summaryrefslogtreecommitdiff
path: root/source3/rpc_parse
diff options
context:
space:
mode:
authorTim Potter <tpot@samba.org>2003-05-26 06:59:38 +0000
committerTim Potter <tpot@samba.org>2003-05-26 06:59:38 +0000
commit0d3097c135e382f3540b2bb0fef0497af16d7344 (patch)
tree1a962eddd9a3625fb5f4f4ffde70173ea31e1843 /source3/rpc_parse
parentac33cc9ca328d42e75817aff34ab570339f732fe (diff)
downloadsamba-0d3097c135e382f3540b2bb0fef0497af16d7344.tar.gz
samba-0d3097c135e382f3540b2bb0fef0497af16d7344.tar.bz2
samba-0d3097c135e382f3540b2bb0fef0497af16d7344.zip
This fixes net rpc vampire when talking to win2k (<sp3). win2k sends
back a different sized blob of encrypted password data then we were expecting. There's an extra 32 bytes of unknown stuff. (This used to be commit 285952fd626b02362fb6732f90c5a3ce0d2d5ae0)
Diffstat (limited to 'source3/rpc_parse')
-rw-r--r--source3/rpc_parse/parse_net.c6
-rw-r--r--source3/rpc_parse/parse_prs.c8
2 files changed, 7 insertions, 7 deletions
diff --git a/source3/rpc_parse/parse_net.c b/source3/rpc_parse/parse_net.c
index 2c99d54b1b..7d04eace23 100644
--- a/source3/rpc_parse/parse_net.c
+++ b/source3/rpc_parse/parse_net.c
@@ -2129,12 +2129,12 @@ static BOOL net_io_sam_account_info(const char *desc, uint8 sess_key[16],
if (!prs_uint32("pwd_len", ps, depth, &len))
return False;
old_offset = ps->data_offset;
- if (len == 0x44)
+ if (len > 0)
{
if (ps->io)
{
/* reading */
- if (!prs_hash1(ps, ps->data_offset, sess_key))
+ if (!prs_hash1(ps, ps->data_offset, sess_key, len))
return False;
}
if (!net_io_sam_passwd_info("pass", &info->pass,
@@ -2144,7 +2144,7 @@ static BOOL net_io_sam_account_info(const char *desc, uint8 sess_key[16],
if (!ps->io)
{
/* writing */
- if (!prs_hash1(ps, old_offset, sess_key))
+ if (!prs_hash1(ps, old_offset, sess_key, len))
return False;
}
}
diff --git a/source3/rpc_parse/parse_prs.c b/source3/rpc_parse/parse_prs.c
index e0a75d7382..88150c718b 100644
--- a/source3/rpc_parse/parse_prs.c
+++ b/source3/rpc_parse/parse_prs.c
@@ -1316,7 +1316,7 @@ int tdb_prs_fetch(TDB_CONTEXT *tdb, char *keystr, prs_struct *ps, TALLOC_CTX *me
/*******************************************************************
hash a stream.
********************************************************************/
-BOOL prs_hash1(prs_struct *ps, uint32 offset, uint8 sess_key[16])
+BOOL prs_hash1(prs_struct *ps, uint32 offset, uint8 sess_key[16], int len)
{
char *q;
@@ -1326,12 +1326,12 @@ BOOL prs_hash1(prs_struct *ps, uint32 offset, uint8 sess_key[16])
#ifdef DEBUG_PASSWORD
DEBUG(100, ("prs_hash1\n"));
dump_data(100, sess_key, 16);
- dump_data(100, q, 68);
+ dump_data(100, q, len);
#endif
- SamOEMhash((uchar *) q, sess_key, 68);
+ SamOEMhash((uchar *) q, sess_key, len);
#ifdef DEBUG_PASSWORD
- dump_data(100, q, 68);
+ dump_data(100, q, len);
#endif
return True;