work :-(\n", cli->desthost)); return NT_STATUS_LOGON_FAILURE; @@ -354,14 +390,15 @@ use this machine as the password server.\n")); return(nt_status); } -BOOL auth_init_smbserver(struct auth_context *auth_context, auth_methods **auth_method) +NTSTATUS auth_init_smbserver(struct auth_context *auth_context, const char* param, auth_methods **auth_method) { if (!make_auth_methods(auth_context, auth_method)) { - return False; + return NT_STATUS_NO_MEMORY; } + (*auth_method)->name = "smbserver"; (*auth_method)->auth = check_smbserver_security; (*auth_method)->get_chal = auth_get_challenge_server; (*auth_method)->send_keepalive = send_server_keepalive; (*auth_method)->free_private_data = free_server_private_data; - return True; + return NT_STATUS_OK; } -- cgit From a834a73e341059be154426390304a42e4a011f72 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 25 Sep 2002 15:19:00 +0000 Subject: sync'ing up for 3.0alpha20 release (This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139) --- source3/auth/auth_server.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 23faedc0ba..0ed905e79c 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -285,7 +285,7 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context * need to detect this as some versions of NT4.x are broken. JRA. */ - /* I sure as hell hope that there arn't servers out there that take + /* I sure as hell hope that there aren't servers out there that take * NTLMv2 and have this bug, as we don't test for that... * - abartlet@samba.org */ @@ -375,9 +375,7 @@ use this machine as the password server.\n")); if NT_STATUS_IS_OK(nt_status) { struct passwd *pass = Get_Pwnam(user_info->internal_username.str); if (pass) { - if (!make_server_info_pw(server_info, pass)) { - nt_status = NT_STATUS_NO_MEMORY; - } + nt_status = make_server_info_pw(server_info, pass); } else { nt_status = NT_STATUS_NO_SUCH_USER; } -- cgit From 2f194322d419350f35a48dff750066894d68eccf Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 12 Nov 2002 23:20:50 +0000 Subject: Removed global_myworkgroup, global_myname, global_myscope. Added liberal dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy. (This used to be commit f755711df8f74f9b8e8c1a2b0d07d02a931eeb89) --- source3/auth/auth_server.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 0ed905e79c..5144852d3b 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -24,7 +24,6 @@ #undef DBGC_CLASS #define DBGC_CLASS DBGC_AUTH -extern pstring global_myname; extern userdom_struct current_user_info; /**************************************************************************** @@ -36,7 +35,8 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) struct cli_state *cli = NULL; fstring desthost; struct in_addr dest_ip; - char *p, *pserver; + const char *p; + char *pserver; BOOL connected_ok = False; if (!(cli = cli_initialise(cli))) @@ -85,7 +85,7 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) return NULL; } - if (!attempt_netbios_session_request(cli, global_myname, + if (!attempt_netbios_session_request(cli, global_myname(), desthost, &dest_ip)) { release_server_mutex(); DEBUG(1,("password server fails session request\n")); @@ -231,7 +231,7 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context * password file. */ - if(is_netbios_alias_or_name(user_info->domain.str)) { + if(is_myname(user_info->domain.str)) { DEBUG(3,("check_smbserver_security: Requested domain was for this machine.\n")); return NT_STATUS_LOGON_FAILURE; } @@ -275,7 +275,7 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context if(baduser[0] == 0) { fstrcpy(baduser, INVALID_USER_PREFIX); - fstrcat(baduser, global_myname); + fstrcat(baduser, global_myname()); } /* -- cgit From a8c95d79f83b4097ee20d5f3f1005c38ccf00186 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 16 Apr 2003 12:13:07 +0000 Subject: Add support for the new modules system to auth/ (merge from HEAD) (This used to be commit c7a1de090db35835be1a1623bfc80c04065c5dd9) --- source3/auth/auth_server.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 5144852d3b..a311f01dc3 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -400,3 +400,8 @@ NTSTATUS auth_init_smbserver(struct auth_context *auth_context, const char* para (*auth_method)->free_private_data = free_server_private_data; return NT_STATUS_OK; } + +int auth_server_init(void) +{ + return smb_register_auth("smbserver", auth_init_smbserver, AUTH_INTERFACE_VERSION); +} -- cgit From 17a3acafa89bfc6090b0767d05a00a7505003fcc Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 28 Apr 2003 17:48:48 +0000 Subject: Use NTSTATUS as return value for smb_register_*() functions and init_module() function. Patch by metze with some minor modifications. (This used to be commit bc4b51bcb2daa7271c884cb83bf8bdba6d3a9b6d) --- source3/auth/auth_server.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index a311f01dc3..73af290af2 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -401,7 +401,7 @@ NTSTATUS auth_init_smbserver(struct auth_context *auth_context, const char* para return NT_STATUS_OK; } -int auth_server_init(void) +NTSTATUS auth_server_init(void) { - return smb_register_auth("smbserver", auth_init_smbserver, AUTH_INTERFACE_VERSION); + return smb_register_auth(AUTH_INTERFACE_VERSION, "smbserver", auth_init_smbserver); } -- cgit From 6ace723c44f61c1166b90666ca6f5b2546ced46b Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 25 May 2003 23:56:41 +0000 Subject: Get 'add user script' working again for Samba 3.0. I'm still not convinced that sharing the option name with the administrative code is the best idea, but anyway... Tested by vl, bug #41. Andrew Bartlett (This used to be commit 9d78f064c5e4e6b340f994204977aaac6513320b) --- source3/auth/auth_server.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 73af290af2..18c5216137 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -372,12 +372,19 @@ use this machine as the password server.\n")); cli_ulogoff(cli); - if NT_STATUS_IS_OK(nt_status) { + if (NT_STATUS_IS_OK(nt_status)) { struct passwd *pass = Get_Pwnam(user_info->internal_username.str); if (pass) { nt_status = make_server_info_pw(server_info, pass); } else { - nt_status = NT_STATUS_NO_SUCH_USER; + auth_add_user_script(user_info->domain.str, user_info->internal_username.str); + pass = Get_Pwnam(user_info->internal_username.str); + + if (pass) { + nt_status = make_server_info_pw(server_info, pass); + } else { + nt_status = NT_STATUS_NO_SUCH_USER; + } } } -- cgit From cad20ab63b55462836da007de39fc84ffa38eda8 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 4 Jun 2003 16:40:50 +0000 Subject: Add some static. Patch by Stefan Metzmacher (This used to be commit e1a8e9b7f3e69c7271d2b715703b2d5b2412bd42) --- source3/auth/auth_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 18c5216137..2a1e4a48d9 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -395,7 +395,7 @@ use this machine as the password server.\n")); return(nt_status); } -NTSTATUS auth_init_smbserver(struct auth_context *auth_context, const char* param, auth_methods **auth_method) +static NTSTATUS auth_init_smbserver(struct auth_context *auth_context, const char* param, auth_methods **auth_method) { if (!make_auth_methods(auth_context, auth_method)) { return NT_STATUS_NO_MEMORY; -- cgit From 61116049cabc292c2f2d570af4d68ddc537b91f5 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 3 Jul 2003 14:36:42 +0000 Subject: This patch takes the work the jerry did for beta2, and generalises it: - The 'not implmented' checks are now done by all auth modules - the ntdomain/trustdomain/winbind modules are more presise as to what domain names they can and cannot handle - The become_root() calls are now around the winbind pipe opening only, not the entire auth call - The unix username is kept seperate from the NT username, removing the need for 'clean off the domain\' in parse_net.c - All sid->uid translations are now validated with getpwuid() to put a very basic stop to logins with 'half deleted' accounts. Andrew Bartlett (This used to be commit 85f88191b9927cc434645ef4c1eaf5ec0e8af2ec) --- source3/auth/auth_server.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 2a1e4a48d9..af0848e12a 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -222,7 +222,7 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context static fstring baduser; static BOOL tested_password_server = False; static BOOL bad_password_server = False; - NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE; + NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED; BOOL locally_made_cli = False; /* @@ -233,7 +233,7 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context if(is_myname(user_info->domain.str)) { DEBUG(3,("check_smbserver_security: Requested domain was for this machine.\n")); - return NT_STATUS_LOGON_FAILURE; + return nt_status; } cli = my_private_data; -- cgit From ce72beb2b558d86fb49063c6b1fa00e07952ce56 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 3 Jul 2003 19:11:31 +0000 Subject: Removed strupper/strlower macros that automatically map to strupper_m/strlower_m. I really want people to think about when they're using multibyte strings. Jeremy. (This used to be commit ff222716a08af65d26ad842ce4c2841cc6540959) --- source3/auth/auth_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index af0848e12a..30e0e13a56 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -50,7 +50,7 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) while(next_token( &p, desthost, LIST_SEP, sizeof(desthost))) { standard_sub_basic(current_user_info.smb_name, desthost, sizeof(desthost)); - strupper(desthost); + strupper_m(desthost); if(!resolve_name( desthost, &dest_ip, 0x20)) { DEBUG(1,("server_cryptkey: Can't resolve address for %s\n",desthost)); -- cgit From 33e6af5b3d8db3e0c4a7eabacf3be1c849805c84 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 10 Nov 2003 19:33:42 +0000 Subject: Patch from Andrew Bartlett for security=server core dump if server goes away. Jeremy. (This used to be commit e61324cc6a222ca714530827068104f7a74c0911) --- source3/auth/auth_server.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 30e0e13a56..b57293943c 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -153,14 +153,16 @@ static void free_server_private_data(void **private_data_pointer) static void send_server_keepalive(void **private_data_pointer) { - struct cli_state **cli = (struct cli_state **)private_data_pointer; - /* also send a keepalive to the password server if its still connected */ - if (cli && *cli && (*cli)->initialised) { - if (!send_keepalive((*cli)->fd)) { - DEBUG( 2, ( "password server keepalive failed.\n")); - cli_shutdown(*cli); + if (private_data_pointer) { + struct cli_state *cli = (struct cli_state *)(*private_data_pointer); + if (cli && cli->initialised) { + if (!send_keepalive(cli->fd)) { + DEBUG( 2, ( "send_server_keepalive: password server keepalive failed.\n")); + cli_shutdown(cli); + *private_data_pointer = NULL; + } } } } -- cgit From 62685054962f4be7d8791b87dff85e89347269e8 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 23 Nov 2003 00:16:54 +0000 Subject: Patch by emil@disksites.com to ensure we always always free() each auth method. (We had relied on the use of talloc() only, despite providing the free() callback) Andrew Bartlett (This used to be commit 5872c0e26e3407c7c1dcf2074a36896a3ca1325a) --- source3/auth/auth_server.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index b57293943c..41adc21784 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -143,8 +143,10 @@ static void free_server_private_data(void **private_data_pointer) { struct cli_state **cli = (struct cli_state **)private_data_pointer; if (*cli && (*cli)->initialised) { + DEBUG(10, ("Shutting down smbserver connection\n")); cli_shutdown(*cli); } + *private_data_pointer = NULL; } /**************************************************************************** -- cgit From d24b8a2032a2e92d954781e610ab535361fefd88 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 16 Mar 2004 16:41:54 +0000 Subject: BUG 1165, 1126: Fix bug with secondary groups (security = ads) and winbind use default domain = yes (This used to be commit f2eaa14b1eb7e89c945b2b06a48e17998c75d620) --- source3/auth/auth_server.c | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 41adc21784..bc611ec229 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -377,18 +377,17 @@ use this machine as the password server.\n")); cli_ulogoff(cli); if (NT_STATUS_IS_OK(nt_status)) { - struct passwd *pass = Get_Pwnam(user_info->internal_username.str); - if (pass) { - nt_status = make_server_info_pw(server_info, pass); - } else { - auth_add_user_script(user_info->domain.str, user_info->internal_username.str); - pass = Get_Pwnam(user_info->internal_username.str); + fstring real_username; + struct passwd *pass; - if (pass) { - nt_status = make_server_info_pw(server_info, pass); - } else { - nt_status = NT_STATUS_NO_SUCH_USER; - } + if ( (pass = smb_getpwnam( user_info->internal_username.str, + real_username, True )) != NULL ) + { + nt_status = make_server_info_pw(server_info, pass->pw_name, pass); + } + else + { + nt_status = NT_STATUS_NO_SUCH_USER; } } -- cgit From b279ee16e982d419c2205a7f790bd9cb8035d6e5 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 7 Jun 2005 17:52:19 +0000 Subject: r7372: abartet's patch for BUG 2391 (segv caused by free a static pointer) (This used to be commit 4cda2bd035276bd090bf0fbd4e3b2eff657a80cb) --- source3/auth/auth_server.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index bc611ec229..7bce32ef2b 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -384,6 +384,7 @@ use this machine as the password server.\n")); real_username, True )) != NULL ) { nt_status = make_server_info_pw(server_info, pass->pw_name, pass); + passwd_free(&pass); } else { -- cgit From 0af1500fc0bafe61019f1b2ab1d9e1d369221240 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 3 Feb 2006 22:19:41 +0000 Subject: r13316: Let the carnage begin.... Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f) --- source3/auth/auth_server.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 7bce32ef2b..8eed8bba6a 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -235,7 +235,7 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context * password file. */ - if(is_myname(user_info->domain.str)) { + if(is_myname(user_info->domain)) { DEBUG(3,("check_smbserver_security: Requested domain was for this machine.\n")); return nt_status; } @@ -296,7 +296,7 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context if ((!tested_password_server) && (lp_paranoid_server_security())) { if (cli_session_setup(cli, baduser, (char *)badpass, sizeof(badpass), - (char *)badpass, sizeof(badpass), user_info->domain.str)) { + (char *)badpass, sizeof(badpass), user_info->domain)) { /* * We connected to the password server so we @@ -342,11 +342,11 @@ use this machine as the password server.\n")); if (!user_info->encrypted) { /* Plaintext available */ - if (!cli_session_setup(cli, user_info->smb_name.str, + if (!cli_session_setup(cli, user_info->smb_name, (char *)user_info->plaintext_password.data, user_info->plaintext_password.length, NULL, 0, - user_info->domain.str)) { + user_info->domain)) { DEBUG(1,("password server %s rejected the password\n", cli->desthost)); /* Make this cli_nt_error() when the conversion is in */ nt_status = cli_nt_error(cli); @@ -354,12 +354,12 @@ use this machine as the password server.\n")); nt_status = NT_STATUS_OK; } } else { - if (!cli_session_setup(cli, user_info->smb_name.str, + if (!cli_session_setup(cli, user_info->smb_name, (char *)user_info->lm_resp.data, user_info->lm_resp.length, (char *)user_info->nt_resp.data, user_info->nt_resp.length, - user_info->domain.str)) { + user_info->domain)) { DEBUG(1,("password server %s rejected the password\n", cli->desthost)); /* Make this cli_nt_error() when the conversion is in */ nt_status = cli_nt_error(cli); @@ -380,11 +380,11 @@ use this machine as the password server.\n")); fstring real_username; struct passwd *pass; - if ( (pass = smb_getpwnam( user_info->internal_username.str, + if ( (pass = smb_getpwnam( NULL, user_info->internal_username, real_username, True )) != NULL ) { nt_status = make_server_info_pw(server_info, pass->pw_name, pass); - passwd_free(&pass); + talloc_free(pass); } else { -- cgit From fb5362c069b5b6548478b2217a0519c56d856705 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Mon, 20 Feb 2006 17:59:58 +0000 Subject: r13571: Replace all calls to talloc_free() with thye TALLOC_FREE() macro which sets the freed pointer to NULL. (This used to be commit b65be8874a2efe5a4b167448960a4fcf6bd995e2) --- source3/auth/auth_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 8eed8bba6a..7bec1b4128 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -384,7 +384,7 @@ use this machine as the password server.\n")); real_username, True )) != NULL ) { nt_status = make_server_info_pw(server_info, pass->pw_name, pass); - talloc_free(pass); + TALLOC_FREE(pass); } else { -- cgit From fbdcf2663b56007a438ac4f0d8d82436b1bfe688 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 11 Jul 2006 18:01:26 +0000 Subject: r16945: Sync trunk -> 3.0 for 3.0.24 code. Still need to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8) --- source3/auth/auth_server.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 7bec1b4128..6e4dba0be2 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -39,7 +39,7 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) char *pserver; BOOL connected_ok = False; - if (!(cli = cli_initialise(cli))) + if (!(cli = cli_initialise())) return NULL; /* security = server just can't function with spnego */ @@ -49,7 +49,8 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) p = pserver; while(next_token( &p, desthost, LIST_SEP, sizeof(desthost))) { - standard_sub_basic(current_user_info.smb_name, desthost, sizeof(desthost)); + standard_sub_basic(current_user_info.smb_name, current_user_info.domain, + desthost, sizeof(desthost)); strupper_m(desthost); if(!resolve_name( desthost, &dest_ip, 0x20)) { @@ -85,7 +86,7 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) return NULL; } - if (!attempt_netbios_session_request(cli, global_myname(), + if (!attempt_netbios_session_request(&cli, global_myname(), desthost, &dest_ip)) { release_server_mutex(); DEBUG(1,("password server fails session request\n")); @@ -129,7 +130,7 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) } release_server_mutex(); - + DEBUG(3,("password server OK\n")); return cli; -- cgit From b29915d6113264bdce243005d29a1af9a8b69bde Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 16 Aug 2006 17:14:16 +0000 Subject: r17571: Change the return code of cli_session_setup from BOOL to NTSTATUS Volker (This used to be commit 94817a8ef53589011bc4ead4e17807a101acf5c9) --- source3/auth/auth_server.c | 55 +++++++++++++++++++++++----------------------- 1 file changed, 27 insertions(+), 28 deletions(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 6e4dba0be2..7ffea1ca11 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -120,8 +120,8 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) this one... */ - if (!cli_session_setup(cli, "", "", 0, "", 0, - "")) { + if (!NT_STATUS_IS_OK(cli_session_setup(cli, "", "", 0, "", 0, + ""))) { DEBUG(0,("%s rejected the initial session setup (%s)\n", desthost, cli_errstr(cli))); release_server_mutex(); @@ -241,7 +241,7 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context return nt_status; } - cli = my_private_data; + cli = (struct cli_state *)my_private_data; if (cli) { } else { @@ -296,8 +296,12 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context */ if ((!tested_password_server) && (lp_paranoid_server_security())) { - if (cli_session_setup(cli, baduser, (char *)badpass, sizeof(badpass), - (char *)badpass, sizeof(badpass), user_info->domain)) { + if (NT_STATUS_IS_OK(cli_session_setup(cli, baduser, + (char *)badpass, + sizeof(badpass), + (char *)badpass, + sizeof(badpass), + user_info->domain))) { /* * We connected to the password server so we @@ -343,30 +347,25 @@ use this machine as the password server.\n")); if (!user_info->encrypted) { /* Plaintext available */ - if (!cli_session_setup(cli, user_info->smb_name, - (char *)user_info->plaintext_password.data, - user_info->plaintext_password.length, - NULL, 0, - user_info->domain)) { - DEBUG(1,("password server %s rejected the password\n", cli->desthost)); - /* Make this cli_nt_error() when the conversion is in */ - nt_status = cli_nt_error(cli); - } else { - nt_status = NT_STATUS_OK; - } + nt_status = cli_session_setup( + cli, user_info->smb_name, + (char *)user_info->plaintext_password.data, + user_info->plaintext_password.length, + NULL, 0, user_info->domain); + } else { - if (!cli_session_setup(cli, user_info->smb_name, - (char *)user_info->lm_resp.data, - user_info->lm_resp.length, - (char *)user_info->nt_resp.data, - user_info->nt_resp.length, - user_info->domain)) { - DEBUG(1,("password server %s rejected the password\n", cli->desthost)); - /* Make this cli_nt_error() when the conversion is in */ - nt_status = cli_nt_error(cli); - } else { - nt_status = NT_STATUS_OK; - } + nt_status = cli_session_setup( + cli, user_info->smb_name, + (char *)user_info->lm_resp.data, + user_info->lm_resp.length, + (char *)user_info->nt_resp.data, + user_info->nt_resp.length, + user_info->domain); + } + + if (!NT_STATUS_IS_OK(nt_status)) { + DEBUG(1,("password server %s rejected the password: %s\n", + cli->desthost, nt_errstr(nt_status))); } /* if logged in as guest then reject */ -- cgit From cb0402c2d3941a813e33b2b5e07c54b9ff644ca4 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 1 Dec 2006 15:06:34 +0000 Subject: r19980: Implement pam account stack checks when obey pam restrictions is true. It was missing for security=server/domain/ads Simo. (This used to be commit 550f651499c22c3c11594a0a39061a8a9b438d82) --- source3/auth/auth_server.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 7ffea1ca11..8a8ecfa575 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -383,7 +383,15 @@ use this machine as the password server.\n")); if ( (pass = smb_getpwnam( NULL, user_info->internal_username, real_username, True )) != NULL ) { - nt_status = make_server_info_pw(server_info, pass->pw_name, pass); + /* if a real user check pam account restrictions */ + /* only really perfomed if "obey pam restriction" is true */ + nt_status = smb_pam_accountcheck(pass->pw_name); + if ( !NT_STATUS_IS_OK(nt_status)) { + DEBUG(1, ("PAM account restriction prevents user login\n")); + } else { + + nt_status = make_server_info_pw(server_info, pass->pw_name, pass); + } TALLOC_FREE(pass); } else -- cgit From 5bb49b08f3d79ef9ee17dbbd64ce90dc438d96df Mon Sep 17 00:00:00 2001 From: James Peach Date: Mon, 18 Dec 2006 04:25:21 +0000 Subject: r20237: Replace exit_server with exit_server_cleanly where appropriate. All send_smb failures should be clean exits. All times when we exit as a matter of policy should also be clean exits. (This used to be commit d6382092e72120a3c89ffe81975e8898d454bf06) --- source3/auth/auth_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 8a8ecfa575..c7243e8468 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -95,7 +95,7 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) } if (strequal(desthost,myhostname())) { - exit_server("Password server loop!"); + exit_server_cleanly("Password server loop!"); } DEBUG(3,("got session\n")); -- cgit From c0e37a74963ae942ed48431bd2ea353ebad256ff Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 18 Mar 2007 11:24:10 +0000 Subject: r21870: Move sending auth_server keepalives out of the main loop into an idle event. Volker (This used to be commit 6226b30f38cd82531422815ba66a687aab50028d) --- source3/auth/auth_server.c | 85 ++++++++++++++++++++++++++++++++-------------- 1 file changed, 60 insertions(+), 25 deletions(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index c7243e8468..c140ef48f9 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -136,38 +136,72 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) return cli; } +struct server_security_state { + struct cli_state *cli; +}; + /**************************************************************************** - Clean up our allocated cli. + Send a 'keepalive' packet down the cli pipe. ****************************************************************************/ -static void free_server_private_data(void **private_data_pointer) +static BOOL send_server_keepalive(const struct timeval *now, + void *private_data) { - struct cli_state **cli = (struct cli_state **)private_data_pointer; - if (*cli && (*cli)->initialised) { - DEBUG(10, ("Shutting down smbserver connection\n")); - cli_shutdown(*cli); + struct server_security_state *state = talloc_get_type_abort( + private_data, struct server_security_state); + + if (!state->cli || !state->cli->initialised) { + return False; + } + + if (send_keepalive(state->cli->fd)) { + return True; } - *private_data_pointer = NULL; + + DEBUG( 2, ( "send_server_keepalive: password server keepalive " + "failed.\n")); + cli_shutdown(state->cli); + state->cli = NULL; + return False; } -/**************************************************************************** - Send a 'keepalive' packet down the cli pipe. -****************************************************************************/ +static int destroy_server_security(struct server_security_state *state) +{ + if (state->cli) { + cli_shutdown(state->cli); + } + return 0; +} -static void send_server_keepalive(void **private_data_pointer) +static struct server_security_state *make_server_security_state(struct cli_state *cli) { - /* also send a keepalive to the password server if its still - connected */ - if (private_data_pointer) { - struct cli_state *cli = (struct cli_state *)(*private_data_pointer); - if (cli && cli->initialised) { - if (!send_keepalive(cli->fd)) { - DEBUG( 2, ( "send_server_keepalive: password server keepalive failed.\n")); - cli_shutdown(cli); - *private_data_pointer = NULL; - } + struct server_security_state *result; + + if (!(result = talloc(NULL, struct server_security_state))) { + DEBUG(0, ("talloc failed\n")); + cli_shutdown(cli); + return NULL; + } + + result->cli = cli; + talloc_set_destructor(result, destroy_server_security); + + if (lp_keepalive() != 0) { + struct timeval interval; + interval.tv_sec = lp_keepalive(); + interval.tv_usec = 0; + + if (event_add_idle(smbd_event_context(), result, interval, + "server_security_keepalive", + send_server_keepalive, + result) == NULL) { + DEBUG(0, ("event_add_idle failed\n")); + TALLOC_FREE(result); + return NULL; } } + + return result; } /**************************************************************************** @@ -190,7 +224,8 @@ static DATA_BLOB auth_get_challenge_server(const struct auth_context *auth_conte /* However, it is still a perfectly fine connection to pass that unencrypted password over */ - *my_private_data = (void *)cli; + *my_private_data = + (void *)make_server_security_state(cli); return data_blob(NULL, 0); } else if (cli->secblob.length < 8) { @@ -200,7 +235,9 @@ static DATA_BLOB auth_get_challenge_server(const struct auth_context *auth_conte return data_blob(NULL, 0); } - *my_private_data = (void *)cli; + if (!(*my_private_data = (void *)make_server_security_state(cli))) { + return data_blob(NULL,0); + } /* The return must be allocated on the caller's mem_ctx, as our own will be destoyed just after the call. */ @@ -415,8 +452,6 @@ static NTSTATUS auth_init_smbserver(struct auth_context *auth_context, const cha (*auth_method)->name = "smbserver"; (*auth_method)->auth = check_smbserver_security; (*auth_method)->get_chal = auth_get_challenge_server; - (*auth_method)->send_keepalive = send_server_keepalive; - (*auth_method)->free_private_data = free_server_private_data; return NT_STATUS_OK; } -- cgit From b4a7b7a8889737e2891fc1176feabd4ce47f2737 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 14 May 2007 12:16:20 +0000 Subject: r22844: Introduce const DATA_BLOB data_blob_null = { NULL, 0, NULL }; and replace all data_blob(NULL, 0) calls. (This used to be commit 3d3d61687ef00181f4f04e001d42181d93ac931e) --- source3/auth/auth_server.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index c140ef48f9..e5331893fd 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -226,24 +226,24 @@ static DATA_BLOB auth_get_challenge_server(const struct auth_context *auth_conte to pass that unencrypted password over */ *my_private_data = (void *)make_server_security_state(cli); - return data_blob(NULL, 0); + return data_blob_null; } else if (cli->secblob.length < 8) { /* We can't do much if we don't get a full challenge */ DEBUG(2,("make_auth_info_server: Didn't receive a full challenge from server\n")); cli_shutdown(cli); - return data_blob(NULL, 0); + return data_blob_null; } if (!(*my_private_data = (void *)make_server_security_state(cli))) { - return data_blob(NULL,0); + return data_blob_null; } /* The return must be allocated on the caller's mem_ctx, as our own will be destoyed just after the call. */ return data_blob_talloc(auth_context->mem_ctx, cli->secblob.data,8); } else { - return data_blob(NULL, 0); + return data_blob_null; } } -- cgit From 9b48f7d76d1700f3be951b0322a7184bd192004f Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 16 May 2007 20:02:32 +0000 Subject: r22953: Well, this apparently has never been tested. But *this* code never saw a release yet .... ;-)) (This used to be commit f93b6353fe18e2c992a3dad96afd1a4c16032c55) --- source3/auth/auth_server.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index e5331893fd..20ce078d2e 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -254,7 +254,7 @@ static DATA_BLOB auth_get_challenge_server(const struct auth_context *auth_conte ****************************************************************************/ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context, - void *my_private_data, + void *private_data, TALLOC_CTX *mem_ctx, const auth_usersupplied_info *user_info, auth_serversupplied_info **server_info) @@ -266,6 +266,7 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context static BOOL bad_password_server = False; NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED; BOOL locally_made_cli = False; + struct server_security_state *state; /* * Check that the requested domain is not our own machine name. @@ -273,12 +274,10 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context * password file. */ - if(is_myname(user_info->domain)) { - DEBUG(3,("check_smbserver_security: Requested domain was for this machine.\n")); - return nt_status; - } + state = talloc_get_type_abort( + private_data, struct server_security_state); - cli = (struct cli_state *)my_private_data; + cli = state->cli; if (cli) { } else { -- cgit From 0b38bfa9ea337f360fca6a85eb9764d1eafb1728 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 16 May 2007 22:52:17 +0000 Subject: r22956: Fix security=server (bug #4622). Volker's patch (slightly truncated by me). Will be in 3.0.25a. Jeremy. (This used to be commit 039fb906af883a7ca1a68955f1b36b583fe1b698) --- source3/auth/auth_server.c | 6 ------ 1 file changed, 6 deletions(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 20ce078d2e..4351f96eeb 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -268,12 +268,6 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context BOOL locally_made_cli = False; struct server_security_state *state; - /* - * Check that the requested domain is not our own machine name. - * If it is, we should never check the PDC here, we use our own local - * password file. - */ - state = talloc_get_type_abort( private_data, struct server_security_state); -- cgit From ce02d0dfcbeeeec316578322257d998589090c6f Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 20 Jun 2007 17:38:42 +0000 Subject: r23554: Fix bug #4711 by makeing cli_connect return an NTSTATUS. Long overdue fix.... Jeremy. (This used to be commit 073fdc5a58139796dbaa7ea9833dca5308f11282) --- source3/auth/auth_server.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 4351f96eeb..f862ba0f1a 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -49,6 +49,8 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) p = pserver; while(next_token( &p, desthost, LIST_SEP, sizeof(desthost))) { + NTSTATUS status; + standard_sub_basic(current_user_info.smb_name, current_user_info.domain, desthost, sizeof(desthost)); strupper_m(desthost); @@ -72,11 +74,14 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) return NULL; } - if (cli_connect(cli, desthost, &dest_ip)) { + status = cli_connect(cli, desthost, &dest_ip); + if (NT_STATUS_IS_OK(status)) { DEBUG(3,("connected to password server %s\n",desthost)); connected_ok = True; break; } + DEBUG(10,("server_cryptkey: failed to connect to server %s. Error %s\n", + desthost, nt_errstr(status) )); } if (!connected_ok) { -- cgit From d824b98f80ba186030cbb70b3a1e5daf80469ecd Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 9 Jul 2007 19:25:36 +0000 Subject: r23779: Change from v2 or later to v3 or later. Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3) --- source3/auth/auth_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index f862ba0f1a..75898eaff5 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -6,7 +6,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, -- cgit From 5e54558c6dea67b56bbfaba5698f3a434d3dffb6 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 00:52:41 +0000 Subject: r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text (This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07) --- source3/auth/auth_server.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 75898eaff5..ba7507ef4f 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -15,8 +15,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ #include "includes.h" -- cgit From e5a951325a6cac8567af3a66de6d2df577508ae4 Mon Sep 17 00:00:00 2001 From: "Gerald (Jerry) Carter" Date: Wed, 10 Oct 2007 15:34:30 -0500 Subject: [GLUE] Rsync SAMBA_3_2_0 SVN r25598 in order to create the v3-2-test branch. (This used to be commit 5c6c8e1fe93f340005110a7833946191659d88ab) --- source3/auth/auth_server.c | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index ba7507ef4f..b7669e945c 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -149,7 +149,7 @@ struct server_security_state { ****************************************************************************/ static BOOL send_server_keepalive(const struct timeval *now, - void *private_data) + void *private_data) { struct server_security_state *state = talloc_get_type_abort( private_data, struct server_security_state); @@ -231,7 +231,6 @@ static DATA_BLOB auth_get_challenge_server(const struct auth_context *auth_conte *my_private_data = (void *)make_server_security_state(cli); return data_blob_null; - } else if (cli->secblob.length < 8) { /* We can't do much if we don't get a full challenge */ DEBUG(2,("make_auth_info_server: Didn't receive a full challenge from server\n")); @@ -240,7 +239,7 @@ static DATA_BLOB auth_get_challenge_server(const struct auth_context *auth_conte } if (!(*my_private_data = (void *)make_server_security_state(cli))) { - return data_blob_null; + return data_blob(NULL,0); } /* The return must be allocated on the caller's mem_ctx, as our own will be @@ -258,7 +257,7 @@ static DATA_BLOB auth_get_challenge_server(const struct auth_context *auth_conte ****************************************************************************/ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context, - void *private_data, + void *my_private_data, TALLOC_CTX *mem_ctx, const auth_usersupplied_info *user_info, auth_serversupplied_info **server_info) @@ -270,12 +269,8 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context static BOOL bad_password_server = False; NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED; BOOL locally_made_cli = False; - struct server_security_state *state; - - state = talloc_get_type_abort( - private_data, struct server_security_state); - cli = state->cli; + cli = (struct cli_state *)my_private_data; if (cli) { } else { -- cgit From 8e54530b52fd256137740107e9fdf000f00a7a30 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 10 Oct 2007 18:25:16 -0700 Subject: Add start of IPv6 implementation. Currently most of this is avoiding IPv6 in winbindd, but moves most of the socket functions that were wrongly in lib/util.c into lib/util_sock.c and provides generic IPv4/6 independent versions of most things. Still lots of work to do, but now I can see how I'll fix the access check code. Nasty part that remains is the name resolution code which is used to returning arrays of in_addr structs. Jeremy. (This used to be commit 3f6bd0e1ec5cc6670f3d08f76fc2cd94c9cd1a08) --- source3/auth/auth_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index b7669e945c..44f36dc4cf 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -59,7 +59,7 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) continue; } - if (ismyip(dest_ip)) { + if (ismyip_v4(dest_ip)) { DEBUG(1,("Password server loop - disabling password server %s\n",desthost)); continue; } -- cgit From 30191d1a5704ad2b158386b511558972d539ce47 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 18 Oct 2007 17:40:25 -0700 Subject: RIP BOOL. Convert BOOL -> bool. I found a few interesting bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f) --- source3/auth/auth_server.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 44f36dc4cf..815c1193d1 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -36,7 +36,7 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) struct in_addr dest_ip; const char *p; char *pserver; - BOOL connected_ok = False; + bool connected_ok = False; if (!(cli = cli_initialise())) return NULL; @@ -148,7 +148,7 @@ struct server_security_state { Send a 'keepalive' packet down the cli pipe. ****************************************************************************/ -static BOOL send_server_keepalive(const struct timeval *now, +static bool send_server_keepalive(const struct timeval *now, void *private_data) { struct server_security_state *state = talloc_get_type_abort( @@ -265,10 +265,10 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context struct cli_state *cli; static unsigned char badpass[24]; static fstring baduser; - static BOOL tested_password_server = False; - static BOOL bad_password_server = False; + static bool tested_password_server = False; + static bool bad_password_server = False; NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED; - BOOL locally_made_cli = False; + bool locally_made_cli = False; cli = (struct cli_state *)my_private_data; -- cgit From f88b7a076be74a29a3bf876b4e2705f4a1ecf42b Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 24 Oct 2007 14:16:54 -0700 Subject: This is a large patch (sorry). Migrate from struct in_addr to struct sockaddr_storage in most places that matter (ie. not the nmbd and NetBIOS lookups). This passes make test on an IPv4 box, but I'll have to do more work/testing on IPv6 enabled boxes. This should now give us a framework for testing and finishing the IPv6 migration. It's at the state where someone with a working IPv6 setup should (theorecically) be able to type : smbclient //ipv6-address/share and have it work. Jeremy. (This used to be commit 98e154c3125d5732c37a72d74b0eb5cd7b6155fd) --- source3/auth/auth_server.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 815c1193d1..8b10be93fc 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -33,7 +33,7 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) { struct cli_state *cli = NULL; fstring desthost; - struct in_addr dest_ip; + struct sockaddr_storage dest_ss; const char *p; char *pserver; bool connected_ok = False; @@ -54,12 +54,12 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) desthost, sizeof(desthost)); strupper_m(desthost); - if(!resolve_name( desthost, &dest_ip, 0x20)) { + if(!resolve_name( desthost, &dest_ss, 0x20)) { DEBUG(1,("server_cryptkey: Can't resolve address for %s\n",desthost)); continue; } - if (ismyip_v4(dest_ip)) { + if (ismyaddr(&dest_ss)) { DEBUG(1,("Password server loop - disabling password server %s\n",desthost)); continue; } @@ -73,7 +73,7 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) return NULL; } - status = cli_connect(cli, desthost, &dest_ip); + status = cli_connect(cli, desthost, &dest_ss); if (NT_STATUS_IS_OK(status)) { DEBUG(3,("connected to password server %s\n",desthost)); connected_ok = True; @@ -91,7 +91,7 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) } if (!attempt_netbios_session_request(&cli, global_myname(), - desthost, &dest_ip)) { + desthost, &dest_ss)) { release_server_mutex(); DEBUG(1,("password server fails session request\n")); cli_shutdown(cli); -- cgit From 42cfffae80480eae4381902fff3f7c61f858a933 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 7 Dec 2007 17:32:32 -0800 Subject: Remove next_token - all uses must now be next_token_talloc. No more temptations to use static length strings. Jeremy. (This used to be commit ec003f39369910dee852b7cafb883ddaa321c2de) --- source3/auth/auth_server.c | 39 ++++++++++++++++++++++----------------- 1 file changed, 22 insertions(+), 17 deletions(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 8b10be93fc..7c99848612 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -32,10 +32,10 @@ extern userdom_struct current_user_info; static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) { struct cli_state *cli = NULL; - fstring desthost; + char *desthost = NULL; struct sockaddr_storage dest_ss; const char *p; - char *pserver; + char *pserver = NULL; bool connected_ok = False; if (!(cli = cli_initialise())) @@ -47,11 +47,16 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) pserver = talloc_strdup(mem_ctx, lp_passwordserver()); p = pserver; - while(next_token( &p, desthost, LIST_SEP, sizeof(desthost))) { + while(next_token_talloc(mem_ctx, &p, &desthost, LIST_SEP)) { NTSTATUS status; - standard_sub_basic(current_user_info.smb_name, current_user_info.domain, - desthost, sizeof(desthost)); + desthost = talloc_sub_basic(mem_ctx, + current_user_info.smb_name, + current_user_info.domain, + desthost); + if (!desthost) { + return NULL; + } strupper_m(desthost); if(!resolve_name( desthost, &dest_ss, 0x20)) { @@ -64,9 +69,9 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) continue; } - /* we use a mutex to prevent two connections at once - when a - Win2k PDC get two connections where one hasn't completed a - session setup yet it will send a TCP reset to the first + /* we use a mutex to prevent two connections at once - when a + Win2k PDC get two connections where one hasn't completed a + session setup yet it will send a TCP reset to the first connection (tridge) */ if (!grab_server_mutex(desthost)) { @@ -81,27 +86,27 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) } DEBUG(10,("server_cryptkey: failed to connect to server %s. Error %s\n", desthost, nt_errstr(status) )); + release_server_mutex(); } if (!connected_ok) { - release_server_mutex(); DEBUG(0,("password server not available\n")); cli_shutdown(cli); return NULL; } - - if (!attempt_netbios_session_request(&cli, global_myname(), + + if (!attempt_netbios_session_request(&cli, global_myname(), desthost, &dest_ss)) { release_server_mutex(); DEBUG(1,("password server fails session request\n")); cli_shutdown(cli); return NULL; } - + if (strequal(desthost,myhostname())) { exit_server_cleanly("Password server loop!"); } - + DEBUG(3,("got session\n")); if (!cli_negprot(cli)) { @@ -119,9 +124,9 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) return NULL; } - /* Get the first session setup done quickly, to avoid silly + /* Get the first session setup done quickly, to avoid silly Win2k bugs. (The next connection to the server will kill - this one... + this one... */ if (!NT_STATUS_IS_OK(cli_session_setup(cli, "", "", 0, "", 0, @@ -132,11 +137,11 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) cli_shutdown(cli); return NULL; } - + release_server_mutex(); DEBUG(3,("password server OK\n")); - + return cli; } -- cgit From 26daf2b479d1e6833f417b5d6c3d073ec0828935 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sun, 16 Dec 2007 18:32:03 -0800 Subject: Remove another static string and static passwd. Jeremy. (This used to be commit 2a700c5a57a417add3b1975b2c396d20c8a5f301) --- source3/auth/auth_server.c | 41 ++++++++++++++++++++++------------------- 1 file changed, 22 insertions(+), 19 deletions(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 7c99848612..9f90ef8ccd 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -268,8 +268,6 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context auth_serversupplied_info **server_info) { struct cli_state *cli; - static unsigned char badpass[24]; - static fstring baduser; static bool tested_password_server = False; static bool bad_password_server = False; NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED; @@ -300,23 +298,6 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context } } - if(badpass[0] == 0) - memset(badpass, 0x1f, sizeof(badpass)); - - if((user_info->nt_resp.length == sizeof(badpass)) && - !memcmp(badpass, user_info->nt_resp.data, sizeof(badpass))) { - /* - * Very unlikely, our random bad password is the same as the users - * password. - */ - memset(badpass, badpass[0]+1, sizeof(badpass)); - } - - if(baduser[0] == 0) { - fstrcpy(baduser, INVALID_USER_PREFIX); - fstrcat(baduser, global_myname()); - } - /* * Attempt a session setup with a totally incorrect password. * If this succeeds with the guest bit *NOT* set then the password @@ -330,6 +311,28 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context */ if ((!tested_password_server) && (lp_paranoid_server_security())) { + unsigned char badpass[24]; + char *baduser = NULL; + + memset(badpass, 0x1f, sizeof(badpass)); + + if((user_info->nt_resp.length == sizeof(badpass)) && + !memcmp(badpass, user_info->nt_resp.data, sizeof(badpass))) { + /* + * Very unlikely, our random bad password is the same as the users + * password. + */ + memset(badpass, badpass[0]+1, sizeof(badpass)); + } + + baduser = talloc_asprintf(mem_ctx, + "%s%s", + INVALID_USER_PREFIX, + global_myname()); + if (!baduser) { + return NT_STATUS_NO_MEMORY; + } + if (NT_STATUS_IS_OK(cli_session_setup(cli, baduser, (char *)badpass, sizeof(badpass), -- cgit From b47d491489ae6161f0c04378ed15dc1a54a166e1 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 8 Jan 2008 18:48:04 -0800 Subject: Fix CID 460 - resource leak on error. Jeremy. (This used to be commit d61831164b482d02e0eef3c28aeed93d3e44433f) --- source3/auth/auth_server.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 9f90ef8ccd..095f0b9fb8 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -75,6 +75,7 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) connection (tridge) */ if (!grab_server_mutex(desthost)) { + cli_shutdown(cli); return NULL; } -- cgit From 1ebfc66b2c145289d1e1314e8415d9e3c6f405ae Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 10 Mar 2008 21:08:29 +0100 Subject: Use a separate tdb for mutexes Another preparation to convert secrets.c to dbwrap: The dbwrap API does not provide a sane tdb_lock_with_timeout abstraction. In the clustered case the DC mutex is needed per-node anyway, so it is perfectly fine to use a local mutex only. (This used to be commit f94a63cd8f94490780ad9331da229c0bcb2ca5d6) --- source3/auth/auth_server.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 095f0b9fb8..b07884c49b 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -37,6 +37,7 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) const char *p; char *pserver = NULL; bool connected_ok = False; + struct named_mutex *mutex; if (!(cli = cli_initialise())) return NULL; @@ -74,7 +75,8 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) session setup yet it will send a TCP reset to the first connection (tridge) */ - if (!grab_server_mutex(desthost)) { + mutex = grab_named_mutex(talloc_tos(), desthost, 10); + if (mutex == NULL) { cli_shutdown(cli); return NULL; } @@ -87,7 +89,7 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) } DEBUG(10,("server_cryptkey: failed to connect to server %s. Error %s\n", desthost, nt_errstr(status) )); - release_server_mutex(); + TALLOC_FREE(mutex); } if (!connected_ok) { @@ -98,7 +100,7 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) if (!attempt_netbios_session_request(&cli, global_myname(), desthost, &dest_ss)) { - release_server_mutex(); + TALLOC_FREE(mutex); DEBUG(1,("password server fails session request\n")); cli_shutdown(cli); return NULL; @@ -111,16 +113,16 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) DEBUG(3,("got session\n")); if (!cli_negprot(cli)) { + TALLOC_FREE(mutex); DEBUG(1,("%s rejected the negprot\n",desthost)); - release_server_mutex(); cli_shutdown(cli); return NULL; } if (cli->protocol < PROTOCOL_LANMAN2 || !(cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL)) { + TALLOC_FREE(mutex); DEBUG(1,("%s isn't in user level security mode\n",desthost)); - release_server_mutex(); cli_shutdown(cli); return NULL; } @@ -132,14 +134,14 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) if (!NT_STATUS_IS_OK(cli_session_setup(cli, "", "", 0, "", 0, ""))) { + TALLOC_FREE(mutex); DEBUG(0,("%s rejected the initial session setup (%s)\n", desthost, cli_errstr(cli))); - release_server_mutex(); cli_shutdown(cli); return NULL; } - release_server_mutex(); + TALLOC_FREE(mutex); DEBUG(3,("password server OK\n")); -- cgit From 4f0626ee0945a79c484746b3ab4beae9e01348c9 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 30 May 2008 11:46:34 +0200 Subject: Fix security=server, bug 5502 This has brown paper bag quality and is definitely needed for 3.2.0. Thanks to Orion Poplawski for reporting this! Volker (This used to be commit 3b31f8cce3703645a57778bc752bc9b9e853df5d) --- source3/auth/auth_server.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index b07884c49b..31d1d37fbf 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -270,13 +270,15 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context const auth_usersupplied_info *user_info, auth_serversupplied_info **server_info) { + struct server_security_state *state = talloc_get_type_abort( + my_private_data, struct server_security_state); struct cli_state *cli; static bool tested_password_server = False; static bool bad_password_server = False; NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED; bool locally_made_cli = False; - cli = (struct cli_state *)my_private_data; + cli = state->cli; if (cli) { } else { @@ -285,7 +287,7 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context } if (!cli || !cli->initialised) { - DEBUG(1,("password server is not connected (cli not initilised)\n")); + DEBUG(1,("password server is not connected (cli not initialised)\n")); return NT_STATUS_LOGON_FAILURE; } -- cgit From 06d0790c0799112b89534a646e78d0cb38b06e20 Mon Sep 17 00:00:00 2001 From: Zach Loafman Date: Thu, 3 Jul 2008 22:53:42 -0700 Subject: Fix various build warnings This fixes various build warnings on our platform. I'm sure I haven't caught them all, but it's a start. (This used to be commit 6b73f259cb67d9dda9127907d706f9244a871fa3) --- source3/auth/auth_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 31d1d37fbf..696b42621e 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -37,7 +37,7 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) const char *p; char *pserver = NULL; bool connected_ok = False; - struct named_mutex *mutex; + struct named_mutex *mutex = NULL; if (!(cli = cli_initialise())) return NULL; -- cgit