SYSKEY, TNG freeze, 2.0.x->TNG merge and other thoughts

Luke Kenneth Casson Leighton lkcl at samba.org
Tue Feb 8 19:54:35 GMT 2000


>    I'm now for it as Luke's LDAP/NIS/other name services argument is a
>    winning one. The /etc/shadow approach should still be supported and
>    used where no such cleartext protocols are in use.

the SYSKEY2 thing also means that private/smbpasswd can be made
world-readable.  sounds weird, neh?  WAIT - hear me out, before shooting
mouths and telling me it's a stupid idea.  i didn't say make the SYSKEY2
key world-reabalb, that _is_ a stupid idea.

however, the _only_ reason that we have to do this, in ALL samba
user-enumeration code in samrd:

_sam_query_userinfo()
{

	become_root()
	getsmbpwnam(user_rid)
	unbecmome_root()

	...
}

_samr_enum_dom_users()
{
	become_root()
	startsmbpwent()
	getsmbpwent()
	endsmbpwent()
	unbecome_root()

	...
}

is because private/smbpasswd is root-only readable.  yes, there appears to
only be a password in it, but there's not, it identifes which unix
accoutns are also samba accounts.

so the ONLY two places (three) in which become_root() should be acalled
are (and it should be called around the get_syskey2_file() call, nothing
else)

_samr_query_userinfo() info level 0x12, to obtain LM# and NT#
_samr_set_userinfo() info level 0x12, to set LM# and NT#

actually, only these two, because i was going to say samr_chg_userpasswd,
but that can be implemented in terms of the two above calls, internally.


>    The question now should be one of scheduling/prioritizing. SYSKEY is
>    not needed urgently to allow TNG to make progress, unless Luke Howard

correct.

>    thinks otherwise (he's doing the SAM-via-LDAP-with-win2k-schema work).

well, actually, we realy need to work out _microsoft's_ syskey2 for their
password ldap fields.

and if we [or someone else, and releases code inder gpl] work it out, it's
GOING into samba source code.
 
>  - TNG code freeze
> 
>    Don't do it yet; wait a few more weeks. So much progress is taking
>    place that it seems worthwhile to wait a bit longer.

hm.
 
>  - 2.0.x->TNG merge
> 
>    This should be easy, actually: take smbd code from 2.0.x as is, drop
>    all the MSRPC code save for the loopback to MSRPC daemons code.
> 
>    That's it.

not quite.  there are three things:

1) clientgen.c, pwd_cache.c and other password-related code for NTLMv2
support samba tng doesn't work without the support of this code.

2) authorise_login(), password_ok(), pass_check(), smb_password_ok(),
pass_check_smb(), all take const char* user, const char*domain - they
shouldn't, these s houls be UNICODE - and return a NET_USER_INFO_3
structure which is stored in the user_struct structure.

3) user_structs are now not stored in memory of the smbd process, they are
stored in a vuser.tdb database.  the key is the smbd pid + the smbd SMB
vuid field.  this is so this info can be accessed from an msrpc daemon in
order to be able to do a standard_sub_vuser() call. standard_sub_vuser(),
and all... 20 or so uses of it, need to be updated, too, in 2_0.

YES, i damn well needed standard_sub_vuser(), i wouldn't bother modifying
smbd code that is 2 years out-of-date, otherwise.

i think that's all.  if someone wants to take each of these things,
starting in that order, there'd be lots of grateful people around.  oh and
you'd be entitled to a samba team t-shirt, of course.



More information about the samba-technical mailing list