summaryrefslogtreecommitdiff
path: root/source3/rpc_client
diff options
context:
space:
mode:
authorLuke Leighton <lkcl@samba.org>1998-10-19 17:32:10 +0000
committerLuke Leighton <lkcl@samba.org>1998-10-19 17:32:10 +0000
commit01de6030843f5f402dee8bf72f564a91ae8437ca (patch)
tree2319ade00e775979ed5d3343bb8a89a21aa2bc2b /source3/rpc_client
parent33790c41501af0e8fdc2fbc7128cf2a42cafa087 (diff)
downloadsamba-01de6030843f5f402dee8bf72f564a91ae8437ca.tar.gz
samba-01de6030843f5f402dee8bf72f564a91ae8437ca.tar.bz2
samba-01de6030843f5f402dee8bf72f564a91ae8437ca.zip
- dce/rpc code
- removed debug info in struni2 and unistr2 (security risk) - rpc_pipe function was getting pointer to data then calling realloc *dur* - password check function, the start of "credential checking", user, wks, domain, pass as the credentials (not just user,pass which is incorrect in a domain context) - cli_write needs to return ssize_t not size_t, because total can be -1 if the write fails. - fixed signed / unsigned warnings (how come i don't get those any more when i compile with gcc???) - nt password change added in smbd. yes, jeremy, i verified that the SMBtrans2 version still works. (This used to be commit fcfb40d2b0fc565ee4f66b3a3761c246366a2ef3)
Diffstat (limited to 'source3/rpc_client')
-rw-r--r--source3/rpc_client/cli_pipe.c43
1 files changed, 25 insertions, 18 deletions
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index f252c99d97..08b3575733 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -142,7 +142,7 @@ static BOOL rpc_auth_pipe(struct cli_state *cli, prs_struct *rdata,
RPC_AUTH_NTLMSSP_CHK chk;
uint32 crc32;
int data_len = len - 0x18 - auth_len - 8;
- char *reply_data = (uchar*)mem_data(&rdata->data, 0x18);
+ char *reply_data = mem_data(&rdata->data, 0x18);
BOOL auth_verify = IS_BITS_SET_ALL(cli->ntlmssp_srv_flgs, NTLMSSP_NEGOTIATE_SIGN);
BOOL auth_seal = IS_BITS_SET_ALL(cli->ntlmssp_srv_flgs, NTLMSSP_NEGOTIATE_SEAL);
@@ -150,13 +150,8 @@ static BOOL rpc_auth_pipe(struct cli_state *cli, prs_struct *rdata,
DEBUG(5,("rpc_auth_pipe: len: %d auth_len: %d verify %s seal %s\n",
len, auth_len, BOOLSTR(auth_verify), BOOLSTR(auth_seal)));
-/* RPC_HDR_AUTH rhdr_auth;
- prs_struct auth_req;
- prs_init(&auth_req , 0x10, 4, 0, True);
- smb_io_rpc_hdr_auth("hdr_auth", &rhdr_auth, &hdr_auth, 0);
- prs_mem_free(&auth_req);
+ if (reply_data == NULL) return False;
-*/
if (auth_seal)
{
DEBUG(10,("rpc_auth_pipe: seal\n"));
@@ -165,14 +160,32 @@ static BOOL rpc_auth_pipe(struct cli_state *cli, prs_struct *rdata,
dump_data(100, reply_data, data_len);
}
+ if (auth_verify || auth_seal)
+ {
+ RPC_HDR_AUTH rhdr_auth;
+ prs_struct auth_req;
+ char *data = mem_data(&rdata->data, len - auth_len - 8);
+ prs_init(&auth_req , 0x08, 4, 0, True);
+ memcpy(auth_req.data->data, data, 8);
+ smb_io_rpc_hdr_auth("hdr_auth", &rhdr_auth, &auth_req, 0);
+ prs_mem_free(&auth_req);
+
+ if (!rpc_hdr_auth_chk(&rhdr_auth))
+ {
+ return False;
+ }
+ }
+
if (auth_verify)
{
prs_struct auth_verf;
char *data = (uchar*)mem_data(&rdata->data, len - auth_len);
- prs_init(&auth_verf, 0x08, 4, 0, True);
+ if (data == NULL) return False;
+
DEBUG(10,("rpc_auth_pipe: verify\n"));
dump_data(100, data, auth_len);
- NTLMSSPcalc(cli->ntlmssp_hash, data + 4, auth_len - 4);
+ NTLMSSPcalc(cli->ntlmssp_hash, (uchar*)(data+4), auth_len - 4);
+ prs_init(&auth_verf, 0x08, 4, 0, True);
memcpy(auth_verf.data->data, data, 16);
smb_io_rpc_auth_ntlmssp_chk("auth_sign", &chk, &auth_verf, 0);
dump_data(100, data, auth_len);
@@ -182,14 +195,8 @@ static BOOL rpc_auth_pipe(struct cli_state *cli, prs_struct *rdata,
if (auth_verify)
{
crc32 = crc32_calc_buffer(data_len, reply_data);
- if (chk.crc32 != crc32 ||
- chk.ver != NTLMSSP_SIGN_VERSION ||
- chk.seq_num != cli->ntlmssp_seq_num++)
+ if (!rpc_auth_ntlmssp_chk(&chk, crc32 , &cli->ntlmssp_seq_num))
{
- DEBUG(5,("rpc_auth_pipe: verify failed - crc %x ver %x seq %d\n",
- crc32, NTLMSSP_SIGN_VERSION, cli->ntlmssp_seq_num));
- DEBUG(5,("rpc_auth_pipe: verify expect - crc %x ver %x seq %d\n",
- chk.crc32, chk.ver, chk.seq_num));
return False;
}
}
@@ -585,7 +592,7 @@ BOOL rpc_api_pipe_req(struct cli_state *cli, uint8 op_num,
BOOL ret;
BOOL auth_verify;
BOOL auth_seal;
- uint32 crc32 = 0;
+ uint32 crc32;
auth_verify = IS_BITS_SET_ALL(cli->ntlmssp_srv_flgs, NTLMSSP_NEGOTIATE_SIGN);
auth_seal = IS_BITS_SET_ALL(cli->ntlmssp_srv_flgs, NTLMSSP_NEGOTIATE_SEAL);
@@ -915,8 +922,8 @@ static BOOL rpc_pipe_bind(struct cli_state *cli, char *pipe_name,
pwd_get_lm_nt_owf(&cli->pwd, lm_owf, NULL);
pwd_get_lm_nt_16(&cli->pwd, lm_hash, NULL);
NTLMSSPOWFencrypt(lm_hash, lm_owf, p24);
- bzero(lm_hash, sizeof(lm_hash));
NTLMSSPhash(cli->ntlmssp_hash, p24);
+ bzero(lm_hash, sizeof(lm_hash));
/* this is a hack due to limitations in rpc_api_pipe */
prs_init(&dataa, mem_buf_len(hdra.data), 4, 0x0, False);