summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/proto.h3
-rw-r--r--source3/libsmb/smbencrypt.c9
-rw-r--r--source3/passdb/passdb.c1
-rw-r--r--source3/rpc_parse/parse_lsa.c8
-rw-r--r--source3/rpc_parse/parse_net.c29
-rw-r--r--source3/rpc_parse/parse_prs.c12
-rw-r--r--source3/rpc_parse/parse_samr.c68
-rw-r--r--source3/rpc_server/srv_lsa.c4
-rw-r--r--source3/rpc_server/srv_samr.c14
9 files changed, 97 insertions, 51 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h
index e3d574de21..f52bff2ce0 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -868,7 +868,7 @@ void SMBOWFencrypt(uchar passwd[16], uchar *c8, uchar p24[24]);
void NTLMSSPOWFencrypt(uchar passwd[8], uchar *ntlmchalresp, uchar p24[24]);
void SMBNTencrypt(uchar *passwd, uchar *c8, uchar *p24);
BOOL make_oem_passwd_hash(char data[516], const char *passwd, uchar old_pw_hash[16], BOOL unicode);
-BOOL decode_pw_buffer(const char buffer[516], char *new_pwrd,
+BOOL decode_pw_buffer(char buffer[516], char *new_pwrd,
int new_pwrd_size, uint32 *new_pw_len);
/*The following definitions come from libsmb/smberr.c */
@@ -2385,6 +2385,7 @@ BOOL prs_append_some_prs_data(prs_struct *dst, prs_struct *src, int32 start, uin
BOOL prs_append_data(prs_struct *dst, char *src, uint32 len);
void prs_set_bigendian_data(prs_struct *ps);
BOOL prs_align(prs_struct *ps);
+BOOL prs_align_needed(prs_struct *ps, uint32 needed);
char *prs_mem_get(prs_struct *ps, uint32 extra_size);
void prs_switch_type(prs_struct *ps, BOOL io);
void prs_force_dynamic(prs_struct *ps);
diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c
index 371e279ffd..858045dc02 100644
--- a/source3/libsmb/smbencrypt.c
+++ b/source3/libsmb/smbencrypt.c
@@ -108,9 +108,9 @@ void E_md4hash(uchar *passwd, uchar *p16)
/* Does both the NT and LM owfs of a user's password */
void nt_lm_owf_gen(char *pwd, uchar nt_p16[16], uchar p16[16])
{
- char passwd[130];
+ char passwd[514];
- memset(passwd,'\0',130);
+ memset(passwd,'\0',514);
safe_strcpy( passwd, pwd, sizeof(passwd)-1);
/* Calculate the MD4 hash (NT compatible) of the password */
@@ -231,7 +231,7 @@ BOOL make_oem_passwd_hash(char data[516], const char *passwd, uchar old_pw_hash[
/***********************************************************
decode a password buffer
************************************************************/
-BOOL decode_pw_buffer(const char buffer[516], char *new_pwrd,
+BOOL decode_pw_buffer(char buffer[516], char *new_pwrd,
int new_pwrd_size, uint32 *new_pw_len)
{
int uni_pw_len=0;
@@ -243,6 +243,7 @@ BOOL decode_pw_buffer(const char buffer[516], char *new_pwrd,
If you reuse that code somewhere else check first.
*/
+ ZERO_STRUCTP(new_pwrd);
/*
* The length of the new password is in the last 4 bytes of
@@ -263,7 +264,7 @@ BOOL decode_pw_buffer(const char buffer[516], char *new_pwrd,
uni_pw_len = *new_pw_len;
*new_pw_len /= 2;
pw = dos_unistrn2((uint16 *)(&buffer[512 - uni_pw_len]), uni_pw_len);
- memcpy(new_pwrd, pw, *new_pw_len + 1);
+ memcpy(new_pwrd, pw, *new_pw_len);
#ifdef DEBUG_PASSWORD
dump_data(100, new_pwrd, (*new_pw_len));
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 8b2deb4af8..bfb3d09dfd 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -664,7 +664,6 @@ void copy_id21_to_sam_passwd(struct sam_passwd *to, SAM_USER_INFO_21 *from)
void copy_sam_passwd(struct sam_passwd *to, const struct sam_passwd *from)
{
static fstring smb_name="";
- static fstring unix_name="";
static fstring full_name="";
static fstring home_dir="";
static fstring dir_drive="";
diff --git a/source3/rpc_parse/parse_lsa.c b/source3/rpc_parse/parse_lsa.c
index f214fd38be..5a266cbbda 100644
--- a/source3/rpc_parse/parse_lsa.c
+++ b/source3/rpc_parse/parse_lsa.c
@@ -34,7 +34,7 @@ static BOOL lsa_io_trans_names(char *desc, LSA_TRANS_NAME_ENUM *trn, prs_struct
void init_lsa_trans_name(LSA_TRANS_NAME *trn, UNISTR2 *uni_name,
uint16 sid_name_use, char *name, uint32 idx)
{
- int len_name = strlen(name);
+ int len_name = strlen(name)+1;
if(len_name == 0)
len_name = 1;
@@ -359,7 +359,7 @@ void init_q_open_pol2(LSA_Q_OPEN_POL2 *r_q, char *server_name,
if (qos == NULL)
r_q->des_access = desired_access;
- init_unistr2(&r_q->uni_server_name, server_name, strlen(server_name));
+ init_unistr2(&r_q->uni_server_name, server_name, strlen(server_name)+1);
init_lsa_obj_attr(&r_q->attr, attributes, qos);
}
@@ -549,7 +549,7 @@ void init_r_enum_trust_dom(LSA_R_ENUM_TRUST_DOM *r_e,
r_e->enum_context = enum_context;
if (status == 0) {
- int len_domain_name = strlen(domain_name);
+ int len_domain_name = strlen(domain_name)+1;
r_e->num_domains = 1;
r_e->ptr_enum_domains = 1;
@@ -872,7 +872,7 @@ void init_q_lookup_names(LSA_Q_LOOKUP_NAMES *q_l, POLICY_HND *hnd,
for (i = 0; i < num_names; i++) {
char* name = names[i];
- int len = strlen(name);
+ int len = strlen(name)+1;
init_uni_hdr(&q_l->hdr_name[i], len);
init_unistr2(&q_l->uni_name[i], name, len);
}
diff --git a/source3/rpc_parse/parse_net.c b/source3/rpc_parse/parse_net.c
index 098a5ca98c..0d8f33f9cb 100644
--- a/source3/rpc_parse/parse_net.c
+++ b/source3/rpc_parse/parse_net.c
@@ -336,13 +336,38 @@ void init_r_trust_dom(NET_R_TRUST_DOM_LIST *r_t,
BOOL net_io_r_trust_dom(char *desc, NET_R_TRUST_DOM_LIST *r_t, prs_struct *ps, int depth)
{
- int i;
+ uint32 value;
+
if (r_t == NULL)
return False;
prs_debug(ps, depth, desc, "net_io_r_trust_dom");
depth++;
+ /* temporary code to give a valid response */
+ value=2;
+ if(!prs_uint32("status", ps, depth, &value))
+ return False;
+
+ value=1;
+ if(!prs_uint32("status", ps, depth, &value))
+ return False;
+ value=2;
+ if(!prs_uint32("status", ps, depth, &value))
+ return False;
+
+ value=0;
+ if(!prs_uint32("status", ps, depth, &value))
+ return False;
+
+ value=0;
+ if(!prs_uint32("status", ps, depth, &value))
+ return False;
+
+/* old non working code */
+#if 0
+ int i;
+
for (i = 0; i < MAX_TRUST_DOMS; i++) {
if (r_t->uni_trust_dom_name[i].uni_str_len == 0)
break;
@@ -352,7 +377,7 @@ BOOL net_io_r_trust_dom(char *desc, NET_R_TRUST_DOM_LIST *r_t, prs_struct *ps, i
if(!prs_uint32("status", ps, depth, &r_t->status))
return False;
-
+#endif
return True;
}
diff --git a/source3/rpc_parse/parse_prs.c b/source3/rpc_parse/parse_prs.c
index 401efaadc6..659f8e42bd 100644
--- a/source3/rpc_parse/parse_prs.c
+++ b/source3/rpc_parse/parse_prs.c
@@ -411,6 +411,18 @@ BOOL prs_align(prs_struct *ps)
}
/*******************************************************************
+ Align only if required (for the unistr2 string mainly)
+ ********************************************************************/
+
+BOOL prs_align_needed(prs_struct *ps, uint32 needed)
+{
+ if (needed==0)
+ return True;
+ else
+ return prs_align(ps);
+}
+
+/*******************************************************************
Ensure we can read/write to a given offset.
********************************************************************/
diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c
index af205441f6..6ce20fbefc 100644
--- a/source3/rpc_parse/parse_samr.c
+++ b/source3/rpc_parse/parse_samr.c
@@ -364,8 +364,8 @@ static BOOL sam_io_unk_info1(char *desc, SAM_UNK_INFO_1 *u_1, prs_struct *ps, in
void init_unk_info2(SAM_UNK_INFO_2 *u_2, char *domain, char *server)
{
- int len_domain = strlen(domain);
- int len_server = strlen(server);
+ int len_domain = strlen(domain)+1;
+ int len_server = strlen(server)+1;
u_2->unknown_0 = 0x00000000;
u_2->unknown_1 = 0x80000000;
@@ -2025,8 +2025,8 @@ void init_samr_r_query_aliasinfo(SAMR_R_QUERY_ALIASINFO *r_u, uint32 switch_leve
if(r_u == NULL)
return;
- alias_len = alias?strlen(alias):0;
- alias_desc_len = alias_desc?strlen(alias_desc):0;
+ alias_len = alias?strlen(alias)+1:0;
+ alias_desc_len = alias_desc?strlen(alias_desc)+1:0;
DEBUG(5,("init_samr_r_query_aliasinfo\n"));
@@ -2462,7 +2462,7 @@ void init_samr_r_lookup_rids(SAMR_R_LOOKUP_RIDS *r_u,
SMB_ASSERT_ARRAY(r_u->hdr_als_name, num_aliases);
for (i = 0; i < num_aliases; i++) {
- int als_len = als_name[i] != NULL ? strlen(als_name[i]) : 0;
+ int als_len = als_name[i] != NULL ? strlen(als_name[i])+1 : 0;
init_uni_hdr(&r_u->hdr_als_name[i], als_len);
init_unistr2(&r_u->uni_als_name[i], als_name[i], als_len);
r_u->num_als_usrs[i] = num_als_usrs[i];
@@ -2842,7 +2842,7 @@ void init_sam_user_info11(SAM_USER_INFO_11 *usr,
DEBUG(5,("init_sam_user_info11\n"));
- len_mach_acct = strlen(mach_acct);
+ len_mach_acct = strlen(mach_acct)+1;
memcpy(&usr->expiry,expiry, sizeof(usr->expiry)); /* expiry time or something? */
memset((char *)usr->padding_1, '\0', sizeof(usr->padding_1)); /* 0 - padding 24 bytes */
@@ -2990,16 +2990,16 @@ void init_sam_user_info21(SAM_USER_INFO_21 *usr,
uint32 unknown_5,
uint32 unknown_6)
{
- int len_user_name = user_name != NULL ? strlen(user_name ) : 0;
- int len_full_name = full_name != NULL ? strlen(full_name ) : 0;
- int len_home_dir = home_dir != NULL ? strlen(home_dir ) : 0;
- int len_dir_drive = dir_drive != NULL ? strlen(dir_drive ) : 0;
- int len_logon_script = logon_script != NULL ? strlen(logon_script) : 0;
- int len_profile_path = profile_path != NULL ? strlen(profile_path) : 0;
- int len_description = description != NULL ? strlen(description ) : 0;
- int len_workstations = workstations != NULL ? strlen(workstations) : 0;
- int len_unknown_str = unknown_str != NULL ? strlen(unknown_str ) : 0;
- int len_munged_dial = munged_dial != NULL ? strlen(munged_dial ) : 0;
+ int len_user_name = user_name != NULL ? strlen(user_name )+1 : 0;
+ int len_full_name = full_name != NULL ? strlen(full_name )+1 : 0;
+ int len_home_dir = home_dir != NULL ? strlen(home_dir )+1 : 0;
+ int len_dir_drive = dir_drive != NULL ? strlen(dir_drive )+1 : 0;
+ int len_logon_script = logon_script != NULL ? strlen(logon_script)+1 : 0;
+ int len_profile_path = profile_path != NULL ? strlen(profile_path)+1 : 0;
+ int len_description = description != NULL ? strlen(description )+1 : 0;
+ int len_workstations = workstations != NULL ? strlen(workstations)+1 : 0;
+ int len_unknown_str = unknown_str != NULL ? strlen(unknown_str )+1 : 0;
+ int len_munged_dial = munged_dial != NULL ? strlen(munged_dial )+1 : 0;
usr->logon_time = *logon_time;
usr->logoff_time = *logoff_time;
@@ -3623,7 +3623,7 @@ void init_samr_q_unknown_13(SAMR_Q_UNKNOWN_13 *q_c,
********************************************************************/
void init_samr_q_unknown_38(SAMR_Q_UNKNOWN_38 *q_u, char *srv_name)
{
- int len_srv_name = strlen(srv_name);
+ int len_srv_name = strlen(srv_name)+1;
DEBUG(5,("init_q_unknown_38\n"));
@@ -3785,8 +3785,8 @@ void init_samr_q_chgpasswd_user(SAMR_Q_CHGPASSWD_USER *q_u,
char nt_newpass[516], uchar nt_oldhash[16],
char lm_newpass[516], uchar lm_oldhash[16])
{
- int len_dest_host = strlen(dest_host);
- int len_user_name = strlen(user_name);
+ int len_dest_host = strlen(dest_host)+1;
+ int len_user_name = strlen(user_name)+1;
DEBUG(5,("init_samr_q_chgpasswd_user\n"));
@@ -4003,8 +4003,8 @@ BOOL init_samr_r_enum_domains(SAMR_R_ENUM_DOMAINS * r_u,
if(r_u->status == 0)
for(i=0;i<num_sam_entries;i++) /* only two domains to send */
{
- init_unistr2(&r_u->uni_dom_name[i],domains[i], strlen(domains[i]));
- init_sam_entry(&(r_u->sam[i]), strlen(domains[i]), 0);
+ init_unistr2(&r_u->uni_dom_name[i],domains[i], strlen(domains[i])+1);
+ init_sam_entry(&(r_u->sam[i]), strlen(domains[i])+1, 0);
}
else
{
@@ -4206,49 +4206,51 @@ static BOOL sam_io_user_info23(char *desc, SAM_USER_INFO_23 *usr, prs_struct *ps
/* here begins pointed-to data */
+ if(!prs_align_needed(ps, usr->hdr_user_name.buffer))
+ return False;
if(!smb_io_unistr2("uni_user_name", &usr->uni_user_name, usr->hdr_user_name.buffer, ps, depth)) /* username unicode string */
return False;
- if(!prs_align(ps))
+ if(!prs_align_needed(ps, usr->hdr_full_name.buffer))
return False;
if(!smb_io_unistr2("uni_full_name", &usr->uni_full_name, usr->hdr_full_name.buffer, ps, depth)) /* user's full name unicode string */
return False;
- if(!prs_align(ps))
+ if(!prs_align_needed(ps, usr->hdr_home_dir.buffer))
return False;
if(!smb_io_unistr2("uni_home_dir", &usr->uni_home_dir, usr->hdr_home_dir.buffer, ps, depth)) /* home directory unicode string */
return False;
- if(!prs_align(ps))
+ if(!prs_align_needed(ps, usr->hdr_dir_drive.buffer))
return False;
if(!smb_io_unistr2("uni_dir_drive", &usr->uni_dir_drive, usr->hdr_dir_drive.buffer, ps, depth)) /* home directory drive unicode string */
return False;
- if(!prs_align(ps))
+ if(!prs_align_needed(ps, usr->hdr_logon_script.buffer))
return False;
if(!smb_io_unistr2("uni_logon_script", &usr->uni_logon_script, usr->hdr_logon_script.buffer, ps, depth)) /* logon script unicode string */
return False;
- if(!prs_align(ps))
+ if(!prs_align_needed(ps, usr->hdr_profile_path.buffer))
return False;
if(!smb_io_unistr2("uni_profile_path", &usr->uni_profile_path, usr->hdr_profile_path.buffer, ps, depth)) /* profile path unicode string */
return False;
- if(!prs_align(ps))
+ if(!prs_align_needed(ps, usr->hdr_acct_desc.buffer))
return False;
if(!smb_io_unistr2("uni_acct_desc", &usr->uni_acct_desc, usr->hdr_acct_desc.buffer, ps, depth)) /* user desc unicode string */
return False;
- if(!prs_align(ps))
+ if(!prs_align_needed(ps, usr->hdr_workstations.buffer))
return False;
if(!smb_io_unistr2("uni_workstations", &usr->uni_workstations, usr->hdr_workstations.buffer, ps, depth)) /* worksations user can log on from */
return False;
- if(!prs_align(ps))
+ if(!prs_align_needed(ps, usr->hdr_unknown_str.buffer))
return False;
if(!smb_io_unistr2("uni_unknown_str", &usr->uni_unknown_str, usr->hdr_unknown_str.buffer, ps, depth)) /* unknown string */
return False;
- if(!prs_align(ps))
+ if(!prs_align_needed(ps, usr->hdr_munged_dial.buffer))
return False;
if(!smb_io_unistr2("uni_munged_dial", &usr->uni_munged_dial, usr->hdr_munged_dial.buffer, ps, depth)) /* worksations user can log on from */
return False;
- if(!prs_align(ps))
- return False;
/* ok, this is only guess-work (as usual) */
if (usr->unknown_5 != 0x0) {
+ if(!prs_align(ps))
+ return False;
if(!prs_uint32("unknown_6", ps, depth, &usr->unknown_6))
return False;
if(!prs_uint32("padding4", ps, depth, &usr->padding4))
@@ -4259,6 +4261,8 @@ static BOOL sam_io_user_info23(char *desc, SAM_USER_INFO_23 *usr, prs_struct *ps
}
if (usr->ptr_logon_hrs) {
+ if(!prs_align(ps))
+ return False;
if(!sam_io_logon_hrs("logon_hrs", &usr->logon_hrs, ps, depth))
return False;
}
diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c
index 9c3d785627..2e12f00bb6 100644
--- a/source3/rpc_server/srv_lsa.c
+++ b/source3/rpc_server/srv_lsa.c
@@ -88,7 +88,7 @@ Init dom_query
static void init_dom_query(DOM_QUERY *d_q, char *dom_name, DOM_SID *dom_sid)
{
- int domlen = (dom_name != NULL) ? strlen(dom_name) : 0;
+ int domlen = (dom_name != NULL) ? strlen(dom_name)+1 : 0;
d_q->uni_dom_max_len = domlen * 2;
d_q->uni_dom_str_len = domlen * 2;
@@ -183,7 +183,7 @@ static int init_dom_ref(DOM_R_REF *ref, char *dom_name, DOM_SID *dom_sid)
ref->max_entries = MAX_REF_DOMAINS;
ref->num_ref_doms_2 = num+1;
- len = (dom_name != NULL) ? strlen(dom_name) : 0;
+ len = (dom_name != NULL) ? strlen(dom_name)+1 : 0;
if(dom_name != NULL && len == 0)
len = 1;
diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c
index 84ac1ae004..72a86c8d80 100644
--- a/source3/rpc_server/srv_samr.c
+++ b/source3/rpc_server/srv_samr.c
@@ -71,7 +71,7 @@ static BOOL get_sampwd_entries(SAM_USER_INFO_21 *pw_buf,
continue;
}
- user_name_len = strlen(pwd->smb_name);
+ user_name_len = strlen(pwd->smb_name)+1;
init_unistr2(&(pw_buf[(*num_entries)].uni_user_name), pwd->smb_name, user_name_len);
init_uni_hdr(&(pw_buf[(*num_entries)].hdr_user_name), user_name_len);
pw_buf[(*num_entries)].user_rid = pwd->user_rid;
@@ -688,7 +688,7 @@ static BOOL samr_reply_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS *q_u,
got_grps = True;
num_entries = 1;
ZERO_STRUCTP(&pass[0]);
- init_unistr2(&(pass[0].uni_user_name), dummy_group, strlen(dummy_group));
+ init_unistr2(&(pass[0].uni_user_name), dummy_group, strlen(dummy_group)+1);
pass[0].user_rid = DOMAIN_GROUP_RID_ADMINS;
if (r_e.status == 0 && got_grps)
@@ -758,7 +758,7 @@ static BOOL samr_reply_enum_dom_aliases(SAMR_Q_ENUM_DOM_ALIASES *q_u,
char *name;
while (num_entries < MAX_SAM_ENTRIES && ((name = builtin_alias_rids[num_entries].name) != NULL))
{
- init_unistr2(&(pass[num_entries].uni_user_name), name, strlen(name));
+ init_unistr2(&(pass[num_entries].uni_user_name), name, strlen(name)+1);
pass[num_entries].user_rid = builtin_alias_rids[num_entries].rid;
num_entries++;
}
@@ -786,7 +786,7 @@ static BOOL samr_reply_enum_dom_aliases(SAMR_Q_ENUM_DOM_ALIASES *q_u,
continue;
}
- init_unistr2(&(pass[num_entries].uni_user_name), name, strlen(name));
+ init_unistr2(&(pass[num_entries].uni_user_name), name, strlen(name)+1);
pass[num_entries].user_rid = pdb_gid_to_group_rid(grp->gr_gid);
num_entries++;
}
@@ -2121,7 +2121,7 @@ static BOOL api_samr_enum_domains(pipes_struct *p)
ZERO_STRUCT(q_u);
ZERO_STRUCT(r_u);
- fstrcpy(dom[0],global_myname);
+ fstrcpy(dom[0],global_myworkgroup);
fstrcpy(dom[1],"Builtin");
if(!samr_io_q_enum_domains("", &q_u, data, 0)) {
@@ -2376,9 +2376,12 @@ static BOOL set_user_info_24(const SAM_USER_INFO_24 *id24, uint32 rid)
pdb_init_sam(&new_pwd);
copy_sam_passwd(&new_pwd, pwd);
+ memset(buf, 0, sizeof(buf));
+
if (!decode_pw_buffer((const char *)id24->pass, buf, 256, &len))
return False;
+DEBUG(0,("set_user_info_24:nt_lm_owf_gen\n"));
nt_lm_owf_gen(buf, nt_hash, lm_hash);
new_pwd.smb_passwd = lm_hash;
@@ -2390,6 +2393,7 @@ static BOOL set_user_info_24(const SAM_USER_INFO_24 *id24, uint32 rid)
return False;
memset(buf, 0, sizeof(buf));
+DEBUG(0,("set_user_info_24:mod_sam21pwd_entry\n"));
/* update the SAMBA password */
if(!mod_sam21pwd_entry(&new_pwd, True))