some updates to the process logon code to reflect lukes latest

research plus some cleanups
(This used to be commit 1682faa1b0e95fc5acdf9b10da80a6515f8772cd)

1 files changed, 38 insertions, 20 deletions

diff --git a/source3/nmbd/nmbd_processlogon.c b/source3/nmbd/nmbd_processlogon.c
index a0e747648c..60dc816ee1 100644
--- a/source3/nmbd/nmbd_processlogon.c
+++ b/source3/nmbd/nmbd_processlogon.c
@@ -115,18 +115,21 @@ logons are not enabled.\n", inet_ntoa(p->ip) ));
       char *machine = q;
 
       getdc = skip_string(machine,1);
-      unicomp = skip_string(getdc,1);
+      q = skip_string(getdc,1);
+      q = align2(q, buf);
 
       /* at this point we can work out if this is a W9X or NT style
          request. Experiments show that the difference is wether the
          packet ends here. For a W9X request we now end with a pair of
          bytes (usually 0xFE 0xFF) whereas with NT we have two further
          strings - the following is a simple way of detecting this */
-      if (len - PTR_DIFF(unicomp, buf) <= 3) {
+      if (len - PTR_DIFF(q, buf) <= 3) {
 	      short_request = True;
       } else {
+	      unicomp = q;
+
 	      /* A full length (NT style) request */
-	      q = skip_unicode_string(unicomp, 1);
+	      q = skip_unibuf(unicomp, PTR_DIFF(buf + len, unicomp));
 
 	      if (len - PTR_DIFF(q, buf) > 8) {
 					/* with NT5 clients we can sometimes
@@ -162,9 +165,9 @@ logons are not enabled.\n", inet_ntoa(p->ip) ));
         q += dos_PutUniCode(q, my_name, sizeof(pstring), True); /* PDC name */
         q += dos_PutUniCode(q, global_myworkgroup,sizeof(pstring), True); /* Domain name*/
 
-        SIVAL(q, 0, ntversion);
-        SSVAL(q, 4, lmnttoken);
-        SSVAL(q, 6, lm20token);
+        SIVAL(q, 0, 1); /* our nt version */
+        SSVAL(q, 4, 0xffff); /* our lmnttoken */
+        SSVAL(q, 6, 0xffff); /* our lm20token */
         q += 8;
       }
 
@@ -194,19 +197,35 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n",
 
       q += 2;
       unicomp = q;
-      uniuser = skip_unicode_string(unicomp,1);
-      getdc = skip_unicode_string(uniuser,1);
+      uniuser = skip_unibuf(unicomp, PTR_DIFF(buf+len, unicomp));
+      getdc = skip_unibuf(uniuser,PTR_DIFF(buf+len, uniuser));
       q = skip_string(getdc,1);
       q += 4;
       domainsidsize = IVAL(q, 0);
       q += 4;
       q += domainsidsize + 3;
+
+      if (domainsidsize != 0) {
+	      q += domainsidsize;
+	      q = align4(q, buf);
+      }
+      if (len - PTR_DIFF(q, buf) > 8) {
+	      /* with NT5 clients we can sometimes
+		 get additional data - a length specificed string
+		 containing the domain name, then 16 bytes of
+		 data (no idea what it is) */
+	      int dom_len = CVAL(q, 0);
+	      q++;
+	      if (dom_len != 0) {
+		      q += dom_len + 1;
+	      }
+	      q += 16;
+      }
+
       ntversion = IVAL(q, 0);
-      q += 4;
-      lmnttoken = SVAL(q, 0);
-      q += 2;
-      lm20token = SVAL(q, 0);
-      q += 2;
+      lmnttoken = SVAL(q, 4);
+      lm20token = SVAL(q, 6);
+      q += 8;
 
       DEBUG(3,("process_logon_packet: SAMLOGON sidsize %d ntv %d\n", domainsidsize, ntversion));
 
@@ -238,15 +257,14 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n",
 
       q += dos_PutUniCode(q, reply_name,sizeof(pstring), True);
       unistrcpy(q, uniuser);
-      q = skip_unicode_string(q, 1); /* User name (workstation trust account) */
+      q = skip_unibuf(q, PTR_DIFF(buf+len, q)); /* User name (workstation trust account) */
       q += dos_PutUniCode(q, lp_workgroup(),sizeof(pstring), True);
 
-      SIVAL(q, 0, ntversion);
-      q += 4;
-      SSVAL(q, 0, lmnttoken);
-      q += 2;
-      SSVAL(q, 0, lm20token);
-      q += 2;
+      /* tell the client what version we are */
+      SIVAL(q, 0, 1); /* our ntversion */
+      SSVAL(q, 4, 0xffff); /* our lmnttoken */ 
+      SSVAL(q, 6, 0xffff); /* our lm20token */
+      q += 8;
 
       dump_data(4, outbuf, PTR_DIFF(q, outbuf));