From acb81fe408f0e674088f0952aaba442ddb494b0c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 1 Nov 2001 05:02:41 +0000 Subject: Various post AuthRewrite cleanups, fixups and tidyups. Zero out some of the plaintext passwords for paranoia Fix up some of the other passdb backends with the change to *uid_t rather than uid_t. Make some of the code in srv_netlog_nt.c clearer, is passing an array around, so pass its lenght in is definition, not as a seperate paramater. Use sizeof() rather than magic numbers, it makes things easier to read. Cope with a PAM authenticated user who is not in /etc/passwd - currently by saying NO_SUCH_USER, but this can change in future. Andrew Bartlett (This used to be commit 514c91b16baca639bb04638042bf9894d881172a) --- source3/auth/auth_unix.c | 6 +++-- source3/auth/auth_util.c | 47 ++++++++++++++++++++++---------------- source3/passdb/pdb_ldap.c | 4 ++-- source3/passdb/pdb_nisplus.c | 4 ++-- source3/passdb/pdb_tdb.c | 12 ++++------ source3/rpc_parse/parse_net.c | 6 ++--- source3/rpc_server/srv_netlog_nt.c | 10 ++++---- source3/smbd/auth_unix.c | 6 +++-- source3/smbd/auth_util.c | 47 ++++++++++++++++++++++---------------- source3/smbd/reply.c | 4 ++-- source3/smbd/sesssetup.c | 6 ++--- 11 files changed, 83 insertions(+), 69 deletions(-) (limited to 'source3') diff --git a/source3/auth/auth_unix.c b/source3/auth/auth_unix.c index d456da1fdf..8c4a520350 100644 --- a/source3/auth/auth_unix.c +++ b/source3/auth/auth_unix.c @@ -98,13 +98,15 @@ NTSTATUS check_unix_security(const auth_usersupplied_info *user_info, auth_serve update_smbpassword_file : NULL, True); + unbecome_root(); + if NT_STATUS_IS_OK(nt_status) { if (pass) { make_server_info_pw(server_info, pass); + } else { + nt_status = NT_STATUS_NO_SUCH_USER; } } - unbecome_root(); - return nt_status; } diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 85f01605ab..9de8142578 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -282,9 +282,12 @@ BOOL make_user_info_netlogon_network(auth_usersupplied_info **user_info, if (lm_pwd_len) ntlmssp_flags |= NTLMSSP_NEGOTIATE_OEM; - if (nt_pwd_len) + if (nt_pwd_len == 24) { ntlmssp_flags |= NTLMSSP_NEGOTIATE_NTLM; - + } else if (nt_pwd_len != 0) { + ntlmssp_flags |= NTLMSSP_NEGOTIATE_NTLM2; + } + ret = make_user_info_map(user_info, smb_name, client_domain, wksta_name, sec_blob, @@ -303,15 +306,15 @@ BOOL make_user_info_netlogon_network(auth_usersupplied_info **user_info, ****************************************************************************/ BOOL make_user_info_netlogon_interactive(auth_usersupplied_info **user_info, - char *smb_name, - char *client_domain, - char *wksta_name, - uchar *lm_interactive_pwd, int lm_pwd_len, - uchar *nt_interactive_pwd, int nt_pwd_len, - uchar *dc_sess_key) + char *smb_name, + char *client_domain, + char *wksta_name, + uchar lm_interactive_pwd[16], + uchar nt_interactive_pwd[16], + uchar *dc_sess_key) { - char nt_pwd[16]; char lm_pwd[16]; + char nt_pwd[16]; unsigned char local_lm_response[24]; unsigned char local_nt_response[24]; unsigned char key[16]; @@ -320,32 +323,32 @@ BOOL make_user_info_netlogon_interactive(auth_usersupplied_info **user_info, generate_random_buffer(chal, 8, False); - memset(key, 0, 16); + ZERO_STRUCT(key); memcpy(key, dc_sess_key, 8); - memcpy(lm_pwd, lm_interactive_pwd, 16); - memcpy(nt_pwd, nt_interactive_pwd, 16); + if (lm_interactive_pwd) memcpy(lm_pwd, lm_interactive_pwd, sizeof(lm_pwd)); + if (nt_interactive_pwd) memcpy(nt_pwd, nt_interactive_pwd, sizeof(nt_pwd)); #ifdef DEBUG_PASSWORD DEBUG(100,("key:")); - dump_data(100, (char *)key, 16); + dump_data(100, (char *)key, sizeof(key)); DEBUG(100,("lm owf password:")); - dump_data(100, lm_pwd, 16); + dump_data(100, lm_pwd, sizeof(lm_pwd)); DEBUG(100,("nt owf password:")); - dump_data(100, nt_pwd, 16); + dump_data(100, nt_pwd, sizeof(nt_pwd)); #endif - SamOEMhash((uchar *)lm_pwd, key, 16); - SamOEMhash((uchar *)nt_pwd, key, 16); + SamOEMhash((uchar *)lm_pwd, key, sizeof(lm_pwd)); + SamOEMhash((uchar *)nt_pwd, key, sizeof(nt_pwd)); #ifdef DEBUG_PASSWORD DEBUG(100,("decrypt of lm owf password:")); - dump_data(100, lm_pwd, 16); + dump_data(100, lm_pwd, sizeof(lm_pwd)); DEBUG(100,("decrypt of nt owf password:")); - dump_data(100, nt_pwd, 16); + dump_data(100, nt_pwd, sizeof(nt_pwd)); #endif generate_random_buffer(chal, 8, False); @@ -364,7 +367,11 @@ BOOL make_user_info_netlogon_interactive(auth_usersupplied_info **user_info, DATA_BLOB local_nt_blob = data_blob(local_nt_response, sizeof(local_nt_response)); DATA_BLOB plaintext_blob = data_blob(NULL, 0); - ntlmssp_flags = NTLMSSP_NEGOTIATE_OEM | NTLMSSP_NEGOTIATE_NTLM; + if (lm_interactive_pwd) + ntlmssp_flags |= NTLMSSP_NEGOTIATE_OEM; + if (nt_interactive_pwd) + ntlmssp_flags |= NTLMSSP_NEGOTIATE_NTLM; + ret = make_user_info_map(user_info, smb_name, client_domain, wksta_name, sec_blob, diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index 057395a381..9502fc5fe4 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -485,8 +485,8 @@ static BOOL init_sam_from_ldap (SAM_ACCOUNT * sampass, pdb_set_hours_len(sampass, hours_len); pdb_set_logons_divs(sampass, logon_divs); - pdb_set_uid(sampass, sys_user->pw_uid); - pdb_set_gid(sampass, sys_user->pw_gid); + pdb_set_uid(sampass, &sys_user->pw_uid); + pdb_set_gid(sampass, &sys_user->pw_gid); pdb_set_user_rid(sampass, user_rid); pdb_set_group_rid(sampass, group_rid); diff --git a/source3/passdb/pdb_nisplus.c b/source3/passdb/pdb_nisplus.c index dddab8bdee..eceb1ea546 100644 --- a/source3/passdb/pdb_nisplus.c +++ b/source3/passdb/pdb_nisplus.c @@ -315,8 +315,8 @@ static BOOL make_sam_from_nisp_object(SAM_ACCOUNT *pw_buf, const nis_object *obj pdb_set_workstations(pw_buf, ENTRY_VAL(obj, NPF_WORKSTATIONS)); pdb_set_munged_dial(pw_buf, NULL); - pdb_set_uid(pw_buf, atoi(ENTRY_VAL(obj, NPF_UID))); - pdb_set_gid(pw_buf, atoi(ENTRY_VAL(obj, NPF_SMB_GRPID))); + pdb_set_uid(pw_buf, &atoi(ENTRY_VAL(obj, NPF_UID))); + pdb_set_gid(pw_buf, &atoi(ENTRY_VAL(obj, NPF_SMB_GRPID))); pdb_set_user_rid(pw_buf, atoi(ENTRY_VAL(obj, NPF_USER_RID))); pdb_set_group_rid(pw_buf, atoi(ENTRY_VAL(obj, NPF_GROUP_RID))); diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c index a170ac1345..a6c40eb970 100644 --- a/source3/passdb/pdb_tdb.c +++ b/source3/passdb/pdb_tdb.c @@ -463,8 +463,8 @@ BOOL pdb_getsampwent(SAM_ACCOUNT *user) uid = pw->pw_uid; gid = pw->pw_gid; - pdb_set_uid (user, uid); - pdb_set_gid (user, gid); + pdb_set_uid (user, &uid); + pdb_set_gid (user, &gid); /* increment to next in line */ global_tdb_ent.key = tdb_nextkey (global_tdb_ent.passwd_tdb, global_tdb_ent.key); @@ -538,8 +538,8 @@ BOOL pdb_getsampwnam (SAM_ACCOUNT *user, const char *sname) uid = pw->pw_uid; gid = pw->pw_gid; - pdb_set_uid (user, uid); - pdb_set_gid (user, gid); + pdb_set_uid (user, &uid); + pdb_set_gid (user, &gid); /* cleanup */ tdb_close (pwd_tdb); @@ -722,10 +722,6 @@ static BOOL tdb_update_sam(const SAM_ACCOUNT* newpwd, BOOL override, int flag) get_private_directory(tdbfile); pstrcat (tdbfile, PASSDB_FILE_NAME); - if ( (!pdb_get_uid(newpwd)) || (!pdb_get_gid(newpwd)) ) - DEBUG (0,("tdb_update_sam: Storing a SAM_ACCOUNT for [%s] with uid %d and gid %d!\n", - pdb_get_username(newpwd), pdb_get_uid(newpwd), pdb_get_gid(newpwd))); - /* if we don't have a RID, then FAIL */ if (!pdb_get_user_rid(newpwd)) DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a RID\n",pdb_get_username(newpwd))); diff --git a/source3/rpc_parse/parse_net.c b/source3/rpc_parse/parse_net.c index c546213173..1b0e498f77 100644 --- a/source3/rpc_parse/parse_net.c +++ b/source3/rpc_parse/parse_net.c @@ -1002,17 +1002,17 @@ void init_id_info2(NET_ID_INFO_2 * id, const char *domain_name, if (nt_chal_resp) { /* oops. can only send what-ever-it-is direct */ - memcpy(nt_owf, nt_chal_resp, 24); + memcpy(nt_owf, nt_chal_resp, MIN(sizeof(nt_owf), nt_chal_resp_len)); nt_chal_resp = nt_owf; } if (lm_chal_resp) { /* oops. can only send what-ever-it-is direct */ - memcpy(lm_owf, lm_chal_resp, 24); + memcpy(lm_owf, lm_chal_resp, MIN(sizeof(lm_owf), lm_chal_resp_len)); lm_chal_resp = lm_owf; } memcpy(id->lm_chal, lm_challenge, sizeof(id->lm_chal)); - init_str_hdr(&id->hdr_nt_chal_resp, sizeof(lm_owf), nt_chal_resp_len, (nt_chal_resp != NULL) ? 1 : 0); + init_str_hdr(&id->hdr_nt_chal_resp, sizeof(nt_owf), nt_chal_resp_len, (nt_chal_resp != NULL) ? 1 : 0); init_str_hdr(&id->hdr_lm_chal_resp, sizeof(lm_owf), lm_chal_resp_len, (lm_chal_resp != NULL) ? 1 : 0); init_unistr2(&id->uni_domain_name, domain_name, len_domain_name); diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 042279c568..d9677519a4 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -581,11 +581,11 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * auth subsystem to chew on */ { make_user_info_netlogon_interactive(&user_info, - nt_username, nt_domain, - nt_workstation, - ctr->auth.id1.lm_owf.data, 16, - ctr->auth.id1.nt_owf.data, 16, - p->dc.sess_key); + nt_username, nt_domain, + nt_workstation, + ctr->auth.id1.lm_owf.data, + ctr->auth.id1.nt_owf.data, + p->dc.sess_key); break; } default: diff --git a/source3/smbd/auth_unix.c b/source3/smbd/auth_unix.c index d456da1fdf..8c4a520350 100644 --- a/source3/smbd/auth_unix.c +++ b/source3/smbd/auth_unix.c @@ -98,13 +98,15 @@ NTSTATUS check_unix_security(const auth_usersupplied_info *user_info, auth_serve update_smbpassword_file : NULL, True); + unbecome_root(); + if NT_STATUS_IS_OK(nt_status) { if (pass) { make_server_info_pw(server_info, pass); + } else { + nt_status = NT_STATUS_NO_SUCH_USER; } } - unbecome_root(); - return nt_status; } diff --git a/source3/smbd/auth_util.c b/source3/smbd/auth_util.c index 85f01605ab..9de8142578 100644 --- a/source3/smbd/auth_util.c +++ b/source3/smbd/auth_util.c @@ -282,9 +282,12 @@ BOOL make_user_info_netlogon_network(auth_usersupplied_info **user_info, if (lm_pwd_len) ntlmssp_flags |= NTLMSSP_NEGOTIATE_OEM; - if (nt_pwd_len) + if (nt_pwd_len == 24) { ntlmssp_flags |= NTLMSSP_NEGOTIATE_NTLM; - + } else if (nt_pwd_len != 0) { + ntlmssp_flags |= NTLMSSP_NEGOTIATE_NTLM2; + } + ret = make_user_info_map(user_info, smb_name, client_domain, wksta_name, sec_blob, @@ -303,15 +306,15 @@ BOOL make_user_info_netlogon_network(auth_usersupplied_info **user_info, ****************************************************************************/ BOOL make_user_info_netlogon_interactive(auth_usersupplied_info **user_info, - char *smb_name, - char *client_domain, - char *wksta_name, - uchar *lm_interactive_pwd, int lm_pwd_len, - uchar *nt_interactive_pwd, int nt_pwd_len, - uchar *dc_sess_key) + char *smb_name, + char *client_domain, + char *wksta_name, + uchar lm_interactive_pwd[16], + uchar nt_interactive_pwd[16], + uchar *dc_sess_key) { - char nt_pwd[16]; char lm_pwd[16]; + char nt_pwd[16]; unsigned char local_lm_response[24]; unsigned char local_nt_response[24]; unsigned char key[16]; @@ -320,32 +323,32 @@ BOOL make_user_info_netlogon_interactive(auth_usersupplied_info **user_info, generate_random_buffer(chal, 8, False); - memset(key, 0, 16); + ZERO_STRUCT(key); memcpy(key, dc_sess_key, 8); - memcpy(lm_pwd, lm_interactive_pwd, 16); - memcpy(nt_pwd, nt_interactive_pwd, 16); + if (lm_interactive_pwd) memcpy(lm_pwd, lm_interactive_pwd, sizeof(lm_pwd)); + if (nt_interactive_pwd) memcpy(nt_pwd, nt_interactive_pwd, sizeof(nt_pwd)); #ifdef DEBUG_PASSWORD DEBUG(100,("key:")); - dump_data(100, (char *)key, 16); + dump_data(100, (char *)key, sizeof(key)); DEBUG(100,("lm owf password:")); - dump_data(100, lm_pwd, 16); + dump_data(100, lm_pwd, sizeof(lm_pwd)); DEBUG(100,("nt owf password:")); - dump_data(100, nt_pwd, 16); + dump_data(100, nt_pwd, sizeof(nt_pwd)); #endif - SamOEMhash((uchar *)lm_pwd, key, 16); - SamOEMhash((uchar *)nt_pwd, key, 16); + SamOEMhash((uchar *)lm_pwd, key, sizeof(lm_pwd)); + SamOEMhash((uchar *)nt_pwd, key, sizeof(nt_pwd)); #ifdef DEBUG_PASSWORD DEBUG(100,("decrypt of lm owf password:")); - dump_data(100, lm_pwd, 16); + dump_data(100, lm_pwd, sizeof(lm_pwd)); DEBUG(100,("decrypt of nt owf password:")); - dump_data(100, nt_pwd, 16); + dump_data(100, nt_pwd, sizeof(nt_pwd)); #endif generate_random_buffer(chal, 8, False); @@ -364,7 +367,11 @@ BOOL make_user_info_netlogon_interactive(auth_usersupplied_info **user_info, DATA_BLOB local_nt_blob = data_blob(local_nt_response, sizeof(local_nt_response)); DATA_BLOB plaintext_blob = data_blob(NULL, 0); - ntlmssp_flags = NTLMSSP_NEGOTIATE_OEM | NTLMSSP_NEGOTIATE_NTLM; + if (lm_interactive_pwd) + ntlmssp_flags |= NTLMSSP_NEGOTIATE_OEM; + if (nt_interactive_pwd) + ntlmssp_flags |= NTLMSSP_NEGOTIATE_NTLM; + ret = make_user_info_map(user_info, smb_name, client_domain, wksta_name, sec_blob, diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 8a1fecba3f..54238e90e7 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -180,7 +180,7 @@ int reply_tcon(connection_struct *conn, conn = make_connection(service,password_blob,dev,vuid,&nt_status); - data_blob_clear_free(&password); + data_blob_clear_free(&password_blob); if (!conn) { END_PROFILE(SMBtcon); @@ -260,7 +260,7 @@ int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt conn = make_connection(service,password,devicename,vuid,&nt_status); data_blob_clear_free(&password); - + if (!conn) { END_PROFILE(SMBtconX); return ERROR_NT(nt_status); diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 7361db0205..85ffadea08 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -646,7 +646,7 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf, data_blob_free(&lm_resp); data_blob_free(&nt_resp); - data_blob_free(&plaintext_password); + data_blob_clear_free(&plaintext_password); guest = True; map_username(user); @@ -667,7 +667,7 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf, data_blob_free(&lm_resp); data_blob_free(&nt_resp); - data_blob_free(&plaintext_password); + data_blob_clear_free(&plaintext_password); END_PROFILE(SMBsesssetupX); return ERROR_DOS(ERRDOS,ERRnoaccess); @@ -689,7 +689,7 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf, data_blob_free(&lm_resp); data_blob_free(&nt_resp); - data_blob_free(&plaintext_password); + data_blob_clear_free(&plaintext_password); if (!NT_STATUS_IS_OK(nt_status)) { if NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER) { -- cgit