summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/nmbd/nmbd_processlogon.c58
1 files changed, 38 insertions, 20 deletions
diff --git a/source3/nmbd/nmbd_processlogon.c b/source3/nmbd/nmbd_processlogon.c
index a0e747648c..60dc816ee1 100644
--- a/source3/nmbd/nmbd_processlogon.c
+++ b/source3/nmbd/nmbd_processlogon.c
@@ -115,18 +115,21 @@ logons are not enabled.\n", inet_ntoa(p->ip) ));
char *machine = q;
getdc = skip_string(machine,1);
- unicomp = skip_string(getdc,1);
+ q = skip_string(getdc,1);
+ q = align2(q, buf);
/* at this point we can work out if this is a W9X or NT style
request. Experiments show that the difference is wether the
packet ends here. For a W9X request we now end with a pair of
bytes (usually 0xFE 0xFF) whereas with NT we have two further
strings - the following is a simple way of detecting this */
- if (len - PTR_DIFF(unicomp, buf) <= 3) {
+ if (len - PTR_DIFF(q, buf) <= 3) {
short_request = True;
} else {
+ unicomp = q;
+
/* A full length (NT style) request */
- q = skip_unicode_string(unicomp, 1);
+ q = skip_unibuf(unicomp, PTR_DIFF(buf + len, unicomp));
if (len - PTR_DIFF(q, buf) > 8) {
/* with NT5 clients we can sometimes
@@ -162,9 +165,9 @@ logons are not enabled.\n", inet_ntoa(p->ip) ));
q += dos_PutUniCode(q, my_name, sizeof(pstring), True); /* PDC name */
q += dos_PutUniCode(q, global_myworkgroup,sizeof(pstring), True); /* Domain name*/
- SIVAL(q, 0, ntversion);
- SSVAL(q, 4, lmnttoken);
- SSVAL(q, 6, lm20token);
+ SIVAL(q, 0, 1); /* our nt version */
+ SSVAL(q, 4, 0xffff); /* our lmnttoken */
+ SSVAL(q, 6, 0xffff); /* our lm20token */
q += 8;
}
@@ -194,19 +197,35 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n",
q += 2;
unicomp = q;
- uniuser = skip_unicode_string(unicomp,1);
- getdc = skip_unicode_string(uniuser,1);
+ uniuser = skip_unibuf(unicomp, PTR_DIFF(buf+len, unicomp));
+ getdc = skip_unibuf(uniuser,PTR_DIFF(buf+len, uniuser));
q = skip_string(getdc,1);
q += 4;
domainsidsize = IVAL(q, 0);
q += 4;
q += domainsidsize + 3;
+
+ if (domainsidsize != 0) {
+ q += domainsidsize;
+ q = align4(q, buf);
+ }
+ if (len - PTR_DIFF(q, buf) > 8) {
+ /* with NT5 clients we can sometimes
+ get additional data - a length specificed string
+ containing the domain name, then 16 bytes of
+ data (no idea what it is) */
+ int dom_len = CVAL(q, 0);
+ q++;
+ if (dom_len != 0) {
+ q += dom_len + 1;
+ }
+ q += 16;
+ }
+
ntversion = IVAL(q, 0);
- q += 4;
- lmnttoken = SVAL(q, 0);
- q += 2;
- lm20token = SVAL(q, 0);
- q += 2;
+ lmnttoken = SVAL(q, 4);
+ lm20token = SVAL(q, 6);
+ q += 8;
DEBUG(3,("process_logon_packet: SAMLOGON sidsize %d ntv %d\n", domainsidsize, ntversion));
@@ -238,15 +257,14 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n",
q += dos_PutUniCode(q, reply_name,sizeof(pstring), True);
unistrcpy(q, uniuser);
- q = skip_unicode_string(q, 1); /* User name (workstation trust account) */
+ q = skip_unibuf(q, PTR_DIFF(buf+len, q)); /* User name (workstation trust account) */
q += dos_PutUniCode(q, lp_workgroup(),sizeof(pstring), True);
- SIVAL(q, 0, ntversion);
- q += 4;
- SSVAL(q, 0, lmnttoken);
- q += 2;
- SSVAL(q, 0, lm20token);
- q += 2;
+ /* tell the client what version we are */
+ SIVAL(q, 0, 1); /* our ntversion */
+ SSVAL(q, 4, 0xffff); /* our lmnttoken */
+ SSVAL(q, 6, 0xffff); /* our lm20token */
+ q += 8;
dump_data(4, outbuf, PTR_DIFF(q, outbuf));