| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
from being used, i have a) no idea if it's valid b) no idea how to decode
it!
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
references to use samedit instead.
- removed global_machine_password_needs_changing and all code that uses
this: replaced with lsa_query_secret ( pol, NULL, &last_updated_time).
probably better off having this code in lsarpcd, not smbd. hmm...
- fixing up _samr_lookup_names to the new sam tdb format, lots more work
needed here.
|
| |
|
|
| |
functions.
|
| |
|
|
|
| |
the compiler he was using (thank you!). michael, i didn't include the
packaging/ because i haven't got that subdir checked out.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
an SMBsesssetupX to provide a response to api_WkstaUserLogon and
api_NetUserGetInfo.
IF my suspicions are correct, an api_NetUserGetInfo or api_WkstaUserLogon
against an anonymous IPC$ connection will produce a failure, resulting
in the Win9x client DROPPING the anonymous connection and re-establishing
an authenticated SMBsesssetupX.
this will cause the smbd server to get a NET_USER_INFO_3 structure from
either the PDC or from itself (MSRPC remote or MSRPC loop-back, doesn't
matter which, it's all the same to domain_client_validate()), thence the
api_Net... or api_Wksta... call to follow will be provided with the correct
user logon info.
it also means that we can start filling in some of the "stub" fields,
such as last_logon_time, with _real_ info. well, real, if netlogond
bothered to fill it in, but you get the idea :)
|
| |
|
|
|
|
|
|
| |
vuser_key*. this stops stupid-amounts of linking to all sorts of
crap in programs like make_codepage and testprns, which know _nothing_
of users. the original link was just a temporary hack to get binaries.
2) make vuid_free_user_struct() free the vuser malloc'd structure, too.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
the msrpc code. it's not really threads, it's just a thread context,
so that if different thread-contexts are requested, then the msrpc daemon
will at least be able to switch user-security-context.
eventually, i will have to go so far as to be able to reconstruct PDUs
depending on the user context, but that will require one socket per
thread-context, and some means to set that up *inside* the Bind/Bind-Request
processing code [argh!], because that's what triggers a "new" user-context,
really.
i hope.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
chain linking _and_ an odd bug where password_ok() was ZERO_STRUCTING
the NET_USER_INFO_3 structure and it was being stored in the vuser.tdb
table, blanking out the NT user info!
i added code to authorise_login() to get and then store the vuser info
after seeing it set vuser->guest = True.
i'm not sure i like that code...
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
it's far-reaching, and necessary.
this adds a vuser_struct tdb database, with a key [smbd's pid, vuid].
smbd uses it in every instance of standard_sub() and standard_sub_vuser().
that's almost every single SMB call for any IPC$ access.
the next stage is to remove sesssetup_user, probably sessetup_user_list too,
and review all occurences of standard_sub_basic used by smbd because if
they use standard_sub_basic() they might be expecting to read sesssetup_user,
and if they do _that_, they should be using standard_sub_vuser() instead.
all i wanted was a means to get vuids across to msrpc daemons.
|
| |
|
|
|
|
|
| |
using "update encrypted" because the method used (update_smbpasswordfile)
is, as you can see, specific to the smbpasswd file!
i need to create a "create SAM user" function for this to be done properly.
|
| |
|
|
|
| |
instances i have added UID_FIELD_INVALID so that standard_sub_vuser
defaults to the same functionality and standard_sub_basic().
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
done what i wanted to: this is only preparation!!!!
i started off in smbd/lanman.c, and noticed that api_NetUserGetInfo
takes all its info from user_struct *vuser. i thought, that's odd,
that doesn't look right.
then i realised that the info there is exactly what is contained in
the NET_USER_INFO_3 structure: the return result from an NT Domain
User Logon.
various lights went on, and i realised that when an SMBsesssetupX
is carried out, internally, NT must do an NT Domain User Logon
with the SMB user's challenge/response password, and then store the
return result associated with the SMB session.
in this way, when an api_NetUserGetInfo call comes in, the CORRECT
info can be returned, not some faked-up information.
anyway, this commit is all the consequences of putting NET_USER_INFO_3
into user_struct, which feeds up through _several_ layers of function
calls. i sort-of understood that i needed to do this, but not quite.
the upshot of this is that user_struct now contains the REAL nt
domain username (in NET_USER_INFO_3) so the confusion between nt
user names and unix usernames now can be removed from samba code.
if you want a unix user name, you use vuser->unix_name.
if you want an NT user name, you use (UNISTR2*)vuser->usr.uni_user_name.
p.s it's in UNICODE :)
p.p.s if you want the RID of the user, it's vuser->usr.user_rid.
p.p.p.s there's over 25 NT-specific other bits of info in NET_USER_INFO_3
too!
|
| | |
|
| |
|
|
|
|
|
|
|
| |
- Used it in rpcclient's "lookupnames"
- Added lookup_sam_domainname(), which looks up the SID for
a domain in SAM.
- Used it to add "[-d <domain>]" to samlookupnames
Elrond
|
| | |
|
| |
|
|
|
|
|
|
|
| |
getting overwritten, password buffers getting decoded, all of which
is not acceptable: rule of least surprises, you don't just change
the case of a username inside chgpasswd(), or do a Get_Pwnam(xxx, True)
inside chat_with_program() which modifies the user name!
you can tell i'm on samr_chgpasswd_user() in the samr api conversion, neh?
|
| | |
|
| |
|
|
|
|
| |
create and maintain loads of msrpc daemons! i've seen 10 msrpc
daemons created and held by _one_ NT login, which is definitely too
much.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
method in the NETLOGON credential database.
dammit, this is so wide-reaching, it had to percolate _right_ up through
msrpc_use_add() and into the pipes setup, through the msrpc loop-back
setup.
grr!
the idea is that an individual process (smbd, for example) can do NETLOGON
logins independently of another smbd process, without there being any
conflicts in the NETLOGON credential database. the creds database key
is now <(uint32)pid_t><workstation_name>\0<domain_name>\0.
previously, it was just wksta/domain, and of course if two smbd processes
did simultaneous NETLOGON logins, one of them overwrote the other's
credentials because the database key was the same! oops!
*obscure*.
BTW I STILL HAVEN'T COMMITTED THIS TO CVS MAIN, SO CVS MAIN / SAMBA_TNG
WON'T WORK UNTIL I DO AN UPDATE!
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1) got fed up of calling init_policy_hnd(MAX_HANDLES), so tried to put
policy handles behind bars. i failed, so went for an interim fix:
all policy handle functions now take the return result from
get_global_policy_hnd() as the first argument.
2) this is horrible. i can't believe microsoft would do this. they
cache the NETLOGON credentials. you can tear down the SMB connection
and reopen it and still validate a user.
this is horrible for two reasons. a) it opens up the possibility of DOS
attacks against the NETLOGON service b) old versions of samba (2.0.x)
now have a problem, as they store the credential chain, which will
disappear if the SMB connection is torn down.
|
| |
|
|
|
|
|
|
| |
changing. also, debugging from yesterday's attempts to get rid of
this:
char *data = prs_data(&ps);
prs_uint16(ps, ...); /* causes a realloc */
*data = something; /* accessing realloc'd memory */
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Makefile.in:
I got smbd >100k smaller, by just linking the
needed rpc-code.
netlogond.c:
I also found the off-by-one, which Andrew found, so
I removed that from my diff.
smbd/service.c:
I found the malloc(0) and got the code smaller
lib/util_pwdb.c and rpc_server/srv_lookup.c:
Functions in there did fill some sid_name_use
without even being sure, that they will realy
provide such a type of reply.
rpc_server/srv_lookup.c:
I made a whole lot of functions static and had to
move some functions around for that
rpc_server/srv_samr.c:
sid_equal() shouldn't be called with a sid, that
was returned by a failing function. (clean-up)
SamrLookupRids didn't return any errors. (Also I
don't know, whether this is the correct behaviour,
I just looked at SamrLookupNames)
rpcclient/cmd_lsarpc.c:
Made lookupnames/sids show the sid_name_use (type).
Elrond
|
| |
|
|
|
|
|
| |
- credential database was being opened O_CREATE | O_TRUNC, so each
time netlogond was run, it was trashed. oops.
- more schannel debugging.
|
| |
|
|
|
|
| |
1) sorting out NETLOGON schannel (debug fest)
2) patches from Long.
|
| |
|
|
| |
not status. *dur*.
|
| |
|
|
|
|
|
| |
issue. NT expects the STATUS_BUFFER_OVERFLOW info-warning to be
set, which i wasn't aware of, i just copied what NT did (for previous
versions), without realising that the damn NT msrpc-smb code actually
_relied_ on this status-warning!
|
| |
|
|
|
|
|
|
|
|
|
| |
msrpc unix socket as intended! have to move them about a bit.
also had to set up local_machine and remote_machine properly.
the whole standard_sub_basic() issue is... well, a bit of a mess,
when it comes to doing the right thing, predictably.
and that's _before_ the SAMBA_TNG daemon split.
|
| | |
|
| |
|
|
| |
turns out that global_member_sid wasn't being initialised properly.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
into appropriate modules. hmmm....
|
| |
|
|
| |
that branch.
|
| |
|
|
| |
$(LOCKDIR)/.msrpc.
|
| |
|
|
| |
from smbd, because... WE DON'T NEED IT! yippee!
|
| |
|
|
|
|
|
|
|
|
|
|
| |
calculation of a PDU, removing dce/rpc fragment reassembly from smbd actually
worked!
all that's happening is an SMBread does a read on the socket; SMBwrite
does a write on the socket; SMBtrans does a write _and_ a read.
the rest is handled by the msrpc daemon, on the other side of the socket.
which of course, has this stupid off-by-one bug: i _just_ happened to
get a list of shares with exactly the right length to cause the problem.
|
| |
|
|
|
|
|
|
|
|
|
| |
found two bugs:
1) msrpc sending (on unix socket) was waiting on a read select *dur*
so added some write select code instead.
2) the second msrpc request to the same pipe fails. this is probably
due to some stupid file offset stuff in smbd/ipc.c, i am going to
track this down, now.
|
| |
|
|
|
| |
to remove all msrpc-specific stuff from smbd, just to see what
happens.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
the _only_ function smbd calls is pass_check(), and for some
_weird_ reason, that is in the passdb/ directory.
nasty debugging of an rpcclient incident. the "usr_creds"
need to be told what they are dealing with (ptr_ntc = 1, for
NT creds to be used). i forgot. wasted an hour.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
noticed that there is an "update encrypted" option, and assumed that this
was a "migrate passwords" option.
on this basis, i didn't want "encrypt passwords = no", "security = user/share"
"update encrypted = no" to be dependent on dce/rpc NETLOGON services,
but i ALSO didn't want "update encrypted = yes" to have to write to
the smbp passwd interface, i'm trying very hard to get rid of that.
so, under the circumstances where "update enc = yes", but "enc pwd = no",
i decided to add a "General" Logon type info level (4) to NetrSamLogon,
client and server side. this passes a CLEARTEXT password across the
\PIPE\NETLOGON on loop-back (which still requires a trust account
pasword, which i MAY change to use to encrypt the cleartext password
anyway). i have no idea what a _real_ general Logon type actually
looks like, and i couldn't care less at this stage because it's used
on loop-back.
whe "update enc = yes" and "enc pwd = no", nt clients are told to send
cleartext passwords. these are sent over a General Logon on loop-back;
the netlogon daemon receives them, does a *unix* password check, and
*also* does an update encrypted password.
this is a reasonable compromise. if you're not intending to migrate
to smb passwords, you don't need to run "update encrypted". all it
means is that you would have to run the netlogon daemon a little
bit earlier. normally, you would have to start the netlogon daemon
when switching to "enc pwd = yes", but instead you have tostart it on
"update end = yes".
big deal :)
the only thing that bothers me is that i thought "update encrypted" was
actually "migrate passwords", so unless the smbpasswd entry is already
in there, the general login fails because there is still a requirement
to have an smbpasswd entry in netlogon daemon. doesn't matter at the
moment.
next stage, password changing. replace all password changes in
smbd/lanman.c and anywhere else i can find them with samr_change_user_passwd
instead.
|
| |
|
|
| |
as it turns out, from uselessly linking with other dce/rpc daemons, too.
|
