diff options
| author | Luke Leighton <lkcl@samba.org> | 1998-10-19 17:32:10 +0000 |
|---|---|---|
| committer | Luke Leighton <lkcl@samba.org> | 1998-10-19 17:32:10 +0000 |
| commit | 01de6030843f5f402dee8bf72f564a91ae8437ca (patch) | |
| tree | 2319ade00e775979ed5d3343bb8a89a21aa2bc2b /source3/rpc_client | |
| parent | 33790c41501af0e8fdc2fbc7128cf2a42cafa087 (diff) | |
| download | samba-01de6030843f5f402dee8bf72f564a91ae8437ca.tar.gz samba-01de6030843f5f402dee8bf72f564a91ae8437ca.tar.bz2 samba-01de6030843f5f402dee8bf72f564a91ae8437ca.zip | |
- dce/rpc code
- removed debug info in struni2 and unistr2 (security risk)
- rpc_pipe function was getting pointer to data then calling realloc *dur*
- password check function, the start of "credential checking",
user, wks, domain, pass as the credentials (not just user,pass which
is incorrect in a domain context)
- cli_write needs to return ssize_t not size_t, because total can be -1
if the write fails.
- fixed signed / unsigned warnings (how come i don't get those any more
when i compile with gcc???)
- nt password change added in smbd. yes, jeremy, i verified that the
SMBtrans2 version still works.
(This used to be commit fcfb40d2b0fc565ee4f66b3a3761c246366a2ef3)
Diffstat (limited to 'source3/rpc_client')
| -rw-r--r-- | source3/rpc_client/cli_pipe.c | 43 |
1 files changed, 25 insertions, 18 deletions
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index f252c99d97..08b3575733 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -142,7 +142,7 @@ static BOOL rpc_auth_pipe(struct cli_state *cli, prs_struct *rdata, RPC_AUTH_NTLMSSP_CHK chk; uint32 crc32; int data_len = len - 0x18 - auth_len - 8; - char *reply_data = (uchar*)mem_data(&rdata->data, 0x18); + char *reply_data = mem_data(&rdata->data, 0x18); BOOL auth_verify = IS_BITS_SET_ALL(cli->ntlmssp_srv_flgs, NTLMSSP_NEGOTIATE_SIGN); BOOL auth_seal = IS_BITS_SET_ALL(cli->ntlmssp_srv_flgs, NTLMSSP_NEGOTIATE_SEAL); @@ -150,13 +150,8 @@ static BOOL rpc_auth_pipe(struct cli_state *cli, prs_struct *rdata, DEBUG(5,("rpc_auth_pipe: len: %d auth_len: %d verify %s seal %s\n", len, auth_len, BOOLSTR(auth_verify), BOOLSTR(auth_seal))); -/* RPC_HDR_AUTH rhdr_auth; - prs_struct auth_req; - prs_init(&auth_req , 0x10, 4, 0, True); - smb_io_rpc_hdr_auth("hdr_auth", &rhdr_auth, &hdr_auth, 0); - prs_mem_free(&auth_req); + if (reply_data == NULL) return False; -*/ if (auth_seal) { DEBUG(10,("rpc_auth_pipe: seal\n")); @@ -165,14 +160,32 @@ static BOOL rpc_auth_pipe(struct cli_state *cli, prs_struct *rdata, dump_data(100, reply_data, data_len); } + if (auth_verify || auth_seal) + { + RPC_HDR_AUTH rhdr_auth; + prs_struct auth_req; + char *data = mem_data(&rdata->data, len - auth_len - 8); + prs_init(&auth_req , 0x08, 4, 0, True); + memcpy(auth_req.data->data, data, 8); + smb_io_rpc_hdr_auth("hdr_auth", &rhdr_auth, &auth_req, 0); + prs_mem_free(&auth_req); + + if (!rpc_hdr_auth_chk(&rhdr_auth)) + { + return False; + } + } + if (auth_verify) { prs_struct auth_verf; char *data = (uchar*)mem_data(&rdata->data, len - auth_len); - prs_init(&auth_verf, 0x08, 4, 0, True); + if (data == NULL) return False; + DEBUG(10,("rpc_auth_pipe: verify\n")); dump_data(100, data, auth_len); - NTLMSSPcalc(cli->ntlmssp_hash, data + 4, auth_len - 4); + NTLMSSPcalc(cli->ntlmssp_hash, (uchar*)(data+4), auth_len - 4); + prs_init(&auth_verf, 0x08, 4, 0, True); memcpy(auth_verf.data->data, data, 16); smb_io_rpc_auth_ntlmssp_chk("auth_sign", &chk, &auth_verf, 0); dump_data(100, data, auth_len); @@ -182,14 +195,8 @@ static BOOL rpc_auth_pipe(struct cli_state *cli, prs_struct *rdata, if (auth_verify) { crc32 = crc32_calc_buffer(data_len, reply_data); - if (chk.crc32 != crc32 || - chk.ver != NTLMSSP_SIGN_VERSION || - chk.seq_num != cli->ntlmssp_seq_num++) + if (!rpc_auth_ntlmssp_chk(&chk, crc32 , &cli->ntlmssp_seq_num)) { - DEBUG(5,("rpc_auth_pipe: verify failed - crc %x ver %x seq %d\n", - crc32, NTLMSSP_SIGN_VERSION, cli->ntlmssp_seq_num)); - DEBUG(5,("rpc_auth_pipe: verify expect - crc %x ver %x seq %d\n", - chk.crc32, chk.ver, chk.seq_num)); return False; } } @@ -585,7 +592,7 @@ BOOL rpc_api_pipe_req(struct cli_state *cli, uint8 op_num, BOOL ret; BOOL auth_verify; BOOL auth_seal; - uint32 crc32 = 0; + uint32 crc32; auth_verify = IS_BITS_SET_ALL(cli->ntlmssp_srv_flgs, NTLMSSP_NEGOTIATE_SIGN); auth_seal = IS_BITS_SET_ALL(cli->ntlmssp_srv_flgs, NTLMSSP_NEGOTIATE_SEAL); @@ -915,8 +922,8 @@ static BOOL rpc_pipe_bind(struct cli_state *cli, char *pipe_name, pwd_get_lm_nt_owf(&cli->pwd, lm_owf, NULL); pwd_get_lm_nt_16(&cli->pwd, lm_hash, NULL); NTLMSSPOWFencrypt(lm_hash, lm_owf, p24); - bzero(lm_hash, sizeof(lm_hash)); NTLMSSPhash(cli->ntlmssp_hash, p24); + bzero(lm_hash, sizeof(lm_hash)); /* this is a hack due to limitations in rpc_api_pipe */ prs_init(&dataa, mem_buf_len(hdra.data), 4, 0x0, False); |