summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2003-03-14 23:06:06 +0000
committerGerald Carter <jerry@samba.org>2003-03-14 23:06:06 +0000
commit128e7edaaf7cf6ed590c8b7260303520f7b773a0 (patch)
treed64e7c2ee7379a9b4315d058fd5c3d575ce3f289 /source3
parenta3d7a1ea200a84aea77b67f9ed1cb6c4ae48442f (diff)
downloadsamba-128e7edaaf7cf6ed590c8b7260303520f7b773a0.tar.gz
samba-128e7edaaf7cf6ed590c8b7260303520f7b773a0.tar.bz2
samba-128e7edaaf7cf6ed590c8b7260303520f7b773a0.zip
fix WinXP & Win2K3 remote_arch and check pointer in ntlmssp code before dereferencing
(This used to be commit 7bc5fc729f67ae16e09ea67efa9e2b8e2ba41c8f)
Diffstat (limited to 'source3')
-rw-r--r--source3/Makefile.in5
-rw-r--r--source3/lib/util.c16
-rw-r--r--source3/smbd/sesssetup.c39
3 files changed, 39 insertions, 21 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in
index b7b0430b78..a198298102 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -85,6 +85,7 @@ PIDDIR = @piddir@
# man pages language(s)
man_langs = "@manlangs@"
+LIBSMBCLIENT=bin/libsmbclient.a @LIBSMBCLIENT_SHARED@
LIBSMBCLIENT_MAJOR=0
LIBSMBCLIENT_MINOR=1
@@ -869,7 +870,7 @@ bin/libbigballofmud.@SHLIBEXT@: $(LIBBIGBALLOFMUD_PICOBJS)
$(SHLD) $(LDSHFLAGS) -o $@ $(LIBBIGBALLOFMUD_PICOBJS) $(LIBS) \
@SONAMEFLAG@`basename $@`.$(LIBBIGBALLOFMUD_MAJOR)
-libsmbclient: bin/libsmbclient.a @LIBSMBCLIENT_SHARED@
+libsmbclient: $(LIBSMBCLIENT)
bin/librpc_lsarpc.@SHLIBEXT@: $(RPC_LSA_OBJ)
@echo "Linking $@"
@@ -1098,7 +1099,7 @@ TOPFILES=dynconfig.o dynconfig.po
clean: delheaders python_clean
-rm -f core */*~ *~ */*.o */*.po */*.po32 */*.@SHLIBEXT@ \
- $(TOPFILES) $(BIN_PROGS) $(SBIN_PROGS) $(VFS_MODULES) $(PDB_MODULES) $(RPC_MODULES) $(TORTURE_PROGS) .headers.stamp
+ $(TOPFILES) $(BIN_PROGS) $(SBIN_PROGS) $(VFS_MODULES) $(PDB_MODULES) $(RPC_MODULES) $(TORTURE_PROGS) .headers.stamp $(LIBSMBCLIENT)
# Making this target will just make sure that the prototype files
# exist, not necessarily that they are up to date. Since they're
diff --git a/source3/lib/util.c b/source3/lib/util.c
index 8d62db5ebb..77ffa70a47 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -1741,6 +1741,22 @@ BOOL is_myworkgroup(const char *s)
}
/*******************************************************************
+ we distinguish between 2K and XP by the "Native Lan Manager" string
+ WinXP => "Windows 2002 5.1"
+ Win2k => "Windows 2000 5.0"
+ NT4 => "Windows NT 4.0"
+ Win9x => "Windows 4.0"
+********************************************************************/
+
+void ra_lanman_string( const char *native_lanman )
+{
+ if ( 0 == strcmp( native_lanman, "Windows 2002 5.1" ) )
+ set_remote_arch( RA_WINXP );
+ else if ( 0 == strcmp( native_lanman, "Windows .NET 5.2" ) )
+ set_remote_arch( RA_WIN2K3 );
+}
+
+/*******************************************************************
Set the horrid remote_arch string based on an enum.
********************************************************************/
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 7e28592eeb..7f125de583 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -372,8 +372,10 @@ static int reply_spnego_auth(connection_struct *conn, char *inbuf, char *outbuf,
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
- nt_status = auth_ntlmssp_update(global_ntlmssp_state,
- auth, &auth_reply);
+ if ( global_ntlmssp_state ) {
+ nt_status = auth_ntlmssp_update(global_ntlmssp_state,
+ auth, &auth_reply);
+ }
data_blob_free(&auth);
@@ -398,6 +400,10 @@ static int reply_sesssetup_and_X_spnego(connection_struct *conn, char *inbuf,
DATA_BLOB blob1;
int ret;
size_t bufrem;
+ fstring native_os, native_lanman;
+ char *p2;
+ uint16 data_blob_len = SVAL(inbuf, smb_vwv7);
+ enum remote_arch_types ra_type = get_remote_arch();
DEBUG(3,("Doing spnego session setup\n"));
@@ -407,19 +413,27 @@ static int reply_sesssetup_and_X_spnego(connection_struct *conn, char *inbuf,
p = (uint8 *)smb_buf(inbuf);
- if (SVAL(inbuf, smb_vwv7) == 0) {
+ if (data_blob_len == 0) {
/* an invalid request */
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
bufrem = smb_bufrem(inbuf, p);
/* pull the spnego blob */
- blob1 = data_blob(p, MIN(bufrem, SVAL(inbuf, smb_vwv7)));
+ blob1 = data_blob(p, MIN(bufrem, data_blob_len));
#if 0
file_save("negotiate.dat", blob1.data, blob1.length);
#endif
+ p2 = inbuf + smb_vwv13 + data_blob_len;
+ p2 += srvstr_pull_buf(inbuf, native_os, p2, sizeof(native_os), STR_TERMINATE);
+ p2 += srvstr_pull_buf(inbuf, native_lanman, p2, sizeof(native_lanman), STR_TERMINATE);
+ DEBUG(3,("NativeOS=[%s] NativeLanMan=[%s]\n", native_os, native_lanman));
+
+ if ( ra_type == RA_WIN2K )
+ ra_lanman_string( native_lanman );
+
if (blob1.data[0] == ASN1_APPLICATION(0)) {
/* its a negTokenTarg packet */
ret = reply_spnego_negotiate(conn, inbuf, outbuf, length, bufsize, blob1);
@@ -582,21 +596,8 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,
DEBUG(3,("Domain=[%s] NativeOS=[%s] NativeLanMan=[%s]\n",
domain,native_os,native_lanman));
- /*
- * we distinguish between 2K and XP by the "Native Lan Manager" string
- * WinXP => "Windows 2002 5.1"
- * Win2k => "Windows 2000 5.0"
- * NT4 => "Windows NT 4.0"
- * Win9x => "Windows 4.0"
- */
-
- if ( ra_type == RA_WIN2K ) {
- if ( 0 == strcmp( native_lanman, "Windows 2002 5.1" ) )
- set_remote_arch( RA_WINXP );
- else if ( 0 == strcmp( native_lanman, "Windows .NET 5.2" ) )
- set_remote_arch( RA_WIN2K3 );
- }
-
+ if ( ra_type == RA_WIN2K )
+ ra_lanman_string( native_lanman );
}