Kill off another ugly wart from the side of the passdb subsystem.

This time its the pdb_getsampwuid() function - which was only being used by the
SAMR rpc subsystem to gain a 'user session key'.  This 'user session key' is
actually generated at login time, and the other changes here simply move that
data around.

This also means that (when I check some details) we will be able to use the
user session key, even when we are not actually the DC, becouse its one of the
components of the info3 struct returned on logon.

Andrew Bartlett
(This used to be commit 799ac01fe08a338e4e94289f5d6767ebf905c1fa)

diff --git a/source3/include/auth.h b/source3/include/auth.h
index ed0a4e45f30982f591cbba40b3f486ff7c93c4d1..a61576fd2105a5536f73342ec9b91e44a5fc354c 100644 (file)
--- a/source3/include/auth.h
+++ b/source3/include/auth.h
@@ -85,7 +85,7 @@ typedef struct auth_serversupplied_info
        
        NT_USER_TOKEN *ptok;
        
        
        NT_USER_TOKEN *ptok;
        

-       uchar session_key[16];
+       uint8 session_key[16];

        
        uint8 first_8_lm_hash[8];
 
        
        uint8 first_8_lm_hash[8];
 

diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h
index 9c9d7a4c7ae395a4732f0b15d8242d43099c75f7..7950119e50ece750355267d2f48f93bf5563f674 100644 (file)
--- a/source3/include/ntdomain.h
+++ b/source3/include/ntdomain.h
@@ -200,6 +200,8 @@ typedef struct pipes_struct
        fstring pipe_user_name;
        struct current_user pipe_user;
 
        fstring pipe_user_name;
        struct current_user pipe_user;
 

+       uint8 session_key[16];
+

        /*
         * Set to true when an RPC bind has been done on this pipe.
         */
        /*
         * Set to true when an RPC bind has been done on this pipe.
         */

diff --git a/source3/include/smb.h b/source3/include/smb.h
index b80e3d62ecad1e843235a08bdc3340b4e4d33165..aa54e38797987e3c77363e27dc6eb6b655f535b7 100644 (file)
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -1629,6 +1629,8 @@ typedef struct user_struct
 
        NT_USER_TOKEN *nt_user_token;
 
 
        NT_USER_TOKEN *nt_user_token;
 

+       uint8 session_key[16];
+

        int session_id; /* used by utmp and pam session code */
 } user_struct;
 
        int session_id; /* used by utmp and pam session code */
 } user_struct;
 

diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index c014c3221f7c9e4bf8ed160d64c9a6442ea99970..4460af05450b07663b9c6a74b4279fe071275b96 100644 (file)
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -1158,36 +1158,3 @@ account without a valid local system user.\n", user_name);
        pdb_free_sam(&sam_pass);
        return True;
 }
        pdb_free_sam(&sam_pass);
        return True;
 }

-
-/***************************************************************************
- Search by uid.  Wrapper around pdb_getsampwnam()
- **************************************************************************/
-
-BOOL pdb_getsampwuid (SAM_ACCOUNT* user, uid_t uid)
-{
-       struct passwd   *pw;
-       fstring         name;
-
-       if (user==NULL) {
-               DEBUG(0,("pdb_getsampwuid: SAM_ACCOUNT is NULL.\n"));
-               return False;
-       }
-
-       /*
-        * Never trust the uid in the passdb.  Lookup the username first
-        * and then lokup the user by name in the sam.
-        */
-        
-       if ((pw=getpwuid_alloc(uid)) == NULL)  {
-               DEBUG(0,("pdb_getsampwuid: getpwuid(%d) return NULL. User does not exist in Unix accounts!\n", uid));
-               return False;
-       }
-       
-       fstrcpy (name, pw->pw_name);
-
-       passwd_free(&pw);
-
-       return pdb_getsampwnam (user, name);
-
-}
-

diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index a38b86f826e3322ae8d8489f9478fe7a5888ea73..2630729281ce707ceb45cedcb7f7f21e74deb578 100644 (file)
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -423,6 +423,8 @@ failed authentication on named pipe %s.\n", domain, user_name, wks, p->name ));
                return False;
        }
        
                return False;
        }
        

+       memcpy(p->session_key, server_info->session_key, sizeof(p->session_key));
+

        uid = pdb_get_uid(server_info->sam_account);
        gid = pdb_get_gid(server_info->sam_account);
 
        uid = pdb_get_uid(server_info->sam_account);
        gid = pdb_get_gid(server_info->sam_account);
 

diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c
index a98bcdc6bbec64a4df52f68698c472fd3918449c..1b3d66bf497e15d2199ee39078fddbeb7782d3ce 100644 (file)
--- a/source3/rpc_server/srv_pipe_hnd.c
+++ b/source3/rpc_server/srv_pipe_hnd.c
@@ -252,9 +252,15 @@ static void *make_internal_rpc_pipe_p(char *pipe_name,
                              connection_struct *conn, uint16 vuid)
 {
        pipes_struct *p;
                              connection_struct *conn, uint16 vuid)
 {
        pipes_struct *p;

+       user_struct *vuser = get_valid_user_struct(vuid);

 
        DEBUG(4,("Create pipe requested %s\n", pipe_name));
 
 
        DEBUG(4,("Create pipe requested %s\n", pipe_name));
 

+       if (!vuser && vuid != UID_FIELD_INVALID) {
+               DEBUG(0,("ERROR! vuid %d did not map to a valid vuser struct!\n", vuid));
+               return NULL;
+       }
+

        p = (pipes_struct *)malloc(sizeof(*p));
 
        if (!p)
        p = (pipes_struct *)malloc(sizeof(*p));
 
        if (!p)


@@ -308,6 +314,11 @@ static void *make_internal_rpc_pipe_p(char *pipe_name,
        p->pipe_user.uid = (uid_t)-1;
        p->pipe_user.gid = (gid_t)-1;
        
        p->pipe_user.uid = (uid_t)-1;
        p->pipe_user.gid = (gid_t)-1;
        

+       /* Store the session key */
+       if (vuser) {
+               memcpy(p->session_key, vuser->session_key, sizeof(p->session_key));
+       }
+

        /*
         * Initialize the incoming RPC struct.
         */
        /*
         * Initialize the incoming RPC struct.
         */

diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 6ac71298fa736124a74a1d825d06b2990e8c6fb0..cf9be78f3d96996bac47fcc815482e12708507f6 100644 (file)
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -2439,9 +2439,6 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE
 {
        uint32 rid = 0x0;
        DOM_SID sid;
 {
        uint32 rid = 0x0;
        DOM_SID sid;

-       struct current_user user;
-       SAM_ACCOUNT *sam_pass=NULL;
-       unsigned char sess_key[16];

        POLICY_HND *pol = &q_u->pol;
        uint16 switch_value = q_u->switch_value;
        SAM_USERINFO_CTR *ctr = q_u->ctr;
        POLICY_HND *pol = &q_u->pol;
        uint16 switch_value = q_u->switch_value;
        SAM_USERINFO_CTR *ctr = q_u->ctr;


@@ -2451,13 +2448,6 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE
 
        r_u->status = NT_STATUS_OK;
 
 
        r_u->status = NT_STATUS_OK;
 

-       if (p->ntlmssp_auth_validated)  {
-               memcpy(&user, &p->pipe_user, sizeof(user));
-       } else  {
-               extern struct current_user current_user;
-               memcpy(&user, &current_user, sizeof(user));
-       }
-

        /* find the policy handle.  open a policy on it. */
        if (!get_lsa_policy_samr_sid(p, pol, &sid))
                return NT_STATUS_INVALID_HANDLE;
        /* find the policy handle.  open a policy on it. */
        if (!get_lsa_policy_samr_sid(p, pol, &sid))
                return NT_STATUS_INVALID_HANDLE;


@@ -2471,29 +2461,6 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE
                return NT_STATUS_INVALID_INFO_CLASS;
        }
 
                return NT_STATUS_INVALID_INFO_CLASS;
        }
 

-
-       pdb_init_sam(&sam_pass);
-
-       /* 
-        * We need the NT hash of the user who is changing the user's password.
-        * This NT hash is used to generate a "user session key"
-        * This "user session key" is in turn used to encrypt/decrypt the user's password.
-        */
-
-       become_root();
-       ret = pdb_getsampwuid(sam_pass, user.uid);
-       unbecome_root();
-       if(ret == False) {
-               DEBUG(0,("_samr_set_userinfo: Unable to get smbpasswd entry for uid %u\n", (unsigned int)user.uid ));
-               pdb_free_sam(&sam_pass);
-               return NT_STATUS_ACCESS_DENIED;
-       }
-               
-       memset(sess_key, '\0', 16);
-       mdfour(sess_key, pdb_get_nt_passwd(sam_pass), 16);
-
-       pdb_free_sam(&sam_pass);
-

        /* ok!  user info levels (lots: see MSDEV help), off we go... */
        switch (switch_value) {
                case 0x12:
        /* ok!  user info levels (lots: see MSDEV help), off we go... */
        switch (switch_value) {
                case 0x12:


@@ -2502,7 +2469,7 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE
                        break;
 
                case 24:
                        break;
 
                case 24:

-                       SamOEMhash(ctr->info.id24->pass, sess_key, 516);
+                       SamOEMhash(ctr->info.id24->pass, p->session_key, 516);

 
                        dump_data(100, (char *)ctr->info.id24->pass, 516);
 
 
                        dump_data(100, (char *)ctr->info.id24->pass, 516);
 


@@ -2520,7 +2487,7 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE
                         * info level and W2K SP2 drops down to level 23... JRA.
                         */
 
                         * info level and W2K SP2 drops down to level 23... JRA.
                         */
 

-                       SamOEMhash(ctr->info.id25->pass, sess_key, 532);
+                       SamOEMhash(ctr->info.id25->pass, p->session_key, 532);

 
                        dump_data(100, (char *)ctr->info.id25->pass, 532);
 
 
                        dump_data(100, (char *)ctr->info.id25->pass, 532);
 


@@ -2531,7 +2498,7 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE
                        return NT_STATUS_INVALID_INFO_CLASS;
 
                case 23:
                        return NT_STATUS_INVALID_INFO_CLASS;
 
                case 23:

-                       SamOEMhash(ctr->info.id23->pass, sess_key, 516);
+                       SamOEMhash(ctr->info.id23->pass, p->session_key, 516);

 
                        dump_data(100, (char *)ctr->info.id23->pass, 516);
 
 
                        dump_data(100, (char *)ctr->info.id23->pass, 516);
 

diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 3e942e6f99501c253e6185267fafd310bef57486..27bc15d25a09078856da084928a5a0b2eefafb07 100644 (file)
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -265,6 +265,8 @@ int register_vuid(auth_serversupplied_info *server_info, char *smb_name)
                }
        }
 
                }
        }
 

+       memcpy(vuser->session_key, server_info->session_key, sizeof(vuser->session_key));
+

        DEBUG(10,("register_vuid: (%u,%u) %s %s %s guest=%d\n", 
                  (unsigned int)vuser->uid, 
                  (unsigned int)vuser->gid,
        DEBUG(10,("register_vuid: (%u,%u) %s %s %s guest=%d\n", 
                  (unsigned int)vuser->uid, 
                  (unsigned int)vuser->gid,