diff options
author | Luke Leighton <lkcl@samba.org> | 2000-02-08 05:02:33 +0000 |
---|---|---|
committer | Luke Leighton <lkcl@samba.org> | 2000-02-08 05:02:33 +0000 |
commit | 92b6f228895b596a14324d4e18f471db0c986e04 (patch) | |
tree | 9e95425ad4e715ec7ab8cff02b7ad4f151326400 /source/smbd | |
parent | d55461608c289066daabe94b266f3d50043d06aa (diff) | |
download | samba-92b6f228895b596a14324d4e18f471db0c986e04.tar.gz |
this weird-looking code uses the user_struct* that was obtained from
an SMBsesssetupX to provide a response to api_WkstaUserLogon and
api_NetUserGetInfo.
IF my suspicions are correct, an api_NetUserGetInfo or api_WkstaUserLogon
against an anonymous IPC$ connection will produce a failure, resulting
in the Win9x client DROPPING the anonymous connection and re-establishing
an authenticated SMBsesssetupX.
this will cause the smbd server to get a NET_USER_INFO_3 structure from
either the PDC or from itself (MSRPC remote or MSRPC loop-back, doesn't
matter which, it's all the same to domain_client_validate()), thence the
api_Net... or api_Wksta... call to follow will be provided with the correct
user logon info.
it also means that we can start filling in some of the "stub" fields,
such as last_logon_time, with _real_ info. well, real, if netlogond
bothered to fill it in, but you get the idea :)
Diffstat (limited to 'source/smbd')
-rw-r--r-- | source/smbd/lanman.c | 96 |
1 files changed, 61 insertions, 35 deletions
diff --git a/source/smbd/lanman.c b/source/smbd/lanman.c index 69cf7b4a696..fdfdd44bc67 100644 --- a/source/smbd/lanman.c +++ b/source/smbd/lanman.c @@ -2284,14 +2284,19 @@ static BOOL api_RNetUserGetInfo(connection_struct *conn,uint16 vuid, char *param char *p = skip_string(UserName,1); int uLevel = SVAL(p,0); char *p2; + + fstring nt_name; + fstring logon_path; + fstring full_name; + fstring home_dir; + fstring logon_srv; + vuser_key key = { conn->smbd_pid, vuid }; /* get NIS home of a previously validated user - simeon */ /* With share level security vuid will always be zero. Don't depend on vuser being non-null !!. JRA */ - user_struct *vuser = get_valid_user_struct(&key); - if (vuser != NULL) - DEBUG(3,(" Username of UID %d is %s\n", (int)vuser->uid, vuser->name)); + user_struct *vuser = NULL; *rparam_len = 6; *rparam = REALLOC(*rparam,*rparam_len); @@ -2316,10 +2321,26 @@ static BOOL api_RNetUserGetInfo(connection_struct *conn,uint16 vuid, char *param if (strcmp(p2,str2) != 0) { - vuid_free_user_struct(vuser); return False; } + vuser = get_valid_user_struct(&key); + if (vuser != NULL) + { + DEBUG(3,(" Username of UID %d is %s\n", (int)vuser->uid, vuser->name)); + } + else + { + return False; + } + + unistr2_to_ascii(full_name, &vuser->usr.uni_full_name, sizeof(full_name)-1); + unistr2_to_ascii(home_dir, &vuser->usr.uni_home_dir, sizeof(home_dir)-1); + unistr2_to_ascii(nt_name, &vuser->usr.uni_user_name, sizeof(nt_name)-1); + unistr2_to_ascii(logon_path, &vuser->usr.uni_logon_script, sizeof(logon_path)-1); + fstrcpy(logon_srv, "\\\\"); + unistr2_to_ascii(&logon_srv[2], &vuser->usr.uni_logon_srv, sizeof(logon_srv)-3); + *rdata_len = mdrcnt + 1024; *rdata = REALLOC(*rdata,*rdata_len); @@ -2330,7 +2351,7 @@ static BOOL api_RNetUserGetInfo(connection_struct *conn,uint16 vuid, char *param p2 = p + usri11_end; memset(p,0,21); - fstrcpy(p+usri11_name,UserName); /* 21 bytes - user name */ + fstrcpy(p+usri11_name,nt_name); /* 21 bytes - user name */ if (uLevel > 0) { @@ -2340,16 +2361,16 @@ static BOOL api_RNetUserGetInfo(connection_struct *conn,uint16 vuid, char *param if (uLevel >= 10) { SIVAL(p,usri11_comment,PTR_DIFF(p2,p)); /* comment */ - pstrcpy(p2,"Comment"); + pstrcpy(p2, ""); p2 = skip_string(p2,1); SIVAL(p,usri11_usr_comment,PTR_DIFF(p2,p)); /* user_comment */ - pstrcpy(p2,"UserComment"); + pstrcpy(p2, ""); p2 = skip_string(p2,1); /* EEK! the cifsrap.txt doesn't have this in!!!! */ SIVAL(p,usri11_full_name,PTR_DIFF(p2,p)); /* full name */ - pstrcpy(p2,((vuser != NULL) ? vuser->real_name : UserName)); + pstrcpy(p2, full_name); p2 = skip_string(p2,1); } @@ -2359,22 +2380,22 @@ static BOOL api_RNetUserGetInfo(connection_struct *conn,uint16 vuid, char *param SIVAL(p,usri11_auth_flags,AF_OP_PRINT); /* auth flags */ SIVALS(p,usri11_password_age,-1); /* password age */ SIVAL(p,usri11_homedir,PTR_DIFF(p2,p)); /* home dir */ - pstrcpy(p2, lp_logon_path(vuser)); + pstrcpy(p2, home_dir); p2 = skip_string(p2,1); SIVAL(p,usri11_parms,PTR_DIFF(p2,p)); /* parms */ pstrcpy(p2,""); p2 = skip_string(p2,1); SIVAL(p,usri11_last_logon,0); /* last logon */ SIVAL(p,usri11_last_logoff,0); /* last logoff */ - SSVALS(p,usri11_bad_pw_count,-1); /* bad pw counts */ - SSVALS(p,usri11_num_logons,-1); /* num logons */ + SSVALS(p,usri11_bad_pw_count,vuser->usr.bad_pw_count); /* bad pw counts */ + SSVALS(p,usri11_num_logons,vuser->usr.logon_count); /* num logons */ SIVAL(p,usri11_logon_server,PTR_DIFF(p2,p)); /* logon server */ - pstrcpy(p2,"\\\\*"); + pstrcpy(p2,logon_srv); p2 = skip_string(p2,1); SSVAL(p,usri11_country_code,0); /* country code */ SIVAL(p,usri11_workstations,PTR_DIFF(p2,p)); /* workstations */ - pstrcpy(p2,""); + pstrcpy(p2, ""); p2 = skip_string(p2,1); SIVALS(p,usri11_max_storage,-1); /* max storage */ @@ -2395,7 +2416,7 @@ static BOOL api_RNetUserGetInfo(connection_struct *conn,uint16 vuid, char *param SSVAL(p,42, conn->admin_user?USER_PRIV_ADMIN:USER_PRIV_USER); SIVAL(p,44,PTR_DIFF(p2,*rdata)); /* home dir */ - pstrcpy(p2,lp_logon_path(vuser)); + pstrcpy(p2,logon_path); p2 = skip_string(p2,1); SIVAL(p,48,PTR_DIFF(p2,*rdata)); /* comment */ *p2++ = 0; @@ -2405,7 +2426,7 @@ static BOOL api_RNetUserGetInfo(connection_struct *conn,uint16 vuid, char *param { SIVAL(p,60,0); /* auth_flags */ SIVAL(p,64,PTR_DIFF(p2,*rdata)); /* full_name */ - pstrcpy(p2,((vuser != NULL) ? vuser->real_name : UserName)); + pstrcpy(p2, nt_name); p2 = skip_string(p2,1); SIVAL(p,68,0); /* urs_comment */ SIVAL(p,72,PTR_DIFF(p2,*rdata)); /* parms */ @@ -2420,11 +2441,10 @@ static BOOL api_RNetUserGetInfo(connection_struct *conn,uint16 vuid, char *param SIVAL(p,98,PTR_DIFF(p2,*rdata)); /* logon_hours */ memset(p2,-1,21); p2 += 21; - SSVALS(p,102,-1); /* bad_pw_count */ - SSVALS(p,104,-1); /* num_logons */ + SSVALS(p,102,vuser->usr.bad_pw_count); /* bad_pw_count */ + SSVALS(p,104,vuser->usr.logon_count); /* num_logons */ SIVAL(p,106,PTR_DIFF(p2,*rdata)); /* logon_server */ - pstrcpy(p2,"\\\\%L"); - standard_sub_basic(p2); + pstrcpy(p2,logon_srv); p2 = skip_string(p2,1); SSVAL(p,110,49); /* country_code */ SSVAL(p,112,860); /* code page */ @@ -2501,8 +2521,13 @@ static BOOL api_WWkstaUserLogon(connection_struct *conn,uint16 vuid, char *param int uLevel; struct pack_desc desc; char* name; - char* logon_script; vuser_key key = { conn->smbd_pid, vuid }; + user_struct *vuser = get_valid_user_struct(&key); + + if (vuser == NULL) + { + return False; + } uLevel = SVAL(p,0); name = p + 2; @@ -2522,9 +2547,19 @@ static BOOL api_WWkstaUserLogon(connection_struct *conn,uint16 vuid, char *param if (init_package(&desc,1,0)) { - user_struct *vuser = get_valid_user_struct(&key); + fstring nt_name; + fstring logon_script; + fstring logon_srv; + fstring logon_dom; + + unistr2_to_ascii(nt_name, &vuser->usr.uni_user_name, sizeof(nt_name)-1); + unistr2_to_ascii(logon_script, &vuser->usr.uni_logon_script, sizeof(logon_script)-1); + unistr2_to_ascii(logon_dom, &vuser->usr.uni_logon_dom, sizeof(logon_dom)-1); + fstrcpy(logon_srv, "\\\\"); + unistr2_to_ascii(&logon_srv[2], &vuser->usr.uni_logon_srv, sizeof(logon_srv)-3); + PACKI(&desc,"W",0); /* code */ - PACKS(&desc,"B21",name); /* eff. name */ + PACKS(&desc,"B21",nt_name); /* eff. name */ PACKS(&desc,"B",""); /* pad */ PACKI(&desc,"W", conn->admin_user?USER_PRIV_ADMIN:USER_PRIV_USER); @@ -2539,21 +2574,10 @@ static BOOL api_WWkstaUserLogon(connection_struct *conn,uint16 vuid, char *param PACKI(&desc,"D",0); /* password can change */ PACKI(&desc,"D",-1); /* password must change */ { - fstring mypath; - fstrcpy(mypath,"\\\\"); - fstrcat(mypath,local_machine); - strupper(mypath); - PACKS(&desc,"z",mypath); /* computer */ + PACKS(&desc,"z",logon_srv); /* computer */ } - PACKS(&desc,"z",global_myworkgroup);/* domain */ - -/* JHT - By calling lp_logon_script() and standard_sub() we have */ -/* made sure all macros are fully substituted and available */ - logon_script = lp_logon_script(vuser); - standard_sub( conn, vuser, logon_script ); - vuid_free_user_struct(vuser); + PACKS(&desc,"z",logon_dom);/* domain */ PACKS(&desc,"z", logon_script); /* script path */ -/* End of JHT mods */ PACKI(&desc,"D",0x00000000); /* reserved */ } @@ -2566,6 +2590,8 @@ static BOOL api_WWkstaUserLogon(connection_struct *conn,uint16 vuid, char *param SSVAL(*rparam,4,desc.neededlen); DEBUG(4,("WWkstaUserLogon: errorcode %d\n",desc.errcode)); + vuid_free_user_struct(vuser); + return(True); } |