diff options
| author | Gerald Carter <jerry@samba.org> | 2003-03-14 23:06:06 +0000 |
|---|---|---|
| committer | Gerald Carter <jerry@samba.org> | 2003-03-14 23:06:06 +0000 |
| commit | 128e7edaaf7cf6ed590c8b7260303520f7b773a0 (patch) | |
| tree | d64e7c2ee7379a9b4315d058fd5c3d575ce3f289 | |
| parent | a3d7a1ea200a84aea77b67f9ed1cb6c4ae48442f (diff) | |
| download | samba-128e7edaaf7cf6ed590c8b7260303520f7b773a0.tar.gz samba-128e7edaaf7cf6ed590c8b7260303520f7b773a0.tar.bz2 samba-128e7edaaf7cf6ed590c8b7260303520f7b773a0.zip | |
fix WinXP & Win2K3 remote_arch and check pointer in ntlmssp code before dereferencing
(This used to be commit 7bc5fc729f67ae16e09ea67efa9e2b8e2ba41c8f)
| -rw-r--r-- | source3/Makefile.in | 5 | ||||
| -rw-r--r-- | source3/lib/util.c | 16 | ||||
| -rw-r--r-- | source3/smbd/sesssetup.c | 39 |
3 files changed, 39 insertions, 21 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index b7b0430b78..a198298102 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -85,6 +85,7 @@ PIDDIR = @piddir@ # man pages language(s) man_langs = "@manlangs@" +LIBSMBCLIENT=bin/libsmbclient.a @LIBSMBCLIENT_SHARED@ LIBSMBCLIENT_MAJOR=0 LIBSMBCLIENT_MINOR=1 @@ -869,7 +870,7 @@ bin/libbigballofmud.@SHLIBEXT@: $(LIBBIGBALLOFMUD_PICOBJS) $(SHLD) $(LDSHFLAGS) -o $@ $(LIBBIGBALLOFMUD_PICOBJS) $(LIBS) \ @SONAMEFLAG@`basename $@`.$(LIBBIGBALLOFMUD_MAJOR) -libsmbclient: bin/libsmbclient.a @LIBSMBCLIENT_SHARED@ +libsmbclient: $(LIBSMBCLIENT) bin/librpc_lsarpc.@SHLIBEXT@: $(RPC_LSA_OBJ) @echo "Linking $@" @@ -1098,7 +1099,7 @@ TOPFILES=dynconfig.o dynconfig.po clean: delheaders python_clean -rm -f core */*~ *~ */*.o */*.po */*.po32 */*.@SHLIBEXT@ \ - $(TOPFILES) $(BIN_PROGS) $(SBIN_PROGS) $(VFS_MODULES) $(PDB_MODULES) $(RPC_MODULES) $(TORTURE_PROGS) .headers.stamp + $(TOPFILES) $(BIN_PROGS) $(SBIN_PROGS) $(VFS_MODULES) $(PDB_MODULES) $(RPC_MODULES) $(TORTURE_PROGS) .headers.stamp $(LIBSMBCLIENT) # Making this target will just make sure that the prototype files # exist, not necessarily that they are up to date. Since they're diff --git a/source3/lib/util.c b/source3/lib/util.c index 8d62db5ebb..77ffa70a47 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -1741,6 +1741,22 @@ BOOL is_myworkgroup(const char *s) } /******************************************************************* + we distinguish between 2K and XP by the "Native Lan Manager" string + WinXP => "Windows 2002 5.1" + Win2k => "Windows 2000 5.0" + NT4 => "Windows NT 4.0" + Win9x => "Windows 4.0" +********************************************************************/ + +void ra_lanman_string( const char *native_lanman ) +{ + if ( 0 == strcmp( native_lanman, "Windows 2002 5.1" ) ) + set_remote_arch( RA_WINXP ); + else if ( 0 == strcmp( native_lanman, "Windows .NET 5.2" ) ) + set_remote_arch( RA_WIN2K3 ); +} + +/******************************************************************* Set the horrid remote_arch string based on an enum. ********************************************************************/ diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 7e28592eeb..7f125de583 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -372,8 +372,10 @@ static int reply_spnego_auth(connection_struct *conn, char *inbuf, char *outbuf, return ERROR_NT(NT_STATUS_LOGON_FAILURE); } - nt_status = auth_ntlmssp_update(global_ntlmssp_state, - auth, &auth_reply); + if ( global_ntlmssp_state ) { + nt_status = auth_ntlmssp_update(global_ntlmssp_state, + auth, &auth_reply); + } data_blob_free(&auth); @@ -398,6 +400,10 @@ static int reply_sesssetup_and_X_spnego(connection_struct *conn, char *inbuf, DATA_BLOB blob1; int ret; size_t bufrem; + fstring native_os, native_lanman; + char *p2; + uint16 data_blob_len = SVAL(inbuf, smb_vwv7); + enum remote_arch_types ra_type = get_remote_arch(); DEBUG(3,("Doing spnego session setup\n")); @@ -407,19 +413,27 @@ static int reply_sesssetup_and_X_spnego(connection_struct *conn, char *inbuf, p = (uint8 *)smb_buf(inbuf); - if (SVAL(inbuf, smb_vwv7) == 0) { + if (data_blob_len == 0) { /* an invalid request */ return ERROR_NT(NT_STATUS_LOGON_FAILURE); } bufrem = smb_bufrem(inbuf, p); /* pull the spnego blob */ - blob1 = data_blob(p, MIN(bufrem, SVAL(inbuf, smb_vwv7))); + blob1 = data_blob(p, MIN(bufrem, data_blob_len)); #if 0 file_save("negotiate.dat", blob1.data, blob1.length); #endif + p2 = inbuf + smb_vwv13 + data_blob_len; + p2 += srvstr_pull_buf(inbuf, native_os, p2, sizeof(native_os), STR_TERMINATE); + p2 += srvstr_pull_buf(inbuf, native_lanman, p2, sizeof(native_lanman), STR_TERMINATE); + DEBUG(3,("NativeOS=[%s] NativeLanMan=[%s]\n", native_os, native_lanman)); + + if ( ra_type == RA_WIN2K ) + ra_lanman_string( native_lanman ); + if (blob1.data[0] == ASN1_APPLICATION(0)) { /* its a negTokenTarg packet */ ret = reply_spnego_negotiate(conn, inbuf, outbuf, length, bufsize, blob1); @@ -582,21 +596,8 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf, DEBUG(3,("Domain=[%s] NativeOS=[%s] NativeLanMan=[%s]\n", domain,native_os,native_lanman)); - /* - * we distinguish between 2K and XP by the "Native Lan Manager" string - * WinXP => "Windows 2002 5.1" - * Win2k => "Windows 2000 5.0" - * NT4 => "Windows NT 4.0" - * Win9x => "Windows 4.0" - */ - - if ( ra_type == RA_WIN2K ) { - if ( 0 == strcmp( native_lanman, "Windows 2002 5.1" ) ) - set_remote_arch( RA_WINXP ); - else if ( 0 == strcmp( native_lanman, "Windows .NET 5.2" ) ) - set_remote_arch( RA_WIN2K3 ); - } - + if ( ra_type == RA_WIN2K ) + ra_lanman_string( native_lanman ); } |