1996-05-04 11:50:46 +04:00
/*
* Unix SMB / Netbios implementation . Version 1.9 . SMB parameters and setup
1998-01-22 16:27:43 +03:00
* Copyright ( C ) Andrew Tridgell 1992 - 1998 Modified by Jeremy Allison 1995.
1996-05-04 11:50:46 +04:00
*
* This program is free software ; you can redistribute it and / or modify it under
* the terms of the GNU General Public License as published by the Free
* Software Foundation ; either version 2 of the License , or ( at your option )
* any later version .
*
* This program is distributed in the hope that it will be useful , but WITHOUT
* ANY WARRANTY ; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE . See the GNU General Public License for
* more details .
*
* You should have received a copy of the GNU General Public License along with
* this program ; if not , write to the Free Software Foundation , Inc . , 675
* Mass Ave , Cambridge , MA 0213 9 , USA .
*/
# include "includes.h"
1998-03-12 00:11:04 +03:00
extern int DEBUGLEVEL ;
1998-05-11 22:03:01 +04:00
extern pstring samlogon_user ;
extern BOOL sam_logon_in_ssb ;
1996-05-04 11:50:46 +04:00
1998-03-12 00:11:04 +03:00
static int gotalarm ;
static char s_readbuf [ 16 * 1024 ] ;
1996-05-04 11:50:46 +04:00
1998-03-12 00:11:04 +03:00
/***************************************************************
Signal function to tell us we timed out .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1998-04-13 23:24:06 +04:00
static void gotalarm_sig ( void )
1996-05-04 11:50:46 +04:00
{
1998-03-12 00:11:04 +03:00
gotalarm = 1 ;
1996-05-04 11:50:46 +04:00
}
1998-03-12 00:11:04 +03:00
/***************************************************************
Lock or unlock a fd for a known lock type . Abandon after waitsecs
seconds .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1998-04-23 22:54:57 +04:00
static BOOL do_pw_lock ( int fd , int waitsecs , int type )
1996-05-04 11:50:46 +04:00
{
1998-03-12 00:11:04 +03:00
struct flock lock ;
int ret ;
gotalarm = 0 ;
signal ( SIGALRM , SIGNAL_CAST gotalarm_sig ) ;
lock . l_type = type ;
lock . l_whence = SEEK_SET ;
lock . l_start = 0 ;
lock . l_len = 1 ;
lock . l_pid = 0 ;
alarm ( 5 ) ;
ret = fcntl ( fd , F_SETLKW , & lock ) ;
alarm ( 0 ) ;
signal ( SIGALRM , SIGNAL_CAST SIG_DFL ) ;
if ( gotalarm ) {
DEBUG ( 0 , ( " do_pw_lock: failed to %s SMB passwd file. \n " ,
type = = F_UNLCK ? " unlock " : " lock " ) ) ;
1998-04-23 22:54:57 +04:00
return False ;
1998-03-12 00:11:04 +03:00
}
1998-04-23 22:54:57 +04:00
1998-04-29 15:00:12 +04:00
return ( ret = = 0 ) ;
1996-05-04 11:50:46 +04:00
}
1998-04-18 06:00:39 +04:00
static int pw_file_lock_depth ;
1998-03-12 00:11:04 +03:00
/***************************************************************
Lock an fd . Abandon after waitsecs seconds .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1998-04-23 22:54:57 +04:00
static BOOL pw_file_lock ( int fd , int type , int secs , int * plock_depth )
1996-05-04 11:50:46 +04:00
{
1998-03-12 00:11:04 +03:00
if ( fd < 0 )
1998-04-23 22:54:57 +04:00
return False ;
( * plock_depth ) + + ;
1998-04-18 06:00:39 +04:00
if ( pw_file_lock_depth = = 0 ) {
1998-04-30 02:27:26 +04:00
if ( ! do_pw_lock ( fd , secs , type ) ) {
1998-04-23 22:54:57 +04:00
DEBUG ( 10 , ( " pw_file_lock: locking file failed, error = %s. \n " ,
strerror ( errno ) ) ) ;
return False ;
1998-04-18 06:00:39 +04:00
}
1998-03-12 00:11:04 +03:00
}
1998-04-18 06:00:39 +04:00
1998-04-23 22:54:57 +04:00
return True ;
1996-05-04 11:50:46 +04:00
}
1998-03-12 00:11:04 +03:00
/***************************************************************
Unlock an fd . Abandon after waitsecs seconds .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1998-04-23 22:54:57 +04:00
static BOOL pw_file_unlock ( int fd , int * plock_depth )
1996-05-04 11:50:46 +04:00
{
1998-04-23 22:54:57 +04:00
BOOL ret ;
1998-04-18 06:00:39 +04:00
1998-04-23 22:54:57 +04:00
if ( * plock_depth = = 1 )
ret = do_pw_lock ( fd , 5 , F_UNLCK ) ;
1998-04-18 06:00:39 +04:00
1998-04-23 22:54:57 +04:00
( * plock_depth ) - - ;
1998-04-18 06:00:39 +04:00
1998-04-29 15:00:12 +04:00
if ( ! ret )
1998-04-23 22:54:57 +04:00
DEBUG ( 10 , ( " pw_file_unlock: unlocking file failed, error = %s. \n " ,
strerror ( errno ) ) ) ;
return ret ;
1996-05-04 11:50:46 +04:00
}
1998-03-12 00:11:04 +03:00
/***************************************************************
1998-04-14 04:41:59 +04:00
Start to enumerate the smbpasswd list . Returns a void pointer
to ensure no modification outside this module .
1998-05-07 22:19:05 +04:00
do not call this function directly . use passdb . c instead .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1998-04-14 04:41:59 +04:00
void * startsmbpwent ( BOOL update )
1998-03-12 00:11:04 +03:00
{
FILE * fp = NULL ;
char * pfile = lp_smb_passwd_file ( ) ;
if ( ! * pfile ) {
DEBUG ( 0 , ( " startsmbpwent: No SMB password file set \n " ) ) ;
return ( NULL ) ;
}
DEBUG ( 10 , ( " startsmbpwent: opening file %s \n " , pfile ) ) ;
fp = fopen ( pfile , update ? " r+b " : " rb " ) ;
if ( fp = = NULL ) {
DEBUG ( 0 , ( " startsmbpwent: unable to open file %s \n " , pfile ) ) ;
return NULL ;
}
/* Set a 16k buffer to do more efficient reads */
setvbuf ( fp , s_readbuf , _IOFBF , sizeof ( s_readbuf ) ) ;
1998-04-30 02:27:26 +04:00
if ( ! pw_file_lock ( fileno ( fp ) , ( update ? F_WRLCK : F_RDLCK ) , 5 , & pw_file_lock_depth ) )
1998-04-29 15:00:12 +04:00
{
1998-03-12 00:11:04 +03:00
DEBUG ( 0 , ( " startsmbpwent: unable to lock file %s \n " , pfile ) ) ;
fclose ( fp ) ;
return NULL ;
}
/* Make sure it is only rw by the owner */
chmod ( pfile , 0600 ) ;
/* We have a lock on the file. */
1998-04-14 04:41:59 +04:00
return ( void * ) fp ;
1998-03-12 00:11:04 +03:00
}
/***************************************************************
1998-04-14 04:41:59 +04:00
End enumeration of the smbpasswd list .
1998-03-12 00:11:04 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1998-04-14 04:41:59 +04:00
void endsmbpwent ( void * vp )
1998-03-12 00:11:04 +03:00
{
1998-04-14 04:41:59 +04:00
FILE * fp = ( FILE * ) vp ;
1998-04-23 22:54:57 +04:00
pw_file_unlock ( fileno ( fp ) , & pw_file_lock_depth ) ;
1998-03-12 00:11:04 +03:00
fclose ( fp ) ;
DEBUG ( 7 , ( " endsmbpwent: closed password file. \n " ) ) ;
}
1998-05-11 22:03:01 +04:00
/*************************************************************************
Routine to return the next entry in the smbpasswd list .
this function is a nice , messy combination of reading :
- the smbpasswd file
- the unix password database
- smb . conf options ( not done at present ) .
do not call this function directly . use passdb . c instead .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
struct sam_passwd * getsmb21pwent ( void * vp )
{
struct smb_passwd * pw_buf = getsmbpwent ( vp ) ;
static struct sam_passwd user ;
struct passwd * pwfile ;
static pstring full_name ;
static pstring home_dir ;
static pstring home_drive ;
static pstring logon_script ;
static pstring profile_path ;
static pstring acct_desc ;
static pstring workstations ;
if ( pw_buf = = NULL ) return NULL ;
pwfile = getpwnam ( pw_buf - > smb_name ) ;
if ( pwfile = = NULL ) return NULL ;
bzero ( & user , sizeof ( user ) ) ;
pstrcpy ( samlogon_user , pw_buf - > smb_name ) ;
if ( samlogon_user [ strlen ( samlogon_user ) - 1 ] ! = ' $ ' )
{
/* XXXX hack to get standard_sub_basic() to use sam logon username */
/* possibly a better way would be to do a become_user() call */
sam_logon_in_ssb = True ;
user . smb_userid = pw_buf - > smb_userid ;
user . smb_grpid = pwfile - > pw_gid ;
user . user_rid = uid_to_user_rid ( user . smb_userid ) ;
user . group_rid = gid_to_group_rid ( user . smb_grpid ) ;
pstrcpy ( full_name , pwfile - > pw_gecos ) ;
pstrcpy ( logon_script , lp_logon_script ( ) ) ;
pstrcpy ( profile_path , lp_logon_path ( ) ) ;
pstrcpy ( home_drive , lp_logon_drive ( ) ) ;
pstrcpy ( home_dir , lp_logon_home ( ) ) ;
pstrcpy ( acct_desc , " " ) ;
pstrcpy ( workstations , lp_domain_workstations ( ) ) ;
sam_logon_in_ssb = False ;
}
else
{
user . smb_userid = pw_buf - > smb_userid ;
user . smb_grpid = pwfile - > pw_gid ;
user . user_rid = uid_to_user_rid ( user . smb_userid ) ;
user . group_rid = DOMAIN_GROUP_RID_USERS ; /* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */
pstrcpy ( full_name , " " ) ;
pstrcpy ( logon_script , " " ) ;
pstrcpy ( profile_path , " " ) ;
pstrcpy ( home_drive , " " ) ;
pstrcpy ( home_dir , " " ) ;
pstrcpy ( acct_desc , " " ) ;
pstrcpy ( workstations , " " ) ;
}
user . logon_time = ( time_t ) - 1 ;
user . logoff_time = ( time_t ) - 1 ;
user . kickoff_time = ( time_t ) - 1 ;
user . pass_last_set_time = pw_buf - > pass_last_set_time ;
user . pass_can_change_time = ( time_t ) - 1 ;
user . pass_must_change_time = ( time_t ) - 1 ;
user . smb_name = pw_buf - > smb_name ;
user . full_name = full_name ;
user . home_dir = home_dir ;
user . dir_drive = home_drive ;
user . logon_script = logon_script ;
user . profile_path = profile_path ;
user . acct_desc = acct_desc ;
user . workstations = workstations ;
user . unknown_str = NULL ; /* don't know, yet! */
user . munged_dial = NULL ; /* "munged" dial-back telephone number */
user . smb_nt_passwd = pw_buf - > smb_nt_passwd ;
user . smb_passwd = pw_buf - > smb_passwd ;
user . acct_ctrl = pw_buf - > acct_ctrl ;
user . unknown_3 = 0xffffff ; /* don't know */
user . logon_divs = 168 ; /* hours per week */
user . hours_len = 21 ; /* 21 times 8 bits = 168 */
memset ( user . hours , 0xff , user . hours_len ) ; /* available at all hours */
user . unknown_5 = 0x00020000 ; /* don't know */
user . unknown_5 = 0x000004ec ; /* don't know */
return & user ;
}
following a cvs error, i am rewriting this monster-commit. with bad grace.
Modified Files:
---------------
Makefile:
adding extra files
ipc.c :
send_trans_reply() - alignment issue. this makes the alignment
the same as that in NT. this should be looked at by people who
understand the SMB stuff better than i.
api_fd_commands[] - added samr and wkssvc pipes.
loadparm.c :
lp_domain_controller() changed to mean "samba is a domain controller".
it's a "yes/no" parameter, now. no, it isn't used _anywhere_.
namedbwork.c nameelect.c :
if "domain controller = yes" then add SV_TYPE_DOMAIN_CTRL to the
host _and_ workgroup announcements. yes, you must do both: nt does.
namelogon.c :
important NETLOGON bug in SAMLOGON request parsing, which may be
the source of some people's problems with logging on to the Samba PDC.
password.c :
get_smbpwnam() renamed to get_smbpwd_entry().
pipes.c :
added samr and wkssvc pipes.
proto.h :
usual. can we actually _remove_ proto.h from the cvs tree, and
have it as one of the Makefile dependencies, or something?
reply.c :
get_smbpwnam() renamed to get_smbpwd_entry() - also changed response
error code when logging in from a WORKSTATION$ account. yes, paul
is right: we need to know when to return the right error code, and why.
server.c :
added call to reset_chain_pnum().
#ifdef NTDOMAIN added call to init_lsa_policy_hnd() #endif. jeremy,
you'd be proud: i did a compile without NTDOMAIN, and caught a link
error for this function.
smb.h :
defines and structures for samr and wkssvc pipes.
smbpass.c :
modified get_smbpwnam() to get_smbpwd_entry() and it now takes
two arguments. one for the name; if this is null, it looks up
by smb_userid instead.
oh, by the way, smb_userids are actually domain relative ids
(RIDs). concatenate a RID with the domain SID, and you have
an internet globally unique way of identifying a user.
we're using RIDs in the wrong way....
added mod_smbpwnam() function. this was based on code in smbpasswd.c
rpc_pipes/lsaparse.c :
added enum trusted domain parsing. this is incomplete: i need
a packet trace to write it properly.
rpc_pipes/pipe_hnd.c :
added reset_chain_pnum() function.
rpc_pipes/pipenetlog.c :
get_smbpwnam() function renamed to get_smbpwd_entry().
arcfour() issues.
removed capability of get_md4pw() function to automatically add
workstation accounts. this should either be done using
smbpasswd -add MACHINE$, or by using \PIPE\samr.
rpc_pipes/pipe_util.c :
create_pol_hnd() - creates a unique LSA Policy Handle. overkill
function: uses a 64 bit sequence number; current unix time and
the smbd pid.
rpc_pipes/smbparse.c :
arcfour() issues.
smb_io_unistr2() should advance by uni_str_len not uni_max_len.
smb_io_smb_hdr_rb() - request bind uses uint16 for the context
id, and uint8 for the num_syntaxes. oops, i put these both as
uint32s.
Added Files:
------------
rpc_pipes/lsa_hnd.c :
on the samr pipe, allocate and associate an LSA Policy Handle
with a SID. you receive queries with the LSA Policy Handle,
and have to turn this back into a SID in order to answer the
query...
rpc_pipes/pipesamr.c rpc_pipes/samrparse.c
\PIPE\samr processing. samr i presume is the SAM Replication pipe.
rpc_pipes/pipewkssvc.c rpc_pipes/wksparse.c
\PIPE\wkssvc processing. the Workstation Service pipe?
holy cow.
(This used to be commit 1bd084b3e690eb26a1006d616075e53d711ecd2f)
1997-11-07 02:03:58 +03:00
/*************************************************************************
1998-04-14 04:41:59 +04:00
Routine to return the next entry in the smbpasswd list .
1998-05-07 22:19:05 +04:00
do not call this function directly . use passdb . c instead .
following a cvs error, i am rewriting this monster-commit. with bad grace.
Modified Files:
---------------
Makefile:
adding extra files
ipc.c :
send_trans_reply() - alignment issue. this makes the alignment
the same as that in NT. this should be looked at by people who
understand the SMB stuff better than i.
api_fd_commands[] - added samr and wkssvc pipes.
loadparm.c :
lp_domain_controller() changed to mean "samba is a domain controller".
it's a "yes/no" parameter, now. no, it isn't used _anywhere_.
namedbwork.c nameelect.c :
if "domain controller = yes" then add SV_TYPE_DOMAIN_CTRL to the
host _and_ workgroup announcements. yes, you must do both: nt does.
namelogon.c :
important NETLOGON bug in SAMLOGON request parsing, which may be
the source of some people's problems with logging on to the Samba PDC.
password.c :
get_smbpwnam() renamed to get_smbpwd_entry().
pipes.c :
added samr and wkssvc pipes.
proto.h :
usual. can we actually _remove_ proto.h from the cvs tree, and
have it as one of the Makefile dependencies, or something?
reply.c :
get_smbpwnam() renamed to get_smbpwd_entry() - also changed response
error code when logging in from a WORKSTATION$ account. yes, paul
is right: we need to know when to return the right error code, and why.
server.c :
added call to reset_chain_pnum().
#ifdef NTDOMAIN added call to init_lsa_policy_hnd() #endif. jeremy,
you'd be proud: i did a compile without NTDOMAIN, and caught a link
error for this function.
smb.h :
defines and structures for samr and wkssvc pipes.
smbpass.c :
modified get_smbpwnam() to get_smbpwd_entry() and it now takes
two arguments. one for the name; if this is null, it looks up
by smb_userid instead.
oh, by the way, smb_userids are actually domain relative ids
(RIDs). concatenate a RID with the domain SID, and you have
an internet globally unique way of identifying a user.
we're using RIDs in the wrong way....
added mod_smbpwnam() function. this was based on code in smbpasswd.c
rpc_pipes/lsaparse.c :
added enum trusted domain parsing. this is incomplete: i need
a packet trace to write it properly.
rpc_pipes/pipe_hnd.c :
added reset_chain_pnum() function.
rpc_pipes/pipenetlog.c :
get_smbpwnam() function renamed to get_smbpwd_entry().
arcfour() issues.
removed capability of get_md4pw() function to automatically add
workstation accounts. this should either be done using
smbpasswd -add MACHINE$, or by using \PIPE\samr.
rpc_pipes/pipe_util.c :
create_pol_hnd() - creates a unique LSA Policy Handle. overkill
function: uses a 64 bit sequence number; current unix time and
the smbd pid.
rpc_pipes/smbparse.c :
arcfour() issues.
smb_io_unistr2() should advance by uni_str_len not uni_max_len.
smb_io_smb_hdr_rb() - request bind uses uint16 for the context
id, and uint8 for the num_syntaxes. oops, i put these both as
uint32s.
Added Files:
------------
rpc_pipes/lsa_hnd.c :
on the samr pipe, allocate and associate an LSA Policy Handle
with a SID. you receive queries with the LSA Policy Handle,
and have to turn this back into a SID in order to answer the
query...
rpc_pipes/pipesamr.c rpc_pipes/samrparse.c
\PIPE\samr processing. samr i presume is the SAM Replication pipe.
rpc_pipes/pipewkssvc.c rpc_pipes/wksparse.c
\PIPE\wkssvc processing. the Workstation Service pipe?
holy cow.
(This used to be commit 1bd084b3e690eb26a1006d616075e53d711ecd2f)
1997-11-07 02:03:58 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1998-04-14 04:41:59 +04:00
struct smb_passwd * getsmbpwent ( void * vp )
1996-05-04 11:50:46 +04:00
{
1998-03-12 00:11:04 +03:00
/* Static buffers we will return. */
static struct smb_passwd pw_buf ;
static pstring user_name ;
static unsigned char smbpwd [ 16 ] ;
static unsigned char smbntpwd [ 16 ] ;
1998-04-14 04:41:59 +04:00
FILE * fp = ( FILE * ) vp ;
1998-03-12 00:11:04 +03:00
char linebuf [ 256 ] ;
unsigned char c ;
unsigned char * p ;
long uidval ;
long linebuf_len ;
if ( fp = = NULL ) {
DEBUG ( 0 , ( " getsmbpwent: Bad password file pointer. \n " ) ) ;
return NULL ;
}
1998-03-25 00:04:36 +03:00
pw_buf . acct_ctrl = ACB_NORMAL ;
1998-05-08 15:31:55 +04:00
pw_buf . pass_last_set_time = ( time_t ) - 1 ;
1998-03-25 00:04:36 +03:00
1998-03-12 00:11:04 +03:00
/*
* Scan the file , a line at a time and check if the name matches .
*/
while ( ! feof ( fp ) ) {
linebuf [ 0 ] = ' \0 ' ;
fgets ( linebuf , 256 , fp ) ;
if ( ferror ( fp ) ) {
return NULL ;
}
/*
* Check if the string is terminated with a newline - if not
* then we must keep reading and discard until we get one .
*/
linebuf_len = strlen ( linebuf ) ;
if ( linebuf [ linebuf_len - 1 ] ! = ' \n ' ) {
c = ' \0 ' ;
while ( ! ferror ( fp ) & & ! feof ( fp ) ) {
c = fgetc ( fp ) ;
if ( c = = ' \n ' )
break ;
}
} else
linebuf [ linebuf_len - 1 ] = ' \0 ' ;
1996-05-04 11:50:46 +04:00
# ifdef DEBUG_PASSWORD
1998-03-12 00:11:04 +03:00
DEBUG ( 100 , ( " getsmbpwent: got line |%s| \n " , linebuf ) ) ;
1996-05-04 11:50:46 +04:00
# endif
1998-03-12 00:11:04 +03:00
if ( ( linebuf [ 0 ] = = 0 ) & & feof ( fp ) ) {
DEBUG ( 4 , ( " getsmbpwent: end of file reached \n " ) ) ;
break ;
}
/*
* The line we have should be of the form : -
*
1998-04-16 00:00:41 +04:00
* username : uid : 32 hex bytes : [ Account type ] : LCT - 12345678. . . . other flags presently
1998-03-12 00:11:04 +03:00
* ignored . . . .
*
* or ,
*
1998-04-16 00:00:41 +04:00
* username : uid : 32 hex bytes : 32 hex bytes : [ Account type ] : LCT - 12345678. . . . ignored . . . .
1998-03-12 00:11:04 +03:00
*
* if Windows NT compatible passwords are also present .
1998-04-16 00:00:41 +04:00
* [ Account type ] is an ascii encoding of the type of account .
* LCT - ( 8 hex digits ) is the time_t value of the last change time .
1998-03-12 00:11:04 +03:00
*/
if ( linebuf [ 0 ] = = ' # ' | | linebuf [ 0 ] = = ' \0 ' ) {
DEBUG ( 6 , ( " getsmbpwent: skipping comment or blank line \n " ) ) ;
continue ;
}
p = ( unsigned char * ) strchr ( linebuf , ' : ' ) ;
if ( p = = NULL ) {
DEBUG ( 0 , ( " getsmbpwent: malformed password entry (no :) \n " ) ) ;
continue ;
}
/*
* As 256 is shorter than a pstring we don ' t need to check
* length here - if this ever changes . . . .
*/
strncpy ( user_name , linebuf , PTR_DIFF ( p , linebuf ) ) ;
user_name [ PTR_DIFF ( p , linebuf ) ] = ' \0 ' ;
/* Get smb uid. */
p + + ; /* Go past ':' */
if ( ! isdigit ( * p ) ) {
DEBUG ( 0 , ( " getsmbpwent: malformed password entry (uid not number) \n " ) ) ;
continue ;
}
uidval = atoi ( ( char * ) p ) ;
while ( * p & & isdigit ( * p ) )
p + + ;
if ( * p ! = ' : ' ) {
DEBUG ( 0 , ( " getsmbpwent: malformed password entry (no : after uid) \n " ) ) ;
continue ;
}
pw_buf . smb_name = user_name ;
pw_buf . smb_userid = uidval ;
/*
* Now get the password value - this should be 32 hex digits
* which are the ascii representations of a 16 byte string .
* Get two at a time and put them into the password .
*/
/* Skip the ':' */
p + + ;
if ( * p = = ' * ' | | * p = = ' X ' ) {
/* Password deliberately invalid - end here. */
DEBUG ( 10 , ( " getsmbpwent: entry invalidated for user %s \n " , user_name ) ) ;
pw_buf . smb_nt_passwd = NULL ;
pw_buf . smb_passwd = NULL ;
pw_buf . acct_ctrl | = ACB_DISABLED ;
return & pw_buf ;
}
if ( linebuf_len < ( PTR_DIFF ( p , linebuf ) + 33 ) ) {
DEBUG ( 0 , ( " getsmbpwent: malformed password entry (passwd too short) \n " ) ) ;
continue ;
}
if ( p [ 32 ] ! = ' : ' ) {
DEBUG ( 0 , ( " getsmbpwent: malformed password entry (no terminating :) \n " ) ) ;
continue ;
}
if ( ! strncasecmp ( ( char * ) p , " NO PASSWORD " , 11 ) ) {
pw_buf . smb_passwd = NULL ;
pw_buf . acct_ctrl | = ACB_PWNOTREQ ;
} else {
if ( ! gethexpwd ( ( char * ) p , ( char * ) smbpwd ) ) {
DEBUG ( 0 , ( " getsmbpwent: Malformed Lanman password entry (non hex chars) \n " ) ) ;
continue ;
}
pw_buf . smb_passwd = smbpwd ;
}
/*
* Now check if the NT compatible password is
* available .
*/
pw_buf . smb_nt_passwd = NULL ;
p + = 33 ; /* Move to the first character of the line after
the lanman password . */
if ( ( linebuf_len > = ( PTR_DIFF ( p , linebuf ) + 33 ) ) & & ( p [ 32 ] = = ' : ' ) ) {
if ( * p ! = ' * ' & & * p ! = ' X ' ) {
if ( gethexpwd ( ( char * ) p , ( char * ) smbntpwd ) )
pw_buf . smb_nt_passwd = smbntpwd ;
}
p + = 33 ; /* Move to the first character of the line after
the NT password . */
}
DEBUG ( 5 , ( " getsmbpwent: returning passwd entry for user %s, uid %d \n " ,
1996-05-04 11:50:46 +04:00
user_name , uidval ) ) ;
1998-05-11 19:56:01 +04:00
if ( * p = = ' [ ' )
{
pw_buf . acct_ctrl = decode_acct_ctrl ( p ) ;
1998-03-12 00:11:04 +03:00
/* Must have some account type set. */
if ( pw_buf . acct_ctrl = = 0 )
pw_buf . acct_ctrl = ACB_NORMAL ;
1998-04-16 00:00:41 +04:00
/* Now try and get the last change time. */
if ( * p = = ' ] ' )
p + + ;
if ( * p = = ' : ' ) {
p + + ;
1998-05-11 10:38:36 +04:00
if ( * p & & StrnCaseCmp ( ( char * ) p , " LCT- " , 4 ) ) {
1998-04-16 00:00:41 +04:00
int i ;
p + = 4 ;
for ( i = 0 ; i < 8 ; i + + ) {
if ( p [ i ] = = ' \0 ' | | ! isxdigit ( p [ i ] ) )
break ;
}
if ( i = = 8 ) {
/*
* p points at 8 characters of hex digits -
* read into a time_t as the seconds since
* 1970 that the password was last changed .
*/
1998-05-11 10:38:36 +04:00
pw_buf . pass_last_set_time = ( time_t ) strtol ( ( char * ) p , NULL , 16 ) ;
1998-04-16 00:00:41 +04:00
}
}
}
1998-03-12 00:11:04 +03:00
} else {
/* 'Old' style file. Fake up based on user name. */
/*
1998-05-11 19:56:01 +04:00
* Currently trust accounts are kept in the same
1998-03-12 00:11:04 +03:00
* password file as ' normal accounts ' . If this changes
* we will have to fix this code . JRA .
*/
1998-03-25 00:04:36 +03:00
if ( pw_buf . smb_name [ strlen ( pw_buf . smb_name ) - 1 ] = = ' $ ' ) {
pw_buf . acct_ctrl & = ~ ACB_NORMAL ;
1998-03-31 05:39:46 +04:00
pw_buf . acct_ctrl | = ACB_WSTRUST ;
1998-03-25 00:04:36 +03:00
}
1998-03-12 00:11:04 +03:00
}
return & pw_buf ;
}
DEBUG ( 5 , ( " getsmbpwent: end of file reached. \n " ) ) ;
return NULL ;
1996-05-04 11:50:46 +04:00
}
following a cvs error, i am rewriting this monster-commit. with bad grace.
Modified Files:
---------------
Makefile:
adding extra files
ipc.c :
send_trans_reply() - alignment issue. this makes the alignment
the same as that in NT. this should be looked at by people who
understand the SMB stuff better than i.
api_fd_commands[] - added samr and wkssvc pipes.
loadparm.c :
lp_domain_controller() changed to mean "samba is a domain controller".
it's a "yes/no" parameter, now. no, it isn't used _anywhere_.
namedbwork.c nameelect.c :
if "domain controller = yes" then add SV_TYPE_DOMAIN_CTRL to the
host _and_ workgroup announcements. yes, you must do both: nt does.
namelogon.c :
important NETLOGON bug in SAMLOGON request parsing, which may be
the source of some people's problems with logging on to the Samba PDC.
password.c :
get_smbpwnam() renamed to get_smbpwd_entry().
pipes.c :
added samr and wkssvc pipes.
proto.h :
usual. can we actually _remove_ proto.h from the cvs tree, and
have it as one of the Makefile dependencies, or something?
reply.c :
get_smbpwnam() renamed to get_smbpwd_entry() - also changed response
error code when logging in from a WORKSTATION$ account. yes, paul
is right: we need to know when to return the right error code, and why.
server.c :
added call to reset_chain_pnum().
#ifdef NTDOMAIN added call to init_lsa_policy_hnd() #endif. jeremy,
you'd be proud: i did a compile without NTDOMAIN, and caught a link
error for this function.
smb.h :
defines and structures for samr and wkssvc pipes.
smbpass.c :
modified get_smbpwnam() to get_smbpwd_entry() and it now takes
two arguments. one for the name; if this is null, it looks up
by smb_userid instead.
oh, by the way, smb_userids are actually domain relative ids
(RIDs). concatenate a RID with the domain SID, and you have
an internet globally unique way of identifying a user.
we're using RIDs in the wrong way....
added mod_smbpwnam() function. this was based on code in smbpasswd.c
rpc_pipes/lsaparse.c :
added enum trusted domain parsing. this is incomplete: i need
a packet trace to write it properly.
rpc_pipes/pipe_hnd.c :
added reset_chain_pnum() function.
rpc_pipes/pipenetlog.c :
get_smbpwnam() function renamed to get_smbpwd_entry().
arcfour() issues.
removed capability of get_md4pw() function to automatically add
workstation accounts. this should either be done using
smbpasswd -add MACHINE$, or by using \PIPE\samr.
rpc_pipes/pipe_util.c :
create_pol_hnd() - creates a unique LSA Policy Handle. overkill
function: uses a 64 bit sequence number; current unix time and
the smbd pid.
rpc_pipes/smbparse.c :
arcfour() issues.
smb_io_unistr2() should advance by uni_str_len not uni_max_len.
smb_io_smb_hdr_rb() - request bind uses uint16 for the context
id, and uint8 for the num_syntaxes. oops, i put these both as
uint32s.
Added Files:
------------
rpc_pipes/lsa_hnd.c :
on the samr pipe, allocate and associate an LSA Policy Handle
with a SID. you receive queries with the LSA Policy Handle,
and have to turn this back into a SID in order to answer the
query...
rpc_pipes/pipesamr.c rpc_pipes/samrparse.c
\PIPE\samr processing. samr i presume is the SAM Replication pipe.
rpc_pipes/pipewkssvc.c rpc_pipes/wksparse.c
\PIPE\wkssvc processing. the Workstation Service pipe?
holy cow.
(This used to be commit 1bd084b3e690eb26a1006d616075e53d711ecd2f)
1997-11-07 02:03:58 +03:00
1998-04-14 04:41:59 +04:00
/*************************************************************************
Return the current position in the smbpasswd list as an unsigned long .
This must be treated as an opaque token .
1998-05-07 22:19:05 +04:00
do not call this function directly . use passdb . c instead .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1998-04-14 04:41:59 +04:00
unsigned long getsmbpwpos ( void * vp )
{
return ( unsigned long ) ftell ( ( FILE * ) vp ) ;
}
/*************************************************************************
Set the current position in the smbpasswd list from unsigned long .
This must be treated as an opaque token .
1998-05-07 22:19:05 +04:00
do not call this function directly . use passdb . c instead .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1998-04-14 04:41:59 +04:00
BOOL setsmbpwpos ( void * vp , unsigned long tok )
{
return ! fseek ( ( FILE * ) vp , tok , SEEK_SET ) ;
}
1998-03-12 00:11:04 +03:00
/************************************************************************
Routine to add an entry to the smbpasswd file .
1998-05-07 22:19:05 +04:00
do not call this function directly . use passdb . c instead .
1998-03-12 00:11:04 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
BOOL add_smbpwd_entry ( struct smb_passwd * newpwd )
{
char * pfile = lp_smb_passwd_file ( ) ;
struct smb_passwd * pwd = NULL ;
FILE * fp = NULL ;
int i ;
int wr_len ;
int fd ;
int new_entry_length ;
char * new_entry ;
long offpos ;
unsigned char * p ;
/* Open the smbpassword file - for update. */
fp = startsmbpwent ( True ) ;
if ( fp = = NULL ) {
DEBUG ( 0 , ( " add_smbpwd_entry: unable to open file. \n " ) ) ;
return False ;
}
/*
* Scan the file , a line at a time and check if the name matches .
*/
while ( ( pwd = getsmbpwent ( fp ) ) ! = NULL ) {
if ( strequal ( newpwd - > smb_name , pwd - > smb_name ) ) {
DEBUG ( 0 , ( " add_smbpwd_entry: entry with name %s already exists \n " , pwd - > smb_name ) ) ;
endsmbpwent ( fp ) ;
return False ;
}
}
/* Ok - entry doesn't exist. We can add it */
/* Create a new smb passwd entry and set it to the given password. */
/*
* The add user write needs to be atomic - so get the fd from
* the fp and do a raw write ( ) call .
*/
fd = fileno ( fp ) ;
if ( ( offpos = lseek ( fd , 0 , SEEK_END ) ) = = - 1 ) {
DEBUG ( 0 , ( " add_smbpwd_entry(lseek): Failed to add entry for user %s to file %s. \
1998-04-18 06:00:39 +04:00
Error was % s \ n " , newpwd->smb_name, pfile, strerror(errno)));
1998-03-12 00:11:04 +03:00
endsmbpwent ( fp ) ;
return False ;
}
1997-11-02 22:27:26 +03:00
1998-04-18 06:00:39 +04:00
new_entry_length = strlen ( newpwd - > smb_name ) + 1 + 15 + 1 + 32 + 1 + 32 + 1 + 5 + 1 + 13 + 2 ;
1997-11-02 22:27:26 +03:00
1998-03-12 00:11:04 +03:00
if ( ( new_entry = ( char * ) malloc ( new_entry_length ) ) = = NULL ) {
DEBUG ( 0 , ( " add_smbpwd_entry(malloc): Failed to add entry for user %s to file %s. \
1998-04-18 06:00:39 +04:00
Error was % s \ n " , newpwd->smb_name, pfile, strerror(errno)));
1998-03-12 00:11:04 +03:00
endsmbpwent ( fp ) ;
return False ;
}
1997-11-02 22:27:26 +03:00
1998-04-18 06:00:39 +04:00
sprintf ( new_entry , " %s:%u: " , newpwd - > smb_name , ( unsigned ) newpwd - > smb_userid ) ;
1998-03-12 00:11:04 +03:00
p = ( unsigned char * ) & new_entry [ strlen ( new_entry ) ] ;
1997-11-02 22:27:26 +03:00
1998-04-18 06:00:39 +04:00
if ( newpwd - > smb_passwd ! = NULL ) {
for ( i = 0 ; i < 16 ; i + + ) {
sprintf ( ( char * ) & p [ i * 2 ] , " %02X " , newpwd - > smb_passwd [ i ] ) ;
}
} else {
1998-05-06 21:43:44 +04:00
i = 0 ;
1998-04-18 06:00:39 +04:00
if ( newpwd - > acct_ctrl & ACB_PWNOTREQ )
1998-05-11 10:38:36 +04:00
sprintf ( ( char * ) p , " NO PASSWORDXXXXXXXXXXXXXXXXXXXXX " ) ;
1998-04-18 06:00:39 +04:00
else
1998-05-11 10:38:36 +04:00
sprintf ( ( char * ) p , " XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX " ) ;
1998-03-12 00:11:04 +03:00
}
1998-04-18 06:00:39 +04:00
1998-03-12 00:11:04 +03:00
p + = 32 ;
1997-11-02 22:27:26 +03:00
1998-03-12 00:11:04 +03:00
* p + + = ' : ' ;
1997-11-02 22:27:26 +03:00
1998-04-18 06:00:39 +04:00
if ( newpwd - > smb_nt_passwd ! = NULL ) {
for ( i = 0 ; i < 16 ; i + + ) {
sprintf ( ( char * ) & p [ i * 2 ] , " %02X " , newpwd - > smb_nt_passwd [ i ] ) ;
}
} else {
if ( newpwd - > acct_ctrl & ACB_PWNOTREQ )
1998-05-11 10:38:36 +04:00
sprintf ( ( char * ) p , " NO PASSWORDXXXXXXXXXXXXXXXXXXXXX " ) ;
1998-04-18 06:00:39 +04:00
else
1998-05-11 10:38:36 +04:00
sprintf ( ( char * ) p , " XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX " ) ;
1998-03-12 00:11:04 +03:00
}
1998-04-18 06:00:39 +04:00
1998-03-12 00:11:04 +03:00
p + = 32 ;
1997-11-02 22:27:26 +03:00
1998-03-12 00:11:04 +03:00
* p + + = ' : ' ;
1998-04-16 00:00:41 +04:00
/* Add the account encoding and the last change time. */
1998-04-18 06:00:39 +04:00
sprintf ( ( char * ) p , " %s:LCT-%08X: \n " , encode_acct_ctrl ( newpwd - > acct_ctrl ) ,
1998-04-16 00:00:41 +04:00
( uint32 ) time ( NULL ) ) ;
1997-11-02 22:27:26 +03:00
# ifdef DEBUG_PASSWORD
1998-04-16 00:00:41 +04:00
DEBUG ( 100 , ( " add_smbpwd_entry(%d): new_entry_len %d entry_len %d made line |%s| " ,
1997-11-02 22:27:26 +03:00
fd , new_entry_length , strlen ( new_entry ) , new_entry ) ) ;
# endif
1998-03-12 00:11:04 +03:00
if ( ( wr_len = write ( fd , new_entry , strlen ( new_entry ) ) ) ! = strlen ( new_entry ) ) {
DEBUG ( 0 , ( " add_smbpwd_entry(write): %d Failed to add entry for user %s to file %s. \
1998-04-18 06:00:39 +04:00
Error was % s \ n " , wr_len, newpwd->smb_name, pfile, strerror(errno)));
1997-11-02 22:27:26 +03:00
1998-03-12 00:11:04 +03:00
/* Remove the entry we just wrote. */
if ( ftruncate ( fd , offpos ) = = - 1 ) {
DEBUG ( 0 , ( " add_smbpwd_entry: ERROR failed to ftruncate file %s. \
1997-11-02 22:27:26 +03:00
Error was % s . Password file may be corrupt ! Please examine by hand ! \ n " ,
1998-04-18 06:00:39 +04:00
newpwd - > smb_name , strerror ( errno ) ) ) ;
1998-03-12 00:11:04 +03:00
}
1997-11-02 22:27:26 +03:00
1998-03-12 00:11:04 +03:00
endsmbpwent ( fp ) ;
return False ;
}
1997-11-02 22:27:26 +03:00
1998-03-12 00:11:04 +03:00
endsmbpwent ( fp ) ;
return True ;
1997-11-02 22:27:26 +03:00
}
1998-03-12 00:11:04 +03:00
/************************************************************************
Routine to search the smbpasswd file for an entry matching the username .
and then modify its password entry . We can ' t use the startsmbpwent ( ) /
getsmbpwent ( ) / endsmbpwent ( ) interfaces here as we depend on looking
in the actual file to decide how much room we have to write data .
1998-04-30 05:39:22 +04:00
override = False , normal
override = True , override XXXXXXXX ' d out password or NO PASS
1998-05-07 22:19:05 +04:00
do not call this function directly . use passdb . c instead .
1998-03-12 00:11:04 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1998-04-30 05:39:22 +04:00
BOOL mod_smbpwd_entry ( struct smb_passwd * pwd , BOOL override )
following a cvs error, i am rewriting this monster-commit. with bad grace.
Modified Files:
---------------
Makefile:
adding extra files
ipc.c :
send_trans_reply() - alignment issue. this makes the alignment
the same as that in NT. this should be looked at by people who
understand the SMB stuff better than i.
api_fd_commands[] - added samr and wkssvc pipes.
loadparm.c :
lp_domain_controller() changed to mean "samba is a domain controller".
it's a "yes/no" parameter, now. no, it isn't used _anywhere_.
namedbwork.c nameelect.c :
if "domain controller = yes" then add SV_TYPE_DOMAIN_CTRL to the
host _and_ workgroup announcements. yes, you must do both: nt does.
namelogon.c :
important NETLOGON bug in SAMLOGON request parsing, which may be
the source of some people's problems with logging on to the Samba PDC.
password.c :
get_smbpwnam() renamed to get_smbpwd_entry().
pipes.c :
added samr and wkssvc pipes.
proto.h :
usual. can we actually _remove_ proto.h from the cvs tree, and
have it as one of the Makefile dependencies, or something?
reply.c :
get_smbpwnam() renamed to get_smbpwd_entry() - also changed response
error code when logging in from a WORKSTATION$ account. yes, paul
is right: we need to know when to return the right error code, and why.
server.c :
added call to reset_chain_pnum().
#ifdef NTDOMAIN added call to init_lsa_policy_hnd() #endif. jeremy,
you'd be proud: i did a compile without NTDOMAIN, and caught a link
error for this function.
smb.h :
defines and structures for samr and wkssvc pipes.
smbpass.c :
modified get_smbpwnam() to get_smbpwd_entry() and it now takes
two arguments. one for the name; if this is null, it looks up
by smb_userid instead.
oh, by the way, smb_userids are actually domain relative ids
(RIDs). concatenate a RID with the domain SID, and you have
an internet globally unique way of identifying a user.
we're using RIDs in the wrong way....
added mod_smbpwnam() function. this was based on code in smbpasswd.c
rpc_pipes/lsaparse.c :
added enum trusted domain parsing. this is incomplete: i need
a packet trace to write it properly.
rpc_pipes/pipe_hnd.c :
added reset_chain_pnum() function.
rpc_pipes/pipenetlog.c :
get_smbpwnam() function renamed to get_smbpwd_entry().
arcfour() issues.
removed capability of get_md4pw() function to automatically add
workstation accounts. this should either be done using
smbpasswd -add MACHINE$, or by using \PIPE\samr.
rpc_pipes/pipe_util.c :
create_pol_hnd() - creates a unique LSA Policy Handle. overkill
function: uses a 64 bit sequence number; current unix time and
the smbd pid.
rpc_pipes/smbparse.c :
arcfour() issues.
smb_io_unistr2() should advance by uni_str_len not uni_max_len.
smb_io_smb_hdr_rb() - request bind uses uint16 for the context
id, and uint8 for the num_syntaxes. oops, i put these both as
uint32s.
Added Files:
------------
rpc_pipes/lsa_hnd.c :
on the samr pipe, allocate and associate an LSA Policy Handle
with a SID. you receive queries with the LSA Policy Handle,
and have to turn this back into a SID in order to answer the
query...
rpc_pipes/pipesamr.c rpc_pipes/samrparse.c
\PIPE\samr processing. samr i presume is the SAM Replication pipe.
rpc_pipes/pipewkssvc.c rpc_pipes/wksparse.c
\PIPE\wkssvc processing. the Workstation Service pipe?
holy cow.
(This used to be commit 1bd084b3e690eb26a1006d616075e53d711ecd2f)
1997-11-07 02:03:58 +03:00
{
1998-03-12 00:11:04 +03:00
/* Static buffers we will return. */
static pstring user_name ;
char linebuf [ 256 ] ;
char readbuf [ 16 * 1024 ] ;
unsigned char c ;
1998-04-16 00:00:41 +04:00
fstring ascii_p16 ;
fstring encode_bits ;
1998-03-12 00:11:04 +03:00
unsigned char * p = NULL ;
long linebuf_len = 0 ;
FILE * fp ;
int lockfd ;
char * pfile = lp_smb_passwd_file ( ) ;
BOOL found_entry = False ;
1998-05-08 15:31:55 +04:00
BOOL got_pass_last_set_time = False ;
1998-03-12 00:11:04 +03:00
long pwd_seekpos = 0 ;
int i ;
int wr_len ;
int fd ;
if ( ! * pfile ) {
DEBUG ( 0 , ( " No SMB password file set \n " ) ) ;
return False ;
}
DEBUG ( 10 , ( " mod_smbpwd_entry: opening file %s \n " , pfile ) ) ;
fp = fopen ( pfile , " r+ " ) ;
if ( fp = = NULL ) {
DEBUG ( 0 , ( " mod_smbpwd_entry: unable to open file %s \n " , pfile ) ) ;
return False ;
}
/* Set a 16k buffer to do more efficient reads */
setvbuf ( fp , readbuf , _IOFBF , sizeof ( readbuf ) ) ;
1998-04-23 22:54:57 +04:00
lockfd = fileno ( fp ) ;
1998-04-30 02:27:26 +04:00
if ( ! pw_file_lock ( lockfd , F_WRLCK , 5 , & pw_file_lock_depth ) ) {
1998-03-12 00:11:04 +03:00
DEBUG ( 0 , ( " mod_smbpwd_entry: unable to lock file %s \n " , pfile ) ) ;
fclose ( fp ) ;
return False ;
}
/* Make sure it is only rw by the owner */
chmod ( pfile , 0600 ) ;
/* We have a write lock on the file. */
/*
* Scan the file , a line at a time and check if the name matches .
*/
while ( ! feof ( fp ) ) {
pwd_seekpos = ftell ( fp ) ;
linebuf [ 0 ] = ' \0 ' ;
1998-04-23 22:54:57 +04:00
fgets ( linebuf , sizeof ( linebuf ) , fp ) ;
1998-03-12 00:11:04 +03:00
if ( ferror ( fp ) ) {
1998-04-23 22:54:57 +04:00
pw_file_unlock ( lockfd , & pw_file_lock_depth ) ;
1998-03-12 00:11:04 +03:00
fclose ( fp ) ;
return False ;
}
/*
* Check if the string is terminated with a newline - if not
* then we must keep reading and discard until we get one .
*/
linebuf_len = strlen ( linebuf ) ;
if ( linebuf [ linebuf_len - 1 ] ! = ' \n ' ) {
c = ' \0 ' ;
while ( ! ferror ( fp ) & & ! feof ( fp ) ) {
c = fgetc ( fp ) ;
if ( c = = ' \n ' ) {
break ;
}
}
} else {
linebuf [ linebuf_len - 1 ] = ' \0 ' ;
}
following a cvs error, i am rewriting this monster-commit. with bad grace.
Modified Files:
---------------
Makefile:
adding extra files
ipc.c :
send_trans_reply() - alignment issue. this makes the alignment
the same as that in NT. this should be looked at by people who
understand the SMB stuff better than i.
api_fd_commands[] - added samr and wkssvc pipes.
loadparm.c :
lp_domain_controller() changed to mean "samba is a domain controller".
it's a "yes/no" parameter, now. no, it isn't used _anywhere_.
namedbwork.c nameelect.c :
if "domain controller = yes" then add SV_TYPE_DOMAIN_CTRL to the
host _and_ workgroup announcements. yes, you must do both: nt does.
namelogon.c :
important NETLOGON bug in SAMLOGON request parsing, which may be
the source of some people's problems with logging on to the Samba PDC.
password.c :
get_smbpwnam() renamed to get_smbpwd_entry().
pipes.c :
added samr and wkssvc pipes.
proto.h :
usual. can we actually _remove_ proto.h from the cvs tree, and
have it as one of the Makefile dependencies, or something?
reply.c :
get_smbpwnam() renamed to get_smbpwd_entry() - also changed response
error code when logging in from a WORKSTATION$ account. yes, paul
is right: we need to know when to return the right error code, and why.
server.c :
added call to reset_chain_pnum().
#ifdef NTDOMAIN added call to init_lsa_policy_hnd() #endif. jeremy,
you'd be proud: i did a compile without NTDOMAIN, and caught a link
error for this function.
smb.h :
defines and structures for samr and wkssvc pipes.
smbpass.c :
modified get_smbpwnam() to get_smbpwd_entry() and it now takes
two arguments. one for the name; if this is null, it looks up
by smb_userid instead.
oh, by the way, smb_userids are actually domain relative ids
(RIDs). concatenate a RID with the domain SID, and you have
an internet globally unique way of identifying a user.
we're using RIDs in the wrong way....
added mod_smbpwnam() function. this was based on code in smbpasswd.c
rpc_pipes/lsaparse.c :
added enum trusted domain parsing. this is incomplete: i need
a packet trace to write it properly.
rpc_pipes/pipe_hnd.c :
added reset_chain_pnum() function.
rpc_pipes/pipenetlog.c :
get_smbpwnam() function renamed to get_smbpwd_entry().
arcfour() issues.
removed capability of get_md4pw() function to automatically add
workstation accounts. this should either be done using
smbpasswd -add MACHINE$, or by using \PIPE\samr.
rpc_pipes/pipe_util.c :
create_pol_hnd() - creates a unique LSA Policy Handle. overkill
function: uses a 64 bit sequence number; current unix time and
the smbd pid.
rpc_pipes/smbparse.c :
arcfour() issues.
smb_io_unistr2() should advance by uni_str_len not uni_max_len.
smb_io_smb_hdr_rb() - request bind uses uint16 for the context
id, and uint8 for the num_syntaxes. oops, i put these both as
uint32s.
Added Files:
------------
rpc_pipes/lsa_hnd.c :
on the samr pipe, allocate and associate an LSA Policy Handle
with a SID. you receive queries with the LSA Policy Handle,
and have to turn this back into a SID in order to answer the
query...
rpc_pipes/pipesamr.c rpc_pipes/samrparse.c
\PIPE\samr processing. samr i presume is the SAM Replication pipe.
rpc_pipes/pipewkssvc.c rpc_pipes/wksparse.c
\PIPE\wkssvc processing. the Workstation Service pipe?
holy cow.
(This used to be commit 1bd084b3e690eb26a1006d616075e53d711ecd2f)
1997-11-07 02:03:58 +03:00
# ifdef DEBUG_PASSWORD
1998-03-12 00:11:04 +03:00
DEBUG ( 100 , ( " mod_smbpwd_entry: got line |%s| \n " , linebuf ) ) ;
following a cvs error, i am rewriting this monster-commit. with bad grace.
Modified Files:
---------------
Makefile:
adding extra files
ipc.c :
send_trans_reply() - alignment issue. this makes the alignment
the same as that in NT. this should be looked at by people who
understand the SMB stuff better than i.
api_fd_commands[] - added samr and wkssvc pipes.
loadparm.c :
lp_domain_controller() changed to mean "samba is a domain controller".
it's a "yes/no" parameter, now. no, it isn't used _anywhere_.
namedbwork.c nameelect.c :
if "domain controller = yes" then add SV_TYPE_DOMAIN_CTRL to the
host _and_ workgroup announcements. yes, you must do both: nt does.
namelogon.c :
important NETLOGON bug in SAMLOGON request parsing, which may be
the source of some people's problems with logging on to the Samba PDC.
password.c :
get_smbpwnam() renamed to get_smbpwd_entry().
pipes.c :
added samr and wkssvc pipes.
proto.h :
usual. can we actually _remove_ proto.h from the cvs tree, and
have it as one of the Makefile dependencies, or something?
reply.c :
get_smbpwnam() renamed to get_smbpwd_entry() - also changed response
error code when logging in from a WORKSTATION$ account. yes, paul
is right: we need to know when to return the right error code, and why.
server.c :
added call to reset_chain_pnum().
#ifdef NTDOMAIN added call to init_lsa_policy_hnd() #endif. jeremy,
you'd be proud: i did a compile without NTDOMAIN, and caught a link
error for this function.
smb.h :
defines and structures for samr and wkssvc pipes.
smbpass.c :
modified get_smbpwnam() to get_smbpwd_entry() and it now takes
two arguments. one for the name; if this is null, it looks up
by smb_userid instead.
oh, by the way, smb_userids are actually domain relative ids
(RIDs). concatenate a RID with the domain SID, and you have
an internet globally unique way of identifying a user.
we're using RIDs in the wrong way....
added mod_smbpwnam() function. this was based on code in smbpasswd.c
rpc_pipes/lsaparse.c :
added enum trusted domain parsing. this is incomplete: i need
a packet trace to write it properly.
rpc_pipes/pipe_hnd.c :
added reset_chain_pnum() function.
rpc_pipes/pipenetlog.c :
get_smbpwnam() function renamed to get_smbpwd_entry().
arcfour() issues.
removed capability of get_md4pw() function to automatically add
workstation accounts. this should either be done using
smbpasswd -add MACHINE$, or by using \PIPE\samr.
rpc_pipes/pipe_util.c :
create_pol_hnd() - creates a unique LSA Policy Handle. overkill
function: uses a 64 bit sequence number; current unix time and
the smbd pid.
rpc_pipes/smbparse.c :
arcfour() issues.
smb_io_unistr2() should advance by uni_str_len not uni_max_len.
smb_io_smb_hdr_rb() - request bind uses uint16 for the context
id, and uint8 for the num_syntaxes. oops, i put these both as
uint32s.
Added Files:
------------
rpc_pipes/lsa_hnd.c :
on the samr pipe, allocate and associate an LSA Policy Handle
with a SID. you receive queries with the LSA Policy Handle,
and have to turn this back into a SID in order to answer the
query...
rpc_pipes/pipesamr.c rpc_pipes/samrparse.c
\PIPE\samr processing. samr i presume is the SAM Replication pipe.
rpc_pipes/pipewkssvc.c rpc_pipes/wksparse.c
\PIPE\wkssvc processing. the Workstation Service pipe?
holy cow.
(This used to be commit 1bd084b3e690eb26a1006d616075e53d711ecd2f)
1997-11-07 02:03:58 +03:00
# endif
1998-03-12 00:11:04 +03:00
if ( ( linebuf [ 0 ] = = 0 ) & & feof ( fp ) ) {
DEBUG ( 4 , ( " mod_smbpwd_entry: end of file reached \n " ) ) ;
break ;
}
/*
* The line we have should be of the form : -
*
* username : uid : [ 32 hex bytes ] : . . . . other flags presently
* ignored . . . .
*
* or ,
*
* username : uid : [ 32 hex bytes ] : [ 32 hex bytes ] : . . . . ignored . . . .
*
* if Windows NT compatible passwords are also present .
*/
if ( linebuf [ 0 ] = = ' # ' | | linebuf [ 0 ] = = ' \0 ' ) {
DEBUG ( 6 , ( " mod_smbpwd_entry: skipping comment or blank line \n " ) ) ;
continue ;
}
p = ( unsigned char * ) strchr ( linebuf , ' : ' ) ;
if ( p = = NULL ) {
DEBUG ( 0 , ( " mod_smbpwd_entry: malformed password entry (no :) \n " ) ) ;
continue ;
}
/*
* As 256 is shorter than a pstring we don ' t need to check
* length here - if this ever changes . . . .
*/
strncpy ( user_name , linebuf , PTR_DIFF ( p , linebuf ) ) ;
user_name [ PTR_DIFF ( p , linebuf ) ] = ' \0 ' ;
if ( strequal ( user_name , pwd - > smb_name ) ) {
found_entry = True ;
break ;
}
}
if ( ! found_entry ) return False ;
DEBUG ( 6 , ( " mod_smbpwd_entry: entry exists \n " ) ) ;
/* User name matches - get uid and password */
p + + ; /* Go past ':' */
if ( ! isdigit ( * p ) ) {
DEBUG ( 0 , ( " mod_smbpwd_entry: malformed password entry (uid not number) \n " ) ) ;
1998-04-23 22:54:57 +04:00
pw_file_unlock ( lockfd , & pw_file_lock_depth ) ;
1998-03-12 00:11:04 +03:00
fclose ( fp ) ;
return False ;
}
while ( * p & & isdigit ( * p ) )
p + + ;
if ( * p ! = ' : ' ) {
DEBUG ( 0 , ( " mod_smbpwd_entry: malformed password entry (no : after uid) \n " ) ) ;
1998-04-23 22:54:57 +04:00
pw_file_unlock ( lockfd , & pw_file_lock_depth ) ;
1998-03-12 00:11:04 +03:00
fclose ( fp ) ;
return False ;
}
/*
* Now get the password value - this should be 32 hex digits
* which are the ascii representations of a 16 byte string .
* Get two at a time and put them into the password .
*/
p + + ;
/* Record exact password position */
pwd_seekpos + = PTR_DIFF ( p , linebuf ) ;
1998-04-30 05:39:22 +04:00
if ( ! override & & ( * p = = ' * ' | | * p = = ' X ' ) ) {
1998-03-12 00:11:04 +03:00
/* Password deliberately invalid - end here. */
1998-04-30 05:39:22 +04:00
DEBUG ( 10 , ( " mod_smbpwd_entry: entry invalidated for user %s \n " , user_name ) ) ;
1998-04-23 22:54:57 +04:00
pw_file_unlock ( lockfd , & pw_file_lock_depth ) ;
1998-03-12 00:11:04 +03:00
fclose ( fp ) ;
return False ;
}
if ( linebuf_len < ( PTR_DIFF ( p , linebuf ) + 33 ) ) {
DEBUG ( 0 , ( " mod_smbpwd_entry: malformed password entry (passwd too short) \n " ) ) ;
1998-04-23 22:54:57 +04:00
pw_file_unlock ( lockfd , & pw_file_lock_depth ) ;
1998-03-12 00:11:04 +03:00
fclose ( fp ) ;
return ( False ) ;
}
if ( p [ 32 ] ! = ' : ' ) {
DEBUG ( 0 , ( " mod_smbpwd_entry: malformed password entry (no terminating :) \n " ) ) ;
1998-04-23 22:54:57 +04:00
pw_file_unlock ( lockfd , & pw_file_lock_depth ) ;
1998-03-12 00:11:04 +03:00
fclose ( fp ) ;
return False ;
}
1998-04-30 05:39:22 +04:00
if ( ! override & & ( * p = = ' * ' | | * p = = ' X ' ) ) {
1998-04-23 22:54:57 +04:00
pw_file_unlock ( lockfd , & pw_file_lock_depth ) ;
1998-03-12 00:11:04 +03:00
fclose ( fp ) ;
return False ;
}
/* Now check if the NT compatible password is
available . */
p + = 33 ; /* Move to the first character of the line after
the lanman password . */
if ( linebuf_len < ( PTR_DIFF ( p , linebuf ) + 33 ) ) {
DEBUG ( 0 , ( " mod_smbpwd_entry: malformed password entry (passwd too short) \n " ) ) ;
1998-04-23 22:54:57 +04:00
pw_file_unlock ( lockfd , & pw_file_lock_depth ) ;
1998-03-12 00:11:04 +03:00
fclose ( fp ) ;
return ( False ) ;
}
if ( p [ 32 ] ! = ' : ' ) {
DEBUG ( 0 , ( " mod_smbpwd_entry: malformed password entry (no terminating :) \n " ) ) ;
1998-04-23 22:54:57 +04:00
pw_file_unlock ( lockfd , & pw_file_lock_depth ) ;
1998-03-12 00:11:04 +03:00
fclose ( fp ) ;
return False ;
}
1998-04-16 00:00:41 +04:00
/*
* Now check if the account info and the password last
* change time is available .
*/
p + = 33 ; /* Move to the first character of the line after
the NT password . */
if ( * p = = ' [ ' ) {
i = 0 ;
p + + ;
while ( ( linebuf_len > PTR_DIFF ( p , linebuf ) ) & & ( * p ! = ' ] ' ) )
encode_bits [ i + + ] = * p + + ;
encode_bits [ i ] = ' \0 ' ;
/* Go past the ']' */
if ( linebuf_len > PTR_DIFF ( p , linebuf ) )
p + + ;
if ( ( linebuf_len > PTR_DIFF ( p , linebuf ) ) & & ( * p = = ' : ' ) ) {
p + + ;
/* We should be pointing at the TLC entry. */
1998-05-11 10:38:36 +04:00
if ( ( linebuf_len > ( PTR_DIFF ( p , linebuf ) + 13 ) ) & & StrnCaseCmp ( ( char * ) p , " LCT- " , 4 ) ) {
1998-04-16 00:00:41 +04:00
p + = 4 ;
for ( i = 0 ; i < 8 ; i + + ) {
if ( p [ i ] = = ' \0 ' | | ! isxdigit ( p [ i ] ) )
break ;
}
if ( i = = 8 ) {
/*
* p points at 8 characters of hex digits -
* read into a time_t as the seconds since
* 1970 that the password was last changed .
*/
1998-05-08 15:31:55 +04:00
got_pass_last_set_time = True ;
1998-04-16 00:00:41 +04:00
} /* i == 8 */
} /* *p && StrnCaseCmp() */
} /* p == ':' */
} /* p == '[' */
1998-03-12 00:11:04 +03:00
/* Entry is correctly formed. */
/*
* Do an atomic write into the file at the position defined by
* seekpos .
*/
/* The mod user write needs to be atomic - so get the fd from
the fp and do a raw write ( ) call .
*/
fd = fileno ( fp ) ;
if ( lseek ( fd , pwd_seekpos - 1 , SEEK_SET ) ! = pwd_seekpos - 1 ) {
DEBUG ( 0 , ( " mod_smbpwd_entry: seek fail on file %s. \n " , pfile ) ) ;
1998-04-23 22:54:57 +04:00
pw_file_unlock ( lockfd , & pw_file_lock_depth ) ;
1998-03-12 00:11:04 +03:00
fclose ( fp ) ;
return False ;
}
/* Sanity check - ensure the character is a ':' */
if ( read ( fd , & c , 1 ) ! = 1 ) {
DEBUG ( 0 , ( " mod_smbpwd_entry: read fail on file %s. \n " , pfile ) ) ;
1998-04-23 22:54:57 +04:00
pw_file_unlock ( lockfd , & pw_file_lock_depth ) ;
1998-03-12 00:11:04 +03:00
fclose ( fp ) ;
return False ;
}
if ( c ! = ' : ' ) {
DEBUG ( 0 , ( " mod_smbpwd_entry: check on passwd file %s failed. \n " , pfile ) ) ;
1998-04-23 22:54:57 +04:00
pw_file_unlock ( lockfd , & pw_file_lock_depth ) ;
1998-03-12 00:11:04 +03:00
fclose ( fp ) ;
return False ;
}
following a cvs error, i am rewriting this monster-commit. with bad grace.
Modified Files:
---------------
Makefile:
adding extra files
ipc.c :
send_trans_reply() - alignment issue. this makes the alignment
the same as that in NT. this should be looked at by people who
understand the SMB stuff better than i.
api_fd_commands[] - added samr and wkssvc pipes.
loadparm.c :
lp_domain_controller() changed to mean "samba is a domain controller".
it's a "yes/no" parameter, now. no, it isn't used _anywhere_.
namedbwork.c nameelect.c :
if "domain controller = yes" then add SV_TYPE_DOMAIN_CTRL to the
host _and_ workgroup announcements. yes, you must do both: nt does.
namelogon.c :
important NETLOGON bug in SAMLOGON request parsing, which may be
the source of some people's problems with logging on to the Samba PDC.
password.c :
get_smbpwnam() renamed to get_smbpwd_entry().
pipes.c :
added samr and wkssvc pipes.
proto.h :
usual. can we actually _remove_ proto.h from the cvs tree, and
have it as one of the Makefile dependencies, or something?
reply.c :
get_smbpwnam() renamed to get_smbpwd_entry() - also changed response
error code when logging in from a WORKSTATION$ account. yes, paul
is right: we need to know when to return the right error code, and why.
server.c :
added call to reset_chain_pnum().
#ifdef NTDOMAIN added call to init_lsa_policy_hnd() #endif. jeremy,
you'd be proud: i did a compile without NTDOMAIN, and caught a link
error for this function.
smb.h :
defines and structures for samr and wkssvc pipes.
smbpass.c :
modified get_smbpwnam() to get_smbpwd_entry() and it now takes
two arguments. one for the name; if this is null, it looks up
by smb_userid instead.
oh, by the way, smb_userids are actually domain relative ids
(RIDs). concatenate a RID with the domain SID, and you have
an internet globally unique way of identifying a user.
we're using RIDs in the wrong way....
added mod_smbpwnam() function. this was based on code in smbpasswd.c
rpc_pipes/lsaparse.c :
added enum trusted domain parsing. this is incomplete: i need
a packet trace to write it properly.
rpc_pipes/pipe_hnd.c :
added reset_chain_pnum() function.
rpc_pipes/pipenetlog.c :
get_smbpwnam() function renamed to get_smbpwd_entry().
arcfour() issues.
removed capability of get_md4pw() function to automatically add
workstation accounts. this should either be done using
smbpasswd -add MACHINE$, or by using \PIPE\samr.
rpc_pipes/pipe_util.c :
create_pol_hnd() - creates a unique LSA Policy Handle. overkill
function: uses a 64 bit sequence number; current unix time and
the smbd pid.
rpc_pipes/smbparse.c :
arcfour() issues.
smb_io_unistr2() should advance by uni_str_len not uni_max_len.
smb_io_smb_hdr_rb() - request bind uses uint16 for the context
id, and uint8 for the num_syntaxes. oops, i put these both as
uint32s.
Added Files:
------------
rpc_pipes/lsa_hnd.c :
on the samr pipe, allocate and associate an LSA Policy Handle
with a SID. you receive queries with the LSA Policy Handle,
and have to turn this back into a SID in order to answer the
query...
rpc_pipes/pipesamr.c rpc_pipes/samrparse.c
\PIPE\samr processing. samr i presume is the SAM Replication pipe.
rpc_pipes/pipewkssvc.c rpc_pipes/wksparse.c
\PIPE\wkssvc processing. the Workstation Service pipe?
holy cow.
(This used to be commit 1bd084b3e690eb26a1006d616075e53d711ecd2f)
1997-11-07 02:03:58 +03:00
1998-03-12 00:11:04 +03:00
/* Create the 32 byte representation of the new p16 */
1998-04-18 06:00:39 +04:00
if ( pwd - > smb_passwd ! = NULL ) {
for ( i = 0 ; i < 16 ; i + + ) {
sprintf ( & ascii_p16 [ i * 2 ] , " %02X " , ( uchar ) pwd - > smb_passwd [ i ] ) ;
}
} else {
if ( pwd - > acct_ctrl & ACB_PWNOTREQ )
sprintf ( ascii_p16 , " NO PASSWORDXXXXXXXXXXXXXXXXXXXXX " ) ;
else
sprintf ( ascii_p16 , " XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX " ) ;
1998-03-12 00:11:04 +03:00
}
/* Add on the NT md4 hash */
ascii_p16 [ 32 ] = ' : ' ;
wr_len = 65 ;
if ( pwd - > smb_nt_passwd ! = NULL ) {
for ( i = 0 ; i < 16 ; i + + ) {
sprintf ( & ascii_p16 [ ( i * 2 ) + 33 ] , " %02X " , ( uchar ) pwd - > smb_nt_passwd [ i ] ) ;
}
} else {
1998-04-18 06:00:39 +04:00
if ( pwd - > acct_ctrl & ACB_PWNOTREQ )
sprintf ( & ascii_p16 [ 33 ] , " NO PASSWORDXXXXXXXXXXXXXXXXXXXXX " ) ;
else
sprintf ( & ascii_p16 [ 33 ] , " XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX " ) ;
1998-03-12 00:11:04 +03:00
}
following a cvs error, i am rewriting this monster-commit. with bad grace.
Modified Files:
---------------
Makefile:
adding extra files
ipc.c :
send_trans_reply() - alignment issue. this makes the alignment
the same as that in NT. this should be looked at by people who
understand the SMB stuff better than i.
api_fd_commands[] - added samr and wkssvc pipes.
loadparm.c :
lp_domain_controller() changed to mean "samba is a domain controller".
it's a "yes/no" parameter, now. no, it isn't used _anywhere_.
namedbwork.c nameelect.c :
if "domain controller = yes" then add SV_TYPE_DOMAIN_CTRL to the
host _and_ workgroup announcements. yes, you must do both: nt does.
namelogon.c :
important NETLOGON bug in SAMLOGON request parsing, which may be
the source of some people's problems with logging on to the Samba PDC.
password.c :
get_smbpwnam() renamed to get_smbpwd_entry().
pipes.c :
added samr and wkssvc pipes.
proto.h :
usual. can we actually _remove_ proto.h from the cvs tree, and
have it as one of the Makefile dependencies, or something?
reply.c :
get_smbpwnam() renamed to get_smbpwd_entry() - also changed response
error code when logging in from a WORKSTATION$ account. yes, paul
is right: we need to know when to return the right error code, and why.
server.c :
added call to reset_chain_pnum().
#ifdef NTDOMAIN added call to init_lsa_policy_hnd() #endif. jeremy,
you'd be proud: i did a compile without NTDOMAIN, and caught a link
error for this function.
smb.h :
defines and structures for samr and wkssvc pipes.
smbpass.c :
modified get_smbpwnam() to get_smbpwd_entry() and it now takes
two arguments. one for the name; if this is null, it looks up
by smb_userid instead.
oh, by the way, smb_userids are actually domain relative ids
(RIDs). concatenate a RID with the domain SID, and you have
an internet globally unique way of identifying a user.
we're using RIDs in the wrong way....
added mod_smbpwnam() function. this was based on code in smbpasswd.c
rpc_pipes/lsaparse.c :
added enum trusted domain parsing. this is incomplete: i need
a packet trace to write it properly.
rpc_pipes/pipe_hnd.c :
added reset_chain_pnum() function.
rpc_pipes/pipenetlog.c :
get_smbpwnam() function renamed to get_smbpwd_entry().
arcfour() issues.
removed capability of get_md4pw() function to automatically add
workstation accounts. this should either be done using
smbpasswd -add MACHINE$, or by using \PIPE\samr.
rpc_pipes/pipe_util.c :
create_pol_hnd() - creates a unique LSA Policy Handle. overkill
function: uses a 64 bit sequence number; current unix time and
the smbd pid.
rpc_pipes/smbparse.c :
arcfour() issues.
smb_io_unistr2() should advance by uni_str_len not uni_max_len.
smb_io_smb_hdr_rb() - request bind uses uint16 for the context
id, and uint8 for the num_syntaxes. oops, i put these both as
uint32s.
Added Files:
------------
rpc_pipes/lsa_hnd.c :
on the samr pipe, allocate and associate an LSA Policy Handle
with a SID. you receive queries with the LSA Policy Handle,
and have to turn this back into a SID in order to answer the
query...
rpc_pipes/pipesamr.c rpc_pipes/samrparse.c
\PIPE\samr processing. samr i presume is the SAM Replication pipe.
rpc_pipes/pipewkssvc.c rpc_pipes/wksparse.c
\PIPE\wkssvc processing. the Workstation Service pipe?
holy cow.
(This used to be commit 1bd084b3e690eb26a1006d616075e53d711ecd2f)
1997-11-07 02:03:58 +03:00
1998-04-16 00:00:41 +04:00
/* Add on the account info bits and the time of last
password change . */
1998-05-08 15:31:55 +04:00
pwd - > pass_last_set_time = time ( NULL ) ;
1998-04-16 00:00:41 +04:00
1998-05-08 15:31:55 +04:00
if ( got_pass_last_set_time ) {
1998-05-11 10:38:36 +04:00
slprintf ( & ascii_p16 [ strlen ( ascii_p16 ) ] ,
sizeof ( ascii_p16 ) - ( strlen ( ascii_p16 ) + 1 ) ,
" :[%s]:TLC-%08X: " ,
1998-05-08 15:31:55 +04:00
encode_bits , ( uint32 ) pwd - > pass_last_set_time ) ;
1998-04-16 00:00:41 +04:00
wr_len = strlen ( ascii_p16 ) ;
}
following a cvs error, i am rewriting this monster-commit. with bad grace.
Modified Files:
---------------
Makefile:
adding extra files
ipc.c :
send_trans_reply() - alignment issue. this makes the alignment
the same as that in NT. this should be looked at by people who
understand the SMB stuff better than i.
api_fd_commands[] - added samr and wkssvc pipes.
loadparm.c :
lp_domain_controller() changed to mean "samba is a domain controller".
it's a "yes/no" parameter, now. no, it isn't used _anywhere_.
namedbwork.c nameelect.c :
if "domain controller = yes" then add SV_TYPE_DOMAIN_CTRL to the
host _and_ workgroup announcements. yes, you must do both: nt does.
namelogon.c :
important NETLOGON bug in SAMLOGON request parsing, which may be
the source of some people's problems with logging on to the Samba PDC.
password.c :
get_smbpwnam() renamed to get_smbpwd_entry().
pipes.c :
added samr and wkssvc pipes.
proto.h :
usual. can we actually _remove_ proto.h from the cvs tree, and
have it as one of the Makefile dependencies, or something?
reply.c :
get_smbpwnam() renamed to get_smbpwd_entry() - also changed response
error code when logging in from a WORKSTATION$ account. yes, paul
is right: we need to know when to return the right error code, and why.
server.c :
added call to reset_chain_pnum().
#ifdef NTDOMAIN added call to init_lsa_policy_hnd() #endif. jeremy,
you'd be proud: i did a compile without NTDOMAIN, and caught a link
error for this function.
smb.h :
defines and structures for samr and wkssvc pipes.
smbpass.c :
modified get_smbpwnam() to get_smbpwd_entry() and it now takes
two arguments. one for the name; if this is null, it looks up
by smb_userid instead.
oh, by the way, smb_userids are actually domain relative ids
(RIDs). concatenate a RID with the domain SID, and you have
an internet globally unique way of identifying a user.
we're using RIDs in the wrong way....
added mod_smbpwnam() function. this was based on code in smbpasswd.c
rpc_pipes/lsaparse.c :
added enum trusted domain parsing. this is incomplete: i need
a packet trace to write it properly.
rpc_pipes/pipe_hnd.c :
added reset_chain_pnum() function.
rpc_pipes/pipenetlog.c :
get_smbpwnam() function renamed to get_smbpwd_entry().
arcfour() issues.
removed capability of get_md4pw() function to automatically add
workstation accounts. this should either be done using
smbpasswd -add MACHINE$, or by using \PIPE\samr.
rpc_pipes/pipe_util.c :
create_pol_hnd() - creates a unique LSA Policy Handle. overkill
function: uses a 64 bit sequence number; current unix time and
the smbd pid.
rpc_pipes/smbparse.c :
arcfour() issues.
smb_io_unistr2() should advance by uni_str_len not uni_max_len.
smb_io_smb_hdr_rb() - request bind uses uint16 for the context
id, and uint8 for the num_syntaxes. oops, i put these both as
uint32s.
Added Files:
------------
rpc_pipes/lsa_hnd.c :
on the samr pipe, allocate and associate an LSA Policy Handle
with a SID. you receive queries with the LSA Policy Handle,
and have to turn this back into a SID in order to answer the
query...
rpc_pipes/pipesamr.c rpc_pipes/samrparse.c
\PIPE\samr processing. samr i presume is the SAM Replication pipe.
rpc_pipes/pipewkssvc.c rpc_pipes/wksparse.c
\PIPE\wkssvc processing. the Workstation Service pipe?
holy cow.
(This used to be commit 1bd084b3e690eb26a1006d616075e53d711ecd2f)
1997-11-07 02:03:58 +03:00
# ifdef DEBUG_PASSWORD
1998-03-12 00:11:04 +03:00
DEBUG ( 100 , ( " mod_smbpwd_entry: " ) ) ;
dump_data ( 100 , ascii_p16 , wr_len ) ;
following a cvs error, i am rewriting this monster-commit. with bad grace.
Modified Files:
---------------
Makefile:
adding extra files
ipc.c :
send_trans_reply() - alignment issue. this makes the alignment
the same as that in NT. this should be looked at by people who
understand the SMB stuff better than i.
api_fd_commands[] - added samr and wkssvc pipes.
loadparm.c :
lp_domain_controller() changed to mean "samba is a domain controller".
it's a "yes/no" parameter, now. no, it isn't used _anywhere_.
namedbwork.c nameelect.c :
if "domain controller = yes" then add SV_TYPE_DOMAIN_CTRL to the
host _and_ workgroup announcements. yes, you must do both: nt does.
namelogon.c :
important NETLOGON bug in SAMLOGON request parsing, which may be
the source of some people's problems with logging on to the Samba PDC.
password.c :
get_smbpwnam() renamed to get_smbpwd_entry().
pipes.c :
added samr and wkssvc pipes.
proto.h :
usual. can we actually _remove_ proto.h from the cvs tree, and
have it as one of the Makefile dependencies, or something?
reply.c :
get_smbpwnam() renamed to get_smbpwd_entry() - also changed response
error code when logging in from a WORKSTATION$ account. yes, paul
is right: we need to know when to return the right error code, and why.
server.c :
added call to reset_chain_pnum().
#ifdef NTDOMAIN added call to init_lsa_policy_hnd() #endif. jeremy,
you'd be proud: i did a compile without NTDOMAIN, and caught a link
error for this function.
smb.h :
defines and structures for samr and wkssvc pipes.
smbpass.c :
modified get_smbpwnam() to get_smbpwd_entry() and it now takes
two arguments. one for the name; if this is null, it looks up
by smb_userid instead.
oh, by the way, smb_userids are actually domain relative ids
(RIDs). concatenate a RID with the domain SID, and you have
an internet globally unique way of identifying a user.
we're using RIDs in the wrong way....
added mod_smbpwnam() function. this was based on code in smbpasswd.c
rpc_pipes/lsaparse.c :
added enum trusted domain parsing. this is incomplete: i need
a packet trace to write it properly.
rpc_pipes/pipe_hnd.c :
added reset_chain_pnum() function.
rpc_pipes/pipenetlog.c :
get_smbpwnam() function renamed to get_smbpwd_entry().
arcfour() issues.
removed capability of get_md4pw() function to automatically add
workstation accounts. this should either be done using
smbpasswd -add MACHINE$, or by using \PIPE\samr.
rpc_pipes/pipe_util.c :
create_pol_hnd() - creates a unique LSA Policy Handle. overkill
function: uses a 64 bit sequence number; current unix time and
the smbd pid.
rpc_pipes/smbparse.c :
arcfour() issues.
smb_io_unistr2() should advance by uni_str_len not uni_max_len.
smb_io_smb_hdr_rb() - request bind uses uint16 for the context
id, and uint8 for the num_syntaxes. oops, i put these both as
uint32s.
Added Files:
------------
rpc_pipes/lsa_hnd.c :
on the samr pipe, allocate and associate an LSA Policy Handle
with a SID. you receive queries with the LSA Policy Handle,
and have to turn this back into a SID in order to answer the
query...
rpc_pipes/pipesamr.c rpc_pipes/samrparse.c
\PIPE\samr processing. samr i presume is the SAM Replication pipe.
rpc_pipes/pipewkssvc.c rpc_pipes/wksparse.c
\PIPE\wkssvc processing. the Workstation Service pipe?
holy cow.
(This used to be commit 1bd084b3e690eb26a1006d616075e53d711ecd2f)
1997-11-07 02:03:58 +03:00
# endif
1998-03-12 00:11:04 +03:00
if ( write ( fd , ascii_p16 , wr_len ) ! = wr_len ) {
DEBUG ( 0 , ( " mod_smbpwd_entry: write failed in passwd file %s \n " , pfile ) ) ;
1998-04-23 22:54:57 +04:00
pw_file_unlock ( lockfd , & pw_file_lock_depth ) ;
1998-03-12 00:11:04 +03:00
fclose ( fp ) ;
return False ;
}
1998-04-23 22:54:57 +04:00
pw_file_unlock ( lockfd , & pw_file_lock_depth ) ;
1998-03-12 00:11:04 +03:00
fclose ( fp ) ;
return True ;
following a cvs error, i am rewriting this monster-commit. with bad grace.
Modified Files:
---------------
Makefile:
adding extra files
ipc.c :
send_trans_reply() - alignment issue. this makes the alignment
the same as that in NT. this should be looked at by people who
understand the SMB stuff better than i.
api_fd_commands[] - added samr and wkssvc pipes.
loadparm.c :
lp_domain_controller() changed to mean "samba is a domain controller".
it's a "yes/no" parameter, now. no, it isn't used _anywhere_.
namedbwork.c nameelect.c :
if "domain controller = yes" then add SV_TYPE_DOMAIN_CTRL to the
host _and_ workgroup announcements. yes, you must do both: nt does.
namelogon.c :
important NETLOGON bug in SAMLOGON request parsing, which may be
the source of some people's problems with logging on to the Samba PDC.
password.c :
get_smbpwnam() renamed to get_smbpwd_entry().
pipes.c :
added samr and wkssvc pipes.
proto.h :
usual. can we actually _remove_ proto.h from the cvs tree, and
have it as one of the Makefile dependencies, or something?
reply.c :
get_smbpwnam() renamed to get_smbpwd_entry() - also changed response
error code when logging in from a WORKSTATION$ account. yes, paul
is right: we need to know when to return the right error code, and why.
server.c :
added call to reset_chain_pnum().
#ifdef NTDOMAIN added call to init_lsa_policy_hnd() #endif. jeremy,
you'd be proud: i did a compile without NTDOMAIN, and caught a link
error for this function.
smb.h :
defines and structures for samr and wkssvc pipes.
smbpass.c :
modified get_smbpwnam() to get_smbpwd_entry() and it now takes
two arguments. one for the name; if this is null, it looks up
by smb_userid instead.
oh, by the way, smb_userids are actually domain relative ids
(RIDs). concatenate a RID with the domain SID, and you have
an internet globally unique way of identifying a user.
we're using RIDs in the wrong way....
added mod_smbpwnam() function. this was based on code in smbpasswd.c
rpc_pipes/lsaparse.c :
added enum trusted domain parsing. this is incomplete: i need
a packet trace to write it properly.
rpc_pipes/pipe_hnd.c :
added reset_chain_pnum() function.
rpc_pipes/pipenetlog.c :
get_smbpwnam() function renamed to get_smbpwd_entry().
arcfour() issues.
removed capability of get_md4pw() function to automatically add
workstation accounts. this should either be done using
smbpasswd -add MACHINE$, or by using \PIPE\samr.
rpc_pipes/pipe_util.c :
create_pol_hnd() - creates a unique LSA Policy Handle. overkill
function: uses a 64 bit sequence number; current unix time and
the smbd pid.
rpc_pipes/smbparse.c :
arcfour() issues.
smb_io_unistr2() should advance by uni_str_len not uni_max_len.
smb_io_smb_hdr_rb() - request bind uses uint16 for the context
id, and uint8 for the num_syntaxes. oops, i put these both as
uint32s.
Added Files:
------------
rpc_pipes/lsa_hnd.c :
on the samr pipe, allocate and associate an LSA Policy Handle
with a SID. you receive queries with the LSA Policy Handle,
and have to turn this back into a SID in order to answer the
query...
rpc_pipes/pipesamr.c rpc_pipes/samrparse.c
\PIPE\samr processing. samr i presume is the SAM Replication pipe.
rpc_pipes/pipewkssvc.c rpc_pipes/wksparse.c
\PIPE\wkssvc processing. the Workstation Service pipe?
holy cow.
(This used to be commit 1bd084b3e690eb26a1006d616075e53d711ecd2f)
1997-11-07 02:03:58 +03:00
}
1998-04-23 22:54:57 +04:00
static int mach_passwd_lock_depth ;
1998-05-06 22:45:57 +04:00
static FILE * mach_passwd_fp ;
1998-04-23 22:54:57 +04:00
/************************************************************************
1998-05-11 19:56:01 +04:00
Routine to get the name for a trust account file .
1998-04-23 22:54:57 +04:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1998-05-11 19:56:01 +04:00
static void get_trust_account_file_name ( char * domain , char * name , char * mac_file )
1998-04-23 22:54:57 +04:00
{
unsigned int mac_file_len ;
char * p ;
1998-04-30 02:27:26 +04:00
pstrcpy ( mac_file , lp_smb_passwd_file ( ) ) ;
p = strrchr ( mac_file , ' / ' ) ;
if ( p ! = NULL )
* + + p = ' \0 ' ;
1998-04-29 15:00:12 +04:00
1998-04-30 02:27:26 +04:00
mac_file_len = strlen ( mac_file ) ;
1998-04-29 15:00:12 +04:00
1998-05-11 10:38:36 +04:00
if ( ( int ) ( sizeof ( pstring ) - mac_file_len - strlen ( domain ) - strlen ( name ) - 6 ) < 0 )
1998-04-30 02:27:26 +04:00
{
1998-05-11 19:56:01 +04:00
DEBUG ( 0 , ( " trust_password_lock: path %s too long to add trust details. \n " ,
1998-04-30 02:27:26 +04:00
mac_file ) ) ;
return ;
}
1998-04-29 15:00:12 +04:00
1998-04-30 02:27:26 +04:00
strcat ( mac_file , domain ) ;
strcat ( mac_file , " . " ) ;
strcat ( mac_file , name ) ;
strcat ( mac_file , " .mac " ) ;
}
/************************************************************************
1998-05-11 19:56:01 +04:00
Routine to lock the trust account password file for a domain .
1998-04-30 02:27:26 +04:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1998-04-29 15:00:12 +04:00
1998-05-11 19:56:01 +04:00
BOOL trust_password_lock ( char * domain , char * name , BOOL update )
1998-04-30 02:27:26 +04:00
{
pstring mac_file ;
if ( mach_passwd_lock_depth = = 0 ) {
1998-04-23 22:54:57 +04:00
1998-05-11 19:56:01 +04:00
get_trust_account_file_name ( domain , name , mac_file ) ;
1998-04-23 22:54:57 +04:00
1998-05-06 22:45:57 +04:00
if ( ( mach_passwd_fp = fopen ( mac_file , " r+b " ) ) = = NULL ) {
1998-04-30 02:27:26 +04:00
if ( errno = = ENOENT & & update ) {
1998-05-06 22:45:57 +04:00
mach_passwd_fp = fopen ( mac_file , " w+b " ) ;
1998-04-30 02:27:26 +04:00
}
1998-05-06 22:45:57 +04:00
if ( mach_passwd_fp = = NULL ) {
1998-05-11 19:56:01 +04:00
DEBUG ( 0 , ( " trust_password_lock: cannot open file %s - Error was %s. \n " ,
1998-04-30 02:27:26 +04:00
mac_file , strerror ( errno ) ) ) ;
1998-05-06 22:45:57 +04:00
return False ;
1998-04-30 02:27:26 +04:00
}
1998-04-23 22:54:57 +04:00
}
chmod ( mac_file , 0600 ) ;
1998-05-06 22:45:57 +04:00
if ( ! pw_file_lock ( fileno ( mach_passwd_fp ) , ( update ? F_WRLCK : F_RDLCK ) ,
1998-04-29 15:00:12 +04:00
60 , & mach_passwd_lock_depth ) )
1998-05-06 22:14:02 +04:00
{
1998-05-11 19:56:01 +04:00
DEBUG ( 0 , ( " trust_password_lock: cannot lock file %s \n " , mac_file ) ) ;
1998-05-06 22:45:57 +04:00
fclose ( mach_passwd_fp ) ;
return False ;
1998-05-06 22:14:02 +04:00
}
1998-04-23 22:54:57 +04:00
}
1998-05-06 22:45:57 +04:00
return True ;
1998-04-23 22:54:57 +04:00
}
/************************************************************************
1998-05-11 19:56:01 +04:00
Routine to unlock the trust account password file for a domain .
1998-04-23 22:54:57 +04:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1998-05-11 19:56:01 +04:00
BOOL trust_password_unlock ( void )
1998-04-23 22:54:57 +04:00
{
1998-05-06 22:45:57 +04:00
BOOL ret = pw_file_unlock ( fileno ( mach_passwd_fp ) , & mach_passwd_lock_depth ) ;
1998-04-23 22:54:57 +04:00
if ( mach_passwd_lock_depth = = 0 )
1998-05-06 22:45:57 +04:00
fclose ( mach_passwd_fp ) ;
1998-04-23 22:54:57 +04:00
return ret ;
}
1998-04-30 02:27:26 +04:00
/************************************************************************
1998-05-11 19:56:01 +04:00
Routine to delete the trust account password file for a domain .
1998-04-30 02:27:26 +04:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1998-05-11 19:56:01 +04:00
BOOL trust_password_delete ( char * domain , char * name )
1998-04-30 02:27:26 +04:00
{
pstring mac_file ;
1998-05-11 19:56:01 +04:00
get_trust_account_file_name ( domain , name , mac_file ) ;
1998-04-30 02:27:26 +04:00
return ( unlink ( mac_file ) = = 0 ) ;
}
1998-04-23 22:54:57 +04:00
/************************************************************************
1998-05-11 19:56:01 +04:00
Routine to get the trust account password for a domain .
The user of this function must have locked the trust password file .
1998-04-23 22:54:57 +04:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1998-05-11 19:56:01 +04:00
BOOL get_trust_account_password ( unsigned char * ret_pwd , time_t * pass_last_set_time )
1998-04-23 22:54:57 +04:00
{
char linebuf [ 256 ] ;
char * p ;
int i ;
linebuf [ 0 ] = ' \0 ' ;
1998-05-08 15:31:55 +04:00
* pass_last_set_time = ( time_t ) 0 ;
1998-04-23 22:54:57 +04:00
memset ( ret_pwd , ' \0 ' , 16 ) ;
1998-05-06 22:45:57 +04:00
if ( fseek ( mach_passwd_fp , 0L , SEEK_SET ) = = - 1 ) {
1998-05-11 19:56:01 +04:00
DEBUG ( 0 , ( " get_trust_account_password: Failed to seek to start of file. Error was %s. \n " ,
1998-04-23 22:54:57 +04:00
strerror ( errno ) ) ) ;
return False ;
}
1998-05-06 22:45:57 +04:00
fgets ( linebuf , sizeof ( linebuf ) , mach_passwd_fp ) ;
if ( ferror ( mach_passwd_fp ) ) {
1998-05-11 19:56:01 +04:00
DEBUG ( 0 , ( " get_trust_account_password: Failed to read password. Error was %s. \n " ,
1998-04-23 22:54:57 +04:00
strerror ( errno ) ) ) ;
return False ;
}
/*
* The length of the line read
* must be 45 bytes ( < - - - XXXX 32 bytes - - > : TLC - 12345678
*/
if ( strlen ( linebuf ) ! = 45 ) {
1998-05-11 19:56:01 +04:00
DEBUG ( 0 , ( " get_trust_account_password: Malformed trust password file (wrong length). \n " ) ) ;
1998-04-23 22:54:57 +04:00
# ifdef DEBUG_PASSWORD
1998-05-11 19:56:01 +04:00
DEBUG ( 100 , ( " get_trust_account_password: line = |%s| \n " , linebuf ) ) ;
1998-04-23 22:54:57 +04:00
# endif
return False ;
}
/*
* Get the hex password .
*/
if ( ! gethexpwd ( ( char * ) linebuf , ( char * ) ret_pwd ) | | linebuf [ 32 ] ! = ' : ' | |
strncmp ( & linebuf [ 33 ] , " TLC- " , 4 ) ) {
1998-05-11 19:56:01 +04:00
DEBUG ( 0 , ( " get_trust_account_password: Malformed trust password file (incorrect format). \n " ) ) ;
1998-04-23 22:54:57 +04:00
# ifdef DEBUG_PASSWORD
1998-05-11 19:56:01 +04:00
DEBUG ( 100 , ( " get_trust_account_password: line = |%s| \n " , linebuf ) ) ;
1998-04-23 22:54:57 +04:00
# endif
return False ;
}
/*
* Get the last changed time .
*/
p = & linebuf [ 37 ] ;
for ( i = 0 ; i < 8 ; i + + ) {
if ( p [ i ] = = ' \0 ' | | ! isxdigit ( p [ i ] ) ) {
1998-05-11 19:56:01 +04:00
DEBUG ( 0 , ( " get_trust_account_password: Malformed trust password file (no timestamp). \n " ) ) ;
1998-04-23 22:54:57 +04:00
# ifdef DEBUG_PASSWORD
1998-05-11 19:56:01 +04:00
DEBUG ( 100 , ( " get_trust_account_password: line = |%s| \n " , linebuf ) ) ;
1998-04-23 22:54:57 +04:00
# endif
return False ;
}
}
/*
* p points at 8 characters of hex digits -
* read into a time_t as the seconds since
* 1970 that the password was last changed .
*/
1998-05-08 15:31:55 +04:00
* pass_last_set_time = ( time_t ) strtol ( p , NULL , 16 ) ;
1998-04-23 22:54:57 +04:00
return True ;
}
/************************************************************************
1998-05-11 19:56:01 +04:00
Routine to get the trust account password for a domain .
The user of this function must have locked the trust password file .
1998-04-23 22:54:57 +04:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1998-05-11 19:56:01 +04:00
BOOL set_trust_account_password ( unsigned char * md4_new_pwd )
1998-04-23 22:54:57 +04:00
{
char linebuf [ 64 ] ;
int i ;
1998-05-06 22:45:57 +04:00
if ( fseek ( mach_passwd_fp , 0L , SEEK_SET ) = = - 1 ) {
1998-05-11 19:56:01 +04:00
DEBUG ( 0 , ( " set_trust_account_password: Failed to seek to start of file. Error was %s. \n " ,
1998-04-23 22:54:57 +04:00
strerror ( errno ) ) ) ;
return False ;
}
for ( i = 0 ; i < 16 ; i + + )
sprintf ( & linebuf [ ( i * 2 ) ] , " %02X " , md4_new_pwd [ i ] ) ;
sprintf ( & linebuf [ 32 ] , " :TLC-%08X \n " , ( unsigned ) time ( NULL ) ) ;
1998-05-06 22:45:57 +04:00
if ( fwrite ( linebuf , 1 , 45 , mach_passwd_fp ) ! = 45 ) {
1998-05-11 19:56:01 +04:00
DEBUG ( 0 , ( " set_trust_account_password: Failed to write file. Warning - the trust \
account is now invalid . Please recreate . Error was % s . \ n " , strerror(errno) ));
1998-04-23 22:54:57 +04:00
return False ;
}
1998-05-06 22:45:57 +04:00
fflush ( mach_passwd_fp ) ;
1998-04-23 22:54:57 +04:00
return True ;
}
