SYSKEY, TNG freeze, 2.0.x->TNG merge and other thoughts
Luke Kenneth Casson Leighton
lkcl at samba.org
Tue Feb 8 19:54:35 GMT 2000
> I'm now for it as Luke's LDAP/NIS/other name services argument is a
> winning one. The /etc/shadow approach should still be supported and
> used where no such cleartext protocols are in use.
the SYSKEY2 thing also means that private/smbpasswd can be made
world-readable. sounds weird, neh? WAIT - hear me out, before shooting
mouths and telling me it's a stupid idea. i didn't say make the SYSKEY2
key world-reabalb, that _is_ a stupid idea.
however, the _only_ reason that we have to do this, in ALL samba
user-enumeration code in samrd:
_sam_query_userinfo()
{
become_root()
getsmbpwnam(user_rid)
unbecmome_root()
...
}
_samr_enum_dom_users()
{
become_root()
startsmbpwent()
getsmbpwent()
endsmbpwent()
unbecome_root()
...
}
is because private/smbpasswd is root-only readable. yes, there appears to
only be a password in it, but there's not, it identifes which unix
accoutns are also samba accounts.
so the ONLY two places (three) in which become_root() should be acalled
are (and it should be called around the get_syskey2_file() call, nothing
else)
_samr_query_userinfo() info level 0x12, to obtain LM# and NT#
_samr_set_userinfo() info level 0x12, to set LM# and NT#
actually, only these two, because i was going to say samr_chg_userpasswd,
but that can be implemented in terms of the two above calls, internally.
> The question now should be one of scheduling/prioritizing. SYSKEY is
> not needed urgently to allow TNG to make progress, unless Luke Howard
correct.
> thinks otherwise (he's doing the SAM-via-LDAP-with-win2k-schema work).
well, actually, we realy need to work out _microsoft's_ syskey2 for their
password ldap fields.
and if we [or someone else, and releases code inder gpl] work it out, it's
GOING into samba source code.
> - TNG code freeze
>
> Don't do it yet; wait a few more weeks. So much progress is taking
> place that it seems worthwhile to wait a bit longer.
hm.
> - 2.0.x->TNG merge
>
> This should be easy, actually: take smbd code from 2.0.x as is, drop
> all the MSRPC code save for the loopback to MSRPC daemons code.
>
> That's it.
not quite. there are three things:
1) clientgen.c, pwd_cache.c and other password-related code for NTLMv2
support samba tng doesn't work without the support of this code.
2) authorise_login(), password_ok(), pass_check(), smb_password_ok(),
pass_check_smb(), all take const char* user, const char*domain - they
shouldn't, these s houls be UNICODE - and return a NET_USER_INFO_3
structure which is stored in the user_struct structure.
3) user_structs are now not stored in memory of the smbd process, they are
stored in a vuser.tdb database. the key is the smbd pid + the smbd SMB
vuid field. this is so this info can be accessed from an msrpc daemon in
order to be able to do a standard_sub_vuser() call. standard_sub_vuser(),
and all... 20 or so uses of it, need to be updated, too, in 2_0.
YES, i damn well needed standard_sub_vuser(), i wouldn't bother modifying
smbd code that is 2 years out-of-date, otherwise.
i think that's all. if someone wants to take each of these things,
starting in that order, there'd be lots of grateful people around. oh and
you'd be entitled to a samba team t-shirt, of course.
More information about the samba-technical
mailing list