1996-05-04 11:50:46 +04:00
/*
* Unix SMB / Netbios implementation . Version 1.9 . SMB parameters and setup
1998-01-22 16:27:43 +03:00
* Copyright ( C ) Andrew Tridgell 1992 - 1998 Modified by Jeremy Allison 1995.
1996-05-04 11:50:46 +04:00
*
* This program is free software ; you can redistribute it and / or modify it under
* the terms of the GNU General Public License as published by the Free
* Software Foundation ; either version 2 of the License , or ( at your option )
* any later version .
*
* This program is distributed in the hope that it will be useful , but WITHOUT
* ANY WARRANTY ; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE . See the GNU General Public License for
* more details .
*
* You should have received a copy of the GNU General Public License along with
* this program ; if not , write to the Free Software Foundation , Inc . , 675
* Mass Ave , Cambridge , MA 0213 9 , USA .
*/
# include "includes.h"
1998-05-18 16:27:04 +04:00
# ifdef USE_SMBPASS_DB
1998-05-18 18:17:47 +04:00
extern int pw_file_lock_depth ;
1998-03-12 00:11:04 +03:00
extern int DEBUGLEVEL ;
1998-05-11 22:03:01 +04:00
extern pstring samlogon_user ;
extern BOOL sam_logon_in_ssb ;
1996-05-04 11:50:46 +04:00
1998-08-17 10:13:32 +04:00
static char s_readbuf [ 1024 ] ;
1996-05-04 11:50:46 +04:00
1998-03-12 00:11:04 +03:00
/***************************************************************
1998-04-14 04:41:59 +04:00
Start to enumerate the smbpasswd list . Returns a void pointer
to ensure no modification outside this module .
1998-05-19 03:57:28 +04:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1998-05-07 22:19:05 +04:00
1998-05-19 03:57:28 +04:00
static void * startsmbfilepwent ( BOOL update )
1998-03-12 00:11:04 +03:00
{
FILE * fp = NULL ;
char * pfile = lp_smb_passwd_file ( ) ;
if ( ! * pfile ) {
1998-05-19 01:30:57 +04:00
DEBUG ( 0 , ( " startsmbfilepwent: No SMB password file set \n " ) ) ;
1998-03-12 00:11:04 +03:00
return ( NULL ) ;
}
1998-05-19 01:30:57 +04:00
DEBUG ( 10 , ( " startsmbfilepwent: opening file %s \n " , pfile ) ) ;
1998-03-12 00:11:04 +03:00
fp = fopen ( pfile , update ? " r+b " : " rb " ) ;
if ( fp = = NULL ) {
1998-05-19 01:30:57 +04:00
DEBUG ( 0 , ( " startsmbfilepwent: unable to open file %s \n " , pfile ) ) ;
1998-03-12 00:11:04 +03:00
return NULL ;
}
1998-08-17 10:13:32 +04:00
/* Set a buffer to do more efficient reads */
1998-03-12 00:11:04 +03:00
setvbuf ( fp , s_readbuf , _IOFBF , sizeof ( s_readbuf ) ) ;
1998-04-30 02:27:26 +04:00
if ( ! pw_file_lock ( fileno ( fp ) , ( update ? F_WRLCK : F_RDLCK ) , 5 , & pw_file_lock_depth ) )
1998-04-29 15:00:12 +04:00
{
1998-05-19 01:30:57 +04:00
DEBUG ( 0 , ( " startsmbfilepwent: unable to lock file %s \n " , pfile ) ) ;
1998-03-12 00:11:04 +03:00
fclose ( fp ) ;
return NULL ;
}
/* Make sure it is only rw by the owner */
chmod ( pfile , 0600 ) ;
/* We have a lock on the file. */
1998-04-14 04:41:59 +04:00
return ( void * ) fp ;
1998-03-12 00:11:04 +03:00
}
/***************************************************************
1998-04-14 04:41:59 +04:00
End enumeration of the smbpasswd list .
1998-03-12 00:11:04 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1998-05-19 03:57:28 +04:00
static void endsmbfilepwent ( void * vp )
1998-03-12 00:11:04 +03:00
{
1998-04-14 04:41:59 +04:00
FILE * fp = ( FILE * ) vp ;
1998-04-23 22:54:57 +04:00
pw_file_unlock ( fileno ( fp ) , & pw_file_lock_depth ) ;
1998-03-12 00:11:04 +03:00
fclose ( fp ) ;
1998-05-19 01:30:57 +04:00
DEBUG ( 7 , ( " endsmbfilepwent: closed password file. \n " ) ) ;
1998-03-12 00:11:04 +03:00
}
following a cvs error, i am rewriting this monster-commit. with bad grace.
Modified Files:
---------------
Makefile:
adding extra files
ipc.c :
send_trans_reply() - alignment issue. this makes the alignment
the same as that in NT. this should be looked at by people who
understand the SMB stuff better than i.
api_fd_commands[] - added samr and wkssvc pipes.
loadparm.c :
lp_domain_controller() changed to mean "samba is a domain controller".
it's a "yes/no" parameter, now. no, it isn't used _anywhere_.
namedbwork.c nameelect.c :
if "domain controller = yes" then add SV_TYPE_DOMAIN_CTRL to the
host _and_ workgroup announcements. yes, you must do both: nt does.
namelogon.c :
important NETLOGON bug in SAMLOGON request parsing, which may be
the source of some people's problems with logging on to the Samba PDC.
password.c :
get_smbpwnam() renamed to get_smbpwd_entry().
pipes.c :
added samr and wkssvc pipes.
proto.h :
usual. can we actually _remove_ proto.h from the cvs tree, and
have it as one of the Makefile dependencies, or something?
reply.c :
get_smbpwnam() renamed to get_smbpwd_entry() - also changed response
error code when logging in from a WORKSTATION$ account. yes, paul
is right: we need to know when to return the right error code, and why.
server.c :
added call to reset_chain_pnum().
#ifdef NTDOMAIN added call to init_lsa_policy_hnd() #endif. jeremy,
you'd be proud: i did a compile without NTDOMAIN, and caught a link
error for this function.
smb.h :
defines and structures for samr and wkssvc pipes.
smbpass.c :
modified get_smbpwnam() to get_smbpwd_entry() and it now takes
two arguments. one for the name; if this is null, it looks up
by smb_userid instead.
oh, by the way, smb_userids are actually domain relative ids
(RIDs). concatenate a RID with the domain SID, and you have
an internet globally unique way of identifying a user.
we're using RIDs in the wrong way....
added mod_smbpwnam() function. this was based on code in smbpasswd.c
rpc_pipes/lsaparse.c :
added enum trusted domain parsing. this is incomplete: i need
a packet trace to write it properly.
rpc_pipes/pipe_hnd.c :
added reset_chain_pnum() function.
rpc_pipes/pipenetlog.c :
get_smbpwnam() function renamed to get_smbpwd_entry().
arcfour() issues.
removed capability of get_md4pw() function to automatically add
workstation accounts. this should either be done using
smbpasswd -add MACHINE$, or by using \PIPE\samr.
rpc_pipes/pipe_util.c :
create_pol_hnd() - creates a unique LSA Policy Handle. overkill
function: uses a 64 bit sequence number; current unix time and
the smbd pid.
rpc_pipes/smbparse.c :
arcfour() issues.
smb_io_unistr2() should advance by uni_str_len not uni_max_len.
smb_io_smb_hdr_rb() - request bind uses uint16 for the context
id, and uint8 for the num_syntaxes. oops, i put these both as
uint32s.
Added Files:
------------
rpc_pipes/lsa_hnd.c :
on the samr pipe, allocate and associate an LSA Policy Handle
with a SID. you receive queries with the LSA Policy Handle,
and have to turn this back into a SID in order to answer the
query...
rpc_pipes/pipesamr.c rpc_pipes/samrparse.c
\PIPE\samr processing. samr i presume is the SAM Replication pipe.
rpc_pipes/pipewkssvc.c rpc_pipes/wksparse.c
\PIPE\wkssvc processing. the Workstation Service pipe?
holy cow.
(This used to be commit 1bd084b3e690eb26a1006d616075e53d711ecd2f)
1997-11-07 02:03:58 +03:00
/*************************************************************************
1998-04-14 04:41:59 +04:00
Routine to return the next entry in the smbpasswd list .
following a cvs error, i am rewriting this monster-commit. with bad grace.
Modified Files:
---------------
Makefile:
adding extra files
ipc.c :
send_trans_reply() - alignment issue. this makes the alignment
the same as that in NT. this should be looked at by people who
understand the SMB stuff better than i.
api_fd_commands[] - added samr and wkssvc pipes.
loadparm.c :
lp_domain_controller() changed to mean "samba is a domain controller".
it's a "yes/no" parameter, now. no, it isn't used _anywhere_.
namedbwork.c nameelect.c :
if "domain controller = yes" then add SV_TYPE_DOMAIN_CTRL to the
host _and_ workgroup announcements. yes, you must do both: nt does.
namelogon.c :
important NETLOGON bug in SAMLOGON request parsing, which may be
the source of some people's problems with logging on to the Samba PDC.
password.c :
get_smbpwnam() renamed to get_smbpwd_entry().
pipes.c :
added samr and wkssvc pipes.
proto.h :
usual. can we actually _remove_ proto.h from the cvs tree, and
have it as one of the Makefile dependencies, or something?
reply.c :
get_smbpwnam() renamed to get_smbpwd_entry() - also changed response
error code when logging in from a WORKSTATION$ account. yes, paul
is right: we need to know when to return the right error code, and why.
server.c :
added call to reset_chain_pnum().
#ifdef NTDOMAIN added call to init_lsa_policy_hnd() #endif. jeremy,
you'd be proud: i did a compile without NTDOMAIN, and caught a link
error for this function.
smb.h :
defines and structures for samr and wkssvc pipes.
smbpass.c :
modified get_smbpwnam() to get_smbpwd_entry() and it now takes
two arguments. one for the name; if this is null, it looks up
by smb_userid instead.
oh, by the way, smb_userids are actually domain relative ids
(RIDs). concatenate a RID with the domain SID, and you have
an internet globally unique way of identifying a user.
we're using RIDs in the wrong way....
added mod_smbpwnam() function. this was based on code in smbpasswd.c
rpc_pipes/lsaparse.c :
added enum trusted domain parsing. this is incomplete: i need
a packet trace to write it properly.
rpc_pipes/pipe_hnd.c :
added reset_chain_pnum() function.
rpc_pipes/pipenetlog.c :
get_smbpwnam() function renamed to get_smbpwd_entry().
arcfour() issues.
removed capability of get_md4pw() function to automatically add
workstation accounts. this should either be done using
smbpasswd -add MACHINE$, or by using \PIPE\samr.
rpc_pipes/pipe_util.c :
create_pol_hnd() - creates a unique LSA Policy Handle. overkill
function: uses a 64 bit sequence number; current unix time and
the smbd pid.
rpc_pipes/smbparse.c :
arcfour() issues.
smb_io_unistr2() should advance by uni_str_len not uni_max_len.
smb_io_smb_hdr_rb() - request bind uses uint16 for the context
id, and uint8 for the num_syntaxes. oops, i put these both as
uint32s.
Added Files:
------------
rpc_pipes/lsa_hnd.c :
on the samr pipe, allocate and associate an LSA Policy Handle
with a SID. you receive queries with the LSA Policy Handle,
and have to turn this back into a SID in order to answer the
query...
rpc_pipes/pipesamr.c rpc_pipes/samrparse.c
\PIPE\samr processing. samr i presume is the SAM Replication pipe.
rpc_pipes/pipewkssvc.c rpc_pipes/wksparse.c
\PIPE\wkssvc processing. the Workstation Service pipe?
holy cow.
(This used to be commit 1bd084b3e690eb26a1006d616075e53d711ecd2f)
1997-11-07 02:03:58 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1998-05-19 23:41:22 +04:00
static struct smb_passwd * getsmbfilepwent ( void * vp )
1996-05-04 11:50:46 +04:00
{
1998-03-12 00:11:04 +03:00
/* Static buffers we will return. */
static struct smb_passwd pw_buf ;
static pstring user_name ;
static unsigned char smbpwd [ 16 ] ;
static unsigned char smbntpwd [ 16 ] ;
1998-04-14 04:41:59 +04:00
FILE * fp = ( FILE * ) vp ;
1998-03-12 00:11:04 +03:00
char linebuf [ 256 ] ;
unsigned char c ;
unsigned char * p ;
long uidval ;
1998-09-29 01:43:48 +04:00
size_t linebuf_len ;
1998-03-12 00:11:04 +03:00
if ( fp = = NULL ) {
1998-05-19 01:30:57 +04:00
DEBUG ( 0 , ( " getsmbfilepwent: Bad password file pointer. \n " ) ) ;
1998-03-12 00:11:04 +03:00
return NULL ;
}
1998-05-18 18:55:17 +04:00
pdb_init_smb ( & pw_buf ) ;
1998-03-25 00:04:36 +03:00
pw_buf . acct_ctrl = ACB_NORMAL ;
1998-03-12 00:11:04 +03:00
/*
* Scan the file , a line at a time and check if the name matches .
*/
while ( ! feof ( fp ) ) {
linebuf [ 0 ] = ' \0 ' ;
fgets ( linebuf , 256 , fp ) ;
if ( ferror ( fp ) ) {
return NULL ;
}
/*
* Check if the string is terminated with a newline - if not
* then we must keep reading and discard until we get one .
*/
linebuf_len = strlen ( linebuf ) ;
if ( linebuf [ linebuf_len - 1 ] ! = ' \n ' ) {
c = ' \0 ' ;
while ( ! ferror ( fp ) & & ! feof ( fp ) ) {
c = fgetc ( fp ) ;
if ( c = = ' \n ' )
break ;
}
} else
linebuf [ linebuf_len - 1 ] = ' \0 ' ;
1996-05-04 11:50:46 +04:00
# ifdef DEBUG_PASSWORD
1998-05-19 01:30:57 +04:00
DEBUG ( 100 , ( " getsmbfilepwent: got line |%s| \n " , linebuf ) ) ;
1996-05-04 11:50:46 +04:00
# endif
1998-03-12 00:11:04 +03:00
if ( ( linebuf [ 0 ] = = 0 ) & & feof ( fp ) ) {
1998-05-19 01:30:57 +04:00
DEBUG ( 4 , ( " getsmbfilepwent: end of file reached \n " ) ) ;
1998-03-12 00:11:04 +03:00
break ;
}
/*
* The line we have should be of the form : -
*
1998-04-16 00:00:41 +04:00
* username : uid : 32 hex bytes : [ Account type ] : LCT - 12345678. . . . other flags presently
1998-03-12 00:11:04 +03:00
* ignored . . . .
*
* or ,
*
1998-04-16 00:00:41 +04:00
* username : uid : 32 hex bytes : 32 hex bytes : [ Account type ] : LCT - 12345678. . . . ignored . . . .
1998-03-12 00:11:04 +03:00
*
* if Windows NT compatible passwords are also present .
1998-04-16 00:00:41 +04:00
* [ Account type ] is an ascii encoding of the type of account .
* LCT - ( 8 hex digits ) is the time_t value of the last change time .
1998-03-12 00:11:04 +03:00
*/
if ( linebuf [ 0 ] = = ' # ' | | linebuf [ 0 ] = = ' \0 ' ) {
1998-05-19 01:30:57 +04:00
DEBUG ( 6 , ( " getsmbfilepwent: skipping comment or blank line \n " ) ) ;
1998-03-12 00:11:04 +03:00
continue ;
}
p = ( unsigned char * ) strchr ( linebuf , ' : ' ) ;
if ( p = = NULL ) {
1998-05-19 01:30:57 +04:00
DEBUG ( 0 , ( " getsmbfilepwent: malformed password entry (no :) \n " ) ) ;
1998-03-12 00:11:04 +03:00
continue ;
}
/*
* As 256 is shorter than a pstring we don ' t need to check
* length here - if this ever changes . . . .
*/
strncpy ( user_name , linebuf , PTR_DIFF ( p , linebuf ) ) ;
user_name [ PTR_DIFF ( p , linebuf ) ] = ' \0 ' ;
/* Get smb uid. */
p + + ; /* Go past ':' */
if ( ! isdigit ( * p ) ) {
1998-05-19 01:30:57 +04:00
DEBUG ( 0 , ( " getsmbfilepwent: malformed password entry (uid not number) \n " ) ) ;
1998-03-12 00:11:04 +03:00
continue ;
}
uidval = atoi ( ( char * ) p ) ;
while ( * p & & isdigit ( * p ) )
p + + ;
if ( * p ! = ' : ' ) {
1998-05-19 01:30:57 +04:00
DEBUG ( 0 , ( " getsmbfilepwent: malformed password entry (no : after uid) \n " ) ) ;
1998-03-12 00:11:04 +03:00
continue ;
}
pw_buf . smb_name = user_name ;
pw_buf . smb_userid = uidval ;
/*
* Now get the password value - this should be 32 hex digits
* which are the ascii representations of a 16 byte string .
* Get two at a time and put them into the password .
*/
/* Skip the ':' */
p + + ;
if ( * p = = ' * ' | | * p = = ' X ' ) {
/* Password deliberately invalid - end here. */
1998-05-19 01:30:57 +04:00
DEBUG ( 10 , ( " getsmbfilepwent: entry invalidated for user %s \n " , user_name ) ) ;
1998-03-12 00:11:04 +03:00
pw_buf . smb_nt_passwd = NULL ;
pw_buf . smb_passwd = NULL ;
pw_buf . acct_ctrl | = ACB_DISABLED ;
return & pw_buf ;
}
if ( linebuf_len < ( PTR_DIFF ( p , linebuf ) + 33 ) ) {
1998-05-19 01:30:57 +04:00
DEBUG ( 0 , ( " getsmbfilepwent: malformed password entry (passwd too short) \n " ) ) ;
1998-03-12 00:11:04 +03:00
continue ;
}
if ( p [ 32 ] ! = ' : ' ) {
1998-05-19 01:30:57 +04:00
DEBUG ( 0 , ( " getsmbfilepwent: malformed password entry (no terminating :) \n " ) ) ;
1998-03-12 00:11:04 +03:00
continue ;
}
if ( ! strncasecmp ( ( char * ) p , " NO PASSWORD " , 11 ) ) {
pw_buf . smb_passwd = NULL ;
pw_buf . acct_ctrl | = ACB_PWNOTREQ ;
} else {
1998-05-18 15:54:00 +04:00
if ( ! pdb_gethexpwd ( ( char * ) p , ( char * ) smbpwd ) ) {
1998-05-19 01:30:57 +04:00
DEBUG ( 0 , ( " getsmbfilepwent: Malformed Lanman password entry (non hex chars) \n " ) ) ;
1998-03-12 00:11:04 +03:00
continue ;
}
pw_buf . smb_passwd = smbpwd ;
}
/*
* Now check if the NT compatible password is
* available .
*/
pw_buf . smb_nt_passwd = NULL ;
p + = 33 ; /* Move to the first character of the line after
the lanman password . */
if ( ( linebuf_len > = ( PTR_DIFF ( p , linebuf ) + 33 ) ) & & ( p [ 32 ] = = ' : ' ) ) {
if ( * p ! = ' * ' & & * p ! = ' X ' ) {
1998-05-18 15:54:00 +04:00
if ( pdb_gethexpwd ( ( char * ) p , ( char * ) smbntpwd ) )
1998-03-12 00:11:04 +03:00
pw_buf . smb_nt_passwd = smbntpwd ;
}
p + = 33 ; /* Move to the first character of the line after
the NT password . */
}
1998-08-14 21:38:29 +04:00
DEBUG ( 5 , ( " getsmbfilepwent: returning passwd entry for user %s, uid %ld \n " ,
user_name , uidval ) ) ;
1996-05-04 11:50:46 +04:00
1998-05-11 19:56:01 +04:00
if ( * p = = ' [ ' )
{
1998-05-24 17:36:43 +04:00
pw_buf . acct_ctrl = pdb_decode_acct_ctrl ( ( char * ) p ) ;
1998-03-12 00:11:04 +03:00
/* Must have some account type set. */
if ( pw_buf . acct_ctrl = = 0 )
pw_buf . acct_ctrl = ACB_NORMAL ;
1998-04-16 00:00:41 +04:00
/* Now try and get the last change time. */
if ( * p = = ' ] ' )
p + + ;
if ( * p = = ' : ' ) {
p + + ;
1998-09-25 02:33:13 +04:00
if ( * p & & ( StrnCaseCmp ( ( char * ) p , " LCT- " , 4 ) = = 0 ) ) {
1998-04-16 00:00:41 +04:00
int i ;
p + = 4 ;
for ( i = 0 ; i < 8 ; i + + ) {
if ( p [ i ] = = ' \0 ' | | ! isxdigit ( p [ i ] ) )
break ;
}
if ( i = = 8 ) {
/*
* p points at 8 characters of hex digits -
* read into a time_t as the seconds since
* 1970 that the password was last changed .
*/
1998-05-11 10:38:36 +04:00
pw_buf . pass_last_set_time = ( time_t ) strtol ( ( char * ) p , NULL , 16 ) ;
1998-04-16 00:00:41 +04:00
}
}
}
1998-03-12 00:11:04 +03:00
} else {
/* 'Old' style file. Fake up based on user name. */
/*
1998-05-11 19:56:01 +04:00
* Currently trust accounts are kept in the same
1998-03-12 00:11:04 +03:00
* password file as ' normal accounts ' . If this changes
* we will have to fix this code . JRA .
*/
1998-03-25 00:04:36 +03:00
if ( pw_buf . smb_name [ strlen ( pw_buf . smb_name ) - 1 ] = = ' $ ' ) {
pw_buf . acct_ctrl & = ~ ACB_NORMAL ;
1998-03-31 05:39:46 +04:00
pw_buf . acct_ctrl | = ACB_WSTRUST ;
1998-03-25 00:04:36 +03:00
}
1998-03-12 00:11:04 +03:00
}
return & pw_buf ;
}
1998-05-19 01:30:57 +04:00
DEBUG ( 5 , ( " getsmbfilepwent: end of file reached. \n " ) ) ;
1998-03-12 00:11:04 +03:00
return NULL ;
1996-05-04 11:50:46 +04:00
}
following a cvs error, i am rewriting this monster-commit. with bad grace.
Modified Files:
---------------
Makefile:
adding extra files
ipc.c :
send_trans_reply() - alignment issue. this makes the alignment
the same as that in NT. this should be looked at by people who
understand the SMB stuff better than i.
api_fd_commands[] - added samr and wkssvc pipes.
loadparm.c :
lp_domain_controller() changed to mean "samba is a domain controller".
it's a "yes/no" parameter, now. no, it isn't used _anywhere_.
namedbwork.c nameelect.c :
if "domain controller = yes" then add SV_TYPE_DOMAIN_CTRL to the
host _and_ workgroup announcements. yes, you must do both: nt does.
namelogon.c :
important NETLOGON bug in SAMLOGON request parsing, which may be
the source of some people's problems with logging on to the Samba PDC.
password.c :
get_smbpwnam() renamed to get_smbpwd_entry().
pipes.c :
added samr and wkssvc pipes.
proto.h :
usual. can we actually _remove_ proto.h from the cvs tree, and
have it as one of the Makefile dependencies, or something?
reply.c :
get_smbpwnam() renamed to get_smbpwd_entry() - also changed response
error code when logging in from a WORKSTATION$ account. yes, paul
is right: we need to know when to return the right error code, and why.
server.c :
added call to reset_chain_pnum().
#ifdef NTDOMAIN added call to init_lsa_policy_hnd() #endif. jeremy,
you'd be proud: i did a compile without NTDOMAIN, and caught a link
error for this function.
smb.h :
defines and structures for samr and wkssvc pipes.
smbpass.c :
modified get_smbpwnam() to get_smbpwd_entry() and it now takes
two arguments. one for the name; if this is null, it looks up
by smb_userid instead.
oh, by the way, smb_userids are actually domain relative ids
(RIDs). concatenate a RID with the domain SID, and you have
an internet globally unique way of identifying a user.
we're using RIDs in the wrong way....
added mod_smbpwnam() function. this was based on code in smbpasswd.c
rpc_pipes/lsaparse.c :
added enum trusted domain parsing. this is incomplete: i need
a packet trace to write it properly.
rpc_pipes/pipe_hnd.c :
added reset_chain_pnum() function.
rpc_pipes/pipenetlog.c :
get_smbpwnam() function renamed to get_smbpwd_entry().
arcfour() issues.
removed capability of get_md4pw() function to automatically add
workstation accounts. this should either be done using
smbpasswd -add MACHINE$, or by using \PIPE\samr.
rpc_pipes/pipe_util.c :
create_pol_hnd() - creates a unique LSA Policy Handle. overkill
function: uses a 64 bit sequence number; current unix time and
the smbd pid.
rpc_pipes/smbparse.c :
arcfour() issues.
smb_io_unistr2() should advance by uni_str_len not uni_max_len.
smb_io_smb_hdr_rb() - request bind uses uint16 for the context
id, and uint8 for the num_syntaxes. oops, i put these both as
uint32s.
Added Files:
------------
rpc_pipes/lsa_hnd.c :
on the samr pipe, allocate and associate an LSA Policy Handle
with a SID. you receive queries with the LSA Policy Handle,
and have to turn this back into a SID in order to answer the
query...
rpc_pipes/pipesamr.c rpc_pipes/samrparse.c
\PIPE\samr processing. samr i presume is the SAM Replication pipe.
rpc_pipes/pipewkssvc.c rpc_pipes/wksparse.c
\PIPE\wkssvc processing. the Workstation Service pipe?
holy cow.
(This used to be commit 1bd084b3e690eb26a1006d616075e53d711ecd2f)
1997-11-07 02:03:58 +03:00
1998-05-19 23:50:49 +04:00
/*************************************************************************
Routine to return the next entry in the smbpasswd list .
this function is a nice , messy combination of reading :
- the smbpasswd file
- the unix password database
- smb . conf options ( not done at present ) .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static struct sam_passwd * getsmbfile21pwent ( void * vp )
{
struct smb_passwd * pw_buf = getsmbfilepwent ( vp ) ;
static struct sam_passwd user ;
struct passwd * pwfile ;
static pstring full_name ;
static pstring home_dir ;
static pstring home_drive ;
static pstring logon_script ;
static pstring profile_path ;
static pstring acct_desc ;
static pstring workstations ;
if ( pw_buf = = NULL ) return NULL ;
pwfile = getpwnam ( pw_buf - > smb_name ) ;
if ( pwfile = = NULL ) return NULL ;
pdb_init_sam ( & user ) ;
pstrcpy ( samlogon_user , pw_buf - > smb_name ) ;
if ( samlogon_user [ strlen ( samlogon_user ) - 1 ] ! = ' $ ' )
{
/* XXXX hack to get standard_sub_basic() to use sam logon username */
/* possibly a better way would be to do a become_user() call */
sam_logon_in_ssb = True ;
user . smb_userid = pw_buf - > smb_userid ;
user . smb_grpid = pwfile - > pw_gid ;
user . user_rid = pdb_uid_to_user_rid ( user . smb_userid ) ;
user . group_rid = pdb_gid_to_group_rid ( user . smb_grpid ) ;
pstrcpy ( full_name , pwfile - > pw_gecos ) ;
pstrcpy ( logon_script , lp_logon_script ( ) ) ;
pstrcpy ( profile_path , lp_logon_path ( ) ) ;
pstrcpy ( home_drive , lp_logon_drive ( ) ) ;
pstrcpy ( home_dir , lp_logon_home ( ) ) ;
pstrcpy ( acct_desc , " " ) ;
pstrcpy ( workstations , " " ) ;
sam_logon_in_ssb = False ;
}
else
{
user . smb_userid = pw_buf - > smb_userid ;
user . smb_grpid = pwfile - > pw_gid ;
user . user_rid = pdb_uid_to_user_rid ( user . smb_userid ) ;
user . group_rid = DOMAIN_GROUP_RID_USERS ; /* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */
pstrcpy ( full_name , " " ) ;
pstrcpy ( logon_script , " " ) ;
pstrcpy ( profile_path , " " ) ;
pstrcpy ( home_drive , " " ) ;
pstrcpy ( home_dir , " " ) ;
pstrcpy ( acct_desc , " " ) ;
pstrcpy ( workstations , " " ) ;
}
user . smb_name = pw_buf - > smb_name ;
user . full_name = full_name ;
user . home_dir = home_dir ;
user . dir_drive = home_drive ;
user . logon_script = logon_script ;
user . profile_path = profile_path ;
user . acct_desc = acct_desc ;
user . workstations = workstations ;
user . unknown_str = NULL ; /* don't know, yet! */
user . munged_dial = NULL ; /* "munged" dial-back telephone number */
user . smb_nt_passwd = pw_buf - > smb_nt_passwd ;
user . smb_passwd = pw_buf - > smb_passwd ;
user . acct_ctrl = pw_buf - > acct_ctrl ;
user . unknown_3 = 0xffffff ; /* don't know */
user . logon_divs = 168 ; /* hours per week */
user . hours_len = 21 ; /* 21 times 8 bits = 168 */
memset ( user . hours , 0xff , user . hours_len ) ; /* available at all hours */
user . unknown_5 = 0x00020000 ; /* don't know */
user . unknown_5 = 0x000004ec ; /* don't know */
return & user ;
}
1998-04-14 04:41:59 +04:00
/*************************************************************************
1998-09-18 03:06:57 +04:00
Return the current position in the smbpasswd list as an SMB_BIG_UINT .
1998-04-14 04:41:59 +04:00
This must be treated as an opaque token .
1998-05-07 22:19:05 +04:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1998-05-19 03:57:28 +04:00
1998-09-18 03:06:57 +04:00
static SMB_BIG_UINT getsmbfilepwpos ( void * vp )
1998-04-14 04:41:59 +04:00
{
1998-09-18 03:06:57 +04:00
return ( SMB_BIG_UINT ) sys_ftell ( ( FILE * ) vp ) ;
1998-04-14 04:41:59 +04:00
}
/*************************************************************************
1998-09-18 03:06:57 +04:00
Set the current position in the smbpasswd list from an SMB_BIG_UINT .
1998-04-14 04:41:59 +04:00
This must be treated as an opaque token .
1998-05-07 22:19:05 +04:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1998-05-19 03:57:28 +04:00
1998-09-18 03:06:57 +04:00
static BOOL setsmbfilepwpos ( void * vp , SMB_BIG_UINT tok )
1998-04-14 04:41:59 +04:00
{
1998-09-17 23:16:12 +04:00
return ! sys_fseek ( ( FILE * ) vp , ( SMB_OFF_T ) tok , SEEK_SET ) ;
1998-04-14 04:41:59 +04:00
}
1998-05-18 15:54:00 +04:00
/************************************************************************
Routine to add an entry to the smbpasswd file .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1998-05-19 03:57:28 +04:00
static BOOL add_smbfilepwd_entry ( struct smb_passwd * newpwd )
1998-03-12 00:11:04 +03:00
{
char * pfile = lp_smb_passwd_file ( ) ;
struct smb_passwd * pwd = NULL ;
FILE * fp = NULL ;
int i ;
int wr_len ;
int fd ;
int new_entry_length ;
1998-06-01 22:50:27 +04:00
char * new_entry ;
1998-09-03 22:40:31 +04:00
SMB_OFF_T offpos ;
1998-06-01 22:50:27 +04:00
char * p ;
1998-03-12 00:11:04 +03:00
/* Open the smbpassword file - for update. */
1998-05-19 01:30:57 +04:00
fp = startsmbfilepwent ( True ) ;
1998-03-12 00:11:04 +03:00
if ( fp = = NULL ) {
1998-05-19 01:30:57 +04:00
DEBUG ( 0 , ( " add_smbfilepwd_entry: unable to open file. \n " ) ) ;
1998-03-12 00:11:04 +03:00
return False ;
}
/*
* Scan the file , a line at a time and check if the name matches .
*/
1998-05-19 01:30:57 +04:00
while ( ( pwd = getsmbfilepwent ( fp ) ) ! = NULL ) {
1998-03-12 00:11:04 +03:00
if ( strequal ( newpwd - > smb_name , pwd - > smb_name ) ) {
1998-05-19 01:30:57 +04:00
DEBUG ( 0 , ( " add_smbfilepwd_entry: entry with name %s already exists \n " , pwd - > smb_name ) ) ;
endsmbfilepwent ( fp ) ;
1998-03-12 00:11:04 +03:00
return False ;
}
}
/* Ok - entry doesn't exist. We can add it */
/* Create a new smb passwd entry and set it to the given password. */
/*
* The add user write needs to be atomic - so get the fd from
* the fp and do a raw write ( ) call .
*/
fd = fileno ( fp ) ;
1998-09-03 22:40:31 +04:00
if ( ( offpos = sys_lseek ( fd , 0 , SEEK_END ) ) = = - 1 ) {
DEBUG ( 0 , ( " add_smbfilepwd_entry(sys_lseek): Failed to add entry for user %s to file %s. \
1998-04-18 06:00:39 +04:00
Error was % s \ n " , newpwd->smb_name, pfile, strerror(errno)));
1998-05-19 01:30:57 +04:00
endsmbfilepwent ( fp ) ;
1998-03-12 00:11:04 +03:00
return False ;
}
1997-11-02 22:27:26 +03:00
1998-09-25 02:33:13 +04:00
new_entry_length = strlen ( newpwd - > smb_name ) + 1 + 15 + 1 + 32 + 1 + 32 + 1 + NEW_PW_FORMAT_SPACE_PADDED_LEN + 1 + 13 + 2 ;
1997-11-02 22:27:26 +03:00
1998-06-04 04:49:32 +04:00
if ( ( new_entry = ( char * ) malloc ( new_entry_length ) ) = = NULL ) {
1998-05-19 01:30:57 +04:00
DEBUG ( 0 , ( " add_smbfilepwd_entry(malloc): Failed to add entry for user %s to file %s. \
1998-04-18 06:00:39 +04:00
Error was % s \ n " , newpwd->smb_name, pfile, strerror(errno)));
1998-05-19 01:30:57 +04:00
endsmbfilepwent ( fp ) ;
1998-03-12 00:11:04 +03:00
return False ;
}
1997-11-02 22:27:26 +03:00
1998-05-12 04:55:32 +04:00
slprintf ( new_entry , new_entry_length - 1 , " %s:%u: " , newpwd - > smb_name , ( unsigned ) newpwd - > smb_userid ) ;
1998-06-04 04:49:32 +04:00
p = & new_entry [ strlen ( new_entry ) ] ;
1997-11-02 22:27:26 +03:00
1998-04-18 06:00:39 +04:00
if ( newpwd - > smb_passwd ! = NULL ) {
for ( i = 0 ; i < 16 ; i + + ) {
1998-05-12 04:55:32 +04:00
slprintf ( ( char * ) & p [ i * 2 ] , new_entry_length - ( p - new_entry ) - 1 , " %02X " , newpwd - > smb_passwd [ i ] ) ;
1998-04-18 06:00:39 +04:00
}
} else {
1998-05-06 21:43:44 +04:00
i = 0 ;
1998-04-18 06:00:39 +04:00
if ( newpwd - > acct_ctrl & ACB_PWNOTREQ )
1998-05-12 04:55:32 +04:00
safe_strcpy ( ( char * ) p , " NO PASSWORDXXXXXXXXXXXXXXXXXXXXX " , new_entry_length - 1 - ( p - new_entry ) ) ;
1998-04-18 06:00:39 +04:00
else
1998-05-12 04:55:32 +04:00
safe_strcpy ( ( char * ) p , " XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX " , new_entry_length - 1 - ( p - new_entry ) ) ;
1998-03-12 00:11:04 +03:00
}
1998-04-18 06:00:39 +04:00
1998-03-12 00:11:04 +03:00
p + = 32 ;
1997-11-02 22:27:26 +03:00
1998-03-12 00:11:04 +03:00
* p + + = ' : ' ;
1997-11-02 22:27:26 +03:00
1998-04-18 06:00:39 +04:00
if ( newpwd - > smb_nt_passwd ! = NULL ) {
for ( i = 0 ; i < 16 ; i + + ) {
1998-05-12 04:55:32 +04:00
slprintf ( ( char * ) & p [ i * 2 ] , new_entry_length - 1 - ( p - new_entry ) , " %02X " , newpwd - > smb_nt_passwd [ i ] ) ;
1998-04-18 06:00:39 +04:00
}
} else {
if ( newpwd - > acct_ctrl & ACB_PWNOTREQ )
1998-05-12 04:55:32 +04:00
safe_strcpy ( ( char * ) p , " NO PASSWORDXXXXXXXXXXXXXXXXXXXXX " , new_entry_length - 1 - ( p - new_entry ) ) ;
1998-04-18 06:00:39 +04:00
else
1998-05-12 04:55:32 +04:00
safe_strcpy ( ( char * ) p , " XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX " , new_entry_length - 1 - ( p - new_entry ) ) ;
1998-03-12 00:11:04 +03:00
}
1998-04-18 06:00:39 +04:00
1998-03-12 00:11:04 +03:00
p + = 32 ;
1997-11-02 22:27:26 +03:00
1998-03-12 00:11:04 +03:00
* p + + = ' : ' ;
1998-04-16 00:00:41 +04:00
/* Add the account encoding and the last change time. */
1998-05-12 04:55:32 +04:00
slprintf ( ( char * ) p , new_entry_length - 1 - ( p - new_entry ) , " %s:LCT-%08X: \n " ,
1998-09-25 02:33:13 +04:00
pdb_encode_acct_ctrl ( newpwd - > acct_ctrl , NEW_PW_FORMAT_SPACE_PADDED_LEN ) , ( uint32 ) time ( NULL ) ) ;
1997-11-02 22:27:26 +03:00
# ifdef DEBUG_PASSWORD
1998-05-19 01:30:57 +04:00
DEBUG ( 100 , ( " add_smbfilepwd_entry(%d): new_entry_len %d entry_len %d made line |%s| " ,
1997-11-02 22:27:26 +03:00
fd , new_entry_length , strlen ( new_entry ) , new_entry ) ) ;
# endif
1998-03-12 00:11:04 +03:00
if ( ( wr_len = write ( fd , new_entry , strlen ( new_entry ) ) ) ! = strlen ( new_entry ) ) {
1998-05-19 01:30:57 +04:00
DEBUG ( 0 , ( " add_smbfilepwd_entry(write): %d Failed to add entry for user %s to file %s. \
1998-04-18 06:00:39 +04:00
Error was % s \ n " , wr_len, newpwd->smb_name, pfile, strerror(errno)));
1997-11-02 22:27:26 +03:00
1998-03-12 00:11:04 +03:00
/* Remove the entry we just wrote. */
1998-09-03 22:40:31 +04:00
if ( sys_ftruncate ( fd , offpos ) = = - 1 ) {
1998-05-19 01:30:57 +04:00
DEBUG ( 0 , ( " add_smbfilepwd_entry: ERROR failed to ftruncate file %s. \
1997-11-02 22:27:26 +03:00
Error was % s . Password file may be corrupt ! Please examine by hand ! \ n " ,
1998-04-18 06:00:39 +04:00
newpwd - > smb_name , strerror ( errno ) ) ) ;
1998-03-12 00:11:04 +03:00
}
1997-11-02 22:27:26 +03:00
1998-05-19 01:30:57 +04:00
endsmbfilepwent ( fp ) ;
1998-09-25 02:33:13 +04:00
free ( new_entry ) ;
1998-03-12 00:11:04 +03:00
return False ;
}
1997-11-02 22:27:26 +03:00
1998-09-25 02:33:13 +04:00
free ( new_entry ) ;
1998-05-19 01:30:57 +04:00
endsmbfilepwent ( fp ) ;
1998-03-12 00:11:04 +03:00
return True ;
1997-11-02 22:27:26 +03:00
}
1998-03-12 00:11:04 +03:00
1998-05-18 15:54:00 +04:00
/************************************************************************
Routine to search the smbpasswd file for an entry matching the username .
and then modify its password entry . We can ' t use the startsmbpwent ( ) /
getsmbpwent ( ) / endsmbpwent ( ) interfaces here as we depend on looking
in the actual file to decide how much room we have to write data .
override = False , normal
override = True , override XXXXXXXX ' d out password or NO PASS
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1998-05-19 03:57:28 +04:00
1998-05-19 23:41:22 +04:00
static BOOL mod_smbfilepwd_entry ( struct smb_passwd * pwd , BOOL override )
following a cvs error, i am rewriting this monster-commit. with bad grace.
Modified Files:
---------------
Makefile:
adding extra files
ipc.c :
send_trans_reply() - alignment issue. this makes the alignment
the same as that in NT. this should be looked at by people who
understand the SMB stuff better than i.
api_fd_commands[] - added samr and wkssvc pipes.
loadparm.c :
lp_domain_controller() changed to mean "samba is a domain controller".
it's a "yes/no" parameter, now. no, it isn't used _anywhere_.
namedbwork.c nameelect.c :
if "domain controller = yes" then add SV_TYPE_DOMAIN_CTRL to the
host _and_ workgroup announcements. yes, you must do both: nt does.
namelogon.c :
important NETLOGON bug in SAMLOGON request parsing, which may be
the source of some people's problems with logging on to the Samba PDC.
password.c :
get_smbpwnam() renamed to get_smbpwd_entry().
pipes.c :
added samr and wkssvc pipes.
proto.h :
usual. can we actually _remove_ proto.h from the cvs tree, and
have it as one of the Makefile dependencies, or something?
reply.c :
get_smbpwnam() renamed to get_smbpwd_entry() - also changed response
error code when logging in from a WORKSTATION$ account. yes, paul
is right: we need to know when to return the right error code, and why.
server.c :
added call to reset_chain_pnum().
#ifdef NTDOMAIN added call to init_lsa_policy_hnd() #endif. jeremy,
you'd be proud: i did a compile without NTDOMAIN, and caught a link
error for this function.
smb.h :
defines and structures for samr and wkssvc pipes.
smbpass.c :
modified get_smbpwnam() to get_smbpwd_entry() and it now takes
two arguments. one for the name; if this is null, it looks up
by smb_userid instead.
oh, by the way, smb_userids are actually domain relative ids
(RIDs). concatenate a RID with the domain SID, and you have
an internet globally unique way of identifying a user.
we're using RIDs in the wrong way....
added mod_smbpwnam() function. this was based on code in smbpasswd.c
rpc_pipes/lsaparse.c :
added enum trusted domain parsing. this is incomplete: i need
a packet trace to write it properly.
rpc_pipes/pipe_hnd.c :
added reset_chain_pnum() function.
rpc_pipes/pipenetlog.c :
get_smbpwnam() function renamed to get_smbpwd_entry().
arcfour() issues.
removed capability of get_md4pw() function to automatically add
workstation accounts. this should either be done using
smbpasswd -add MACHINE$, or by using \PIPE\samr.
rpc_pipes/pipe_util.c :
create_pol_hnd() - creates a unique LSA Policy Handle. overkill
function: uses a 64 bit sequence number; current unix time and
the smbd pid.
rpc_pipes/smbparse.c :
arcfour() issues.
smb_io_unistr2() should advance by uni_str_len not uni_max_len.
smb_io_smb_hdr_rb() - request bind uses uint16 for the context
id, and uint8 for the num_syntaxes. oops, i put these both as
uint32s.
Added Files:
------------
rpc_pipes/lsa_hnd.c :
on the samr pipe, allocate and associate an LSA Policy Handle
with a SID. you receive queries with the LSA Policy Handle,
and have to turn this back into a SID in order to answer the
query...
rpc_pipes/pipesamr.c rpc_pipes/samrparse.c
\PIPE\samr processing. samr i presume is the SAM Replication pipe.
rpc_pipes/pipewkssvc.c rpc_pipes/wksparse.c
\PIPE\wkssvc processing. the Workstation Service pipe?
holy cow.
(This used to be commit 1bd084b3e690eb26a1006d616075e53d711ecd2f)
1997-11-07 02:03:58 +03:00
{
1998-03-12 00:11:04 +03:00
/* Static buffers we will return. */
static pstring user_name ;
char linebuf [ 256 ] ;
1998-08-17 10:13:32 +04:00
char readbuf [ 1024 ] ;
1998-03-12 00:11:04 +03:00
unsigned char c ;
1998-04-16 00:00:41 +04:00
fstring ascii_p16 ;
fstring encode_bits ;
1998-03-12 00:11:04 +03:00
unsigned char * p = NULL ;
1998-09-29 01:43:48 +04:00
size_t linebuf_len = 0 ;
1998-03-12 00:11:04 +03:00
FILE * fp ;
int lockfd ;
char * pfile = lp_smb_passwd_file ( ) ;
BOOL found_entry = False ;
1998-05-08 15:31:55 +04:00
BOOL got_pass_last_set_time = False ;
1998-03-12 00:11:04 +03:00
1998-09-03 22:40:31 +04:00
SMB_OFF_T pwd_seekpos = 0 ;
1998-03-12 00:11:04 +03:00
int i ;
int wr_len ;
int fd ;
if ( ! * pfile ) {
DEBUG ( 0 , ( " No SMB password file set \n " ) ) ;
return False ;
}
1998-05-19 01:30:57 +04:00
DEBUG ( 10 , ( " mod_smbfilepwd_entry: opening file %s \n " , pfile ) ) ;
1998-03-12 00:11:04 +03:00
fp = fopen ( pfile , " r+ " ) ;
if ( fp = = NULL ) {
1998-05-19 01:30:57 +04:00
DEBUG ( 0 , ( " mod_smbfilepwd_entry: unable to open file %s \n " , pfile ) ) ;
1998-03-12 00:11:04 +03:00
return False ;
}
1998-08-17 10:13:32 +04:00
/* Set a buffer to do more efficient reads */
1998-03-12 00:11:04 +03:00
setvbuf ( fp , readbuf , _IOFBF , sizeof ( readbuf ) ) ;
1998-04-23 22:54:57 +04:00
lockfd = fileno ( fp ) ;
1998-04-30 02:27:26 +04:00
if ( ! pw_file_lock ( lockfd , F_WRLCK , 5 , & pw_file_lock_depth ) ) {
1998-05-19 01:30:57 +04:00
DEBUG ( 0 , ( " mod_smbfilepwd_entry: unable to lock file %s \n " , pfile ) ) ;
1998-03-12 00:11:04 +03:00
fclose ( fp ) ;
return False ;
}
/* Make sure it is only rw by the owner */
chmod ( pfile , 0600 ) ;
/* We have a write lock on the file. */
/*
* Scan the file , a line at a time and check if the name matches .
*/
while ( ! feof ( fp ) ) {
1998-09-17 23:16:12 +04:00
pwd_seekpos = sys_ftell ( fp ) ;
1998-03-12 00:11:04 +03:00
linebuf [ 0 ] = ' \0 ' ;
1998-04-23 22:54:57 +04:00
fgets ( linebuf , sizeof ( linebuf ) , fp ) ;
1998-03-12 00:11:04 +03:00
if ( ferror ( fp ) ) {
1998-04-23 22:54:57 +04:00
pw_file_unlock ( lockfd , & pw_file_lock_depth ) ;
1998-03-12 00:11:04 +03:00
fclose ( fp ) ;
return False ;
}
/*
* Check if the string is terminated with a newline - if not
* then we must keep reading and discard until we get one .
*/
linebuf_len = strlen ( linebuf ) ;
if ( linebuf [ linebuf_len - 1 ] ! = ' \n ' ) {
c = ' \0 ' ;
while ( ! ferror ( fp ) & & ! feof ( fp ) ) {
c = fgetc ( fp ) ;
if ( c = = ' \n ' ) {
break ;
}
}
} else {
linebuf [ linebuf_len - 1 ] = ' \0 ' ;
}
following a cvs error, i am rewriting this monster-commit. with bad grace.
Modified Files:
---------------
Makefile:
adding extra files
ipc.c :
send_trans_reply() - alignment issue. this makes the alignment
the same as that in NT. this should be looked at by people who
understand the SMB stuff better than i.
api_fd_commands[] - added samr and wkssvc pipes.
loadparm.c :
lp_domain_controller() changed to mean "samba is a domain controller".
it's a "yes/no" parameter, now. no, it isn't used _anywhere_.
namedbwork.c nameelect.c :
if "domain controller = yes" then add SV_TYPE_DOMAIN_CTRL to the
host _and_ workgroup announcements. yes, you must do both: nt does.
namelogon.c :
important NETLOGON bug in SAMLOGON request parsing, which may be
the source of some people's problems with logging on to the Samba PDC.
password.c :
get_smbpwnam() renamed to get_smbpwd_entry().
pipes.c :
added samr and wkssvc pipes.
proto.h :
usual. can we actually _remove_ proto.h from the cvs tree, and
have it as one of the Makefile dependencies, or something?
reply.c :
get_smbpwnam() renamed to get_smbpwd_entry() - also changed response
error code when logging in from a WORKSTATION$ account. yes, paul
is right: we need to know when to return the right error code, and why.
server.c :
added call to reset_chain_pnum().
#ifdef NTDOMAIN added call to init_lsa_policy_hnd() #endif. jeremy,
you'd be proud: i did a compile without NTDOMAIN, and caught a link
error for this function.
smb.h :
defines and structures for samr and wkssvc pipes.
smbpass.c :
modified get_smbpwnam() to get_smbpwd_entry() and it now takes
two arguments. one for the name; if this is null, it looks up
by smb_userid instead.
oh, by the way, smb_userids are actually domain relative ids
(RIDs). concatenate a RID with the domain SID, and you have
an internet globally unique way of identifying a user.
we're using RIDs in the wrong way....
added mod_smbpwnam() function. this was based on code in smbpasswd.c
rpc_pipes/lsaparse.c :
added enum trusted domain parsing. this is incomplete: i need
a packet trace to write it properly.
rpc_pipes/pipe_hnd.c :
added reset_chain_pnum() function.
rpc_pipes/pipenetlog.c :
get_smbpwnam() function renamed to get_smbpwd_entry().
arcfour() issues.
removed capability of get_md4pw() function to automatically add
workstation accounts. this should either be done using
smbpasswd -add MACHINE$, or by using \PIPE\samr.
rpc_pipes/pipe_util.c :
create_pol_hnd() - creates a unique LSA Policy Handle. overkill
function: uses a 64 bit sequence number; current unix time and
the smbd pid.
rpc_pipes/smbparse.c :
arcfour() issues.
smb_io_unistr2() should advance by uni_str_len not uni_max_len.
smb_io_smb_hdr_rb() - request bind uses uint16 for the context
id, and uint8 for the num_syntaxes. oops, i put these both as
uint32s.
Added Files:
------------
rpc_pipes/lsa_hnd.c :
on the samr pipe, allocate and associate an LSA Policy Handle
with a SID. you receive queries with the LSA Policy Handle,
and have to turn this back into a SID in order to answer the
query...
rpc_pipes/pipesamr.c rpc_pipes/samrparse.c
\PIPE\samr processing. samr i presume is the SAM Replication pipe.
rpc_pipes/pipewkssvc.c rpc_pipes/wksparse.c
\PIPE\wkssvc processing. the Workstation Service pipe?
holy cow.
(This used to be commit 1bd084b3e690eb26a1006d616075e53d711ecd2f)
1997-11-07 02:03:58 +03:00
# ifdef DEBUG_PASSWORD
1998-05-19 01:30:57 +04:00
DEBUG ( 100 , ( " mod_smbfilepwd_entry: got line |%s| \n " , linebuf ) ) ;
following a cvs error, i am rewriting this monster-commit. with bad grace.
Modified Files:
---------------
Makefile:
adding extra files
ipc.c :
send_trans_reply() - alignment issue. this makes the alignment
the same as that in NT. this should be looked at by people who
understand the SMB stuff better than i.
api_fd_commands[] - added samr and wkssvc pipes.
loadparm.c :
lp_domain_controller() changed to mean "samba is a domain controller".
it's a "yes/no" parameter, now. no, it isn't used _anywhere_.
namedbwork.c nameelect.c :
if "domain controller = yes" then add SV_TYPE_DOMAIN_CTRL to the
host _and_ workgroup announcements. yes, you must do both: nt does.
namelogon.c :
important NETLOGON bug in SAMLOGON request parsing, which may be
the source of some people's problems with logging on to the Samba PDC.
password.c :
get_smbpwnam() renamed to get_smbpwd_entry().
pipes.c :
added samr and wkssvc pipes.
proto.h :
usual. can we actually _remove_ proto.h from the cvs tree, and
have it as one of the Makefile dependencies, or something?
reply.c :
get_smbpwnam() renamed to get_smbpwd_entry() - also changed response
error code when logging in from a WORKSTATION$ account. yes, paul
is right: we need to know when to return the right error code, and why.
server.c :
added call to reset_chain_pnum().
#ifdef NTDOMAIN added call to init_lsa_policy_hnd() #endif. jeremy,
you'd be proud: i did a compile without NTDOMAIN, and caught a link
error for this function.
smb.h :
defines and structures for samr and wkssvc pipes.
smbpass.c :
modified get_smbpwnam() to get_smbpwd_entry() and it now takes
two arguments. one for the name; if this is null, it looks up
by smb_userid instead.
oh, by the way, smb_userids are actually domain relative ids
(RIDs). concatenate a RID with the domain SID, and you have
an internet globally unique way of identifying a user.
we're using RIDs in the wrong way....
added mod_smbpwnam() function. this was based on code in smbpasswd.c
rpc_pipes/lsaparse.c :
added enum trusted domain parsing. this is incomplete: i need
a packet trace to write it properly.
rpc_pipes/pipe_hnd.c :
added reset_chain_pnum() function.
rpc_pipes/pipenetlog.c :
get_smbpwnam() function renamed to get_smbpwd_entry().
arcfour() issues.
removed capability of get_md4pw() function to automatically add
workstation accounts. this should either be done using
smbpasswd -add MACHINE$, or by using \PIPE\samr.
rpc_pipes/pipe_util.c :
create_pol_hnd() - creates a unique LSA Policy Handle. overkill
function: uses a 64 bit sequence number; current unix time and
the smbd pid.
rpc_pipes/smbparse.c :
arcfour() issues.
smb_io_unistr2() should advance by uni_str_len not uni_max_len.
smb_io_smb_hdr_rb() - request bind uses uint16 for the context
id, and uint8 for the num_syntaxes. oops, i put these both as
uint32s.
Added Files:
------------
rpc_pipes/lsa_hnd.c :
on the samr pipe, allocate and associate an LSA Policy Handle
with a SID. you receive queries with the LSA Policy Handle,
and have to turn this back into a SID in order to answer the
query...
rpc_pipes/pipesamr.c rpc_pipes/samrparse.c
\PIPE\samr processing. samr i presume is the SAM Replication pipe.
rpc_pipes/pipewkssvc.c rpc_pipes/wksparse.c
\PIPE\wkssvc processing. the Workstation Service pipe?
holy cow.
(This used to be commit 1bd084b3e690eb26a1006d616075e53d711ecd2f)
1997-11-07 02:03:58 +03:00
# endif
1998-03-12 00:11:04 +03:00
if ( ( linebuf [ 0 ] = = 0 ) & & feof ( fp ) ) {
1998-05-19 01:30:57 +04:00
DEBUG ( 4 , ( " mod_smbfilepwd_entry: end of file reached \n " ) ) ;
1998-03-12 00:11:04 +03:00
break ;
}
/*
* The line we have should be of the form : -
*
* username : uid : [ 32 hex bytes ] : . . . . other flags presently
* ignored . . . .
*
* or ,
*
1998-09-25 02:33:13 +04:00
* username : uid : [ 32 hex bytes ] : [ 32 hex bytes ] : [ attributes ] : LCT - XXXXXXXX : . . . ignored .
1998-03-12 00:11:04 +03:00
*
* if Windows NT compatible passwords are also present .
*/
if ( linebuf [ 0 ] = = ' # ' | | linebuf [ 0 ] = = ' \0 ' ) {
1998-05-19 01:30:57 +04:00
DEBUG ( 6 , ( " mod_smbfilepwd_entry: skipping comment or blank line \n " ) ) ;
1998-03-12 00:11:04 +03:00
continue ;
}
p = ( unsigned char * ) strchr ( linebuf , ' : ' ) ;
if ( p = = NULL ) {
1998-05-19 01:30:57 +04:00
DEBUG ( 0 , ( " mod_smbfilepwd_entry: malformed password entry (no :) \n " ) ) ;
1998-03-12 00:11:04 +03:00
continue ;
}
/*
* As 256 is shorter than a pstring we don ' t need to check
* length here - if this ever changes . . . .
*/
strncpy ( user_name , linebuf , PTR_DIFF ( p , linebuf ) ) ;
user_name [ PTR_DIFF ( p , linebuf ) ] = ' \0 ' ;
if ( strequal ( user_name , pwd - > smb_name ) ) {
found_entry = True ;
break ;
}
}
if ( ! found_entry ) return False ;
1998-05-19 01:30:57 +04:00
DEBUG ( 6 , ( " mod_smbfilepwd_entry: entry exists \n " ) ) ;
1998-03-12 00:11:04 +03:00
/* User name matches - get uid and password */
p + + ; /* Go past ':' */
if ( ! isdigit ( * p ) ) {
1998-05-19 01:30:57 +04:00
DEBUG ( 0 , ( " mod_smbfilepwd_entry: malformed password entry (uid not number) \n " ) ) ;
1998-04-23 22:54:57 +04:00
pw_file_unlock ( lockfd , & pw_file_lock_depth ) ;
1998-03-12 00:11:04 +03:00
fclose ( fp ) ;
return False ;
}
while ( * p & & isdigit ( * p ) )
p + + ;
if ( * p ! = ' : ' ) {
1998-05-19 01:30:57 +04:00
DEBUG ( 0 , ( " mod_smbfilepwd_entry: malformed password entry (no : after uid) \n " ) ) ;
1998-04-23 22:54:57 +04:00
pw_file_unlock ( lockfd , & pw_file_lock_depth ) ;
1998-03-12 00:11:04 +03:00
fclose ( fp ) ;
return False ;
}
/*
* Now get the password value - this should be 32 hex digits
* which are the ascii representations of a 16 byte string .
* Get two at a time and put them into the password .
*/
p + + ;
/* Record exact password position */
pwd_seekpos + = PTR_DIFF ( p , linebuf ) ;
1998-04-30 05:39:22 +04:00
if ( ! override & & ( * p = = ' * ' | | * p = = ' X ' ) ) {
1998-03-12 00:11:04 +03:00
/* Password deliberately invalid - end here. */
1998-05-19 01:30:57 +04:00
DEBUG ( 10 , ( " mod_smbfilepwd_entry: entry invalidated for user %s \n " , user_name ) ) ;
1998-04-23 22:54:57 +04:00
pw_file_unlock ( lockfd , & pw_file_lock_depth ) ;
1998-03-12 00:11:04 +03:00
fclose ( fp ) ;
return False ;
}
if ( linebuf_len < ( PTR_DIFF ( p , linebuf ) + 33 ) ) {
1998-05-19 01:30:57 +04:00
DEBUG ( 0 , ( " mod_smbfilepwd_entry: malformed password entry (passwd too short) \n " ) ) ;
1998-04-23 22:54:57 +04:00
pw_file_unlock ( lockfd , & pw_file_lock_depth ) ;
1998-03-12 00:11:04 +03:00
fclose ( fp ) ;
return ( False ) ;
}
if ( p [ 32 ] ! = ' : ' ) {
1998-05-19 01:30:57 +04:00
DEBUG ( 0 , ( " mod_smbfilepwd_entry: malformed password entry (no terminating :) \n " ) ) ;
1998-04-23 22:54:57 +04:00
pw_file_unlock ( lockfd , & pw_file_lock_depth ) ;
1998-03-12 00:11:04 +03:00
fclose ( fp ) ;
return False ;
}
1998-04-30 05:39:22 +04:00
if ( ! override & & ( * p = = ' * ' | | * p = = ' X ' ) ) {
1998-04-23 22:54:57 +04:00
pw_file_unlock ( lockfd , & pw_file_lock_depth ) ;
1998-03-12 00:11:04 +03:00
fclose ( fp ) ;
return False ;
}
/* Now check if the NT compatible password is
available . */
p + = 33 ; /* Move to the first character of the line after
the lanman password . */
if ( linebuf_len < ( PTR_DIFF ( p , linebuf ) + 33 ) ) {
1998-05-19 01:30:57 +04:00
DEBUG ( 0 , ( " mod_smbfilepwd_entry: malformed password entry (passwd too short) \n " ) ) ;
1998-04-23 22:54:57 +04:00
pw_file_unlock ( lockfd , & pw_file_lock_depth ) ;
1998-03-12 00:11:04 +03:00
fclose ( fp ) ;
return ( False ) ;
}
if ( p [ 32 ] ! = ' : ' ) {
1998-05-19 01:30:57 +04:00
DEBUG ( 0 , ( " mod_smbfilepwd_entry: malformed password entry (no terminating :) \n " ) ) ;
1998-04-23 22:54:57 +04:00
pw_file_unlock ( lockfd , & pw_file_lock_depth ) ;
1998-03-12 00:11:04 +03:00
fclose ( fp ) ;
return False ;
}
1998-04-16 00:00:41 +04:00
/*
* Now check if the account info and the password last
* change time is available .
*/
p + = 33 ; /* Move to the first character of the line after
the NT password . */
1998-09-26 03:40:49 +04:00
/*
* If both NT and lanman passwords are provided - reset password
* not required flag .
*/
if ( pwd - > smb_passwd ! = NULL | | pwd - > smb_nt_passwd ! = NULL ) {
/* Reqiure password in the future (should ACB_DISABLED also be reset?) */
pwd - > acct_ctrl & = ~ ( ACB_PWNOTREQ ) ;
}
1998-04-16 00:00:41 +04:00
if ( * p = = ' [ ' ) {
i = 0 ;
1998-09-25 02:33:13 +04:00
encode_bits [ i + + ] = * p + + ;
1998-04-16 00:00:41 +04:00
while ( ( linebuf_len > PTR_DIFF ( p , linebuf ) ) & & ( * p ! = ' ] ' ) )
encode_bits [ i + + ] = * p + + ;
1998-09-25 02:33:13 +04:00
encode_bits [ i + + ] = ' ] ' ;
encode_bits [ i + + ] = ' \0 ' ;
if ( i = = NEW_PW_FORMAT_SPACE_PADDED_LEN ) {
/*
* We are using a new format , space padded
* acct ctrl field . Encode the given acct ctrl
* bits into it .
*/
fstrcpy ( encode_bits , pdb_encode_acct_ctrl ( pwd - > acct_ctrl , NEW_PW_FORMAT_SPACE_PADDED_LEN ) ) ;
} else {
/*
* If using the old format and the ACB_DISABLED or
* ACB_PWNOTREQ are set then set the lanman and NT passwords to NULL
* here as we have no space to encode the change .
*/
if ( pwd - > acct_ctrl & ( ACB_DISABLED | ACB_PWNOTREQ ) ) {
pwd - > smb_passwd = NULL ;
pwd - > smb_nt_passwd = NULL ;
}
}
1998-04-16 00:00:41 +04:00
/* Go past the ']' */
if ( linebuf_len > PTR_DIFF ( p , linebuf ) )
p + + ;
if ( ( linebuf_len > PTR_DIFF ( p , linebuf ) ) & & ( * p = = ' : ' ) ) {
p + + ;
1998-09-25 02:33:13 +04:00
/* We should be pointing at the LCT entry. */
if ( ( linebuf_len > ( PTR_DIFF ( p , linebuf ) + 13 ) ) & & ( StrnCaseCmp ( ( char * ) p , " LCT- " , 4 ) = = 0 ) ) {
1998-04-16 00:00:41 +04:00
p + = 4 ;
for ( i = 0 ; i < 8 ; i + + ) {
if ( p [ i ] = = ' \0 ' | | ! isxdigit ( p [ i ] ) )
break ;
}
if ( i = = 8 ) {
/*
* p points at 8 characters of hex digits -
* read into a time_t as the seconds since
* 1970 that the password was last changed .
*/
1998-05-08 15:31:55 +04:00
got_pass_last_set_time = True ;
1998-04-16 00:00:41 +04:00
} /* i == 8 */
} /* *p && StrnCaseCmp() */
} /* p == ':' */
} /* p == '[' */
1998-03-12 00:11:04 +03:00
/* Entry is correctly formed. */
/* Create the 32 byte representation of the new p16 */
1998-04-18 06:00:39 +04:00
if ( pwd - > smb_passwd ! = NULL ) {
for ( i = 0 ; i < 16 ; i + + ) {
1998-05-12 04:55:32 +04:00
slprintf ( & ascii_p16 [ i * 2 ] , sizeof ( fstring ) - 1 , " %02X " , ( uchar ) pwd - > smb_passwd [ i ] ) ;
1998-04-18 06:00:39 +04:00
}
} else {
if ( pwd - > acct_ctrl & ACB_PWNOTREQ )
1998-05-12 04:55:32 +04:00
fstrcpy ( ascii_p16 , " NO PASSWORDXXXXXXXXXXXXXXXXXXXXX " ) ;
1998-04-18 06:00:39 +04:00
else
1998-05-12 04:55:32 +04:00
fstrcpy ( ascii_p16 , " XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX " ) ;
1998-03-12 00:11:04 +03:00
}
/* Add on the NT md4 hash */
ascii_p16 [ 32 ] = ' : ' ;
1998-09-25 02:33:13 +04:00
wr_len = 66 ;
1998-03-12 00:11:04 +03:00
if ( pwd - > smb_nt_passwd ! = NULL ) {
for ( i = 0 ; i < 16 ; i + + ) {
1998-05-12 04:55:32 +04:00
slprintf ( & ascii_p16 [ ( i * 2 ) + 33 ] , sizeof ( fstring ) - 1 , " %02X " , ( uchar ) pwd - > smb_nt_passwd [ i ] ) ;
1998-03-12 00:11:04 +03:00
}
} else {
1998-04-18 06:00:39 +04:00
if ( pwd - > acct_ctrl & ACB_PWNOTREQ )
1998-05-12 04:55:32 +04:00
fstrcpy ( & ascii_p16 [ 33 ] , " NO PASSWORDXXXXXXXXXXXXXXXXXXXXX " ) ;
1998-04-18 06:00:39 +04:00
else
1998-05-12 04:55:32 +04:00
fstrcpy ( & ascii_p16 [ 33 ] , " XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX " ) ;
1998-03-12 00:11:04 +03:00
}
1998-09-25 02:33:13 +04:00
ascii_p16 [ 65 ] = ' : ' ;
following a cvs error, i am rewriting this monster-commit. with bad grace.
Modified Files:
---------------
Makefile:
adding extra files
ipc.c :
send_trans_reply() - alignment issue. this makes the alignment
the same as that in NT. this should be looked at by people who
understand the SMB stuff better than i.
api_fd_commands[] - added samr and wkssvc pipes.
loadparm.c :
lp_domain_controller() changed to mean "samba is a domain controller".
it's a "yes/no" parameter, now. no, it isn't used _anywhere_.
namedbwork.c nameelect.c :
if "domain controller = yes" then add SV_TYPE_DOMAIN_CTRL to the
host _and_ workgroup announcements. yes, you must do both: nt does.
namelogon.c :
important NETLOGON bug in SAMLOGON request parsing, which may be
the source of some people's problems with logging on to the Samba PDC.
password.c :
get_smbpwnam() renamed to get_smbpwd_entry().
pipes.c :
added samr and wkssvc pipes.
proto.h :
usual. can we actually _remove_ proto.h from the cvs tree, and
have it as one of the Makefile dependencies, or something?
reply.c :
get_smbpwnam() renamed to get_smbpwd_entry() - also changed response
error code when logging in from a WORKSTATION$ account. yes, paul
is right: we need to know when to return the right error code, and why.
server.c :
added call to reset_chain_pnum().
#ifdef NTDOMAIN added call to init_lsa_policy_hnd() #endif. jeremy,
you'd be proud: i did a compile without NTDOMAIN, and caught a link
error for this function.
smb.h :
defines and structures for samr and wkssvc pipes.
smbpass.c :
modified get_smbpwnam() to get_smbpwd_entry() and it now takes
two arguments. one for the name; if this is null, it looks up
by smb_userid instead.
oh, by the way, smb_userids are actually domain relative ids
(RIDs). concatenate a RID with the domain SID, and you have
an internet globally unique way of identifying a user.
we're using RIDs in the wrong way....
added mod_smbpwnam() function. this was based on code in smbpasswd.c
rpc_pipes/lsaparse.c :
added enum trusted domain parsing. this is incomplete: i need
a packet trace to write it properly.
rpc_pipes/pipe_hnd.c :
added reset_chain_pnum() function.
rpc_pipes/pipenetlog.c :
get_smbpwnam() function renamed to get_smbpwd_entry().
arcfour() issues.
removed capability of get_md4pw() function to automatically add
workstation accounts. this should either be done using
smbpasswd -add MACHINE$, or by using \PIPE\samr.
rpc_pipes/pipe_util.c :
create_pol_hnd() - creates a unique LSA Policy Handle. overkill
function: uses a 64 bit sequence number; current unix time and
the smbd pid.
rpc_pipes/smbparse.c :
arcfour() issues.
smb_io_unistr2() should advance by uni_str_len not uni_max_len.
smb_io_smb_hdr_rb() - request bind uses uint16 for the context
id, and uint8 for the num_syntaxes. oops, i put these both as
uint32s.
Added Files:
------------
rpc_pipes/lsa_hnd.c :
on the samr pipe, allocate and associate an LSA Policy Handle
with a SID. you receive queries with the LSA Policy Handle,
and have to turn this back into a SID in order to answer the
query...
rpc_pipes/pipesamr.c rpc_pipes/samrparse.c
\PIPE\samr processing. samr i presume is the SAM Replication pipe.
rpc_pipes/pipewkssvc.c rpc_pipes/wksparse.c
\PIPE\wkssvc processing. the Workstation Service pipe?
holy cow.
(This used to be commit 1bd084b3e690eb26a1006d616075e53d711ecd2f)
1997-11-07 02:03:58 +03:00
1998-04-16 00:00:41 +04:00
/* Add on the account info bits and the time of last
password change . */
1998-05-08 15:31:55 +04:00
pwd - > pass_last_set_time = time ( NULL ) ;
1998-04-16 00:00:41 +04:00
1998-05-08 15:31:55 +04:00
if ( got_pass_last_set_time ) {
1998-05-11 10:38:36 +04:00
slprintf ( & ascii_p16 [ strlen ( ascii_p16 ) ] ,
sizeof ( ascii_p16 ) - ( strlen ( ascii_p16 ) + 1 ) ,
1998-09-25 02:33:13 +04:00
" %s:LCT-%08X: " ,
1998-05-08 15:31:55 +04:00
encode_bits , ( uint32 ) pwd - > pass_last_set_time ) ;
1998-04-16 00:00:41 +04:00
wr_len = strlen ( ascii_p16 ) ;
}
following a cvs error, i am rewriting this monster-commit. with bad grace.
Modified Files:
---------------
Makefile:
adding extra files
ipc.c :
send_trans_reply() - alignment issue. this makes the alignment
the same as that in NT. this should be looked at by people who
understand the SMB stuff better than i.
api_fd_commands[] - added samr and wkssvc pipes.
loadparm.c :
lp_domain_controller() changed to mean "samba is a domain controller".
it's a "yes/no" parameter, now. no, it isn't used _anywhere_.
namedbwork.c nameelect.c :
if "domain controller = yes" then add SV_TYPE_DOMAIN_CTRL to the
host _and_ workgroup announcements. yes, you must do both: nt does.
namelogon.c :
important NETLOGON bug in SAMLOGON request parsing, which may be
the source of some people's problems with logging on to the Samba PDC.
password.c :
get_smbpwnam() renamed to get_smbpwd_entry().
pipes.c :
added samr and wkssvc pipes.
proto.h :
usual. can we actually _remove_ proto.h from the cvs tree, and
have it as one of the Makefile dependencies, or something?
reply.c :
get_smbpwnam() renamed to get_smbpwd_entry() - also changed response
error code when logging in from a WORKSTATION$ account. yes, paul
is right: we need to know when to return the right error code, and why.
server.c :
added call to reset_chain_pnum().
#ifdef NTDOMAIN added call to init_lsa_policy_hnd() #endif. jeremy,
you'd be proud: i did a compile without NTDOMAIN, and caught a link
error for this function.
smb.h :
defines and structures for samr and wkssvc pipes.
smbpass.c :
modified get_smbpwnam() to get_smbpwd_entry() and it now takes
two arguments. one for the name; if this is null, it looks up
by smb_userid instead.
oh, by the way, smb_userids are actually domain relative ids
(RIDs). concatenate a RID with the domain SID, and you have
an internet globally unique way of identifying a user.
we're using RIDs in the wrong way....
added mod_smbpwnam() function. this was based on code in smbpasswd.c
rpc_pipes/lsaparse.c :
added enum trusted domain parsing. this is incomplete: i need
a packet trace to write it properly.
rpc_pipes/pipe_hnd.c :
added reset_chain_pnum() function.
rpc_pipes/pipenetlog.c :
get_smbpwnam() function renamed to get_smbpwd_entry().
arcfour() issues.
removed capability of get_md4pw() function to automatically add
workstation accounts. this should either be done using
smbpasswd -add MACHINE$, or by using \PIPE\samr.
rpc_pipes/pipe_util.c :
create_pol_hnd() - creates a unique LSA Policy Handle. overkill
function: uses a 64 bit sequence number; current unix time and
the smbd pid.
rpc_pipes/smbparse.c :
arcfour() issues.
smb_io_unistr2() should advance by uni_str_len not uni_max_len.
smb_io_smb_hdr_rb() - request bind uses uint16 for the context
id, and uint8 for the num_syntaxes. oops, i put these both as
uint32s.
Added Files:
------------
rpc_pipes/lsa_hnd.c :
on the samr pipe, allocate and associate an LSA Policy Handle
with a SID. you receive queries with the LSA Policy Handle,
and have to turn this back into a SID in order to answer the
query...
rpc_pipes/pipesamr.c rpc_pipes/samrparse.c
\PIPE\samr processing. samr i presume is the SAM Replication pipe.
rpc_pipes/pipewkssvc.c rpc_pipes/wksparse.c
\PIPE\wkssvc processing. the Workstation Service pipe?
holy cow.
(This used to be commit 1bd084b3e690eb26a1006d616075e53d711ecd2f)
1997-11-07 02:03:58 +03:00
# ifdef DEBUG_PASSWORD
1998-05-19 01:30:57 +04:00
DEBUG ( 100 , ( " mod_smbfilepwd_entry: " ) ) ;
1998-03-12 00:11:04 +03:00
dump_data ( 100 , ascii_p16 , wr_len ) ;
following a cvs error, i am rewriting this monster-commit. with bad grace.
Modified Files:
---------------
Makefile:
adding extra files
ipc.c :
send_trans_reply() - alignment issue. this makes the alignment
the same as that in NT. this should be looked at by people who
understand the SMB stuff better than i.
api_fd_commands[] - added samr and wkssvc pipes.
loadparm.c :
lp_domain_controller() changed to mean "samba is a domain controller".
it's a "yes/no" parameter, now. no, it isn't used _anywhere_.
namedbwork.c nameelect.c :
if "domain controller = yes" then add SV_TYPE_DOMAIN_CTRL to the
host _and_ workgroup announcements. yes, you must do both: nt does.
namelogon.c :
important NETLOGON bug in SAMLOGON request parsing, which may be
the source of some people's problems with logging on to the Samba PDC.
password.c :
get_smbpwnam() renamed to get_smbpwd_entry().
pipes.c :
added samr and wkssvc pipes.
proto.h :
usual. can we actually _remove_ proto.h from the cvs tree, and
have it as one of the Makefile dependencies, or something?
reply.c :
get_smbpwnam() renamed to get_smbpwd_entry() - also changed response
error code when logging in from a WORKSTATION$ account. yes, paul
is right: we need to know when to return the right error code, and why.
server.c :
added call to reset_chain_pnum().
#ifdef NTDOMAIN added call to init_lsa_policy_hnd() #endif. jeremy,
you'd be proud: i did a compile without NTDOMAIN, and caught a link
error for this function.
smb.h :
defines and structures for samr and wkssvc pipes.
smbpass.c :
modified get_smbpwnam() to get_smbpwd_entry() and it now takes
two arguments. one for the name; if this is null, it looks up
by smb_userid instead.
oh, by the way, smb_userids are actually domain relative ids
(RIDs). concatenate a RID with the domain SID, and you have
an internet globally unique way of identifying a user.
we're using RIDs in the wrong way....
added mod_smbpwnam() function. this was based on code in smbpasswd.c
rpc_pipes/lsaparse.c :
added enum trusted domain parsing. this is incomplete: i need
a packet trace to write it properly.
rpc_pipes/pipe_hnd.c :
added reset_chain_pnum() function.
rpc_pipes/pipenetlog.c :
get_smbpwnam() function renamed to get_smbpwd_entry().
arcfour() issues.
removed capability of get_md4pw() function to automatically add
workstation accounts. this should either be done using
smbpasswd -add MACHINE$, or by using \PIPE\samr.
rpc_pipes/pipe_util.c :
create_pol_hnd() - creates a unique LSA Policy Handle. overkill
function: uses a 64 bit sequence number; current unix time and
the smbd pid.
rpc_pipes/smbparse.c :
arcfour() issues.
smb_io_unistr2() should advance by uni_str_len not uni_max_len.
smb_io_smb_hdr_rb() - request bind uses uint16 for the context
id, and uint8 for the num_syntaxes. oops, i put these both as
uint32s.
Added Files:
------------
rpc_pipes/lsa_hnd.c :
on the samr pipe, allocate and associate an LSA Policy Handle
with a SID. you receive queries with the LSA Policy Handle,
and have to turn this back into a SID in order to answer the
query...
rpc_pipes/pipesamr.c rpc_pipes/samrparse.c
\PIPE\samr processing. samr i presume is the SAM Replication pipe.
rpc_pipes/pipewkssvc.c rpc_pipes/wksparse.c
\PIPE\wkssvc processing. the Workstation Service pipe?
holy cow.
(This used to be commit 1bd084b3e690eb26a1006d616075e53d711ecd2f)
1997-11-07 02:03:58 +03:00
# endif
1998-09-25 02:33:13 +04:00
if ( wr_len > sizeof ( linebuf ) ) {
DEBUG ( 0 , ( " mod_smbfilepwd_entry: line to write (%d) is too long. \n " , wr_len + 1 ) ) ;
pw_file_unlock ( lockfd , & pw_file_lock_depth ) ;
fclose ( fp ) ;
return ( False ) ;
}
/*
* Do an atomic write into the file at the position defined by
* seekpos .
*/
/* The mod user write needs to be atomic - so get the fd from
the fp and do a raw write ( ) call .
*/
fd = fileno ( fp ) ;
if ( sys_lseek ( fd , pwd_seekpos - 1 , SEEK_SET ) ! = pwd_seekpos - 1 ) {
DEBUG ( 0 , ( " mod_smbfilepwd_entry: seek fail on file %s. \n " , pfile ) ) ;
pw_file_unlock ( lockfd , & pw_file_lock_depth ) ;
fclose ( fp ) ;
return False ;
}
/* Sanity check - ensure the areas we are writing are framed by ':' */
if ( read ( fd , linebuf , wr_len + 1 ) ! = wr_len + 1 ) {
DEBUG ( 0 , ( " mod_smbfilepwd_entry: read fail on file %s. \n " , pfile ) ) ;
pw_file_unlock ( lockfd , & pw_file_lock_depth ) ;
fclose ( fp ) ;
return False ;
}
if ( ( linebuf [ 0 ] ! = ' : ' ) | | ( linebuf [ wr_len ] ! = ' : ' ) ) {
DEBUG ( 0 , ( " mod_smbfilepwd_entry: check on passwd file %s failed. \n " , pfile ) ) ;
pw_file_unlock ( lockfd , & pw_file_lock_depth ) ;
fclose ( fp ) ;
return False ;
}
if ( sys_lseek ( fd , pwd_seekpos , SEEK_SET ) ! = pwd_seekpos ) {
DEBUG ( 0 , ( " mod_smbfilepwd_entry: seek fail on file %s. \n " , pfile ) ) ;
pw_file_unlock ( lockfd , & pw_file_lock_depth ) ;
fclose ( fp ) ;
return False ;
}
1998-03-12 00:11:04 +03:00
if ( write ( fd , ascii_p16 , wr_len ) ! = wr_len ) {
1998-05-19 01:30:57 +04:00
DEBUG ( 0 , ( " mod_smbfilepwd_entry: write failed in passwd file %s \n " , pfile ) ) ;
1998-04-23 22:54:57 +04:00
pw_file_unlock ( lockfd , & pw_file_lock_depth ) ;
1998-03-12 00:11:04 +03:00
fclose ( fp ) ;
return False ;
}
1998-04-23 22:54:57 +04:00
pw_file_unlock ( lockfd , & pw_file_lock_depth ) ;
1998-03-12 00:11:04 +03:00
fclose ( fp ) ;
return True ;
following a cvs error, i am rewriting this monster-commit. with bad grace.
Modified Files:
---------------
Makefile:
adding extra files
ipc.c :
send_trans_reply() - alignment issue. this makes the alignment
the same as that in NT. this should be looked at by people who
understand the SMB stuff better than i.
api_fd_commands[] - added samr and wkssvc pipes.
loadparm.c :
lp_domain_controller() changed to mean "samba is a domain controller".
it's a "yes/no" parameter, now. no, it isn't used _anywhere_.
namedbwork.c nameelect.c :
if "domain controller = yes" then add SV_TYPE_DOMAIN_CTRL to the
host _and_ workgroup announcements. yes, you must do both: nt does.
namelogon.c :
important NETLOGON bug in SAMLOGON request parsing, which may be
the source of some people's problems with logging on to the Samba PDC.
password.c :
get_smbpwnam() renamed to get_smbpwd_entry().
pipes.c :
added samr and wkssvc pipes.
proto.h :
usual. can we actually _remove_ proto.h from the cvs tree, and
have it as one of the Makefile dependencies, or something?
reply.c :
get_smbpwnam() renamed to get_smbpwd_entry() - also changed response
error code when logging in from a WORKSTATION$ account. yes, paul
is right: we need to know when to return the right error code, and why.
server.c :
added call to reset_chain_pnum().
#ifdef NTDOMAIN added call to init_lsa_policy_hnd() #endif. jeremy,
you'd be proud: i did a compile without NTDOMAIN, and caught a link
error for this function.
smb.h :
defines and structures for samr and wkssvc pipes.
smbpass.c :
modified get_smbpwnam() to get_smbpwd_entry() and it now takes
two arguments. one for the name; if this is null, it looks up
by smb_userid instead.
oh, by the way, smb_userids are actually domain relative ids
(RIDs). concatenate a RID with the domain SID, and you have
an internet globally unique way of identifying a user.
we're using RIDs in the wrong way....
added mod_smbpwnam() function. this was based on code in smbpasswd.c
rpc_pipes/lsaparse.c :
added enum trusted domain parsing. this is incomplete: i need
a packet trace to write it properly.
rpc_pipes/pipe_hnd.c :
added reset_chain_pnum() function.
rpc_pipes/pipenetlog.c :
get_smbpwnam() function renamed to get_smbpwd_entry().
arcfour() issues.
removed capability of get_md4pw() function to automatically add
workstation accounts. this should either be done using
smbpasswd -add MACHINE$, or by using \PIPE\samr.
rpc_pipes/pipe_util.c :
create_pol_hnd() - creates a unique LSA Policy Handle. overkill
function: uses a 64 bit sequence number; current unix time and
the smbd pid.
rpc_pipes/smbparse.c :
arcfour() issues.
smb_io_unistr2() should advance by uni_str_len not uni_max_len.
smb_io_smb_hdr_rb() - request bind uses uint16 for the context
id, and uint8 for the num_syntaxes. oops, i put these both as
uint32s.
Added Files:
------------
rpc_pipes/lsa_hnd.c :
on the samr pipe, allocate and associate an LSA Policy Handle
with a SID. you receive queries with the LSA Policy Handle,
and have to turn this back into a SID in order to answer the
query...
rpc_pipes/pipesamr.c rpc_pipes/samrparse.c
\PIPE\samr processing. samr i presume is the SAM Replication pipe.
rpc_pipes/pipewkssvc.c rpc_pipes/wksparse.c
\PIPE\wkssvc processing. the Workstation Service pipe?
holy cow.
(This used to be commit 1bd084b3e690eb26a1006d616075e53d711ecd2f)
1997-11-07 02:03:58 +03:00
}
1998-05-19 03:57:28 +04:00
1998-05-20 00:08:37 +04:00
/*
* Stub functions - implemented in terms of others .
*/
1998-05-19 23:41:22 +04:00
static BOOL mod_smbfile21pwd_entry ( struct sam_passwd * pwd , BOOL override )
{
return mod_smbfilepwd_entry ( pdb_sam_to_smb ( pwd ) , override ) ;
}
static BOOL add_smbfile21pwd_entry ( struct sam_passwd * newpwd )
{
return add_smbfilepwd_entry ( pdb_sam_to_smb ( newpwd ) ) ;
}
1998-05-19 23:17:35 +04:00
static struct sam_disp_info * getsmbfiledispnam ( char * name )
{
1998-05-19 23:41:22 +04:00
return pdb_sam_to_dispinfo ( getsam21pwnam ( name ) ) ;
1998-05-19 23:17:35 +04:00
}
static struct sam_disp_info * getsmbfiledisprid ( uint32 rid )
{
1998-05-19 23:41:22 +04:00
return pdb_sam_to_dispinfo ( getsam21pwrid ( rid ) ) ;
1998-05-19 23:17:35 +04:00
}
static struct sam_disp_info * getsmbfiledispent ( void * vp )
{
1998-05-19 23:41:22 +04:00
return pdb_sam_to_dispinfo ( getsam21pwent ( vp ) ) ;
1998-05-19 23:17:35 +04:00
}
1998-05-19 03:57:28 +04:00
static struct passdb_ops file_ops = {
startsmbfilepwent ,
endsmbfilepwent ,
getsmbfilepwpos ,
setsmbfilepwpos ,
iterate_getsmbpwnam , /* In passdb.c */
iterate_getsmbpwuid , /* In passdb.c */
getsmbfilepwent ,
add_smbfilepwd_entry ,
mod_smbfilepwd_entry ,
getsmbfile21pwent ,
1998-05-19 23:41:22 +04:00
iterate_getsam21pwnam ,
iterate_getsam21pwuid ,
iterate_getsam21pwrid ,
1998-05-19 03:57:28 +04:00
add_smbfile21pwd_entry ,
1998-05-19 23:41:22 +04:00
mod_smbfile21pwd_entry ,
1998-05-19 23:17:35 +04:00
getsmbfiledispnam ,
getsmbfiledisprid ,
getsmbfiledispent
1998-05-19 03:57:28 +04:00
} ;
struct passdb_ops * file_initialize_password_db ( void )
{
return & file_ops ;
}
1998-05-18 16:27:04 +04:00
# else
1998-05-26 23:37:31 +04:00
/* Do *NOT* make this function static. It breaks the compile on gcc. JRA */
1998-07-29 07:08:05 +04:00
void smbpass_dummy_function ( void ) { } /* stop some compilers complaining */
1998-05-18 16:27:04 +04:00
# endif /* USE_SMBPASS_DB */
