diff options
Diffstat (limited to 'source/rpc_server/srv_pipe.c')
-rw-r--r-- | source/rpc_server/srv_pipe.c | 176 |
1 files changed, 94 insertions, 82 deletions
diff --git a/source/rpc_server/srv_pipe.c b/source/rpc_server/srv_pipe.c index 1947d5514e5..1ad57a9b016 100644 --- a/source/rpc_server/srv_pipe.c +++ b/source/rpc_server/srv_pipe.c @@ -1,5 +1,6 @@ /* - * Unix SMB/CIFS implementation. + * Unix SMB/Netbios implementation. + * Version 1.9. * RPC Pipe client / server routines * Copyright (C) Andrew Tridgell 1992-1998 * Copyright (C) Luke Kenneth Casson Leighton 1996-1998, @@ -39,9 +40,6 @@ #include "includes.h" -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_RPC_SRV - static void NTLMSSPcalc_p( pipes_struct *p, unsigned char *data, int len) { unsigned char *hash = p->ntlmssp_hash; @@ -263,19 +261,16 @@ BOOL create_next_pdu(pipes_struct *p) static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlmssp_resp) { uchar lm_owf[24]; - uchar nt_owf[128]; - int nt_pw_len; - int lm_pw_len; + uchar nt_owf[24]; fstring user_name; + fstring pipe_user_name; fstring domain; fstring wks; - - NTSTATUS nt_status; - - struct auth_context *auth_context = NULL; - auth_usersupplied_info *user_info = NULL; - auth_serversupplied_info *server_info = NULL; - + BOOL guest_user = False; + SAM_ACCOUNT *sampass = NULL; + uchar null_smb_passwd[16]; + uchar *smb_passwd_ptr = NULL; + DEBUG(5,("api_pipe_ntlmssp_verify: checking user details\n")); memset(p->user_name, '\0', sizeof(p->user_name)); @@ -286,38 +281,37 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlm /* Set up for non-authenticated user. */ delete_nt_token(&p->pipe_user.nt_user_token); p->pipe_user.ngroups = 0; - SAFE_FREE( p->pipe_user.groups); + safe_free( p->pipe_user.groups); /* * Setup an empty password for a guest user. */ + memset(null_smb_passwd,0,16); + /* * We always negotiate UNICODE. */ if (p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_UNICODE) { - rpcstr_pull(user_name, ntlmssp_resp->user, sizeof(fstring), ntlmssp_resp->hdr_usr.str_str_len*2, 0 ); - rpcstr_pull(domain, ntlmssp_resp->domain, sizeof(fstring), ntlmssp_resp->hdr_domain.str_str_len*2, 0); - rpcstr_pull(wks, ntlmssp_resp->wks, sizeof(fstring), ntlmssp_resp->hdr_wks.str_str_len*2, 0); + fstrcpy(user_name, dos_unistrn2((uint16*)ntlmssp_resp->user, ntlmssp_resp->hdr_usr.str_str_len/2)); + fstrcpy(domain, dos_unistrn2((uint16*)ntlmssp_resp->domain, ntlmssp_resp->hdr_domain.str_str_len/2)); + fstrcpy(wks, dos_unistrn2((uint16*)ntlmssp_resp->wks, ntlmssp_resp->hdr_wks.str_str_len/2)); } else { - pull_ascii_fstring(user_name, ntlmssp_resp->user); - pull_ascii_fstring(domain, ntlmssp_resp->domain); - pull_ascii_fstring(wks, ntlmssp_resp->wks); + fstrcpy(user_name, ntlmssp_resp->user); + fstrcpy(domain, ntlmssp_resp->domain); + fstrcpy(wks, ntlmssp_resp->wks); } DEBUG(5,("user: %s domain: %s wks: %s\n", user_name, domain, wks)); - nt_pw_len = MIN(sizeof(nt_owf), ntlmssp_resp->hdr_nt_resp.str_str_len); - lm_pw_len = MIN(sizeof(lm_owf), ntlmssp_resp->hdr_lm_resp.str_str_len); - memcpy(lm_owf, ntlmssp_resp->lm_resp, sizeof(lm_owf)); - memcpy(nt_owf, ntlmssp_resp->nt_resp, nt_pw_len); + memcpy(nt_owf, ntlmssp_resp->nt_resp, sizeof(nt_owf)); #ifdef DEBUG_PASSWORD DEBUG(100,("lm, nt owfs, chal\n")); dump_data(100, (char *)lm_owf, sizeof(lm_owf)); - dump_data(100, (char *)nt_owf, nt_pw_len); + dump_data(100, (char *)nt_owf, sizeof(nt_owf)); dump_data(100, (char *)p->challenge, 8); #endif @@ -325,7 +319,25 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlm * Allow guest access. Patch from Shirish Kalele <kalele@veritas.com>. */ - if (*user_name) { + if((strlen(user_name) == 0) && + (ntlmssp_resp->hdr_nt_resp.str_str_len==0)) + { + guest_user = True; + + fstrcpy(pipe_user_name, lp_guestaccount(-1)); + DEBUG(100,("Null user in NTLMSSP verification. Using guest = %s\n", pipe_user_name)); + + smb_passwd_ptr = null_smb_passwd; + + } else { + + /* + * Pass the user through the NT -> unix user mapping + * function. + */ + + fstrcpy(pipe_user_name, user_name); + (void)map_username(pipe_user_name); /* * Do the length checking only if user is not NULL. @@ -343,29 +355,45 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlm return False; } - - make_auth_context_fixed(&auth_context, (uchar*)p->challenge); - if (!make_user_info_netlogon_network(&user_info, - user_name, domain, wks, - lm_owf, lm_pw_len, - nt_owf, nt_pw_len)) { - DEBUG(0,("make_user_info_netlogon_network failed! Failing authenticaion.\n")); - return False; - } - - nt_status = auth_context->check_ntlm_password(auth_context, user_info, &server_info); - - (auth_context->free)(&auth_context); - free_user_info(&user_info); - - p->ntlmssp_auth_validated = NT_STATUS_IS_OK(nt_status); - - if (!p->ntlmssp_auth_validated) { - DEBUG(1,("api_pipe_ntlmssp_verify: User [%s]\\[%s] from machine %s \ -failed authentication on named pipe %s.\n", domain, user_name, wks, p->name )); - free_server_info(&server_info); - return False; + if(!guest_user) { + + become_root(); + + if(!(p->ntlmssp_auth_validated = pass_check_smb(pipe_user_name, domain, + (uchar*)p->challenge, lm_owf, nt_owf, NULL))) { + DEBUG(1,("api_pipe_ntlmssp_verify: User %s\\%s from machine %s \ +failed authentication on named pipe %s.\n", domain, pipe_user_name, wks, p->name )); + unbecome_root(); + return False; + } + + pdb_init_sam(&sampass); + + if(!pdb_getsampwnam(sampass, pipe_user_name)) { + DEBUG(1,("api_pipe_ntlmssp_verify: Cannot find user %s in smb passwd database.\n", + pipe_user_name)); + pdb_free_sam(sampass); + unbecome_root(); + return False; + } + + unbecome_root(); + + /* Quit if the account was disabled. */ + if((pdb_get_acct_ctrl(sampass) & ACB_DISABLED) || !pdb_get_lanman_passwd(sampass)) { + DEBUG(1,("Account for user '%s' was disabled.\n", pipe_user_name)); + pdb_free_sam(sampass); + return False; + } + + if(!pdb_get_nt_passwd(sampass)) { + DEBUG(1,("Account for user '%s' has no NT password hash.\n", pipe_user_name)); + pdb_free_sam(sampass); + return False; + } + + smb_passwd_ptr = pdb_get_lanman_passwd(sampass); } /* @@ -374,7 +402,7 @@ failed authentication on named pipe %s.\n", domain, user_name, wks, p->name )); { uchar p24[24]; - NTLMSSPOWFencrypt(server_info->first_8_lm_hash, lm_owf, p24); + NTLMSSPOWFencrypt(smb_passwd_ptr, lm_owf, p24); { unsigned char j = 0; int ind; @@ -408,7 +436,7 @@ failed authentication on named pipe %s.\n", domain, user_name, wks, p->name )); } fstrcpy(p->user_name, user_name); - fstrcpy(p->pipe_user_name, pdb_get_username(server_info->sam_account)); + fstrcpy(p->pipe_user_name, pipe_user_name); fstrcpy(p->domain, domain); fstrcpy(p->wks, wks); @@ -416,38 +444,20 @@ failed authentication on named pipe %s.\n", domain, user_name, wks, p->name )); * Store the UNIX credential data (uid/gid pair) in the pipe structure. */ - if (!IS_SAM_UNIX_USER(server_info->sam_account)) { - DEBUG(0,("Attempted authenticated pipe with invalid user. No uid/gid in SAM_ACCOUNT\n")); - free_server_info(&server_info); - return False; - } - - memcpy(p->session_key, server_info->session_key, sizeof(p->session_key)); + p->pipe_user.uid = pdb_get_uid(sampass); + p->pipe_user.gid = pdb_get_gid(sampass); - p->pipe_user.uid = pdb_get_uid(server_info->sam_account); - p->pipe_user.gid = pdb_get_gid(server_info->sam_account); - - p->pipe_user.ngroups = server_info->n_groups; - if (p->pipe_user.ngroups) { - if (!(p->pipe_user.groups = memdup(server_info->groups, sizeof(gid_t) * p->pipe_user.ngroups))) { - DEBUG(0,("failed to memdup group list to p->pipe_user.groups\n")); - free_server_info(&server_info); - return False; - } - } + /* Set up pipe user group membership. */ + initialise_groups(pipe_user_name, p->pipe_user.uid, p->pipe_user.gid); + get_current_groups( p->pipe_user.gid, &p->pipe_user.ngroups, &p->pipe_user.groups); - if (server_info->ptok) - p->pipe_user.nt_user_token = dup_nt_token(server_info->ptok); - else { - DEBUG(1,("Error: Authmodule failed to provide nt_user_token\n")); - p->pipe_user.nt_user_token = NULL; - free_server_info(&server_info); - return False; - } + /* Create an NT_USER_TOKEN struct for this user. */ + p->pipe_user.nt_user_token = create_nt_token(p->pipe_user.uid,p->pipe_user.gid, + p->pipe_user.ngroups, p->pipe_user.groups, + guest_user, NULL); p->ntlmssp_auth_validated = True; - - free_server_info(&server_info); + pdb_free_sam(sampass); return True; } @@ -471,7 +481,9 @@ static struct api_cmd api_fd_commands[] = { "NETLOGON", "lsass", api_netlog_rpc }, { "winreg", "winreg", api_reg_rpc }, { "spoolss", "spoolss", api_spoolss_rpc }, +#ifdef WITH_MSDFS { "netdfs", "netdfs" , api_netdfs_rpc }, +#endif { NULL, NULL, NULL } }; @@ -1140,7 +1152,7 @@ BOOL api_pipe_request(pipes_struct *p) } } - if(p->ntlmssp_auth_validated) + if (p->ntlmssp_auth_validated) unbecome_authenticated_pipe_user(); return ret; @@ -1151,7 +1163,7 @@ BOOL api_pipe_request(pipes_struct *p) ********************************************************************/ BOOL api_rpcTNP(pipes_struct *p, char *rpc_name, - const struct api_struct *api_rpc_cmds) + struct api_struct *api_rpc_cmds) { int fn_num; fstring name; @@ -1165,7 +1177,7 @@ BOOL api_rpcTNP(pipes_struct *p, char *rpc_name, for (fn_num = 0; api_rpc_cmds[fn_num].name; fn_num++) { if (api_rpc_cmds[fn_num].opnum == p->hdr_req.opnum && api_rpc_cmds[fn_num].fn != NULL) { - DEBUG(3,("api_rpcTNP: rpc command: %s\n", api_rpc_cmds[fn_num].name)); + DEBUG(3,("api_rpcTNP: pipe %u rpc command: %s\n", (unsigned int)p->pnum, api_rpc_cmds[fn_num].name)); break; } } |