BOOL change_to_guest(void)
{
static struct passwd *pass=NULL;
if (!pass) {
/* Don't need to free() this as its stored in a static */
pass = getpwnam_alloc(lp_guestaccount());
if (!pass)
return(False);
}
#ifdef AIX
/* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before
setting IDs */
initgroups(pass->pw_name, pass->pw_gid);
#endif
set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL);
current_user.conn = NULL;
current_user.vuid = UID_FIELD_INVALID;
passwd_free(&pass);
return True;
}
BOOL change_to_guest(void)
{
static struct passwd *pass=NULL;
static uid_t guest_uid = (uid_t)-1;
static gid_t guest_gid = (gid_t)-1;
static fstring guest_name;
if (!pass) {
pass = Get_Pwnam(lp_guestaccount(-1),True);
if (!pass)
return(False);
guest_uid = pass->pw_uid;
guest_gid = pass->pw_gid;
fstrcpy(guest_name, pass->pw_name);
}
#ifdef AIX
/* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before
setting IDs */
initgroups(guest_name, guest_gid);
#endif
set_sec_ctx(guest_uid, guest_gid, 0, NULL, NULL);
current_user.conn = NULL;
current_user.vuid = UID_FIELD_INVALID;
return True;
}
static NTSTATUS make_new_session_info_guest(struct auth_session_info **session_info, struct auth_serversupplied_info **server_info)
{
static const char zeros[16] = {0};
const char *guest_account = lp_guestaccount();
const char *domain = lp_netbios_name();
struct netr_SamInfo3 info3;
TALLOC_CTX *tmp_ctx;
NTSTATUS status;
tmp_ctx = talloc_stackframe();
if (tmp_ctx == NULL) {
return NT_STATUS_NO_MEMORY;
}
ZERO_STRUCT(info3);
status = get_guest_info3(tmp_ctx, &info3);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("get_guest_info3 failed with %s\n",
nt_errstr(status)));
goto done;
}
status = make_server_info_info3(tmp_ctx,
guest_account,
domain,
server_info,
&info3);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("make_server_info_info3 failed with %s\n",
nt_errstr(status)));
goto done;
}
(*server_info)->guest = true;
/* This should not be done here (we should produce a server
* info, and later construct a session info from it), but for
* now this does not change the previous behavior */
status = create_local_token(tmp_ctx, *server_info, NULL,
(*server_info)->info3->base.account_name.string,
session_info);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("create_local_token failed: %s\n",
nt_errstr(status)));
goto done;
}
talloc_steal(NULL, *session_info);
talloc_steal(NULL, *server_info);
/* annoying, but the Guest really does have a session key, and it is
all zeros! */
(*session_info)->session_key = data_blob(zeros, sizeof(zeros));
status = NT_STATUS_OK;
done:
TALLOC_FREE(tmp_ctx);
return status;
}
static NTSTATUS make_new_server_info_guest(struct auth_serversupplied_info **server_info)
{
static const char zeros[16] = {0};
const char *guest_account = lp_guestaccount();
const char *domain = global_myname();
struct netr_SamInfo3 info3;
TALLOC_CTX *tmp_ctx;
NTSTATUS status;
fstring tmp;
tmp_ctx = talloc_stackframe();
if (tmp_ctx == NULL) {
return NT_STATUS_NO_MEMORY;
}
ZERO_STRUCT(info3);
status = get_guest_info3(tmp_ctx, &info3);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
status = make_server_info_info3(tmp_ctx,
guest_account,
domain,
server_info,
&info3);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
(*server_info)->guest = True;
status = create_local_token(*server_info);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("create_local_token failed: %s\n",
nt_errstr(status)));
goto done;
}
/* annoying, but the Guest really does have a session key, and it is
all zeros! */
(*server_info)->user_session_key = data_blob(zeros, sizeof(zeros));
(*server_info)->lm_session_key = data_blob(zeros, sizeof(zeros));
alpha_strcpy(tmp, (*server_info)->info3->base.account_name.string,
". _-$", sizeof(tmp));
(*server_info)->sanitized_username = talloc_strdup(*server_info, tmp);
status = NT_STATUS_OK;
done:
TALLOC_FREE(tmp_ctx);
return status;
}
static NTSTATUS get_guest_info3(TALLOC_CTX *mem_ctx,
struct netr_SamInfo3 *info3)
{
const char *guest_account = lp_guestaccount();
struct dom_sid domain_sid;
struct passwd *pwd;
const char *tmp;
pwd = Get_Pwnam_alloc(mem_ctx, guest_account);
if (pwd == NULL) {
DEBUG(0,("SamInfo3_for_guest: Unable to locate guest "
"account [%s]!\n", guest_account));
return NT_STATUS_NO_SUCH_USER;
}
/* Set account name */
tmp = talloc_strdup(mem_ctx, pwd->pw_name);
if (tmp == NULL) {
return NT_STATUS_NO_MEMORY;
}
init_lsa_String(&info3->base.account_name, tmp);
/* Set domain name */
tmp = talloc_strdup(mem_ctx, get_global_sam_name());
if (tmp == NULL) {
return NT_STATUS_NO_MEMORY;
}
init_lsa_StringLarge(&info3->base.logon_domain, tmp);
/* Domain sid */
sid_copy(&domain_sid, get_global_sam_sid());
info3->base.domain_sid = dom_sid_dup(mem_ctx, &domain_sid);
if (info3->base.domain_sid == NULL) {
return NT_STATUS_NO_MEMORY;
}
/* Guest rid */
info3->base.rid = DOMAIN_RID_GUEST;
/* Primary gid */
info3->base.primary_gid = DOMAIN_RID_GUESTS;
/* Set as guest */
info3->base.user_flags = NETLOGON_GUEST;
TALLOC_FREE(pwd);
return NT_STATUS_OK;
}
bool change_to_guest(void)
{
struct passwd *pass;
pass = Get_Pwnam_alloc(talloc_tos(), lp_guestaccount());
if (!pass) {
return false;
}
#ifdef AIX
/* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before
setting IDs */
initgroups(pass->pw_name, pass->pw_gid);
#endif
set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL);
current_user.conn = NULL;
current_user.vuid = UID_FIELD_INVALID;
TALLOC_FREE(pass);
return true;
}
/****************************************************************************
parse a lpq line. Choose printing style
****************************************************************************/
static BOOL parse_lpq_entry(int snum,char *line,
print_queue_struct *buf,
print_status_struct *status,BOOL first)
{
BOOL ret;
switch (lp_printing(snum))
{
case PRINT_SYSV:
ret = parse_lpq_sysv(line,buf,first);
break;
case PRINT_AIX:
ret = parse_lpq_aix(line,buf,first);
break;
case PRINT_HPUX:
ret = parse_lpq_hpux(line,buf,first);
break;
case PRINT_QNX:
ret = parse_lpq_qnx(line,buf,first);
break;
case PRINT_LPRNG:
ret = parse_lpq_lprng(line,buf,first);
break;
case PRINT_PLP:
ret = parse_lpq_plp(line,buf,first);
break;
case PRINT_SOFTQ:
ret = parse_lpq_softq(line,buf,first);
break;
default:
ret = parse_lpq_bsd(line,buf,first);
break;
}
#ifdef LPQ_GUEST_TO_USER
if (ret) {
extern pstring sesssetup_user;
/* change guest entries to the current logged in user to make
them appear deletable to windows */
if (sesssetup_user[0] && strequal(buf->user,lp_guestaccount(snum)))
pstrcpy(buf->user,sesssetup_user);
}
#endif
/* We don't want the newline in the status message. */
{
char *p = strchr(line,'\n');
if (p) *p = 0;
}
if (status && !ret)
{
/* a few simple checks to see if the line might be a
printer status line:
handle them so that most severe condition is shown */
int i;
strlower(line);
switch (status->status) {
case LPSTAT_OK:
for (i=0; stat0_strings[i]; i++)
if (strstr(line,stat0_strings[i])) {
StrnCpy(status->message,line,sizeof(status->message)-1);
status->status=LPSTAT_OK;
return ret;
}
case LPSTAT_STOPPED:
for (i=0; stat1_strings[i]; i++)
if (strstr(line,stat1_strings[i])) {
StrnCpy(status->message,line,sizeof(status->message)-1);
status->status=LPSTAT_STOPPED;
return ret;
}
case LPSTAT_ERROR:
for (i=0; stat2_strings[i]; i++)
if (strstr(line,stat2_strings[i])) {
StrnCpy(status->message,line,sizeof(status->message)-1);
status->status=LPSTAT_ERROR;
return ret;
}
break;
}
}
return(ret);
}
/****************************************************************************
check for authority to login to a service with a given username/password
****************************************************************************/
BOOL authorise_login(int snum,char *user,char *password, int pwlen,
BOOL *guest,BOOL *force,uint16 vuid)
{
BOOL ok = False;
*guest = False;
#if DEBUG_PASSWORD
DEBUG(100,("checking authorisation on user=%s pass=%s\n",user,password));
#endif
/* there are several possibilities:
1) login as the given user with given password
2) login as a previously registered username with the given password
3) login as a session list username with the given password
4) login as a previously validated user/password pair
5) login as the "user ="******"user ="******"ACCEPTED: given username password ok\n"));
}
/* check for a previously registered guest username */
if (!ok && (vuser != 0) && vuser->guest) {
if (user_ok(vuser->name,snum) &&
password_ok(vuser->name, password, pwlen, NULL)) {
pstrcpy(user, vuser->name);
vuser->guest = False;
DEBUG(3,("ACCEPTED: given password with registered user %s\n", user));
ok = True;
}
}
/* now check the list of session users */
if (!ok)
{
char *auser;
char *user_list = strdup(session_users);
if (!user_list) return(False);
for (auser=strtok(user_list,LIST_SEP);
!ok && auser;
auser = strtok(NULL,LIST_SEP))
{
fstring user2;
fstrcpy(user2,auser);
if (!user_ok(user2,snum)) continue;
if (password_ok(user2,password, pwlen, NULL)) {
ok = True;
pstrcpy(user,user2);
DEBUG(3,("ACCEPTED: session list username and given password ok\n"));
}
}
free(user_list);
}
/* check for a previously validated username/password pair */
if (!ok && (!lp_revalidate(snum) || lp_security() > SEC_SHARE) &&
(vuser != 0) && !vuser->guest &&
user_ok(vuser->name,snum)) {
pstrcpy(user,vuser->name);
*guest = False;
DEBUG(3,("ACCEPTED: validated uid ok as non-guest\n"));
ok = True;
}
/* check for a rhosts entry */
if (!ok && user_ok(user,snum) && check_hosts_equiv(user)) {
ok = True;
DEBUG(3,("ACCEPTED: hosts equiv or rhosts entry\n"));
}
/* check the user= fields and the given password */
if (!ok && lp_username(snum)) {
char *auser;
pstring user_list;
StrnCpy(user_list,lp_username(snum),sizeof(pstring));
string_sub(user_list,"%S",lp_servicename(snum));
for (auser=strtok(user_list,LIST_SEP);
auser && !ok;
auser = strtok(NULL,LIST_SEP))
{
if (*auser == '@')
{
auser = validate_group(auser+1,password,pwlen,snum);
if (auser)
{
ok = True;
pstrcpy(user,auser);
DEBUG(3,("ACCEPTED: group username and given password ok\n"));
}
}
else
{
fstring user2;
fstrcpy(user2,auser);
if (user_ok(user2,snum) &&
password_ok(user2,password,pwlen,NULL))
{
ok = True;
pstrcpy(user,user2);
DEBUG(3,("ACCEPTED: user list username and given password ok\n"));
}
}
}
}
} /* not guest only */
/* check for a normal guest connection */
if (!ok && GUEST_OK(snum))
{
fstring guestname;
StrnCpy(guestname,lp_guestaccount(snum),sizeof(guestname)-1);
if (Get_Pwnam(guestname,True))
{
pstrcpy(user,guestname);
ok = True;
DEBUG(3,("ACCEPTED: guest account and guest ok\n"));
}
else
DEBUG(0,("Invalid guest account %s??\n",guestname));
*guest = True;
*force = True;
}
if (ok && !user_ok(user,snum))
{
DEBUG(0,("rejected invalid user %s\n",user));
ok = False;
}
return(ok);
}
BOOL authorise_login(int snum, fstring user, DATA_BLOB password,
BOOL *guest)
{
BOOL ok = False;
#ifdef DEBUG_PASSWORD
DEBUG(100,("authorise_login: checking authorisation on "
"user=%s pass=%s\n", user,password.data));
#endif
*guest = False;
/* there are several possibilities:
1) login as the given user with given password
2) login as a previously registered username with the given
password
3) login as a session list username with the given password
4) login as a previously validated user/password pair
5) login as the "user ="******"user ="******"");
if (!user_list)
return(False);
for (auser=strtok(user_list,LIST_SEP); !ok && auser;
auser = strtok(NULL,LIST_SEP)) {
fstring user2;
fstrcpy(user2,auser);
if (!user_ok(user2,snum))
continue;
if (password_ok(user2,password)) {
ok = True;
fstrcpy(user,user2);
DEBUG(3,("authorise_login: ACCEPTED: session "
"list username (%s) and given "
"password ok\n", user));
}
}
SAFE_FREE(user_list);
}
/* check the user= fields and the given password */
if (!ok && lp_username(snum)) {
char *auser;
pstring user_list;
pstrcpy(user_list,lp_username(snum));
pstring_sub(user_list,"%S",lp_servicename(snum));
for (auser=strtok(user_list,LIST_SEP); auser && !ok;
auser = strtok(NULL,LIST_SEP)) {
if (*auser == '@') {
auser = validate_group(auser+1,password,snum);
if (auser) {
ok = True;
fstrcpy(user,auser);
DEBUG(3,("authorise_login: ACCEPTED: "
"group username and given "
"password ok (%s)\n", user));
}
} else {
fstring user2;
fstrcpy(user2,auser);
if (user_ok(user2,snum) &&
password_ok(user2,password)) {
ok = True;
fstrcpy(user,user2);
DEBUG(3,("authorise_login: ACCEPTED: "
"user list username and "
"given password ok (%s)\n",
user));
}
}
}
}
/* check for a normal guest connection */
if (!ok && GUEST_OK(snum)) {
fstring guestname;
fstrcpy(guestname,lp_guestaccount());
if (Get_Pwnam(guestname)) {
fstrcpy(user,guestname);
ok = True;
DEBUG(3,("authorise_login: ACCEPTED: guest account "
"and guest ok (%s)\n", user));
} else {
DEBUG(0,("authorise_login: Invalid guest account "
"%s??\n",guestname));
}
*guest = True;
}
if (ok && !user_ok(user, snum)) {
DEBUG(0,("authorise_login: rejected invalid user %s\n",user));
ok = False;
}
return(ok);
}
static connection_struct *make_connection_snum(int snum, user_struct *vuser,
DATA_BLOB password,
const char *pdev,
NTSTATUS *status)
{
struct passwd *pass = NULL;
BOOL guest = False;
connection_struct *conn;
SMB_STRUCT_STAT st;
fstring user;
fstring dev;
int ret;
struct timespec atime_ts, mtime_ts, ctime_ts;
*user = 0;
fstrcpy(dev, pdev);
SET_STAT_INVALID(st);
if (NT_STATUS_IS_ERR(*status = share_sanity_checks(snum, dev))) {
return NULL;
}
conn = conn_new();
if (!conn) {
DEBUG(0,("Couldn't find free connection.\n"));
*status = NT_STATUS_INSUFFICIENT_RESOURCES;
return NULL;
}
conn->params->service = snum;
conn->nt_user_token = NULL;
if (lp_guest_only(snum)) {
const char *guestname = lp_guestaccount();
NTSTATUS status2;
char *found_username = NULL;
guest = True;
pass = getpwnam_alloc(NULL, guestname);
if (!pass) {
DEBUG(0,("make_connection_snum: Invalid guest "
"account %s??\n",guestname));
conn_free(conn);
*status = NT_STATUS_NO_SUCH_USER;
return NULL;
}
status2 = create_token_from_username(conn->mem_ctx, pass->pw_name, True,
&conn->uid, &conn->gid,
&found_username,
&conn->nt_user_token);
if (!NT_STATUS_IS_OK(status2)) {
TALLOC_FREE(pass);
conn_free(conn);
*status = status2;
return NULL;
}
fstrcpy(user, found_username);
string_set(&conn->user,user);
conn->force_user = True;
TALLOC_FREE(found_username);
TALLOC_FREE(pass);
DEBUG(3,("Guest only user %s\n",user));
} else if (vuser) {
if (vuser->guest) {
if (!lp_guest_ok(snum)) {
DEBUG(2, ("guest user (from session setup) "
"not permitted to access this share "
"(%s)\n", lp_servicename(snum)));
conn_free(conn);
*status = NT_STATUS_ACCESS_DENIED;
return NULL;
}
} else {
if (!user_ok_token(vuser->user.unix_name,
vuser->nt_user_token, snum)) {
DEBUG(2, ("user '%s' (from session setup) not "
"permitted to access this share "
"(%s)\n", vuser->user.unix_name,
lp_servicename(snum)));
conn_free(conn);
*status = NT_STATUS_ACCESS_DENIED;
return NULL;
}
}
conn->vuid = vuser->vuid;
conn->uid = vuser->uid;
conn->gid = vuser->gid;
string_set(&conn->user,vuser->user.unix_name);
fstrcpy(user,vuser->user.unix_name);
guest = vuser->guest;
} else if (lp_security() == SEC_SHARE) {
NTSTATUS status2;
char *found_username = NULL;
/* add it as a possible user name if we
are in share mode security */
add_session_user(lp_servicename(snum));
/* shall we let them in? */
if (!authorise_login(snum,user,password,&guest)) {
DEBUG( 2, ( "Invalid username/password for [%s]\n",
lp_servicename(snum)) );
conn_free(conn);
*status = NT_STATUS_WRONG_PASSWORD;
return NULL;
}
pass = Get_Pwnam(user);
status2 = create_token_from_username(conn->mem_ctx, pass->pw_name, True,
&conn->uid, &conn->gid,
&found_username,
&conn->nt_user_token);
if (!NT_STATUS_IS_OK(status2)) {
conn_free(conn);
*status = status2;
return NULL;
}
fstrcpy(user, found_username);
string_set(&conn->user,user);
TALLOC_FREE(found_username);
conn->force_user = True;
} else {
DEBUG(0, ("invalid VUID (vuser) but not in security=share\n"));
conn_free(conn);
*status = NT_STATUS_ACCESS_DENIED;
return NULL;
}
add_session_user(user);
safe_strcpy(conn->client_address, client_addr(),
sizeof(conn->client_address)-1);
conn->num_files_open = 0;
conn->lastused = conn->lastused_count = time(NULL);
conn->used = True;
conn->printer = (strncmp(dev,"LPT",3) == 0);
conn->ipc = ( (strncmp(dev,"IPC",3) == 0) ||
( lp_enable_asu_support() && strequal(dev,"ADMIN$")) );
conn->dirptr = NULL;
/* Case options for the share. */
if (lp_casesensitive(snum) == Auto) {
/* We will be setting this per packet. Set to be case
* insensitive for now. */
conn->case_sensitive = False;
} else {
conn->case_sensitive = (BOOL)lp_casesensitive(snum);
}
conn->case_preserve = lp_preservecase(snum);
conn->short_case_preserve = lp_shortpreservecase(snum);
conn->veto_list = NULL;
conn->hide_list = NULL;
conn->veto_oplock_list = NULL;
conn->aio_write_behind_list = NULL;
string_set(&conn->dirpath,"");
string_set(&conn->user,user);
conn->read_only = lp_readonly(SNUM(conn));
conn->admin_user = False;
/*
* If force user is true, then store the given userid and the gid of
* the user we're forcing.
* For auxiliary groups see below.
*/
if (*lp_force_user(snum)) {
NTSTATUS status2;
status2 = find_forced_user(conn,
(vuser != NULL) && vuser->guest,
user);
if (!NT_STATUS_IS_OK(status2)) {
conn_free(conn);
*status = status2;
return NULL;
}
string_set(&conn->user,user);
conn->force_user = True;
DEBUG(3,("Forced user %s\n",user));
}
/*
* If force group is true, then override
* any groupid stored for the connecting user.
*/
if (*lp_force_group(snum)) {
NTSTATUS status2;
DOM_SID group_sid;
status2 = find_forced_group(conn->force_user,
snum, user,
&group_sid, &conn->gid);
if (!NT_STATUS_IS_OK(status2)) {
conn_free(conn);
*status = status2;
return NULL;
}
if ((conn->nt_user_token == NULL) && (vuser != NULL)) {
/* Not force user and not security=share, but force
* group. vuser has a token to copy */
conn->nt_user_token = dup_nt_token(
NULL, vuser->nt_user_token);
if (conn->nt_user_token == NULL) {
DEBUG(0, ("dup_nt_token failed\n"));
conn_free(conn);
*status = NT_STATUS_NO_MEMORY;
return NULL;
}
}
/* If conn->nt_user_token is still NULL, we have
* security=share. This means ignore the SID, as we had no
* vuser to copy from */
if (conn->nt_user_token != NULL) {
/* Overwrite the primary group sid */
sid_copy(&conn->nt_user_token->user_sids[1],
&group_sid);
}
conn->force_group = True;
}
if (conn->nt_user_token != NULL) {
size_t i;
/* We have a share-specific token from force [user|group].
* This means we have to create the list of unix groups from
* the list of sids. */
conn->ngroups = 0;
conn->groups = NULL;
for (i=0; i<conn->nt_user_token->num_sids; i++) {
gid_t gid;
DOM_SID *sid = &conn->nt_user_token->user_sids[i];
if (!sid_to_gid(sid, &gid)) {
DEBUG(10, ("Could not convert SID %s to gid, "
"ignoring it\n",
sid_string_static(sid)));
continue;
}
if (!add_gid_to_array_unique(conn->mem_ctx, gid, &conn->groups,
&conn->ngroups)) {
DEBUG(0, ("add_gid_to_array_unique failed\n"));
conn_free(conn);
*status = NT_STATUS_NO_MEMORY;
return NULL;
}
}
}
{
pstring s;
pstrcpy(s,lp_pathname(snum));
standard_sub_advanced(lp_servicename(SNUM(conn)), conn->user,
conn->connectpath, conn->gid,
get_current_username(),
current_user_info.domain,
s, sizeof(s));
if (s[0] == '\0') {
DEBUG(6, ("service [%s] did not resolve to a path\n",
lp_servicename(snum)));
conn_free(conn);
*status = NT_STATUS_BAD_NETWORK_NAME;
return NULL;
}
set_conn_connectpath(conn,s);
DEBUG(3,("Connect path is '%s' for service [%s]\n",s,
lp_servicename(snum)));
}
/*
* New code to check if there's a share security descripter
* added from NT server manager. This is done after the
* smb.conf checks are done as we need a uid and token. JRA.
*
*/
{
BOOL can_write = False;
NT_USER_TOKEN *token = conn->nt_user_token ?
conn->nt_user_token :
(vuser ? vuser->nt_user_token : NULL);
/*
* I don't believe this can happen. But the
* logic above is convoluted enough to confuse
* automated checkers, so be sure. JRA.
*/
if (token == NULL) {
DEBUG(0,("make_connection: connection to %s "
"denied due to missing "
"NT token.\n",
lp_servicename(snum)));
conn_free(conn);
*status = NT_STATUS_ACCESS_DENIED;
return NULL;
}
can_write = share_access_check(token,
lp_servicename(snum),
FILE_WRITE_DATA);
if (!can_write) {
if (!share_access_check(token,
lp_servicename(snum),
FILE_READ_DATA)) {
/* No access, read or write. */
DEBUG(0,("make_connection: connection to %s "
"denied due to security "
"descriptor.\n",
lp_servicename(snum)));
conn_free(conn);
*status = NT_STATUS_ACCESS_DENIED;
return NULL;
} else {
conn->read_only = True;
}
}
}
/* Initialise VFS function pointers */
if (!smbd_vfs_init(conn)) {
DEBUG(0, ("vfs_init failed for service %s\n",
lp_servicename(snum)));
conn_free(conn);
*status = NT_STATUS_BAD_NETWORK_NAME;
return NULL;
}
/*
* If widelinks are disallowed we need to canonicalise the connect
* path here to ensure we don't have any symlinks in the
* connectpath. We will be checking all paths on this connection are
* below this directory. We must do this after the VFS init as we
* depend on the realpath() pointer in the vfs table. JRA.
*/
if (!lp_widelinks(snum)) {
pstring s;
pstrcpy(s,conn->connectpath);
canonicalize_path(conn, s);
set_conn_connectpath(conn,s);
}
if ((!conn->printer) && (!conn->ipc)) {
conn->notify_ctx = notify_init(conn->mem_ctx, server_id_self(),
smbd_messaging_context(),
smbd_event_context(),
conn);
}
/* ROOT Activities: */
/* check number of connections */
if (!claim_connection(conn,
lp_servicename(snum),
lp_max_connections(snum),
False,0)) {
DEBUG(1,("too many connections - rejected\n"));
conn_free(conn);
*status = NT_STATUS_INSUFFICIENT_RESOURCES;
return NULL;
}
/* Preexecs are done here as they might make the dir we are to ChDir
* to below */
/* execute any "root preexec = " line */
if (*lp_rootpreexec(snum)) {
pstring cmd;
pstrcpy(cmd,lp_rootpreexec(snum));
standard_sub_advanced(lp_servicename(SNUM(conn)), conn->user,
conn->connectpath, conn->gid,
get_current_username(),
current_user_info.domain,
cmd, sizeof(cmd));
DEBUG(5,("cmd=%s\n",cmd));
ret = smbrun(cmd,NULL);
if (ret != 0 && lp_rootpreexec_close(snum)) {
DEBUG(1,("root preexec gave %d - failing "
"connection\n", ret));
yield_connection(conn, lp_servicename(snum));
conn_free(conn);
*status = NT_STATUS_ACCESS_DENIED;
return NULL;
}
}
/* USER Activites: */
if (!change_to_user(conn, conn->vuid)) {
/* No point continuing if they fail the basic checks */
DEBUG(0,("Can't become connected user!\n"));
yield_connection(conn, lp_servicename(snum));
conn_free(conn);
*status = NT_STATUS_LOGON_FAILURE;
return NULL;
}
/* Remember that a different vuid can connect later without these
* checks... */
/* Preexecs are done here as they might make the dir we are to ChDir
* to below */
/* execute any "preexec = " line */
if (*lp_preexec(snum)) {
pstring cmd;
pstrcpy(cmd,lp_preexec(snum));
standard_sub_advanced(lp_servicename(SNUM(conn)), conn->user,
conn->connectpath, conn->gid,
get_current_username(),
current_user_info.domain,
cmd, sizeof(cmd));
ret = smbrun(cmd,NULL);
if (ret != 0 && lp_preexec_close(snum)) {
DEBUG(1,("preexec gave %d - failing connection\n",
ret));
change_to_root_user();
yield_connection(conn, lp_servicename(snum));
conn_free(conn);
*status = NT_STATUS_ACCESS_DENIED;
return NULL;
}
}
#ifdef WITH_FAKE_KASERVER
if (lp_afs_share(snum)) {
afs_login(conn);
}
#endif
/* Add veto/hide lists */
if (!IS_IPC(conn) && !IS_PRINT(conn)) {
set_namearray( &conn->veto_list, lp_veto_files(snum));
set_namearray( &conn->hide_list, lp_hide_files(snum));
set_namearray( &conn->veto_oplock_list, lp_veto_oplocks(snum));
}
/* Invoke VFS make connection hook - do this before the VFS_STAT call
to allow any filesystems needing user credentials to initialize
themselves. */
if (SMB_VFS_CONNECT(conn, lp_servicename(snum), user) < 0) {
DEBUG(0,("make_connection: VFS make connection failed!\n"));
change_to_root_user();
yield_connection(conn, lp_servicename(snum));
conn_free(conn);
*status = NT_STATUS_UNSUCCESSFUL;
return NULL;
}
/* win2000 does not check the permissions on the directory
during the tree connect, instead relying on permission
check during individual operations. To match this behaviour
I have disabled this chdir check (tridge) */
/* the alternative is just to check the directory exists */
if ((ret = SMB_VFS_STAT(conn, conn->connectpath, &st)) != 0 ||
!S_ISDIR(st.st_mode)) {
if (ret == 0 && !S_ISDIR(st.st_mode)) {
DEBUG(0,("'%s' is not a directory, when connecting to "
"[%s]\n", conn->connectpath,
lp_servicename(snum)));
} else {
DEBUG(0,("'%s' does not exist or permission denied "
"when connecting to [%s] Error was %s\n",
conn->connectpath, lp_servicename(snum),
strerror(errno) ));
}
change_to_root_user();
/* Call VFS disconnect hook */
SMB_VFS_DISCONNECT(conn);
yield_connection(conn, lp_servicename(snum));
conn_free(conn);
*status = NT_STATUS_BAD_NETWORK_NAME;
return NULL;
}
string_set(&conn->origpath,conn->connectpath);
mtime_ts = get_mtimespec(&st);
ctime_ts = get_ctimespec(&st);
atime_ts = get_atimespec(&st);
conn->ts_res = TIMESTAMP_SET_SECONDS;
if (mtime_ts.tv_nsec ||
atime_ts.tv_nsec ||
ctime_ts.tv_nsec) {
/* If any of the normal UNIX directory timestamps
* have a non-zero tv_nsec component assume
* we might be able to set sub-second timestamps.
* See what filetime set primitives we have.
*/
#if defined(HAVE_UTIMES)
/* utimes allows msec timestamps to be set. */
conn->ts_res = TIMESTAMP_SET_MSEC;
#elif defined(HAVE_UTIME)
/* utime only allows sec timestamps to be set. */
conn->ts_res = TIMESTAMP_SET_SECONDS;
#endif
/* TODO. Add a configure test for the Linux
* nsec timestamp set system call, and use it
* if available....
*/
DEBUG(10,("make_connection_snum: timestamp "
"resolution of %s "
"available on share %s, directory %s\n",
conn->ts_res == TIMESTAMP_SET_MSEC ? "msec" : "sec",
lp_servicename(conn->cnum),
conn->connectpath ));
}
#if SOFTLINK_OPTIMISATION
/* resolve any soft links early if possible */
if (vfs_ChDir(conn,conn->connectpath) == 0) {
pstring s;
pstrcpy(s,conn->connectpath);
vfs_GetWd(conn,s);
set_conn_connectpath(conn,s);
vfs_ChDir(conn,conn->connectpath);
}
#endif
if (lp_unix_extensions() && lp_widelinks(snum)) {
DEBUG(0,("Share '%s' has wide links and unix extensions enabled. "
"These parameters are incompatible. "
"Disabling wide links for this share.\n",
lp_servicename(snum) ));
lp_do_parameter(snum, "wide links", "False");
}
/*
* Print out the 'connected as' stuff here as we need
* to know the effective uid and gid we will be using
* (at least initially).
*/
if( DEBUGLVL( IS_IPC(conn) ? 3 : 1 ) ) {
dbgtext( "%s (%s) ", get_remote_machine_name(),
conn->client_address );
dbgtext( "%s", srv_is_signing_active() ? "signed " : "");
dbgtext( "connect to service %s ", lp_servicename(snum) );
dbgtext( "initially as user %s ", user );
dbgtext( "(uid=%d, gid=%d) ", (int)geteuid(), (int)getegid() );
dbgtext( "(pid %d)\n", (int)sys_getpid() );
}
/* we've finished with the user stuff - go back to root */
change_to_root_user();
return(conn);
}
NTSTATUS get_user_from_kerberos_info(TALLOC_CTX *mem_ctx,
const char *cli_name,
const char *princ_name,
struct PAC_LOGON_INFO *logon_info,
bool *is_mapped,
bool *mapped_to_guest,
char **ntuser,
char **ntdomain,
char **username,
struct passwd **_pw)
{
NTSTATUS status;
char *domain = NULL;
char *realm = NULL;
char *user = NULL;
char *p;
char *fuser = NULL;
char *unixuser = NULL;
struct passwd *pw = NULL;
DEBUG(3, ("Kerberos ticket principal name is [%s]\n", princ_name));
p = strchr_m(princ_name, '@');
if (!p) {
DEBUG(3, ("[%s] Doesn't look like a valid principal\n",
princ_name));
return NT_STATUS_LOGON_FAILURE;
}
user = talloc_strndup(mem_ctx, princ_name, p - princ_name);
if (!user) {
return NT_STATUS_NO_MEMORY;
}
realm = talloc_strdup(talloc_tos(), p + 1);
if (!realm) {
return NT_STATUS_NO_MEMORY;
}
if (!strequal(realm, lp_realm())) {
DEBUG(3, ("Ticket for foreign realm %s@%s\n", user, realm));
if (!lp_allow_trusted_domains()) {
return NT_STATUS_LOGON_FAILURE;
}
}
if (logon_info && logon_info->info3.base.domain.string) {
domain = talloc_strdup(mem_ctx,
logon_info->info3.base.domain.string);
if (!domain) {
return NT_STATUS_NO_MEMORY;
}
DEBUG(10, ("Domain is [%s] (using PAC)\n", domain));
} else {
/* If we have winbind running, we can (and must) shorten the
username by using the short netbios name. Otherwise we will
have inconsistent user names. With Kerberos, we get the
fully qualified realm, with ntlmssp we get the short
name. And even w2k3 does use ntlmssp if you for example
connect to an ip address. */
wbcErr wbc_status;
struct wbcDomainInfo *info = NULL;
DEBUG(10, ("Mapping [%s] to short name using winbindd\n",
realm));
wbc_status = wbcDomainInfo(realm, &info);
if (WBC_ERROR_IS_OK(wbc_status)) {
domain = talloc_strdup(mem_ctx,
info->short_name);
wbcFreeMemory(info);
} else {
DEBUG(3, ("Could not find short name: %s\n",
wbcErrorString(wbc_status)));
domain = talloc_strdup(mem_ctx, realm);
}
if (!domain) {
return NT_STATUS_NO_MEMORY;
}
DEBUG(10, ("Domain is [%s] (using Winbind)\n", domain));
}
fuser = talloc_asprintf(mem_ctx,
"%s%c%s",
domain,
*lp_winbind_separator(),
user);
if (!fuser) {
return NT_STATUS_NO_MEMORY;
}
*is_mapped = map_username(mem_ctx, fuser, &fuser);
if (!fuser) {
return NT_STATUS_NO_MEMORY;
}
pw = smb_getpwnam(mem_ctx, fuser, &unixuser, true);
if (pw) {
if (!unixuser) {
return NT_STATUS_NO_MEMORY;
}
/* if a real user check pam account restrictions */
/* only really perfomed if "obey pam restriction" is true */
/* do this before an eventual mapping to guest occurs */
status = smb_pam_accountcheck(pw->pw_name, cli_name);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("PAM account restrictions prevent user "
"[%s] login\n", unixuser));
return status;
}
}
if (!pw) {
/* this was originally the behavior of Samba 2.2, if a user
did not have a local uid but has been authenticated, then
map them to a guest account */
if (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_UID) {
*mapped_to_guest = true;
fuser = talloc_strdup(mem_ctx, lp_guestaccount());
if (!fuser) {
return NT_STATUS_NO_MEMORY;
}
pw = smb_getpwnam(mem_ctx, fuser, &unixuser, true);
}
/* extra sanity check that the guest account is valid */
if (!pw) {
DEBUG(1, ("Username %s is invalid on this system\n",
fuser));
return NT_STATUS_LOGON_FAILURE;
}
}
if (!unixuser) {
return NT_STATUS_NO_MEMORY;
}
*username = talloc_strdup(mem_ctx, unixuser);
if (!*username) {
return NT_STATUS_NO_MEMORY;
}
*ntuser = user;
*ntdomain = domain;
*_pw = pw;
return NT_STATUS_OK;
}
static int reply_spnego_kerberos(connection_struct *conn,
char *inbuf, char *outbuf,
int length, int bufsize,
DATA_BLOB *secblob,
BOOL *p_invalidate_vuid)
{
TALLOC_CTX *mem_ctx;
DATA_BLOB ticket;
char *client, *p, *domain;
fstring netbios_domain_name;
struct passwd *pw;
fstring user;
int sess_vuid;
NTSTATUS ret;
PAC_DATA *pac_data;
DATA_BLOB ap_rep, ap_rep_wrapped, response;
auth_serversupplied_info *server_info = NULL;
DATA_BLOB session_key = data_blob(NULL, 0);
uint8 tok_id[2];
DATA_BLOB nullblob = data_blob(NULL, 0);
fstring real_username;
BOOL map_domainuser_to_guest = False;
BOOL username_was_mapped;
PAC_LOGON_INFO *logon_info = NULL;
ZERO_STRUCT(ticket);
ZERO_STRUCT(pac_data);
ZERO_STRUCT(ap_rep);
ZERO_STRUCT(ap_rep_wrapped);
ZERO_STRUCT(response);
/* Normally we will always invalidate the intermediate vuid. */
*p_invalidate_vuid = True;
mem_ctx = talloc_init("reply_spnego_kerberos");
if (mem_ctx == NULL) {
return ERROR_NT(nt_status_squash(NT_STATUS_NO_MEMORY));
}
if (!spnego_parse_krb5_wrap(*secblob, &ticket, tok_id)) {
talloc_destroy(mem_ctx);
return ERROR_NT(nt_status_squash(NT_STATUS_LOGON_FAILURE));
}
ret = ads_verify_ticket(mem_ctx, lp_realm(), 0, &ticket, &client, &pac_data, &ap_rep, &session_key);
data_blob_free(&ticket);
if (!NT_STATUS_IS_OK(ret)) {
#if 0
/* Experiment that failed. See "only happens with a KDC" comment below. */
if (NT_STATUS_EQUAL(ret, NT_STATUS_TIME_DIFFERENCE_AT_DC)) {
/*
* Windows in this case returns NT_STATUS_MORE_PROCESSING_REQUIRED
* with a negTokenTarg blob containing an krb5_error struct ASN1 encoded
* containing KRB5KRB_AP_ERR_SKEW. The client then fixes its
* clock and continues rather than giving an error. JRA.
* -- Looks like this only happens with a KDC. JRA.
*/
BOOL ok = make_krb5_skew_error(&ap_rep);
if (!ok) {
talloc_destroy(mem_ctx);
return ERROR_NT(nt_status_squash(NT_STATUS_LOGON_FAILURE));
}
ap_rep_wrapped = spnego_gen_krb5_wrap(ap_rep, TOK_ID_KRB_ERROR);
response = spnego_gen_auth_response(&ap_rep_wrapped, ret, OID_KERBEROS5_OLD);
reply_sesssetup_blob(conn, outbuf, response, NT_STATUS_MORE_PROCESSING_REQUIRED);
/*
* In this one case we don't invalidate the intermediate vuid.
* as we're expecting the client to re-use it for the next
* sessionsetupX packet. JRA.
*/
*p_invalidate_vuid = False;
data_blob_free(&ap_rep);
data_blob_free(&ap_rep_wrapped);
data_blob_free(&response);
talloc_destroy(mem_ctx);
return -1; /* already replied */
}
#else
if (!NT_STATUS_EQUAL(ret, NT_STATUS_TIME_DIFFERENCE_AT_DC)) {
ret = NT_STATUS_LOGON_FAILURE;
}
#endif
DEBUG(1,("Failed to verify incoming ticket with error %s!\n", nt_errstr(ret)));
talloc_destroy(mem_ctx);
return ERROR_NT(nt_status_squash(ret));
}
DEBUG(3,("Ticket name is [%s]\n", client));
p = strchr_m(client, '@');
if (!p) {
DEBUG(3,("Doesn't look like a valid principal\n"));
data_blob_free(&ap_rep);
data_blob_free(&session_key);
SAFE_FREE(client);
talloc_destroy(mem_ctx);
return ERROR_NT(nt_status_squash(NT_STATUS_LOGON_FAILURE));
}
*p = 0;
/* save the PAC data if we have it */
if (pac_data) {
logon_info = get_logon_info_from_pac(pac_data);
if (logon_info) {
netsamlogon_cache_store( client, &logon_info->info3 );
}
}
if (!strequal(p+1, lp_realm())) {
DEBUG(3,("Ticket for foreign realm %s@%s\n", client, p+1));
if (!lp_allow_trusted_domains()) {
data_blob_free(&ap_rep);
data_blob_free(&session_key);
SAFE_FREE(client);
talloc_destroy(mem_ctx);
return ERROR_NT(nt_status_squash(NT_STATUS_LOGON_FAILURE));
}
}
/* this gives a fully qualified user name (ie. with full realm).
that leads to very long usernames, but what else can we do? */
domain = p+1;
if (logon_info && logon_info->info3.hdr_logon_dom.uni_str_len) {
unistr2_to_ascii(netbios_domain_name, &logon_info->info3.uni_logon_dom, -1);
domain = netbios_domain_name;
DEBUG(10, ("Mapped to [%s] (using PAC)\n", domain));
} else {
/* If we have winbind running, we can (and must) shorten the
username by using the short netbios name. Otherwise we will
have inconsistent user names. With Kerberos, we get the
fully qualified realm, with ntlmssp we get the short
name. And even w2k3 does use ntlmssp if you for example
connect to an ip address. */
struct winbindd_request wb_request;
struct winbindd_response wb_response;
NSS_STATUS wb_result;
ZERO_STRUCT(wb_request);
ZERO_STRUCT(wb_response);
DEBUG(10, ("Mapping [%s] to short name\n", domain));
fstrcpy(wb_request.domain_name, domain);
wb_result = winbindd_request_response(WINBINDD_DOMAIN_INFO,
&wb_request, &wb_response);
if (wb_result == NSS_STATUS_SUCCESS) {
fstrcpy(netbios_domain_name,
wb_response.data.domain_info.name);
domain = netbios_domain_name;
DEBUG(10, ("Mapped to [%s] (using Winbind)\n", domain));
} else {
DEBUG(3, ("Could not find short name -- winbind "
"not running?\n"));
}
}
fstr_sprintf(user, "%s%c%s", domain, *lp_winbind_separator(), client);
/* lookup the passwd struct, create a new user if necessary */
username_was_mapped = map_username( user );
pw = smb_getpwnam( mem_ctx, user, real_username, True );
if (pw) {
/* if a real user check pam account restrictions */
/* only really perfomed if "obey pam restriction" is true */
/* do this before an eventual mappign to guest occurs */
ret = smb_pam_accountcheck(pw->pw_name);
if ( !NT_STATUS_IS_OK(ret)) {
DEBUG(1, ("PAM account restriction prevents user login\n"));
data_blob_free(&ap_rep);
data_blob_free(&session_key);
TALLOC_FREE(mem_ctx);
return ERROR_NT(nt_status_squash(ret));
}
}
if (!pw) {
/* this was originally the behavior of Samba 2.2, if a user
did not have a local uid but has been authenticated, then
map them to a guest account */
if (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_UID){
map_domainuser_to_guest = True;
fstrcpy(user,lp_guestaccount());
pw = smb_getpwnam( mem_ctx, user, real_username, True );
}
/* extra sanity check that the guest account is valid */
if ( !pw ) {
DEBUG(1,("Username %s is invalid on this system\n", user));
SAFE_FREE(client);
data_blob_free(&ap_rep);
data_blob_free(&session_key);
TALLOC_FREE(mem_ctx);
return ERROR_NT(nt_status_squash(NT_STATUS_LOGON_FAILURE));
}
}
/* setup the string used by %U */
sub_set_smb_name( real_username );
reload_services(True);
if ( map_domainuser_to_guest ) {
make_server_info_guest(&server_info);
} else if (logon_info) {
/* pass the unmapped username here since map_username()
will be called again from inside make_server_info_info3() */
ret = make_server_info_info3(mem_ctx, client, domain,
&server_info, &logon_info->info3);
if ( !NT_STATUS_IS_OK(ret) ) {
DEBUG(1,("make_server_info_info3 failed: %s!\n",
nt_errstr(ret)));
SAFE_FREE(client);
data_blob_free(&ap_rep);
data_blob_free(&session_key);
TALLOC_FREE(mem_ctx);
return ERROR_NT(nt_status_squash(ret));
}
} else {
ret = make_server_info_pw(&server_info, real_username, pw);
if ( !NT_STATUS_IS_OK(ret) ) {
DEBUG(1,("make_server_info_pw failed: %s!\n",
nt_errstr(ret)));
SAFE_FREE(client);
data_blob_free(&ap_rep);
data_blob_free(&session_key);
TALLOC_FREE(mem_ctx);
return ERROR_NT(nt_status_squash(ret));
}
/* make_server_info_pw does not set the domain. Without this
* we end up with the local netbios name in substitutions for
* %D. */
if (server_info->sam_account != NULL) {
pdb_set_domain(server_info->sam_account, domain, PDB_SET);
}
}
server_info->was_mapped |= username_was_mapped;
/* we need to build the token for the user. make_server_info_guest()
already does this */
if ( !server_info->ptok ) {
ret = create_local_token( server_info );
if ( !NT_STATUS_IS_OK(ret) ) {
SAFE_FREE(client);
data_blob_free(&ap_rep);
data_blob_free(&session_key);
TALLOC_FREE( mem_ctx );
TALLOC_FREE( server_info );
return ERROR_NT(nt_status_squash(ret));
}
}
/* register_vuid keeps the server info */
/* register_vuid takes ownership of session_key, no need to free after this.
A better interface would copy it.... */
sess_vuid = register_vuid(server_info, session_key, nullblob, client);
SAFE_FREE(client);
if (sess_vuid == UID_FIELD_INVALID ) {
ret = NT_STATUS_LOGON_FAILURE;
} else {
/* current_user_info is changed on new vuid */
reload_services( True );
set_message(outbuf,4,0,True);
SSVAL(outbuf, smb_vwv3, 0);
if (server_info->guest) {
SSVAL(outbuf,smb_vwv2,1);
}
SSVAL(outbuf, smb_uid, sess_vuid);
sessionsetup_start_signing_engine(server_info, inbuf);
}
/* wrap that up in a nice GSS-API wrapping */
if (NT_STATUS_IS_OK(ret)) {
ap_rep_wrapped = spnego_gen_krb5_wrap(ap_rep, TOK_ID_KRB_AP_REP);
} else {
ap_rep_wrapped = data_blob(NULL, 0);
}
response = spnego_gen_auth_response(&ap_rep_wrapped, ret, OID_KERBEROS5_OLD);
reply_sesssetup_blob(conn, outbuf, response, ret);
data_blob_free(&ap_rep);
data_blob_free(&ap_rep_wrapped);
data_blob_free(&response);
TALLOC_FREE(mem_ctx);
return -1; /* already replied */
}
int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,
int length,int bufsize)
{
int sess_vuid;
int smb_bufsize;
DATA_BLOB lm_resp;
DATA_BLOB nt_resp;
DATA_BLOB plaintext_password;
fstring user;
fstring sub_user; /* Sainitised username for substituion */
fstring domain;
fstring native_os;
fstring native_lanman;
fstring primary_domain;
static BOOL done_sesssetup = False;
auth_usersupplied_info *user_info = NULL;
auth_serversupplied_info *server_info = NULL;
NTSTATUS nt_status;
BOOL doencrypt = global_encrypted_passwords_negotiated;
DATA_BLOB session_key;
START_PROFILE(SMBsesssetupX);
ZERO_STRUCT(lm_resp);
ZERO_STRUCT(nt_resp);
ZERO_STRUCT(plaintext_password);
DEBUG(3,("wct=%d flg2=0x%x\n", CVAL(inbuf, smb_wct), SVAL(inbuf, smb_flg2)));
/* a SPNEGO session setup has 12 command words, whereas a normal
NT1 session setup has 13. See the cifs spec. */
if (CVAL(inbuf, smb_wct) == 12 &&
(SVAL(inbuf, smb_flg2) & FLAGS2_EXTENDED_SECURITY)) {
if (!global_spnego_negotiated) {
DEBUG(0,("reply_sesssetup_and_X: Rejecting attempt at SPNEGO session setup when it was not negoitiated.\n"));
return ERROR_NT(nt_status_squash(NT_STATUS_LOGON_FAILURE));
}
if (SVAL(inbuf,smb_vwv4) == 0) {
setup_new_vc_session();
}
return reply_sesssetup_and_X_spnego(conn, inbuf, outbuf, length, bufsize);
}
smb_bufsize = SVAL(inbuf,smb_vwv2);
if (Protocol < PROTOCOL_NT1) {
uint16 passlen1 = SVAL(inbuf,smb_vwv7);
/* Never do NT status codes with protocols before NT1 as we don't get client caps. */
remove_from_common_flags2(FLAGS2_32_BIT_ERROR_CODES);
if ((passlen1 > MAX_PASS_LEN) || (passlen1 > smb_bufrem(inbuf, smb_buf(inbuf)))) {
return ERROR_NT(nt_status_squash(NT_STATUS_INVALID_PARAMETER));
}
if (doencrypt) {
lm_resp = data_blob(smb_buf(inbuf), passlen1);
} else {
plaintext_password = data_blob(smb_buf(inbuf), passlen1+1);
/* Ensure null termination */
plaintext_password.data[passlen1] = 0;
}
srvstr_pull_buf(inbuf, user, smb_buf(inbuf)+passlen1, sizeof(user), STR_TERMINATE);
*domain = 0;
} else {
uint16 passlen1 = SVAL(inbuf,smb_vwv7);
uint16 passlen2 = SVAL(inbuf,smb_vwv8);
enum remote_arch_types ra_type = get_remote_arch();
char *p = smb_buf(inbuf);
char *save_p = smb_buf(inbuf);
uint16 byte_count;
if(global_client_caps == 0) {
global_client_caps = IVAL(inbuf,smb_vwv11);
if (!(global_client_caps & CAP_STATUS32)) {
remove_from_common_flags2(FLAGS2_32_BIT_ERROR_CODES);
}
/* client_caps is used as final determination if client is NT or Win95.
This is needed to return the correct error codes in some
circumstances.
*/
if(ra_type == RA_WINNT || ra_type == RA_WIN2K || ra_type == RA_WIN95) {
if(!(global_client_caps & (CAP_NT_SMBS | CAP_STATUS32))) {
set_remote_arch( RA_WIN95);
}
}
}
if (!doencrypt) {
/* both Win95 and WinNT stuff up the password lengths for
non-encrypting systems. Uggh.
if passlen1==24 its a win95 system, and its setting the
password length incorrectly. Luckily it still works with the
default code because Win95 will null terminate the password
anyway
if passlen1>0 and passlen2>0 then maybe its a NT box and its
setting passlen2 to some random value which really stuffs
things up. we need to fix that one. */
if (passlen1 > 0 && passlen2 > 0 && passlen2 != 24 && passlen2 != 1)
passlen2 = 0;
}
/* check for nasty tricks */
if (passlen1 > MAX_PASS_LEN || passlen1 > smb_bufrem(inbuf, p)) {
return ERROR_NT(nt_status_squash(NT_STATUS_INVALID_PARAMETER));
}
if (passlen2 > MAX_PASS_LEN || passlen2 > smb_bufrem(inbuf, p+passlen1)) {
return ERROR_NT(nt_status_squash(NT_STATUS_INVALID_PARAMETER));
}
/* Save the lanman2 password and the NT md4 password. */
if ((doencrypt) && (passlen1 != 0) && (passlen1 != 24)) {
doencrypt = False;
}
if (doencrypt) {
lm_resp = data_blob(p, passlen1);
nt_resp = data_blob(p+passlen1, passlen2);
} else {
pstring pass;
BOOL unic=SVAL(inbuf, smb_flg2) & FLAGS2_UNICODE_STRINGS;
#if 0
/* This was the previous fix. Not sure if it's still valid. JRA. */
if ((ra_type == RA_WINNT) && (passlen2 == 0) && unic && passlen1) {
/* NT4.0 stuffs up plaintext unicode password lengths... */
srvstr_pull(inbuf, pass, smb_buf(inbuf) + 1,
sizeof(pass), passlen1, STR_TERMINATE);
#endif
if (unic && (passlen2 == 0) && passlen1) {
/* Only a ascii plaintext password was sent. */
srvstr_pull(inbuf, pass, smb_buf(inbuf), sizeof(pass),
passlen1, STR_TERMINATE|STR_ASCII);
} else {
srvstr_pull(inbuf, pass, smb_buf(inbuf),
sizeof(pass), unic ? passlen2 : passlen1,
STR_TERMINATE);
}
plaintext_password = data_blob(pass, strlen(pass)+1);
}
p += passlen1 + passlen2;
p += srvstr_pull_buf(inbuf, user, p, sizeof(user), STR_TERMINATE);
p += srvstr_pull_buf(inbuf, domain, p, sizeof(domain), STR_TERMINATE);
p += srvstr_pull_buf(inbuf, native_os, p, sizeof(native_os), STR_TERMINATE);
p += srvstr_pull_buf(inbuf, native_lanman, p, sizeof(native_lanman), STR_TERMINATE);
/* not documented or decoded by Ethereal but there is one more string
in the extra bytes which is the same as the PrimaryDomain when using
extended security. Windows NT 4 and 2003 use this string to store
the native lanman string. Windows 9x does not include a string here
at all so we have to check if we have any extra bytes left */
byte_count = SVAL(inbuf, smb_vwv13);
if ( PTR_DIFF(p, save_p) < byte_count)
p += srvstr_pull_buf(inbuf, primary_domain, p, sizeof(primary_domain), STR_TERMINATE);
else
fstrcpy( primary_domain, "null" );
DEBUG(3,("Domain=[%s] NativeOS=[%s] NativeLanMan=[%s] PrimaryDomain=[%s]\n",
domain, native_os, native_lanman, primary_domain));
if ( ra_type == RA_WIN2K ) {
if ( strlen(native_lanman) == 0 )
ra_lanman_string( primary_domain );
else
ra_lanman_string( native_lanman );
}
}
if (SVAL(inbuf,smb_vwv4) == 0) {
setup_new_vc_session();
}
DEBUG(3,("sesssetupX:name=[%s]\\[%s]@[%s]\n", domain, user, get_remote_machine_name()));
if (*user) {
if (global_spnego_negotiated) {
/* This has to be here, because this is a perfectly valid behaviour for guest logons :-( */
DEBUG(0,("reply_sesssetup_and_X: Rejecting attempt at 'normal' session setup after negotiating spnego.\n"));
return ERROR_NT(nt_status_squash(NT_STATUS_LOGON_FAILURE));
}
fstrcpy(sub_user, user);
} else {
fstrcpy(sub_user, lp_guestaccount());
}
sub_set_smb_name(sub_user);
reload_services(True);
if (lp_security() == SEC_SHARE) {
/* in share level we should ignore any passwords */
data_blob_free(&lm_resp);
data_blob_free(&nt_resp);
data_blob_clear_free(&plaintext_password);
map_username(sub_user);
add_session_user(sub_user);
add_session_workgroup(domain);
/* Then force it to null for the benfit of the code below */
*user = 0;
}
if (!*user) {
nt_status = check_guest_password(&server_info);
} else if (doencrypt) {
if (!negprot_global_auth_context) {
DEBUG(0, ("reply_sesssetup_and_X: Attempted encrypted session setup without negprot denied!\n"));
return ERROR_NT(nt_status_squash(NT_STATUS_LOGON_FAILURE));
}
nt_status = make_user_info_for_reply_enc(&user_info, user, domain,
lm_resp, nt_resp);
if (NT_STATUS_IS_OK(nt_status)) {
nt_status = negprot_global_auth_context->check_ntlm_password(negprot_global_auth_context,
user_info,
&server_info);
}
} else {
struct auth_context *plaintext_auth_context = NULL;
const uint8 *chal;
nt_status = make_auth_context_subsystem(&plaintext_auth_context);
if (NT_STATUS_IS_OK(nt_status)) {
chal = plaintext_auth_context->get_ntlm_challenge(plaintext_auth_context);
if (!make_user_info_for_reply(&user_info,
user, domain, chal,
plaintext_password)) {
nt_status = NT_STATUS_NO_MEMORY;
}
if (NT_STATUS_IS_OK(nt_status)) {
nt_status = plaintext_auth_context->check_ntlm_password(plaintext_auth_context,
user_info,
&server_info);
(plaintext_auth_context->free)(&plaintext_auth_context);
}
}
}
free_user_info(&user_info);
if (!NT_STATUS_IS_OK(nt_status)) {
nt_status = do_map_to_guest(nt_status, &server_info, user, domain);
}
if (!NT_STATUS_IS_OK(nt_status)) {
data_blob_free(&nt_resp);
data_blob_free(&lm_resp);
data_blob_clear_free(&plaintext_password);
return ERROR_NT(nt_status_squash(nt_status));
}
/* Ensure we can't possible take a code path leading to a null defref. */
if (!server_info) {
return ERROR_NT(nt_status_squash(NT_STATUS_LOGON_FAILURE));
}
nt_status = create_local_token(server_info);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(10, ("create_local_token failed: %s\n",
nt_errstr(nt_status)));
data_blob_free(&nt_resp);
data_blob_free(&lm_resp);
data_blob_clear_free(&plaintext_password);
return ERROR_NT(nt_status_squash(nt_status));
}
if (server_info->user_session_key.data) {
session_key = data_blob(server_info->user_session_key.data, server_info->user_session_key.length);
} else {
session_key = data_blob(NULL, 0);
}
data_blob_clear_free(&plaintext_password);
/* it's ok - setup a reply */
set_message(outbuf,3,0,True);
if (Protocol >= PROTOCOL_NT1) {
char *p = smb_buf( outbuf );
p += add_signature( outbuf, p );
set_message_end( outbuf, p );
/* perhaps grab OS version here?? */
}
if (server_info->guest) {
SSVAL(outbuf,smb_vwv2,1);
}
/* register the name and uid as being validated, so further connections
to a uid can get through without a password, on the same VC */
if (lp_security() == SEC_SHARE) {
sess_vuid = UID_FIELD_INVALID;
data_blob_free(&session_key);
TALLOC_FREE(server_info);
} else {
/* register_vuid keeps the server info */
sess_vuid = register_vuid(server_info, session_key,
nt_resp.data ? nt_resp : lm_resp,
sub_user);
if (sess_vuid == UID_FIELD_INVALID) {
data_blob_free(&nt_resp);
data_blob_free(&lm_resp);
return ERROR_NT(nt_status_squash(NT_STATUS_LOGON_FAILURE));
}
/* current_user_info is changed on new vuid */
reload_services( True );
sessionsetup_start_signing_engine(server_info, inbuf);
}
data_blob_free(&nt_resp);
data_blob_free(&lm_resp);
SSVAL(outbuf,smb_uid,sess_vuid);
SSVAL(inbuf,smb_uid,sess_vuid);
if (!done_sesssetup)
max_send = MIN(max_send,smb_bufsize);
done_sesssetup = True;
END_PROFILE(SMBsesssetupX);
return chain_reply(inbuf,outbuf,length,bufsize);
}
