From da3053048c3d224a20d6383ac6682d31059cd46c Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Sun, 11 Mar 2001 00:32:10 +0000
Subject: Merge of new 2.2 code into HEAD (Gerald I hate you :-) :-). Allows
 new SAMR RPC code to merge with new passdb code. Currently rpcclient doesn't
 compile. I'm working on it... Jeremy. (This used to be commit
 0be41d5158ea4e645e93e8cd30617c038416e549)

---
 source3/rpc_server/srv_netlog_nt.c | 184 ++++++++++++-------------------------
 1 file changed, 61 insertions(+), 123 deletions(-)

(limited to 'source3/rpc_server/srv_netlog_nt.c')

diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index 151c72499a..613f8f54b2 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -129,7 +129,8 @@ static void init_net_r_srv_pwset(NET_R_SRV_PWSET *r_s,
 
 static BOOL get_md4pw(char *md4pw, char *mach_acct)
 {
-	struct smb_passwd *smb_pass;
+	SAM_ACCOUNT *sampass = NULL;
+	BYTE *pass;
 
 #if 0
     /*
@@ -150,17 +151,18 @@ static BOOL get_md4pw(char *md4pw, char *mach_acct)
 #endif /* 0 */
 
 	become_root();
-	smb_pass = getsmbpwnam(mach_acct);
+	sampass = pdb_getsampwnam(mach_acct);
 	unbecome_root();
-
-	if ((smb_pass) != NULL && !(smb_pass->acct_ctrl & ACB_DISABLED) &&
-        (smb_pass->smb_nt_passwd != NULL))
+ 
+	if ((sampass) != NULL && !(pdb_get_acct_ctrl(sampass) & ACB_DISABLED) &&
+		((pass=pdb_get_nt_passwd(sampass)) != NULL))
 	{
-		memcpy(md4pw, smb_pass->smb_nt_passwd, 16);
+		memcpy(md4pw, pass, 16);
 		dump_data(5, md4pw, 16);
-
+ 
 		return True;
 	}
+
 	DEBUG(0,("get_md4pw: Workstation %s: no account in domain\n", mach_acct));
 	return False;
 }
@@ -256,11 +258,11 @@ uint32 _net_auth_2(pipes_struct *p, NET_Q_AUTH_2 *q_u, NET_R_AUTH_2 *r_u)
 uint32 _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET *r_u)
 {
 	uint16 vuid = p->vuid;
-	uint32 status = NT_STATUS_NOPROBLEMO;
+	uint32 status = NT_STATUS_WRONG_PASSWORD;
 	DOM_CRED srv_cred;
 	pstring mach_acct;
-	struct smb_passwd *smb_pass;
-	BOOL ret;
+	SAM_ACCOUNT *sampass;
+	BOOL ret = False;
 	user_struct *vuser;
 	unsigned char pwd[16];
 	int i;
@@ -282,10 +284,10 @@ uint32 _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET *r_
 	DEBUG(3,("Server Password Set Wksta:[%s]\n", mach_acct));
 
 	become_root();
-	smb_pass = getsmbpwnam(mach_acct);
+	sampass = pdb_getsampwnam(mach_acct);
 	unbecome_root();
 
-	if (smb_pass == NULL)
+	if (sampass == NULL)
 		return NT_STATUS_NO_SUCH_USER;
 
 	DEBUG(100,("Server password set : new given value was :\n"));
@@ -296,16 +298,16 @@ uint32 _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET *r_
 	cred_hash3( pwd, q_u->pwd, vuser->dc.sess_key, 0);
 
 	/* lies!  nt and lm passwords are _not_ the same: don't care */
-	smb_pass->smb_passwd    = pwd;
-	smb_pass->smb_nt_passwd = pwd;
-	smb_pass->acct_ctrl     = ACB_WSTRUST;
-
+	pdb_set_lanman_passwd (sampass, pwd);
+	pdb_set_nt_passwd     (sampass, pwd);
+	pdb_set_acct_ctrl     (sampass, ACB_WSTRUST);
+ 
 	become_root();
-	ret = mod_smbpwd_entry(smb_pass,False);
+	ret = pdb_update_sam_account (sampass,False);
 	unbecome_root();
-
-	if (!ret)
-		status = NT_STATUS_WRONG_PASSWORD;
+ 
+	if (ret)
+		status = NT_STATUS_NOPROBLEMO;
 
 	/* set up the LSA Server Password Set response */
 	init_net_r_srv_pwset(r_u, &srv_cred, status);
@@ -347,7 +349,7 @@ uint32 _net_sam_logoff(pipes_struct *p, NET_Q_SAM_LOGOFF *q_u, NET_R_SAM_LOGOFF
  net_login_interactive:
  *************************************************************************/
 
-static uint32 net_login_interactive(NET_ID_INFO_1 *id1, struct smb_passwd *smb_pass, user_struct *vuser)
+static uint32 net_login_interactive(NET_ID_INFO_1 *id1, SAM_ACCOUNT *sampass, user_struct *vuser)
 {
 	uint32 status = 0x0;
 
@@ -383,9 +385,8 @@ static uint32 net_login_interactive(NET_ID_INFO_1 *id1, struct smb_passwd *smb_p
 	dump_data(100, nt_pwd, 16);
 #endif
 
-	if (memcmp(smb_pass->smb_passwd   , lm_pwd, 16) != 0 ||
-	    memcmp(smb_pass->smb_nt_passwd, nt_pwd, 16) != 0)
-	{
+	if (memcmp(pdb_get_lanman_passwd(sampass), lm_pwd, 16) != 0 ||
+	    memcmp(pdb_get_nt_passwd(sampass), nt_pwd, 16) != 0) {
 		status = NT_STATUS_WRONG_PASSWORD;
 	}
 
@@ -396,8 +397,10 @@ static uint32 net_login_interactive(NET_ID_INFO_1 *id1, struct smb_passwd *smb_p
  _net_login_network:
  *************************************************************************/
 
-static uint32 net_login_network(NET_ID_INFO_2 *id2, struct smb_passwd *smb_pass)
+static uint32 net_login_network(NET_ID_INFO_2 *id2, SAM_ACCOUNT *sampass)
 {
+	BYTE    *nt_pwd, *lanman_pwd;
+
 	DEBUG(5,("net_login_network: lm_len: %d nt_len: %d\n",
 		id2->hdr_lm_chal_resp.str_str_len, 
 		id2->hdr_nt_chal_resp.str_str_len));
@@ -405,13 +408,13 @@ static uint32 net_login_network(NET_ID_INFO_2 *id2, struct smb_passwd *smb_pass)
 	/* JRA. Check the NT password first if it exists - this is a higher quality 
            password, if it exists and it doesn't match - fail. */
 
-	if (id2->hdr_nt_chal_resp.str_str_len == 24 && 
-		smb_pass->smb_nt_passwd != NULL)
-	{
+	nt_pwd = pdb_get_nt_passwd(sampass);
+	lanman_pwd = pdb_get_lanman_passwd(sampass);
+
+	if (id2->hdr_nt_chal_resp.str_str_len == 24 && nt_pwd) {
 		if(smb_password_check((char *)id2->nt_chal_resp.buffer,
-		                   smb_pass->smb_nt_passwd,
-                           id2->lm_chal)) 
-			return 0x0;
+		                   nt_pwd, id2->lm_chal)) 
+			return NT_STATUS_NOPROBLEMO;
 		else
 			return NT_STATUS_WRONG_PASSWORD;
 	}
@@ -424,14 +427,10 @@ static uint32 net_login_network(NET_ID_INFO_2 *id2, struct smb_passwd *smb_pass)
 	   not do, for various security-hole reasons).
 	 */
 
-	if (id2->hdr_lm_chal_resp.str_str_len == 24 &&
+	if (id2->hdr_lm_chal_resp.str_str_len == 24 && lanman_pwd &&
 		smb_password_check((char *)id2->lm_chal_resp.buffer,
-		                   smb_pass->smb_passwd,
-		                   id2->lm_chal))
-	{
-		return 0x0;
-	}
-
+		                   lanman_pwd, id2->lm_chal))
+		return NT_STATUS_NOPROBLEMO;
 
 	/* oops! neither password check succeeded */
 
@@ -448,11 +447,10 @@ uint32 _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *r_
     uint16 vuid = p->vuid;
     NET_USER_INFO_3 *usr_info = NULL;
     DOM_CRED srv_cred;
-    struct smb_passwd *smb_pass = NULL;
-    struct sam_passwd *sam_pass = NULL;
+    SAM_ACCOUNT *sampass = NULL;
+	uint16 acct_ctrl;
     UNISTR2 *uni_samlogon_user = NULL;
     fstring nt_username;
-    struct passwd *pw;
     user_struct *vuser = NULL;
    
 	usr_info = (NET_USER_INFO_3 *)talloc(p->mem_ctx, sizeof(NET_USER_INFO_3));
@@ -499,33 +497,30 @@ uint32 _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *r_
 
 	map_username(nt_username);
 
-	/*
-	 * Do any case conversions.
-	 */
-
-	pw=Get_Pwnam(nt_username, True);
-        
+	/* get the account information */
 	become_root();
-	sam_pass = getsam21pwnam(nt_username);
-	smb_pass = getsmbpwnam(nt_username);
+	sampass = pdb_getsampwnam(nt_username);
 	unbecome_root();
-        
-	if (smb_pass == NULL)
+
+	if (sampass == NULL)
 		return NT_STATUS_NO_SUCH_USER;
-	else if (smb_pass->acct_ctrl & ACB_DISABLED)
+
+	acct_ctrl = pdb_get_acct_ctrl(sampass);
+
+	if (acct_ctrl & ACB_DISABLED)
 		return NT_STATUS_ACCOUNT_DISABLED;
     
 	/* Validate password - if required. */
     
-	if (!(smb_pass->acct_ctrl & ACB_PWNOTREQ)) {
+	if (!(acct_ctrl & ACB_PWNOTREQ)) {
 		switch (q_u->sam_id.logon_level) {
 		case INTERACTIVE_LOGON_TYPE:
 			/* interactive login. */
-			status = net_login_interactive(&q_u->sam_id.ctr->auth.id1, smb_pass, vuser);
+			status = net_login_interactive(&q_u->sam_id.ctr->auth.id1, sampass, vuser);
 			break;
 		case NET_LOGON_TYPE:
 			/* network login.  lm challenge and 24 byte responses */
-			status = net_login_network(&q_u->sam_id.ctr->auth.id2, smb_pass);
+			status = net_login_network(&q_u->sam_id.ctr->auth.id2, sampass);
 			break;
 		}
 	}
@@ -538,58 +533,25 @@ uint32 _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *r_
 		record that the user is logged in to the domain.
 	*/
     
-	/* return the profile plus other bits :-) */
-    
 	{
 		DOM_GID *gids = NULL;
 		int num_gids = 0;
-		NTTIME dummy_time;
-		pstring logon_script;
-		pstring profile_path;
-		pstring home_dir;
-		pstring home_drive;
 		pstring my_name;
 		pstring my_workgroup;
 		pstring domain_groups;
-		uint32 r_uid;
-		uint32 r_gid;
-		fstring full_name;
 	
 		/* set up pointer indicating user/password failed to be found */
 		usr_info->ptr_user_info = 0;
         
-		dummy_time.low  = 0xffffffff;
-		dummy_time.high = 0x7fffffff;
-        
 		/* XXXX hack to get standard_sub_basic() to use sam logon username */
 		/* possibly a better way would be to do a become_user() call */
 		sam_logon_in_ssb = True;
 		pstrcpy(samlogon_user, nt_username);
 
-		pstrcpy(logon_script, sam_pass->logon_script);
-		standard_sub_advanced(-1, nt_username, "", pw->pw_gid, logon_script);
-	
-		pstrcpy(profile_path, sam_pass->profile_path);
-		standard_sub_advanced(-1, nt_username, "", pw->pw_gid, profile_path);
-        
 		pstrcpy(my_workgroup, lp_workgroup());
-        
-		pstrcpy(home_drive, sam_pass->dir_drive);
-		standard_sub_advanced(-1, nt_username, "", pw->pw_gid, home_drive);
-
-		pstrcpy(home_dir, sam_pass->home_dir);
-		standard_sub_advanced(-1, nt_username, "", pw->pw_gid, home_dir);
-        
 		pstrcpy(my_name, global_myname);
 		strupper(my_name);
 
-		pstrcpy(full_name, sam_pass->full_name );
-		if( !*full_name ) {
-			fstrcpy(full_name, "<Full Name>");
-			if (lp_unix_realname())
-				fstrcpy(full_name, strtok(pw->pw_gecos, ","));
-		}
-        
 		/*
 		 * This is the point at which we get the group
 		 * database - we should be getting the gid_t list
@@ -608,41 +570,17 @@ uint32 _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *r_
         
 		sam_logon_in_ssb = False;
         
-		if (pdb_name_to_rid(nt_username, &r_uid, &r_gid))
-			init_net_user_info3(p->mem_ctx, usr_info,
-								&dummy_time, /* logon_time */
-								&dummy_time, /* logoff_time */
-								&dummy_time, /* kickoff_time */
-								&dummy_time, /* pass_last_set_time */
-								&dummy_time, /* pass_can_change_time */
-								&dummy_time, /* pass_must_change_time */
-                                
-								nt_username , /* user_name */
-								full_name,	/* full_name */
-								logon_script    , /* logon_script */
-								profile_path    , /* profile_path */
-								home_dir        , /* home_dir */
-								home_drive      , /* dir_drive */
-                                
-								0, /* logon_count */
-								0, /* bad_pw_count */
-                                
-								r_uid   , /* RID user_id */
-								r_gid   , /* RID group_id */
-								num_gids,    /* uint32 num_groups */
-								gids    , /* DOM_GID *gids */
-								0x20    , /* uint32 user_flgs (?) */
-                                
-								NULL, /* char sess_key[16] */
-                                
-								my_name     , /* char *logon_srv */
-								my_workgroup, /* char *logon_dom */
-                                
-								&global_sam_sid,     /* DOM_SID *dom_sid */
-								NULL); /* char *other_sids */
-        else
-			return NT_STATUS_NO_SUCH_USER;
-        
+        init_net_user_info3(p->mem_ctx, usr_info, sampass,
+                            0, /* logon_count */
+                            0, /* bad_pw_count */
+                            num_gids,    /* uint32 num_groups */
+                            gids    , /* DOM_GID *gids */
+                            0x20    , /* uint32 user_flgs (?) */
+                            NULL, /* char sess_key[16] */
+                            my_name     , /* char *logon_srv */
+                            my_workgroup, /* char *logon_dom */
+                            &global_sam_sid,     /* DOM_SID *dom_sid */
+                            NULL); /* char *other_sids */
     }
 
 	/* XXXX maybe we want to say 'no', reject the client's credentials */
-- 
cgit