summaryrefslogtreecommitdiffstats
path: root/source/rpc_server/srv_pipe.c
diff options
context:
space:
mode:
Diffstat (limited to 'source/rpc_server/srv_pipe.c')
-rw-r--r--source/rpc_server/srv_pipe.c176
1 files changed, 94 insertions, 82 deletions
diff --git a/source/rpc_server/srv_pipe.c b/source/rpc_server/srv_pipe.c
index 1947d5514e5..1ad57a9b016 100644
--- a/source/rpc_server/srv_pipe.c
+++ b/source/rpc_server/srv_pipe.c
@@ -1,5 +1,6 @@
/*
- * Unix SMB/CIFS implementation.
+ * Unix SMB/Netbios implementation.
+ * Version 1.9.
* RPC Pipe client / server routines
* Copyright (C) Andrew Tridgell 1992-1998
* Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
@@ -39,9 +40,6 @@
#include "includes.h"
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_RPC_SRV
-
static void NTLMSSPcalc_p( pipes_struct *p, unsigned char *data, int len)
{
unsigned char *hash = p->ntlmssp_hash;
@@ -263,19 +261,16 @@ BOOL create_next_pdu(pipes_struct *p)
static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlmssp_resp)
{
uchar lm_owf[24];
- uchar nt_owf[128];
- int nt_pw_len;
- int lm_pw_len;
+ uchar nt_owf[24];
fstring user_name;
+ fstring pipe_user_name;
fstring domain;
fstring wks;
-
- NTSTATUS nt_status;
-
- struct auth_context *auth_context = NULL;
- auth_usersupplied_info *user_info = NULL;
- auth_serversupplied_info *server_info = NULL;
-
+ BOOL guest_user = False;
+ SAM_ACCOUNT *sampass = NULL;
+ uchar null_smb_passwd[16];
+ uchar *smb_passwd_ptr = NULL;
+
DEBUG(5,("api_pipe_ntlmssp_verify: checking user details\n"));
memset(p->user_name, '\0', sizeof(p->user_name));
@@ -286,38 +281,37 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlm
/* Set up for non-authenticated user. */
delete_nt_token(&p->pipe_user.nt_user_token);
p->pipe_user.ngroups = 0;
- SAFE_FREE( p->pipe_user.groups);
+ safe_free( p->pipe_user.groups);
/*
* Setup an empty password for a guest user.
*/
+ memset(null_smb_passwd,0,16);
+
/*
* We always negotiate UNICODE.
*/
if (p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_UNICODE) {
- rpcstr_pull(user_name, ntlmssp_resp->user, sizeof(fstring), ntlmssp_resp->hdr_usr.str_str_len*2, 0 );
- rpcstr_pull(domain, ntlmssp_resp->domain, sizeof(fstring), ntlmssp_resp->hdr_domain.str_str_len*2, 0);
- rpcstr_pull(wks, ntlmssp_resp->wks, sizeof(fstring), ntlmssp_resp->hdr_wks.str_str_len*2, 0);
+ fstrcpy(user_name, dos_unistrn2((uint16*)ntlmssp_resp->user, ntlmssp_resp->hdr_usr.str_str_len/2));
+ fstrcpy(domain, dos_unistrn2((uint16*)ntlmssp_resp->domain, ntlmssp_resp->hdr_domain.str_str_len/2));
+ fstrcpy(wks, dos_unistrn2((uint16*)ntlmssp_resp->wks, ntlmssp_resp->hdr_wks.str_str_len/2));
} else {
- pull_ascii_fstring(user_name, ntlmssp_resp->user);
- pull_ascii_fstring(domain, ntlmssp_resp->domain);
- pull_ascii_fstring(wks, ntlmssp_resp->wks);
+ fstrcpy(user_name, ntlmssp_resp->user);
+ fstrcpy(domain, ntlmssp_resp->domain);
+ fstrcpy(wks, ntlmssp_resp->wks);
}
DEBUG(5,("user: %s domain: %s wks: %s\n", user_name, domain, wks));
- nt_pw_len = MIN(sizeof(nt_owf), ntlmssp_resp->hdr_nt_resp.str_str_len);
- lm_pw_len = MIN(sizeof(lm_owf), ntlmssp_resp->hdr_lm_resp.str_str_len);
-
memcpy(lm_owf, ntlmssp_resp->lm_resp, sizeof(lm_owf));
- memcpy(nt_owf, ntlmssp_resp->nt_resp, nt_pw_len);
+ memcpy(nt_owf, ntlmssp_resp->nt_resp, sizeof(nt_owf));
#ifdef DEBUG_PASSWORD
DEBUG(100,("lm, nt owfs, chal\n"));
dump_data(100, (char *)lm_owf, sizeof(lm_owf));
- dump_data(100, (char *)nt_owf, nt_pw_len);
+ dump_data(100, (char *)nt_owf, sizeof(nt_owf));
dump_data(100, (char *)p->challenge, 8);
#endif
@@ -325,7 +319,25 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlm
* Allow guest access. Patch from Shirish Kalele <kalele@veritas.com>.
*/
- if (*user_name) {
+ if((strlen(user_name) == 0) &&
+ (ntlmssp_resp->hdr_nt_resp.str_str_len==0))
+ {
+ guest_user = True;
+
+ fstrcpy(pipe_user_name, lp_guestaccount(-1));
+ DEBUG(100,("Null user in NTLMSSP verification. Using guest = %s\n", pipe_user_name));
+
+ smb_passwd_ptr = null_smb_passwd;
+
+ } else {
+
+ /*
+ * Pass the user through the NT -> unix user mapping
+ * function.
+ */
+
+ fstrcpy(pipe_user_name, user_name);
+ (void)map_username(pipe_user_name);
/*
* Do the length checking only if user is not NULL.
@@ -343,29 +355,45 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlm
return False;
}
-
- make_auth_context_fixed(&auth_context, (uchar*)p->challenge);
- if (!make_user_info_netlogon_network(&user_info,
- user_name, domain, wks,
- lm_owf, lm_pw_len,
- nt_owf, nt_pw_len)) {
- DEBUG(0,("make_user_info_netlogon_network failed! Failing authenticaion.\n"));
- return False;
- }
-
- nt_status = auth_context->check_ntlm_password(auth_context, user_info, &server_info);
-
- (auth_context->free)(&auth_context);
- free_user_info(&user_info);
-
- p->ntlmssp_auth_validated = NT_STATUS_IS_OK(nt_status);
-
- if (!p->ntlmssp_auth_validated) {
- DEBUG(1,("api_pipe_ntlmssp_verify: User [%s]\\[%s] from machine %s \
-failed authentication on named pipe %s.\n", domain, user_name, wks, p->name ));
- free_server_info(&server_info);
- return False;
+ if(!guest_user) {
+
+ become_root();
+
+ if(!(p->ntlmssp_auth_validated = pass_check_smb(pipe_user_name, domain,
+ (uchar*)p->challenge, lm_owf, nt_owf, NULL))) {
+ DEBUG(1,("api_pipe_ntlmssp_verify: User %s\\%s from machine %s \
+failed authentication on named pipe %s.\n", domain, pipe_user_name, wks, p->name ));
+ unbecome_root();
+ return False;
+ }
+
+ pdb_init_sam(&sampass);
+
+ if(!pdb_getsampwnam(sampass, pipe_user_name)) {
+ DEBUG(1,("api_pipe_ntlmssp_verify: Cannot find user %s in smb passwd database.\n",
+ pipe_user_name));
+ pdb_free_sam(sampass);
+ unbecome_root();
+ return False;
+ }
+
+ unbecome_root();
+
+ /* Quit if the account was disabled. */
+ if((pdb_get_acct_ctrl(sampass) & ACB_DISABLED) || !pdb_get_lanman_passwd(sampass)) {
+ DEBUG(1,("Account for user '%s' was disabled.\n", pipe_user_name));
+ pdb_free_sam(sampass);
+ return False;
+ }
+
+ if(!pdb_get_nt_passwd(sampass)) {
+ DEBUG(1,("Account for user '%s' has no NT password hash.\n", pipe_user_name));
+ pdb_free_sam(sampass);
+ return False;
+ }
+
+ smb_passwd_ptr = pdb_get_lanman_passwd(sampass);
}
/*
@@ -374,7 +402,7 @@ failed authentication on named pipe %s.\n", domain, user_name, wks, p->name ));
{
uchar p24[24];
- NTLMSSPOWFencrypt(server_info->first_8_lm_hash, lm_owf, p24);
+ NTLMSSPOWFencrypt(smb_passwd_ptr, lm_owf, p24);
{
unsigned char j = 0;
int ind;
@@ -408,7 +436,7 @@ failed authentication on named pipe %s.\n", domain, user_name, wks, p->name ));
}
fstrcpy(p->user_name, user_name);
- fstrcpy(p->pipe_user_name, pdb_get_username(server_info->sam_account));
+ fstrcpy(p->pipe_user_name, pipe_user_name);
fstrcpy(p->domain, domain);
fstrcpy(p->wks, wks);
@@ -416,38 +444,20 @@ failed authentication on named pipe %s.\n", domain, user_name, wks, p->name ));
* Store the UNIX credential data (uid/gid pair) in the pipe structure.
*/
- if (!IS_SAM_UNIX_USER(server_info->sam_account)) {
- DEBUG(0,("Attempted authenticated pipe with invalid user. No uid/gid in SAM_ACCOUNT\n"));
- free_server_info(&server_info);
- return False;
- }
-
- memcpy(p->session_key, server_info->session_key, sizeof(p->session_key));
+ p->pipe_user.uid = pdb_get_uid(sampass);
+ p->pipe_user.gid = pdb_get_gid(sampass);
- p->pipe_user.uid = pdb_get_uid(server_info->sam_account);
- p->pipe_user.gid = pdb_get_gid(server_info->sam_account);
-
- p->pipe_user.ngroups = server_info->n_groups;
- if (p->pipe_user.ngroups) {
- if (!(p->pipe_user.groups = memdup(server_info->groups, sizeof(gid_t) * p->pipe_user.ngroups))) {
- DEBUG(0,("failed to memdup group list to p->pipe_user.groups\n"));
- free_server_info(&server_info);
- return False;
- }
- }
+ /* Set up pipe user group membership. */
+ initialise_groups(pipe_user_name, p->pipe_user.uid, p->pipe_user.gid);
+ get_current_groups( p->pipe_user.gid, &p->pipe_user.ngroups, &p->pipe_user.groups);
- if (server_info->ptok)
- p->pipe_user.nt_user_token = dup_nt_token(server_info->ptok);
- else {
- DEBUG(1,("Error: Authmodule failed to provide nt_user_token\n"));
- p->pipe_user.nt_user_token = NULL;
- free_server_info(&server_info);
- return False;
- }
+ /* Create an NT_USER_TOKEN struct for this user. */
+ p->pipe_user.nt_user_token = create_nt_token(p->pipe_user.uid,p->pipe_user.gid,
+ p->pipe_user.ngroups, p->pipe_user.groups,
+ guest_user, NULL);
p->ntlmssp_auth_validated = True;
-
- free_server_info(&server_info);
+ pdb_free_sam(sampass);
return True;
}
@@ -471,7 +481,9 @@ static struct api_cmd api_fd_commands[] =
{ "NETLOGON", "lsass", api_netlog_rpc },
{ "winreg", "winreg", api_reg_rpc },
{ "spoolss", "spoolss", api_spoolss_rpc },
+#ifdef WITH_MSDFS
{ "netdfs", "netdfs" , api_netdfs_rpc },
+#endif
{ NULL, NULL, NULL }
};
@@ -1140,7 +1152,7 @@ BOOL api_pipe_request(pipes_struct *p)
}
}
- if(p->ntlmssp_auth_validated)
+ if (p->ntlmssp_auth_validated)
unbecome_authenticated_pipe_user();
return ret;
@@ -1151,7 +1163,7 @@ BOOL api_pipe_request(pipes_struct *p)
********************************************************************/
BOOL api_rpcTNP(pipes_struct *p, char *rpc_name,
- const struct api_struct *api_rpc_cmds)
+ struct api_struct *api_rpc_cmds)
{
int fn_num;
fstring name;
@@ -1165,7 +1177,7 @@ BOOL api_rpcTNP(pipes_struct *p, char *rpc_name,
for (fn_num = 0; api_rpc_cmds[fn_num].name; fn_num++) {
if (api_rpc_cmds[fn_num].opnum == p->hdr_req.opnum && api_rpc_cmds[fn_num].fn != NULL) {
- DEBUG(3,("api_rpcTNP: rpc command: %s\n", api_rpc_cmds[fn_num].name));
+ DEBUG(3,("api_rpcTNP: pipe %u rpc command: %s\n", (unsigned int)p->pnum, api_rpc_cmds[fn_num].name));
break;
}
}
generated by cgit (git 2.34.1) at 2024-06-20 06:34:12 +0000