sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-27 22:50:26 +03:00
Code

Makefile:

Browse Source 
added credentials.c to smbd

credentials.c:

	using credential structures instead of char*

password.c uid.c server.c:

	added sid and attr to user_struct.

smbdes.c:

	smbhash and str_to_key make public instead of private.

pipes.c smb.h:

	lsa structures, sub-functions.

proto.h:

	usual.
(This used to be commit 87a0a944855a673d693d934e446bdc231b1c7f02)
This commit is contained in:
Luke Leighton 1997-10-10 14:48:05 +00:00
parent 33d8f5ecbb
commit c5e739febe
8 changed files with 1195 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
source3/include/proto.h
View File

@ -60,6 +60,15 @@ int process_tar(char *inbuf, char *outbuf);
int clipfind(char **aret, int ret, char *tok);
int tar_parseargs(int argc, char *argv[], char *Optarg, int Optind);
/*The following definitions come from credentials.c */
void cred_session_key(DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal, char *pass,
char *session_key);
void cred_create(char *session_key, DOM_CHAL *stored_cred, UTIME timestamp,
DOM_CHAL *cred);
int cred_assert(DOM_CHAL *cred, char *session_key, DOM_CHAL *stored_cred,
UTIME timestamp);
/*The following definitions come from dir.c */
void init_dptrs(void);
@ -629,10 +638,11 @@ BOOL api_LsarpcTNP(int cnum,int uid, char *param,char *data,
char **rdata,char **rparam,
int *rdata_len,int *rparam_len);
char *dom_sid_to_string(DOM_SID *sid);
BOOL api_ntlsarpcTNP(int cnum,int uid, char *param,char *data,
BOOL api_ntLsarpcTNP(int cnum,int uid, char *param,char *data,
int mdrcnt,int mprcnt,
char **rdata,char **rparam,
int *rdata_len,int *rparam_len);
void no_fn(uint uid);
/*The following definitions come from predict.c */
@ -755,7 +765,8 @@ BOOL request_oplock_break(min_share_mode_entry *share_entry,
BOOL snum_used(int snum);
BOOL reload_services(BOOL test);
int setup_groups(char *user, int uid, int gid, int *p_ngroups,
int **p_igroups, gid_t **p_groups);
int **p_igroups, gid_t **p_groups,
int **p_attrs);
int make_connection(char *service,char *user,char *password, int pwlen, char *dev,uint16 vuid);
int find_free_file(void );
int reply_corep(char *outbuf);
@ -791,6 +802,8 @@ BOOL smb_shm_get_usage(int *bytes_free,
/*The following definitions come from smbdes.c */
void str_to_key(unsigned char *str,unsigned char *key);
void smbhash(unsigned char *out, unsigned char *in, unsigned char *key);
void E_P16(unsigned char *p14,unsigned char *p16);
void E_P24(unsigned char *p21, unsigned char *c8, unsigned char *p24);

43
source3/include/smb.h
View File

@ -877,7 +877,8 @@ Response:
*/
struct smb_passwd {
struct smb_passwd
{
int smb_userid;
char *smb_name;
unsigned char *smb_passwd; /* Null if no password */
@ -886,12 +887,14 @@ struct smb_passwd {
};
struct current_user {
struct current_user
{
int cnum, id;
int uid, gid;
int ngroups;
gid_t *groups;
int *igroups;
int *attrs;
};
typedef struct
@ -988,35 +991,63 @@ typedef struct
char *user; /* name of user who *opened* this connection */
int uid; /* uid of user who *opened* this connection */
int gid; /* gid of user who *opened* this connection */
uint16 vuid; /* vuid of user who *opened* this connection, or UID_FIELD_INVALID */
/* following groups stuff added by ih */
/* This groups info is valid for the user that *opened* the connection */
int ngroups;
gid_t *groups;
int *igroups; /* an integer version - some OSes are broken :-( */
int *attrs;
time_t lastused;
BOOL used;
int num_files_open;
name_compare_entry *hide_list; /* Per-share list of files to return as hidden. */
name_compare_entry *veto_list; /* Per-share list of files to veto (never show). */
} connection_struct;
/* Domain controller authentication protocol info */
struct dcinfo
{
DOM_CHAL clnt_chal; /* Initial challenge received from client */
DOM_CHAL srv_chal; /* Initial server challenge */
DOM_CHAL clnt_cred; /* Last client credential */
DOM_CHAL srv_cred; /* Last server credential */
char sess_key[8]; /* Session key */
uchar md4pw[16]; /* md4(machine password) */
};
typedef struct
{
int uid; /* uid of a validated user */
int gid; /* gid of a validated user */
fstring name; /* name of a validated user */
fstring real_name; /* to store real name from password file - simeon */
BOOL guest;
/* following groups stuff added by ih */
/* This groups info is needed for when we become_user() for this uid */
int user_ngroups;
gid_t *user_groups;
int *user_igroups; /* an integer version - some OSes are broken :-( */
int n_groups;
gid_t *groups;
int *igroups; /* an integer version - some OSes are broken :-( */
int *attrs; /* attributes associated with each gid */
#if (defined(NETGROUP) && defined(AUTOMOUNT))
char *home_share; /* to store NIS home of a user - simeon */
#endif
char *real_name; /* to store real name from password file - simeon */
int n_sids;
int *sids;
/* per-user authentication information on NT RPCs */
struct dcinfo dc;
} user_struct;

30
source3/libsmb/credentials.c
View File

@ -30,21 +30,21 @@ Input: 8 byte challenge block
Output:
8 byte session key
****************************************************************************/
void cred_session_key(char *challenge, char *srv_challenge, char *pass,
void cred_session_key(DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal, char *pass,
char *session_key)
{
uint32 sum[2];
char sum2[8];
char buf[8];
sum[0] = IVAL(challenge, 0) + IVAL(srv_challenge, 0);
sum[1] = IVAL(challenge, 4) + IVAL(srv_challenge, 4);
sum[0] = IVAL(clnt_chal->data, 0) + IVAL(srv_chal->data, 0);
sum[1] = IVAL(clnt_chal->data, 4) + IVAL(srv_chal->data, 4);
SIVAL(sum2,0,sum[0]);
SIVAL(sum2,4,sum[1]);
E1(pass,sum2,buf);
E1(pass+9,buf,session_key);
smbhash(pass, sum2, buf);
smbhash(pass+9,buf,session_key);
}
@ -59,20 +59,20 @@ Input:
Output:
8 byte credential
****************************************************************************/
void cred_create(char *session_key, char *stored_cred, UTIME timestamp,
char *cred)
void cred_create(char *session_key, DOM_CHAL *stored_cred, UTIME timestamp,
DOM_CHAL *cred)
{
char key2[7];
char buf[8];
char timecred[8];
memcpy(timecred, stored_cred, 8);
memcpy(timecred, stored_cred->data, 8);
SIVAL(timecred, 0, IVAL(stored_cred, 0) + timestamp.time);
E1(session_key, timecred, buf);
smbhash(session_key, timecred, buf);
memset(key2, 0, 7);
key2[0] = session_key[7];
E1(key2, buf, cred);
smbhash(key2, buf, cred->data);
}
@ -89,13 +89,13 @@ Output:
returns 1 if computed credential matches received credential
returns 0 otherwise
****************************************************************************/
int cred_assert(char *cred, char *session_key, char *stored_cred,
NTTIME timestamp)
int cred_assert(DOM_CHAL *cred, char *session_key, DOM_CHAL *stored_cred,
UTIME timestamp)
{
char cred2[8];
DOM_CHAL cred2;
cred_create(session_key, stored_cred, timestamp, cred2);
cred_create(session_key, stored_cred, timestamp, &cred2);
return memcmp(cred, cred2, 8) == 0;
return memcmp(cred->data, cred2.data, 8) == 0;
}

4
source3/libsmb/smbdes.c
View File

@ -257,7 +257,7 @@ static void dohash(char *out, char *in, char *key)
permute(out, rl, perm6, 64);
}
static void str_to_key(unsigned char *str,unsigned char *key)
void str_to_key(unsigned char *str,unsigned char *key)
{
int i;
@ -275,7 +275,7 @@ static void str_to_key(unsigned char *str,unsigned char *key)
}
static void smbhash(unsigned char *out, unsigned char *in, unsigned char *key)
void smbhash(unsigned char *out, unsigned char *in, unsigned char *key)
{
int i;
char outb[64];

97
source3/smbd/password.c
View File

@ -96,10 +96,10 @@ tell random client vuid's (normally zero) from valid vuids.
****************************************************************************/
user_struct *get_valid_user_struct(uint16 vuid)
{
if(vuid == UID_FIELD_INVALID)
if (vuid == UID_FIELD_INVALID)
return NULL;
vuid -= VUID_OFFSET;
if((vuid >= (uint16)num_validated_users) ||
if ((vuid >= (uint16)num_validated_users) ||
(validated_users[vuid].uid == -1) || (validated_users[vuid].gid == -1))
return NULL;
return &validated_users[vuid];
@ -111,19 +111,28 @@ invalidate a uid
void invalidate_vuid(uint16 vuid)
{
user_struct *vuser = get_valid_user_struct(vuid);
if(vuser == 0)
return;
if (vuser == NULL) return;
vuser->uid = -1;
vuser->gid = -1;
vuser->user_ngroups = 0;
if(vuser->user_groups &&
(vuser->user_groups != (gid_t *)vuser->user_igroups))
free(vuser->user_groups);
vuser->user_groups = NULL;
if(vuser->user_igroups)
free(vuser->user_igroups);
vuser->user_igroups = NULL;
vuser->n_sids = 0;
/* same number of igroups as groups as attrs */
vuser->n_groups = 0;
if (vuser->groups && (vuser->groups != (gid_t *)vuser->igroups))
free(vuser->groups);
if (vuser->igroups) free(vuser->igroups);
if (vuser->attrs ) free(vuser->attrs);
if (vuser->sids ) free(vuser->sids);
vuser->attrs = NULL;
vuser->sids = NULL;
vuser->igroups = NULL;
vuser->groups = NULL;
}
@ -133,7 +142,7 @@ return a validated username
char *validated_username(uint16 vuid)
{
user_struct *vuser = get_valid_user_struct(vuid);
if(vuser == 0)
if (vuser == NULL)
return 0;
return(vuser->name);
}
@ -156,12 +165,11 @@ uint16 register_vuid(int uid,int gid, char *name,BOOL guest)
int home_server_len;
#endif
struct passwd *pwfile; /* for getting real name from passwd file */
int real_name_len;
#if 0
/*
* After observing MS-Exchange services writing to a Samba share
* I belive this code is incorrect. Each service does it's own
* I belive this code is incorrect. Each service does its own
* sessionsetup_and_X for the same user, and as each service shuts
* down, it does a user_logoff_and_X. As we are consolidating multiple
* sessionsetup_and_X's onto the same vuid here, when the first service
@ -174,7 +182,7 @@ uint16 register_vuid(int uid,int gid, char *name,BOOL guest)
int i;
for(i = 0; i < num_validated_users; i++) {
vuser = &validated_users[i];
if( vuser->uid == uid )
if ( vuser->uid == uid )
return (uint16)(i + VUID_OFFSET); /* User already validated */
}
#endif
@ -198,16 +206,21 @@ uint16 register_vuid(int uid,int gid, char *name,BOOL guest)
vuser->guest = guest;
strcpy(vuser->name,name);
vuser->user_ngroups = 0;
vuser->user_groups = NULL;
vuser->user_igroups = NULL;
vuser->n_sids = 0;
vuser->sids = NULL;
vuser->n_groups = 0;
vuser->groups = NULL;
vuser->igroups = NULL;
vuser->attrs = NULL;
/* Find all the groups this uid is in and store them.
Used by become_user() */
setup_groups(name,uid,gid,
&vuser->user_ngroups,
&vuser->user_igroups,
&vuser->user_groups);
&vuser->n_groups,
&vuser->igroups,
&vuser->groups,
&vuser->attrs);
DEBUG(3,("uid %d registered to name %s\n",uid,name));
@ -215,14 +228,14 @@ uint16 register_vuid(int uid,int gid, char *name,BOOL guest)
vuser->home_share = NULL;
DEBUG(3, ("Setting default HOMESHR to: \\\\logon server\\HOMES\n"));
vuser->home_share = Realloc(vuser->home_share, 32);
strcpy(vuser->home_share,"\\\\%L\\HOMES");
strcpy(vuser->home_share,"\\\\%L\\%U");
if (nis_error = yp_get_default_domain(&nis_domain))
if ((nis_error = yp_get_default_domain(&nis_domain)) != 0)
DEBUG(3, ("YP Error: %s\n", yperr_string(nis_error)));
DEBUG(3, ("NIS Domain: %s\n", nis_domain));
if (nis_error = yp_match(nis_domain, nis_map, vuser->name, strlen(vuser->name),
&nis_result, &nis_result_len))
if ((nis_error = yp_match(nis_domain, nis_map, vuser->name, strlen(vuser->name),
&nis_result, &nis_result_len)) != 0)
DEBUG(3, ("YP Error: %s\n", yperr_string(nis_error)));
if (!nis_error && lp_nis_home_map()) {
home_server_len = strcspn(nis_result,":");
@ -237,19 +250,13 @@ uint16 register_vuid(int uid,int gid, char *name,BOOL guest)
}
#endif
vuser->real_name = NULL;
DEBUG(3, ("Clearing default real name\n"));
vuser->real_name = Realloc(vuser->real_name, 15);
strcpy(vuser->real_name, "<Full Name>\0");
fstrcpy(vuser->real_name, "<Full Name>\0");
if (lp_unix_realname()) {
if((pwfile=getpwnam(vuser->name))!= NULL)
if ((pwfile=getpwnam(vuser->name))!= NULL)
{
DEBUG(3, ("User name: %s\tReal name: %s\n",vuser->name,pwfile->pw_gecos));
real_name_len = strcspn(pwfile->pw_gecos, ",");
DEBUG(3, ("Real name length: %d\n", real_name_len));
vuser->real_name = (char *)Realloc(vuser->real_name, real_name_len+1);
strncpy(vuser->real_name, pwfile->pw_gecos, real_name_len);
vuser->real_name[real_name_len]='\0';
fstrcpy(vuser->real_name, pwfile->pw_gecos);
}
}
@ -702,7 +709,7 @@ static int linux_bigcrypt(char *password,char *salt1, char *crypted)
for ( i=strlen(password); i > 0; i -= LINUX_PASSWORD_SEG_CHARS) {
char * p = crypt(password,salt) + 2;
if(strncmp(p, crypted, LINUX_PASSWORD_SEG_CHARS) != 0)
if (strncmp(p, crypted, LINUX_PASSWORD_SEG_CHARS) != 0)
return(0);
password += LINUX_PASSWORD_SEG_CHARS;
crypted += strlen(p);
@ -826,10 +833,10 @@ BOOL smb_password_check(char *password, unsigned char *part_passwd, unsigned cha
unsigned char p21[21];
unsigned char p24[24];
if(part_passwd == NULL)
if (part_passwd == NULL)
DEBUG(10,("No password set - allowing access\n"));
/* No password set - always true ! */
if(part_passwd == NULL)
if (part_passwd == NULL)
return 1;
memset(p21,'\0',21);
@ -905,7 +912,7 @@ BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd)
DEBUG(4,("SMB Password - pwlen = %d, challenge_done = %d\n", pwlen, challenge_done));
if((pwlen == 24) && challenge_done)
if ((pwlen == 24) && challenge_done)
{
DEBUG(4,("Checking SMB password for user %s (l=24)\n",user));
@ -916,28 +923,28 @@ BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd)
}
smb_pass = get_smbpwnam(user);
if(!smb_pass)
if (!smb_pass)
{
DEBUG(3,("Couldn't find user %s in smb_passwd file.\n", user));
return(False);
}
/* Ensure the uid's match */
if(smb_pass->smb_userid != pass->pw_uid)
if (smb_pass->smb_userid != pass->pw_uid)
{
DEBUG(3,("Error : UNIX and SMB uids in password files do not match !\n"));
return(False);
}
if(Protocol >= PROTOCOL_NT1)
if (Protocol >= PROTOCOL_NT1)
{
/* We have the NT MD4 hash challenge available - see if we can
use it (ie. does it exist in the smbpasswd file).
*/
if(smb_pass->smb_nt_passwd != NULL)
if (smb_pass->smb_nt_passwd != NULL)
{
DEBUG(4,("Checking NT MD4 password\n"));
if(smb_password_check(password,
if (smb_password_check(password,
smb_pass->smb_nt_passwd,
(unsigned char *)challenge))
{
@ -1080,7 +1087,7 @@ BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd)
}
/* give up? */
if(level < 1)
if (level < 1)
{
update_protected_database(user,False);

1063
source3/smbd/pipes.c
View File

File diff suppressed because it is too large Load Diff

22
source3/smbd/server.c
View File

@ -3003,7 +3003,8 @@ static int sig_hup()
Setup the groups a user belongs to.
****************************************************************************/
int setup_groups(char *user, int uid, int gid, int *p_ngroups,
int **p_igroups, gid_t **p_groups)
int **p_igroups, gid_t **p_groups,
int **p_attrs)
{
if (-1 == initgroups(user,gid))
{
@ -3018,19 +3019,25 @@ int setup_groups(char *user, int uid, int gid, int *p_ngroups,
{
int i,ngroups;
int *igroups;
int *attrs;
gid_t grp = 0;
ngroups = getgroups(0,&grp);
if (ngroups <= 0)
ngroups = 32;
igroups = (int *)malloc(sizeof(int)*ngroups);
attrs = (int *)malloc(sizeof(int)*ngroups);
for (i=0;i<ngroups;i++)
{
attrs [i] = 0x7; /* XXXX don't know what NT user attributes are yet! */
igroups[i] = 0x42424242;
}
ngroups = getgroups(ngroups,(gid_t *)igroups);
if (igroups[0] == 0x42424242)
ngroups = 0;
*p_ngroups = ngroups;
*p_attrs = attrs;
/* The following bit of code is very strange. It is due to the
fact that some OSes use int* and some use gid_t* for
@ -3052,16 +3059,18 @@ int setup_groups(char *user, int uid, int gid, int *p_ngroups,
groups_use_ints = False;
if (groups_use_ints)
{
{
*p_igroups = igroups;
*p_groups = (gid_t *)igroups;
}
}
else
{
{
gid_t *groups = (gid_t *)igroups;
igroups = (int *)malloc(sizeof(int)*ngroups);
for (i=0;i<ngroups;i++)
{
igroups[i] = groups[i];
}
*p_igroups = igroups;
*p_groups = (gid_t *)groups;
}
@ -3270,12 +3279,15 @@ int make_connection(char *service,char *user,char *password, int pwlen, char *de
/* groups stuff added by ih */
pcon->ngroups = 0;
pcon->igroups = NULL;
pcon->groups = NULL;
pcon->attrs = NULL;
if (!IS_IPC(cnum))
{
/* Find all the groups this uid is in and store them. Used by become_user() */
setup_groups(pcon->user,pcon->uid,pcon->gid,&pcon->ngroups,&pcon->igroups,&pcon->groups);
setup_groups(pcon->user,pcon->uid,pcon->gid,
&pcon->ngroups,&pcon->igroups,&pcon->groups,&pcon->attrs);
/* check number of connections */
if (!claim_connection(cnum,

15
source3/smbd/uid.c
View File

@ -227,13 +227,17 @@ BOOL become_user(int cnum, uint16 vuid)
if (Connections[cnum].force_user ||
lp_security() == SEC_SHARE ||
!(vuser) || (vuser->guest) ||
!check_user_ok(cnum,vuser,snum)) {
!check_user_ok(cnum,vuser,snum))
{
uid = Connections[cnum].uid;
gid = Connections[cnum].gid;
current_user.groups = Connections[cnum].groups;
current_user.igroups = Connections[cnum].igroups;
current_user.ngroups = Connections[cnum].ngroups;
} else {
current_user.attrs = vuser->attrs;
}
else
{
if (!vuser) {
DEBUG(2,("Invalid vuid used %d\n",vuid));
return(False);
@ -243,9 +247,10 @@ BOOL become_user(int cnum, uint16 vuid)
gid = vuser->gid;
else
gid = Connections[cnum].gid;
current_user.groups = vuser->user_groups;
current_user.igroups = vuser->user_igroups;
current_user.ngroups = vuser->user_ngroups;
current_user.ngroups = vuser->n_groups;
current_user.groups = vuser->groups;
current_user.igroups = vuser->igroups;
current_user.attrs = vuser->attrs;
}
if (initial_uid == 0)