From d7bb961859a3501aec4d28842bfffb6190d19a73 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 3 Feb 2012 18:03:10 +1100 Subject: s3-auth: Remove security=share (depricated since 3.6). This patch removes security=share, which Samba implemented by matching the per-share password provided by the client in the Tree Connect with a selection of usernames supplied by the client, the smb.conf or guessed from the environment. The rationale for the removal is that for the bulk of security=share users, we just we need a very simple way to run a 'trust the network' Samba server, where users mark shares as guest ok. This is still supported, and the smb.conf options are documented at https://wiki.samba.org/index.php/Public_Samba_Server At the same time, this closes the door on one of the most arcane areas of Samba authentication. Naturally, full user-name/password authentication remain available in security=user and above. This includes documentation updates for username and only user, which now only do a small amount of what they used to do. Andrew Bartlett -------------- / \ / REST \ / IN \ / PEACE \ / \ | SEC_SHARE | | security=share | | | | | | 5 March | | | | 2012 | *| * * * | * _________)/\\_//(\/(/\)/\//\/\///|_)_______ --- source3/Makefile.in | 2 +- source3/auth/auth.c | 11 -- source3/auth/auth_compat.c | 169 ------------------ source3/auth/proto.h | 12 -- source3/auth/wscript_build | 2 +- source3/libnet/libnet_join.c | 1 - source3/param/loadparm.c | 17 +- source3/smbd/globals.h | 4 - source3/smbd/negprot.c | 1 - source3/smbd/password.c | 397 ------------------------------------------- source3/smbd/process.c | 7 +- source3/smbd/proto.h | 10 +- source3/smbd/reply.c | 38 +---- source3/smbd/service.c | 114 +++---------- source3/smbd/sesssetup.c | 80 +++------ source3/smbd/smb2_tcon.c | 2 +- source3/smbd/uid.c | 23 +-- source3/utils/status.c | 4 - 18 files changed, 67 insertions(+), 827 deletions(-) delete mode 100644 source3/auth/auth_compat.c (limited to 'source3') diff --git a/source3/Makefile.in b/source3/Makefile.in index d64c5022fa..2b0002bbf0 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -912,7 +912,7 @@ AUTH_OBJ = auth/auth.o @AUTH_STATIC@ auth/auth_util.o auth/token_util.o \ auth/user_info.o \ auth/user_util.o \ auth/user_krb5.o \ - auth/auth_compat.o auth/auth_ntlmssp.o auth/auth_generic.o \ + auth/auth_ntlmssp.o auth/auth_generic.o \ $(PLAINTEXT_AUTH_OBJ) $(SLCACHE_OBJ) $(DCUTIL_OBJ) MANGLE_OBJ = smbd/mangle.o smbd/mangle_hash.o smbd/mangle_hash2.o diff --git a/source3/auth/auth.c b/source3/auth/auth.c index 1c813a429a..0c91065605 100644 --- a/source3/auth/auth.c +++ b/source3/auth/auth.c @@ -523,17 +523,6 @@ NTSTATUS make_auth_context_subsystem(TALLOC_CTX *mem_ctx, talloc_tos(), "guest unix", NULL); } break; - case SEC_SHARE: - if (lp_encrypted_passwords()) { - DEBUG(5,("Making default auth method list for security=share, encrypt passwords = yes\n")); - auth_method_list = str_list_make_v3( - talloc_tos(), "guest sam", NULL); - } else { - DEBUG(5,("Making default auth method list for security=share, encrypt passwords = no\n")); - auth_method_list = str_list_make_v3( - talloc_tos(), "guest unix", NULL); - } - break; case SEC_ADS: DEBUG(5,("Making default auth method list for security=ADS\n")); auth_method_list = str_list_make_v3( diff --git a/source3/auth/auth_compat.c b/source3/auth/auth_compat.c deleted file mode 100644 index e7225a2756..0000000000 --- a/source3/auth/auth_compat.c +++ /dev/null @@ -1,169 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Password and authentication handling - Copyright (C) Andrew Bartlett 2001-2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -#include "includes.h" -#include "auth.h" -#include "../lib/tsocket/tsocket.h" - -extern struct auth_context *negprot_global_auth_context; -extern bool global_encrypted_passwords_negotiated; - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_AUTH - -/**************************************************************************** - COMPATIBILITY INTERFACES: - ***************************************************************************/ - -/**************************************************************************** -check if a username/password is OK assuming the password is in plaintext -return True if the password is correct, False otherwise -****************************************************************************/ - -NTSTATUS check_plaintext_password(const char *smb_name, - const struct tsocket_address *remote_address, - DATA_BLOB plaintext_blob, - struct auth_serversupplied_info **server_info) -{ - struct auth_context *plaintext_auth_context = NULL; - struct auth_usersupplied_info *user_info = NULL; - uint8_t chal[8]; - NTSTATUS nt_status; - - nt_status = make_auth_context_subsystem(talloc_tos(), - &plaintext_auth_context); - if (!NT_STATUS_IS_OK(nt_status)) { - return nt_status; - } - - plaintext_auth_context->get_ntlm_challenge(plaintext_auth_context, - chal); - - if (!make_user_info_for_reply(&user_info, - smb_name, lp_workgroup(), - remote_address, - chal, - plaintext_blob)) { - return NT_STATUS_NO_MEMORY; - } - - nt_status = plaintext_auth_context->check_ntlm_password(plaintext_auth_context, - user_info, server_info); - - TALLOC_FREE(plaintext_auth_context); - free_user_info(&user_info); - return nt_status; -} - -static NTSTATUS pass_check_smb(struct auth_context *actx, - const char *smb_name, - const char *domain, - const struct tsocket_address *remote_address, - DATA_BLOB lm_pwd, - DATA_BLOB nt_pwd) - -{ - NTSTATUS nt_status; - struct auth_serversupplied_info *server_info = NULL; - struct auth_usersupplied_info *user_info = NULL; - if (actx == NULL) { - return NT_STATUS_INTERNAL_ERROR; - } - make_user_info_for_reply_enc(&user_info, smb_name, - domain, - remote_address, - lm_pwd, - nt_pwd); - nt_status = actx->check_ntlm_password(actx, user_info, &server_info); - free_user_info(&user_info); - TALLOC_FREE(server_info); - return nt_status; -} - -/**************************************************************************** -check if a username/password pair is ok via the auth subsystem. -return True if the password is correct, False otherwise -****************************************************************************/ - -bool password_ok(struct auth_context *actx, bool global_encrypted, - const char *session_workgroup, - const char *smb_name, - const struct tsocket_address *remote_address, - DATA_BLOB password_blob) -{ - - DATA_BLOB null_password = data_blob_null; - bool encrypted = (global_encrypted && (password_blob.length == 24 || password_blob.length > 46)); - - if (encrypted) { - /* - * The password could be either NTLM or plain LM. Try NTLM first, - * but fall-through as required. - * Vista sends NTLMv2 here - we need to try the client given workgroup. - */ - if (session_workgroup) { - if (NT_STATUS_IS_OK(pass_check_smb(actx, - smb_name, - session_workgroup, - remote_address, - null_password, - password_blob))) { - return True; - } - if (NT_STATUS_IS_OK(pass_check_smb(actx, - smb_name, - session_workgroup, - remote_address, - password_blob, - null_password))) { - return True; - } - } - - if (NT_STATUS_IS_OK(pass_check_smb(actx, - smb_name, - lp_workgroup(), - remote_address, - null_password, - password_blob))) { - return True; - } - - if (NT_STATUS_IS_OK(pass_check_smb(actx, - smb_name, - lp_workgroup(), - remote_address, - password_blob, - null_password))) { - return True; - } - } else { - struct auth_serversupplied_info *server_info = NULL; - NTSTATUS nt_status = check_plaintext_password(smb_name, - remote_address, - password_blob, - &server_info); - TALLOC_FREE(server_info); - if (NT_STATUS_IS_OK(nt_status)) { - return True; - } - } - - return False; -} diff --git a/source3/auth/proto.h b/source3/auth/proto.h index c68b99af90..04f94ae84b 100644 --- a/source3/auth/proto.h +++ b/source3/auth/proto.h @@ -48,18 +48,6 @@ NTSTATUS make_auth_context_fixed(TALLOC_CTX *mem_ctx, NTSTATUS auth_builtin_init(void); -/* The following definitions come from auth/auth_compat.c */ - -NTSTATUS check_plaintext_password(const char *smb_name, - const struct tsocket_address *remote_address, - DATA_BLOB plaintext_password, - struct auth_serversupplied_info **server_info); -bool password_ok(struct auth_context *actx, bool global_encrypted, - const char *session_workgroup, - const char *smb_name, - const struct tsocket_address *remote_address, - DATA_BLOB password_blob); - /* The following definitions come from auth/auth_domain.c */ void attempt_machine_password_change(void); diff --git a/source3/auth/wscript_build b/source3/auth/wscript_build index 0dba13f7cb..cf0db42431 100644 --- a/source3/auth/wscript_build +++ b/source3/auth/wscript_build @@ -12,7 +12,7 @@ AUTH_NETLOGOND_SRC = 'auth_netlogond.c' AUTH_SRC = '''auth.c user_krb5.c - auth_compat.c auth_ntlmssp.c auth_generic.c''' + auth_ntlmssp.c auth_generic.c''' bld.SAMBA3_SUBSYSTEM('TOKEN_UTIL', source='token_util.c', diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 5a36d3422d..1736ba65fa 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1892,7 +1892,6 @@ static WERROR libnet_join_check_config(TALLOC_CTX *mem_ctx, if (!valid_security) { const char *sec = NULL; switch (lp_security()) { - case SEC_SHARE: sec = "share"; break; case SEC_USER: sec = "user"; break; case SEC_DOMAIN: sec = "domain"; break; case SEC_ADS: sec = "ads"; break; diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 382a273f38..453c8fd875 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -5286,18 +5286,7 @@ FN_GLOBAL_INTEGER(lp_passwordlevel, pwordlevel) FN_GLOBAL_INTEGER(lp_usernamelevel, unamelevel) FN_GLOBAL_INTEGER(lp_deadtime, deadtime) FN_GLOBAL_BOOL(lp_getwd_cache, getwd_cache) -static FN_GLOBAL_INTEGER(_lp_srv_maxprotocol, srv_maxprotocol) -int lp_srv_maxprotocol(void) -{ - int ret = _lp_srv_maxprotocol(); - if ((ret >= PROTOCOL_SMB2_02) && (lp_security() == SEC_SHARE)) { - DEBUG(2,("WARNING!!: \"security = share\" is incompatible " - "with the SMB2 protocol. Resetting to SMB1.\n" )); - lp_do_parameter(-1, "server max protocol", "NT1"); - return PROTOCOL_NT1; - } - return ret; -} +FN_GLOBAL_INTEGER(lp_srv_maxprotocol, srv_maxprotocol) FN_GLOBAL_INTEGER(lp_srv_minprotocol, srv_minprotocol) FN_GLOBAL_INTEGER(lp_security, security) FN_GLOBAL_LIST(lp_auth_methods, AuthMethods) @@ -9050,9 +9039,7 @@ static bool lp_load_ex(const char *pszFname, set_allowed_client_auth(); - if (lp_security() == SEC_SHARE) { - DEBUG(1, ("WARNING: The security=share option is deprecated\n")); - } else if (lp_security() == SEC_SERVER) { + if (lp_security() == SEC_SERVER) { DEBUG(1, ("WARNING: The security=server option is deprecated\n")); } diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h index 0c4b3b71a4..075dc564d9 100644 --- a/source3/smbd/globals.h +++ b/source3/smbd/globals.h @@ -531,10 +531,6 @@ struct smbd_server_connection { int max_send; uint16_t last_session_tag; - /* users from session setup */ - char *session_userlist; - /* workgroup from session setup. */ - char *session_workgroup; /* * this holds info on user ids that are already * validated for this VC diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c index 2f3fd450ca..8a6b509fea 100644 --- a/source3/smbd/negprot.c +++ b/source3/smbd/negprot.c @@ -299,7 +299,6 @@ static void reply_nt1(struct smb_request *req, uint16 choice) supports it and we can do encrypted passwords */ if (sconn->smb1.negprot.encrypted_passwords && - (lp_security() != SEC_SHARE) && lp_use_spnego() && (req->flags2 & FLAGS2_EXTENDED_SECURITY)) { negotiate_spnego = True; diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 9df99ef6b1..27ba3bd01b 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -172,12 +172,6 @@ int register_initial_vuid(struct smbd_server_connection *sconn) { user_struct *vuser; - /* Paranoia check. */ - if(lp_security() == SEC_SHARE) { - smb_panic("register_initial_vuid: " - "Tried to register uid in security=share"); - } - /* Limit allowed vuids to 16bits - VUID_OFFSET. */ if (sconn->smb1.sessions.num_validated_vuids >= 0xFFFF-VUID_OFFSET) { return UID_FIELD_INVALID; @@ -352,394 +346,3 @@ int register_existing_vuid(struct smbd_server_connection *sconn, } return UID_FIELD_INVALID; } - -/**************************************************************************** - Add a name to the session users list. -****************************************************************************/ - -void add_session_user(struct smbd_server_connection *sconn, - const char *user) -{ - struct passwd *pw; - char *tmp; - - pw = Get_Pwnam_alloc(talloc_tos(), user); - - if (pw == NULL) { - return; - } - - if (sconn->smb1.sessions.session_userlist == NULL) { - sconn->smb1.sessions.session_userlist = SMB_STRDUP(pw->pw_name); - goto done; - } - - if (in_list(pw->pw_name,sconn->smb1.sessions.session_userlist,false)) { - goto done; - } - - if (strlen(sconn->smb1.sessions.session_userlist) > 128 * 1024) { - DEBUG(3,("add_session_user: session userlist already " - "too large.\n")); - goto done; - } - - if (asprintf(&tmp, "%s %s", - sconn->smb1.sessions.session_userlist, pw->pw_name) == -1) { - DEBUG(3, ("asprintf failed\n")); - goto done; - } - - SAFE_FREE(sconn->smb1.sessions.session_userlist); - sconn->smb1.sessions.session_userlist = tmp; - done: - TALLOC_FREE(pw); -} - -/**************************************************************************** - In security=share mode we need to store the client workgroup, as that's - what Vista uses for the NTLMv2 calculation. -****************************************************************************/ - -void add_session_workgroup(struct smbd_server_connection *sconn, - const char *workgroup) -{ - if (sconn->smb1.sessions.session_workgroup) { - SAFE_FREE(sconn->smb1.sessions.session_workgroup); - } - sconn->smb1.sessions.session_workgroup = smb_xstrdup(workgroup); -} - -/**************************************************************************** - In security=share mode we need to return the client workgroup, as that's - what Vista uses for the NTLMv2 calculation. -****************************************************************************/ - -const char *get_session_workgroup(struct smbd_server_connection *sconn) -{ - return sconn->smb1.sessions.session_workgroup; -} - -/**************************************************************************** - Check if a username is valid. -****************************************************************************/ - -static bool user_ok(const char *user, int snum) -{ - bool ret; - - ret = True; - - if (lp_invalid_users(snum)) { - char **invalid = str_list_copy(talloc_tos(), - lp_invalid_users(snum)); - if (invalid && - str_list_substitute(invalid, "%S", lp_servicename(snum))) { - - /* This is used in sec=share only, so no current user - * around to pass to str_list_sub_basic() */ - - if ( invalid && str_list_sub_basic(invalid, "", "") ) { - ret = !user_in_list(talloc_tos(), user, - (const char **)invalid); - } - } - TALLOC_FREE(invalid); - } - - if (ret && lp_valid_users(snum)) { - char **valid = str_list_copy(talloc_tos(), - lp_valid_users(snum)); - if ( valid && - str_list_substitute(valid, "%S", lp_servicename(snum)) ) { - - /* This is used in sec=share only, so no current user - * around to pass to str_list_sub_basic() */ - - if ( valid && str_list_sub_basic(valid, "", "") ) { - ret = user_in_list(talloc_tos(), user, - (const char **)valid); - } - } - TALLOC_FREE(valid); - } - - if (ret && lp_onlyuser(snum)) { - char **user_list = str_list_make_v3( - talloc_tos(), lp_username(snum), NULL); - if (user_list && - str_list_substitute(user_list, "%S", - lp_servicename(snum))) { - ret = user_in_list(talloc_tos(), user, - (const char **)user_list); - } - TALLOC_FREE(user_list); - } - - return(ret); -} - -/**************************************************************************** - Validate a group username entry. Return the username or NULL. -****************************************************************************/ - -static char *validate_group(struct smbd_server_connection *sconn, - char *group, DATA_BLOB password,int snum) -{ -#ifdef HAVE_NETGROUP - { - char *host, *user, *domain; - struct auth_context *actx = sconn->smb1.negprot.auth_context; - bool enc = sconn->smb1.negprot.encrypted_passwords; - setnetgrent(group); - while (getnetgrent(&host, &user, &domain)) { - if (user) { - if (user_ok(user, snum) && - password_ok(actx, enc, - get_session_workgroup(sconn), - user, - sconn->remote_address, - password)) { - endnetgrent(); - return(user); - } - } - } - endnetgrent(); - } -#endif - -#ifdef HAVE_GETGRENT - { - struct group *gptr; - struct auth_context *actx = sconn->smb1.negprot.auth_context; - bool enc = sconn->smb1.negprot.encrypted_passwords; - - setgrent(); - while ((gptr = (struct group *)getgrent())) { - if (strequal(gptr->gr_name,group)) - break; - } - - /* - * As user_ok can recurse doing a getgrent(), we must - * copy the member list onto the heap before - * use. Bug pointed out by leon@eatworms.swmed.edu. - */ - - if (gptr) { - char *member_list = NULL; - size_t list_len = 0; - char *member; - int i; - - for(i = 0; gptr->gr_mem && gptr->gr_mem[i]; i++) { - list_len += strlen(gptr->gr_mem[i])+1; - } - list_len++; - - member_list = (char *)SMB_MALLOC(list_len); - if (!member_list) { - endgrent(); - return NULL; - } - - *member_list = '\0'; - member = member_list; - - for(i = 0; gptr->gr_mem && gptr->gr_mem[i]; i++) { - size_t member_len = strlen(gptr->gr_mem[i])+1; - - DEBUG(10,("validate_group: = gr_mem = " - "%s\n", gptr->gr_mem[i])); - - strlcpy(member, gptr->gr_mem[i], - list_len - (member-member_list)); - member += member_len; - } - - endgrent(); - - member = member_list; - while (*member) { - if (user_ok(member,snum) && - password_ok(actx, enc, - get_session_workgroup(sconn), - member, - sconn->remote_address, - password)) { - char *name = talloc_strdup(talloc_tos(), - member); - SAFE_FREE(member_list); - return name; - } - - DEBUG(10,("validate_group = member = %s\n", - member)); - - member += strlen(member) + 1; - } - - SAFE_FREE(member_list); - } else { - endgrent(); - return NULL; - } - } -#endif - return(NULL); -} - -/**************************************************************************** - Check for authority to login to a service with a given username/password. - Note this is *NOT* used when logging on using sessionsetup_and_X. -****************************************************************************/ - -bool authorise_login(struct smbd_server_connection *sconn, - int snum, fstring user, DATA_BLOB password, - bool *guest) -{ - bool ok = False; - struct auth_context *actx = sconn->smb1.negprot.auth_context; - bool enc = sconn->smb1.negprot.encrypted_passwords; - -#ifdef DEBUG_PASSWORD - DEBUG(100,("authorise_login: checking authorisation on " - "user=%s pass=%s\n", user,password.data)); -#endif - - *guest = False; - - /* there are several possibilities: - 1) login as the given user with given password - 2) login as a previously registered username with the given - password - 3) login as a session list username with the given password - 4) login as a previously validated user/password pair - 5) login as the "user =" user with given password - 6) login as the "user =" user with no password - (guest connection) - 7) login as guest user with no password - - if the service is guest_only then steps 1 to 5 are skipped - */ - - /* now check the list of session users */ - if (!ok) { - char *auser; - char *user_list = NULL; - char *saveptr; - - if (sconn->smb1.sessions.session_userlist) - user_list = SMB_STRDUP(sconn->smb1.sessions.session_userlist); - else - user_list = SMB_STRDUP(""); - - if (!user_list) - return(False); - - for (auser = strtok_r(user_list, LIST_SEP, &saveptr); - !ok && auser; - auser = strtok_r(NULL, LIST_SEP, &saveptr)) { - fstring user2; - fstrcpy(user2,auser); - if (!user_ok(user2,snum)) - continue; - - if (password_ok(actx, enc, - get_session_workgroup(sconn), - user2, - sconn->remote_address, - password)) { - ok = True; - strlcpy(user,user2,sizeof(fstring)); - DEBUG(3,("authorise_login: ACCEPTED: session " - "list username (%s) and given " - "password ok\n", user)); - } - } - - SAFE_FREE(user_list); - } - - /* check the user= fields and the given password */ - if (!ok && lp_username(snum)) { - TALLOC_CTX *ctx = talloc_tos(); - char *auser; - char *user_list = talloc_strdup(ctx, lp_username(snum)); - char *saveptr; - - if (!user_list) { - goto check_guest; - } - - user_list = talloc_string_sub(ctx, - user_list, - "%S", - lp_servicename(snum)); - - if (!user_list) { - goto check_guest; - } - - for (auser = strtok_r(user_list, LIST_SEP, &saveptr); - auser && !ok; - auser = strtok_r(NULL, LIST_SEP, &saveptr)) { - if (*auser == '@') { - auser = validate_group(sconn,auser+1, - password,snum); - if (auser) { - ok = True; - fstrcpy(user,auser); - DEBUG(3,("authorise_login: ACCEPTED: " - "group username and given " - "password ok (%s)\n", user)); - } - } else { - fstring user2; - fstrcpy(user2,auser); - if (user_ok(user2,snum) && - password_ok(actx, enc, - get_session_workgroup(sconn), - user2, - sconn->remote_address, - password)) { - ok = True; - strlcpy(user,user2,sizeof(fstring)); - DEBUG(3,("authorise_login: ACCEPTED: " - "user list username and " - "given password ok (%s)\n", - user)); - } - } - } - } - - check_guest: - - /* check for a normal guest connection */ - if (!ok && GUEST_OK(snum)) { - struct passwd *guest_pw; - fstring guestname; - fstrcpy(guestname,lp_guestaccount()); - guest_pw = Get_Pwnam_alloc(talloc_tos(), guestname); - if (guest_pw != NULL) { - strlcpy(user,guestname,sizeof(fstring)); - ok = True; - DEBUG(3,("authorise_login: ACCEPTED: guest account " - "and guest ok (%s)\n", user)); - } else { - DEBUG(0,("authorise_login: Invalid guest account " - "%s??\n",guestname)); - } - TALLOC_FREE(guest_pw); - *guest = True; - } - - if (ok && !user_ok(user, snum)) { - DEBUG(0,("authorise_login: rejected invalid user %s\n",user)); - ok = False; - } - - return(ok); -} diff --git a/source3/smbd/process.c b/source3/smbd/process.c index 6ffc06700f..6c927554f1 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -1364,8 +1364,7 @@ static connection_struct *switch_message(uint8 type, struct smb_request *req, in flags = smb_messages[type].flags; /* In share mode security we must ignore the vuid. */ - session_tag = (lp_security() == SEC_SHARE) - ? UID_FIELD_INVALID : req->vuid; + session_tag = req->vuid; conn = req->conn; DEBUG(3,("switch message %s (pid %d) conn 0x%lx\n", smb_fn_name(type), @@ -3257,10 +3256,6 @@ void smbd_process(struct tevent_context *ev_ctx, sconn->smb1.sessions.done_sesssetup = false; sconn->smb1.sessions.max_send = BUFFER_SIZE; sconn->smb1.sessions.last_session_tag = UID_FIELD_INVALID; - /* users from session setup */ - sconn->smb1.sessions.session_userlist = NULL; - /* workgroup from session setup. */ - sconn->smb1.sessions.session_workgroup = NULL; /* this holds info on user ids that are already validated for this VC */ sconn->smb1.sessions.validated_users = NULL; sconn->smb1.sessions.next_vuid = VUID_OFFSET; diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h index 599180084e..7321ca698f 100644 --- a/source3/smbd/proto.h +++ b/source3/smbd/proto.h @@ -707,13 +707,6 @@ int register_existing_vuid(struct smbd_server_connection *sconn, uint16 vuid, struct auth_session_info *session_info, DATA_BLOB response_blob); -void add_session_user(struct smbd_server_connection *sconn, const char *user); -void add_session_workgroup(struct smbd_server_connection *sconn, - const char *workgroup); -const char *get_session_workgroup(struct smbd_server_connection *sconn); -bool authorise_login(struct smbd_server_connection *sconn, - int snum, fstring user, DATA_BLOB password, - bool *guest); /* The following definitions come from smbd/pipes.c */ @@ -986,11 +979,10 @@ struct smbd_smb2_tcon; connection_struct *make_connection_smb2(struct smbd_server_connection *sconn, struct smbd_smb2_tcon *tcon, user_struct *vuser, - DATA_BLOB password, const char *pdev, NTSTATUS *pstatus); connection_struct *make_connection(struct smbd_server_connection *sconn, - const char *service_in, DATA_BLOB password, + const char *service_in, const char *pdev, uint16 vuid, NTSTATUS *status); void close_cnum(connection_struct *conn, uint16 vuid); diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 0ab764c2d4..26a928f1b4 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -599,13 +599,6 @@ void reply_special(struct smbd_server_connection *sconn, char *inbuf, size_t inb break; } - /* only add the client's machine name to the list - of possibly valid usernames if we are operating - in share mode security */ - if (lp_security() == SEC_SHARE) { - add_session_user(sconn, get_remote_machine_name()); - } - reload_services(sconn, conn_snum_used, true); reopen_logs(); @@ -656,7 +649,6 @@ void reply_tcon(struct smb_request *req) int pwlen=0; NTSTATUS nt_status; const char *p; - DATA_BLOB password_blob; TALLOC_CTX *ctx = talloc_tos(); struct smbd_server_connection *sconn = req->sconn; @@ -688,14 +680,10 @@ void reply_tcon(struct smb_request *req) service = service_buf; } - password_blob = data_blob(password, pwlen+1); - - conn = make_connection(sconn,service,password_blob,dev, + conn = make_connection(sconn,service,dev, req->vuid,&nt_status); req->conn = conn; - data_blob_clear_free(&password_blob); - if (!conn) { reply_nterror(req, nt_status); END_PROFILE(SMBtcon); @@ -723,7 +711,6 @@ void reply_tcon_and_X(struct smb_request *req) { connection_struct *conn = req->conn; const char *service = NULL; - DATA_BLOB password; TALLOC_CTX *ctx = talloc_tos(); /* what the cleint thinks the device is */ char *client_devicetype = NULL; @@ -761,27 +748,14 @@ void reply_tcon_and_X(struct smb_request *req) } if (sconn->smb1.negprot.encrypted_passwords) { - password = data_blob_talloc(talloc_tos(), req->buf, passlen); - if (lp_security() == SEC_SHARE) { - /* - * Security = share always has a pad byte - * after the password. - */ - p = (const char *)req->buf + passlen + 1; - } else { - p = (const char *)req->buf + passlen; - } + p = (const char *)req->buf + passlen; } else { - password = data_blob_talloc(talloc_tos(), req->buf, passlen+1); - /* Ensure correct termination */ - password.data[passlen]=0; p = (const char *)req->buf + passlen + 1; } p += srvstr_pull_req_talloc(ctx, req, &path, p, STR_TERMINATE); if (path == NULL) { - data_blob_clear_free(&password); reply_nterror(req, NT_STATUS_INVALID_PARAMETER); END_PROFILE(SMBtconX); return; @@ -794,7 +768,6 @@ void reply_tcon_and_X(struct smb_request *req) if (*path=='\\') { q = strchr_m(path+2,'\\'); if (!q) { - data_blob_clear_free(&password); reply_nterror(req, NT_STATUS_BAD_NETWORK_NAME); END_PROFILE(SMBtconX); return; @@ -809,7 +782,6 @@ void reply_tcon_and_X(struct smb_request *req) MIN(6, smbreq_bufrem(req, p)), STR_ASCII); if (client_devicetype == NULL) { - data_blob_clear_free(&password); reply_nterror(req, NT_STATUS_INVALID_PARAMETER); END_PROFILE(SMBtconX); return; @@ -817,12 +789,10 @@ void reply_tcon_and_X(struct smb_request *req) DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service)); - conn = make_connection(sconn, service, password, client_devicetype, + conn = make_connection(sconn, service, client_devicetype, req->vuid, &nt_status); req->conn =conn; - data_blob_clear_free(&password); - if (!conn) { reply_nterror(req, nt_status); END_PROFILE(SMBtconX); @@ -2117,7 +2087,7 @@ void reply_ulogoffX(struct smb_request *req) /* in user level security we are supposed to close any files open by this user */ - if ((vuser != NULL) && (lp_security() != SEC_SHARE)) { + if (vuser != NULL) { file_close_user(sconn, req->vuid); } diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 8436fbee91..c53323381e 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -381,7 +381,6 @@ static NTSTATUS find_forced_group(bool force_user, static NTSTATUS create_connection_session_info(struct smbd_server_connection *sconn, TALLOC_CTX *mem_ctx, int snum, struct auth_session_info *session_info, - DATA_BLOB password, struct auth_session_info **presult) { if (lp_guest_only(snum)) { @@ -425,29 +424,7 @@ static NTSTATUS create_connection_session_info(struct smbd_server_connection *sc return NT_STATUS_OK; } - if (lp_security() == SEC_SHARE) { - - fstring user; - bool guest; - - /* add the sharename as a possible user name if we - are in share mode security */ - - add_session_user(sconn, lp_servicename(snum)); - - /* shall we let them in? */ - - if (!authorise_login(sconn, snum,user,password,&guest)) { - DEBUG( 2, ( "Invalid username/password for [%s]\n", - lp_servicename(snum)) ); - return NT_STATUS_WRONG_PASSWORD; - } - - return make_session_info_from_username(mem_ctx, user, guest, - presult); - } - - DEBUG(0, ("invalid VUID (vuser) but not in security=share\n")); + DEBUG(0, ("invalid VUID (vuser)\n")); return NT_STATUS_ACCESS_DENIED; } @@ -557,7 +534,6 @@ static void create_share_access_mask(connection_struct *conn, int snum) static NTSTATUS make_connection_snum(struct smbd_server_connection *sconn, connection_struct *conn, int snum, user_struct *vuser, - DATA_BLOB password, const char *pdev) { struct smb_filename *smb_fname_cpath = NULL; @@ -582,7 +558,7 @@ static NTSTATUS make_connection_snum(struct smbd_server_connection *sconn, conn->params->service = snum; status = create_connection_session_info(sconn, - conn, snum, vuser ? vuser->session_info : NULL, password, + conn, snum, vuser ? vuser->session_info : NULL, &conn->session_info); if (!NT_STATUS_IS_OK(status)) { @@ -591,12 +567,10 @@ static NTSTATUS make_connection_snum(struct smbd_server_connection *sconn, goto err_root_exit; } - if ((lp_guest_only(snum)) || (lp_security() == SEC_SHARE)) { + if (lp_guest_only(snum)) { conn->force_user = true; } - add_session_user(sconn, conn->session_info->unix_info->unix_name); - conn->num_files_open = 0; conn->lastused = conn->lastused_count = time(NULL); conn->used = True; @@ -630,7 +604,7 @@ static NTSTATUS make_connection_snum(struct smbd_server_connection *sconn, goto err_root_exit; } - conn->vuid = (vuser != NULL) ? vuser->vuid : UID_FIELD_INVALID; + conn->vuid = vuser->vuid; { char *s = talloc_sub_advanced(talloc_tos(), @@ -930,7 +904,6 @@ static NTSTATUS make_connection_snum(struct smbd_server_connection *sconn, static connection_struct *make_connection_smb1(struct smbd_server_connection *sconn, int snum, user_struct *vuser, - DATA_BLOB password, const char *pdev, NTSTATUS *pstatus) { @@ -944,7 +917,6 @@ static connection_struct *make_connection_smb1(struct smbd_server_connection *sc conn, snum, vuser, - password, pdev); if (!NT_STATUS_IS_OK(*pstatus)) { conn_free(conn); @@ -961,7 +933,6 @@ static connection_struct *make_connection_smb1(struct smbd_server_connection *sc connection_struct *make_connection_smb2(struct smbd_server_connection *sconn, struct smbd_smb2_tcon *tcon, user_struct *vuser, - DATA_BLOB password, const char *pdev, NTSTATUS *pstatus) { @@ -976,7 +947,6 @@ connection_struct *make_connection_smb2(struct smbd_server_connection *sconn, conn, tcon->snum, vuser, - password, pdev); if (!NT_STATUS_IS_OK(*pstatus)) { conn_free(conn); @@ -992,7 +962,7 @@ connection_struct *make_connection_smb2(struct smbd_server_connection *sconn, ****************************************************************************/ connection_struct *make_connection(struct smbd_server_connection *sconn, - const char *service_in, DATA_BLOB password, + const char *service_in, const char *pdev, uint16 vuid, NTSTATUS *status) { @@ -1017,14 +987,12 @@ connection_struct *make_connection(struct smbd_server_connection *sconn, return NULL; } - if(lp_security() != SEC_SHARE) { - vuser = get_valid_user_struct(sconn, vuid); - if (!vuser) { - DEBUG(1,("make_connection: refusing to connect with " - "no session setup\n")); - *status = NT_STATUS_ACCESS_DENIED; - return NULL; - } + vuser = get_valid_user_struct(sconn, vuid); + if (!vuser) { + DEBUG(1,("make_connection: refusing to connect with " + "no session setup\n")); + *status = NT_STATUS_ACCESS_DENIED; + return NULL; } /* Logic to try and connect to the correct [homes] share, preferably @@ -1037,57 +1005,28 @@ connection_struct *make_connection(struct smbd_server_connection *sconn, */ if (strequal(service_in,HOMES_NAME)) { - if(lp_security() != SEC_SHARE) { - DATA_BLOB no_pw = data_blob_null; - if (vuser->homes_snum == -1) { - DEBUG(2, ("[homes] share not available for " - "this user because it was not found " - "or created at session setup " - "time\n")); - *status = NT_STATUS_BAD_NETWORK_NAME; - return NULL; - } - DEBUG(5, ("making a connection to [homes] service " - "created at session setup time\n")); - return make_connection_smb1(sconn, - vuser->homes_snum, - vuser, no_pw, - dev, status); - } else { - /* Security = share. Try with - * current_user_info.smb_name as the username. */ - if (*current_user_info.smb_name) { - char *unix_username = NULL; - (void)map_username(talloc_tos(), - current_user_info.smb_name, - &unix_username); - snum = find_service(talloc_tos(), - unix_username, - &unix_username); - if (!unix_username) { - *status = NT_STATUS_NO_MEMORY; - } - return NULL; - } - if (snum != -1) { - DEBUG(5, ("making a connection to 'homes' " - "service %s based on " - "security=share\n", service_in)); - return make_connection_smb1(sconn, - snum, NULL, - password, - dev, status); - } + if (vuser->homes_snum == -1) { + DEBUG(2, ("[homes] share not available for " + "this user because it was not found " + "or created at session setup " + "time\n")); + *status = NT_STATUS_BAD_NETWORK_NAME; + return NULL; } - } else if ((lp_security() != SEC_SHARE) && (vuser->homes_snum != -1) + DEBUG(5, ("making a connection to [homes] service " + "created at session setup time\n")); + return make_connection_smb1(sconn, + vuser->homes_snum, + vuser, + dev, status); + } else if ((vuser->homes_snum != -1) && strequal(service_in, lp_servicename(vuser->homes_snum))) { - DATA_BLOB no_pw = data_blob_null; DEBUG(5, ("making a connection to 'homes' service [%s] " "created at session setup time\n", service_in)); return make_connection_smb1(sconn, vuser->homes_snum, - vuser, no_pw, + vuser, dev, status); } @@ -1134,7 +1073,6 @@ connection_struct *make_connection(struct smbd_server_connection *sconn, DEBUG(5, ("making a connection to 'normal' service %s\n", service)); return make_connection_smb1(sconn, snum, vuser, - password, dev, status); } diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 987b626d6b..da306b97bc 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -561,11 +561,7 @@ void reply_sesssetup_and_X(struct smb_request *req) if (doencrypt) { lm_resp = data_blob(p, passlen1); nt_resp = data_blob(p+passlen1, passlen2); - } else if (lp_security() != SEC_SHARE) { - /* - * In share level we should ignore any passwords, so - * only read them if we're not. - */ + } else { char *pass = NULL; bool unic= smb_flag2 & FLAGS2_UNICODE_STRINGS; @@ -673,27 +669,6 @@ void reply_sesssetup_and_X(struct smb_request *req) reload_services(sconn, conn_snum_used, true); - if (lp_security() == SEC_SHARE) { - char *sub_user_mapped = NULL; - /* In share level we should ignore any passwords */ - - data_blob_free(&lm_resp); - data_blob_free(&nt_resp); - data_blob_clear_free(&plaintext_password); - - (void)map_username(talloc_tos(), sub_user, &sub_user_mapped); - if (!sub_user_mapped) { - reply_nterror(req, NT_STATUS_NO_MEMORY); - END_PROFILE(SMBsesssetupX); - return; - } - fstrcpy(sub_user, sub_user_mapped); - add_session_user(sconn, sub_user); - add_session_workgroup(sconn, domain); - /* Then force it to null for the benfit of the code below */ - user = ""; - } - if (!*user) { nt_status = check_guest_password(sconn->remote_address, &server_info); @@ -796,36 +771,31 @@ void reply_sesssetup_and_X(struct smb_request *req) /* register the name and uid as being validated, so further connections to a uid can get through without a password, on the same VC */ - if (lp_security() == SEC_SHARE) { - sess_vuid = UID_FIELD_INVALID; - TALLOC_FREE(session_info); - } else { - /* Ignore the initial vuid. */ - sess_vuid = register_initial_vuid(sconn); - if (sess_vuid == UID_FIELD_INVALID) { - data_blob_free(&nt_resp); - data_blob_free(&lm_resp); - reply_nterror(req, nt_status_squash( - NT_STATUS_LOGON_FAILURE)); - END_PROFILE(SMBsesssetupX); - return; - } - /* register_existing_vuid keeps the session_info */ - sess_vuid = register_existing_vuid(sconn, sess_vuid, - session_info, - nt_resp.data ? nt_resp : lm_resp); - if (sess_vuid == UID_FIELD_INVALID) { - data_blob_free(&nt_resp); - data_blob_free(&lm_resp); - reply_nterror(req, nt_status_squash( - NT_STATUS_LOGON_FAILURE)); - END_PROFILE(SMBsesssetupX); - return; - } - - /* current_user_info is changed on new vuid */ - reload_services(sconn, conn_snum_used, true); + /* Ignore the initial vuid. */ + sess_vuid = register_initial_vuid(sconn); + if (sess_vuid == UID_FIELD_INVALID) { + data_blob_free(&nt_resp); + data_blob_free(&lm_resp); + reply_nterror(req, nt_status_squash( + NT_STATUS_LOGON_FAILURE)); + END_PROFILE(SMBsesssetupX); + return; } + /* register_existing_vuid keeps the session_info */ + sess_vuid = register_existing_vuid(sconn, sess_vuid, + session_info, + nt_resp.data ? nt_resp : lm_resp); + if (sess_vuid == UID_FIELD_INVALID) { + data_blob_free(&nt_resp); + data_blob_free(&lm_resp); + reply_nterror(req, nt_status_squash( + NT_STATUS_LOGON_FAILURE)); + END_PROFILE(SMBsesssetupX); + return; + } + + /* current_user_info is changed on new vuid */ + reload_services(sconn, conn_snum_used, true); data_blob_free(&nt_resp); data_blob_free(&lm_resp); diff --git a/source3/smbd/smb2_tcon.c b/source3/smbd/smb2_tcon.c index b7e5ce0877..56c42889b6 100644 --- a/source3/smbd/smb2_tcon.c +++ b/source3/smbd/smb2_tcon.c @@ -232,7 +232,7 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req, compat_conn = make_connection_smb2(req->sconn, tcon, req->session->compat_vuser, - data_blob_null, "???", + "???", &status); if (compat_conn == NULL) { TALLOC_FREE(tcon); diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c index 3847d393d7..84cb61cd14 100644 --- a/source3/smbd/uid.c +++ b/source3/smbd/uid.c @@ -288,19 +288,7 @@ bool change_to_user(connection_struct *conn, uint16_t vuid) vuser = get_valid_user_struct(conn->sconn, vuid); - /* - * We need a separate check in security=share mode due to vuid - * always being UID_FIELD_INVALID. If we don't do this then - * in share mode security we are *always* changing uid's between - * SMB's - this hurts performance - Badly. - */ - - if((lp_security() == SEC_SHARE) && (current_user.conn == conn) && - (current_user.ut.uid == conn->session_info->unix_token->uid)) { - DEBUG(4,("Skipping user change - already " - "user\n")); - return(True); - } else if ((current_user.conn == conn) && + if ((current_user.conn == conn) && (vuser != NULL) && (current_user.vuid == vuid) && (current_user.ut.uid == vuser->session_info->unix_token->uid)) { DEBUG(4,("Skipping user change - already " @@ -308,16 +296,15 @@ bool change_to_user(connection_struct *conn, uint16_t vuid) return(True); } - session_info = vuser ? vuser->session_info : conn->session_info; - - if (session_info == NULL) { - /* Invalid vuid sent - even with security = share. */ + if (vuser == NULL) { + /* Invalid vuid sent */ DEBUG(2,("Invalid vuid %d used on " "share %s.\n", vuid, lp_servicename(snum) )); return false; } - /* security = share sets force_user. */ + session_info = vuser->session_info; + if (!conn->force_user && vuser == NULL) { DEBUG(2,("Invalid vuid used %d in accessing " "share %s.\n", vuid, lp_servicename(snum) )); diff --git a/source3/utils/status.c b/source3/utils/status.c index 8f8f3945cb..0755f9fdf2 100644 --- a/source3/utils/status.c +++ b/source3/utils/status.c @@ -418,10 +418,6 @@ static int traverse_sessionid(const char *key, struct sessionid *session, d_printf("\nSamba version %s\n",samba_version_string()); d_printf("PID Username Group Machine \n"); d_printf("-------------------------------------------------------------------\n"); - if (lp_security() == SEC_SHARE) { - d_printf(" \n"); - } sessionid_traverse_read(traverse_sessionid, NULL); -- cgit