diff options
| -rw-r--r-- | source3/include/proto.h | 3 | ||||
| -rw-r--r-- | source3/libsmb/smbencrypt.c | 9 | ||||
| -rw-r--r-- | source3/passdb/passdb.c | 1 | ||||
| -rw-r--r-- | source3/rpc_parse/parse_lsa.c | 8 | ||||
| -rw-r--r-- | source3/rpc_parse/parse_net.c | 29 | ||||
| -rw-r--r-- | source3/rpc_parse/parse_prs.c | 12 | ||||
| -rw-r--r-- | source3/rpc_parse/parse_samr.c | 68 | ||||
| -rw-r--r-- | source3/rpc_server/srv_lsa.c | 4 | ||||
| -rw-r--r-- | source3/rpc_server/srv_samr.c | 14 |
9 files changed, 97 insertions, 51 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h index e3d574de21..f52bff2ce0 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -868,7 +868,7 @@ void SMBOWFencrypt(uchar passwd[16], uchar *c8, uchar p24[24]); void NTLMSSPOWFencrypt(uchar passwd[8], uchar *ntlmchalresp, uchar p24[24]); void SMBNTencrypt(uchar *passwd, uchar *c8, uchar *p24); BOOL make_oem_passwd_hash(char data[516], const char *passwd, uchar old_pw_hash[16], BOOL unicode); -BOOL decode_pw_buffer(const char buffer[516], char *new_pwrd, +BOOL decode_pw_buffer(char buffer[516], char *new_pwrd, int new_pwrd_size, uint32 *new_pw_len); /*The following definitions come from libsmb/smberr.c */ @@ -2385,6 +2385,7 @@ BOOL prs_append_some_prs_data(prs_struct *dst, prs_struct *src, int32 start, uin BOOL prs_append_data(prs_struct *dst, char *src, uint32 len); void prs_set_bigendian_data(prs_struct *ps); BOOL prs_align(prs_struct *ps); +BOOL prs_align_needed(prs_struct *ps, uint32 needed); char *prs_mem_get(prs_struct *ps, uint32 extra_size); void prs_switch_type(prs_struct *ps, BOOL io); void prs_force_dynamic(prs_struct *ps); diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c index 371e279ffd..858045dc02 100644 --- a/source3/libsmb/smbencrypt.c +++ b/source3/libsmb/smbencrypt.c @@ -108,9 +108,9 @@ void E_md4hash(uchar *passwd, uchar *p16) /* Does both the NT and LM owfs of a user's password */ void nt_lm_owf_gen(char *pwd, uchar nt_p16[16], uchar p16[16]) { - char passwd[130]; + char passwd[514]; - memset(passwd,'\0',130); + memset(passwd,'\0',514); safe_strcpy( passwd, pwd, sizeof(passwd)-1); /* Calculate the MD4 hash (NT compatible) of the password */ @@ -231,7 +231,7 @@ BOOL make_oem_passwd_hash(char data[516], const char *passwd, uchar old_pw_hash[ /*********************************************************** decode a password buffer ************************************************************/ -BOOL decode_pw_buffer(const char buffer[516], char *new_pwrd, +BOOL decode_pw_buffer(char buffer[516], char *new_pwrd, int new_pwrd_size, uint32 *new_pw_len) { int uni_pw_len=0; @@ -243,6 +243,7 @@ BOOL decode_pw_buffer(const char buffer[516], char *new_pwrd, If you reuse that code somewhere else check first. */ + ZERO_STRUCTP(new_pwrd); /* * The length of the new password is in the last 4 bytes of @@ -263,7 +264,7 @@ BOOL decode_pw_buffer(const char buffer[516], char *new_pwrd, uni_pw_len = *new_pw_len; *new_pw_len /= 2; pw = dos_unistrn2((uint16 *)(&buffer[512 - uni_pw_len]), uni_pw_len); - memcpy(new_pwrd, pw, *new_pw_len + 1); + memcpy(new_pwrd, pw, *new_pw_len); #ifdef DEBUG_PASSWORD dump_data(100, new_pwrd, (*new_pw_len)); diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index 8b2deb4af8..bfb3d09dfd 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -664,7 +664,6 @@ void copy_id21_to_sam_passwd(struct sam_passwd *to, SAM_USER_INFO_21 *from) void copy_sam_passwd(struct sam_passwd *to, const struct sam_passwd *from) { static fstring smb_name=""; - static fstring unix_name=""; static fstring full_name=""; static fstring home_dir=""; static fstring dir_drive=""; diff --git a/source3/rpc_parse/parse_lsa.c b/source3/rpc_parse/parse_lsa.c index f214fd38be..5a266cbbda 100644 --- a/source3/rpc_parse/parse_lsa.c +++ b/source3/rpc_parse/parse_lsa.c @@ -34,7 +34,7 @@ static BOOL lsa_io_trans_names(char *desc, LSA_TRANS_NAME_ENUM *trn, prs_struct void init_lsa_trans_name(LSA_TRANS_NAME *trn, UNISTR2 *uni_name, uint16 sid_name_use, char *name, uint32 idx) { - int len_name = strlen(name); + int len_name = strlen(name)+1; if(len_name == 0) len_name = 1; @@ -359,7 +359,7 @@ void init_q_open_pol2(LSA_Q_OPEN_POL2 *r_q, char *server_name, if (qos == NULL) r_q->des_access = desired_access; - init_unistr2(&r_q->uni_server_name, server_name, strlen(server_name)); + init_unistr2(&r_q->uni_server_name, server_name, strlen(server_name)+1); init_lsa_obj_attr(&r_q->attr, attributes, qos); } @@ -549,7 +549,7 @@ void init_r_enum_trust_dom(LSA_R_ENUM_TRUST_DOM *r_e, r_e->enum_context = enum_context; if (status == 0) { - int len_domain_name = strlen(domain_name); + int len_domain_name = strlen(domain_name)+1; r_e->num_domains = 1; r_e->ptr_enum_domains = 1; @@ -872,7 +872,7 @@ void init_q_lookup_names(LSA_Q_LOOKUP_NAMES *q_l, POLICY_HND *hnd, for (i = 0; i < num_names; i++) { char* name = names[i]; - int len = strlen(name); + int len = strlen(name)+1; init_uni_hdr(&q_l->hdr_name[i], len); init_unistr2(&q_l->uni_name[i], name, len); } diff --git a/source3/rpc_parse/parse_net.c b/source3/rpc_parse/parse_net.c index 098a5ca98c..0d8f33f9cb 100644 --- a/source3/rpc_parse/parse_net.c +++ b/source3/rpc_parse/parse_net.c @@ -336,13 +336,38 @@ void init_r_trust_dom(NET_R_TRUST_DOM_LIST *r_t, BOOL net_io_r_trust_dom(char *desc, NET_R_TRUST_DOM_LIST *r_t, prs_struct *ps, int depth) { - int i; + uint32 value; + if (r_t == NULL) return False; prs_debug(ps, depth, desc, "net_io_r_trust_dom"); depth++; + /* temporary code to give a valid response */ + value=2; + if(!prs_uint32("status", ps, depth, &value)) + return False; + + value=1; + if(!prs_uint32("status", ps, depth, &value)) + return False; + value=2; + if(!prs_uint32("status", ps, depth, &value)) + return False; + + value=0; + if(!prs_uint32("status", ps, depth, &value)) + return False; + + value=0; + if(!prs_uint32("status", ps, depth, &value)) + return False; + +/* old non working code */ +#if 0 + int i; + for (i = 0; i < MAX_TRUST_DOMS; i++) { if (r_t->uni_trust_dom_name[i].uni_str_len == 0) break; @@ -352,7 +377,7 @@ BOOL net_io_r_trust_dom(char *desc, NET_R_TRUST_DOM_LIST *r_t, prs_struct *ps, i if(!prs_uint32("status", ps, depth, &r_t->status)) return False; - +#endif return True; } diff --git a/source3/rpc_parse/parse_prs.c b/source3/rpc_parse/parse_prs.c index 401efaadc6..659f8e42bd 100644 --- a/source3/rpc_parse/parse_prs.c +++ b/source3/rpc_parse/parse_prs.c @@ -411,6 +411,18 @@ BOOL prs_align(prs_struct *ps) } /******************************************************************* + Align only if required (for the unistr2 string mainly) + ********************************************************************/ + +BOOL prs_align_needed(prs_struct *ps, uint32 needed) +{ + if (needed==0) + return True; + else + return prs_align(ps); +} + +/******************************************************************* Ensure we can read/write to a given offset. ********************************************************************/ diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c index af205441f6..6ce20fbefc 100644 --- a/source3/rpc_parse/parse_samr.c +++ b/source3/rpc_parse/parse_samr.c @@ -364,8 +364,8 @@ static BOOL sam_io_unk_info1(char *desc, SAM_UNK_INFO_1 *u_1, prs_struct *ps, in void init_unk_info2(SAM_UNK_INFO_2 *u_2, char *domain, char *server) { - int len_domain = strlen(domain); - int len_server = strlen(server); + int len_domain = strlen(domain)+1; + int len_server = strlen(server)+1; u_2->unknown_0 = 0x00000000; u_2->unknown_1 = 0x80000000; @@ -2025,8 +2025,8 @@ void init_samr_r_query_aliasinfo(SAMR_R_QUERY_ALIASINFO *r_u, uint32 switch_leve if(r_u == NULL) return; - alias_len = alias?strlen(alias):0; - alias_desc_len = alias_desc?strlen(alias_desc):0; + alias_len = alias?strlen(alias)+1:0; + alias_desc_len = alias_desc?strlen(alias_desc)+1:0; DEBUG(5,("init_samr_r_query_aliasinfo\n")); @@ -2462,7 +2462,7 @@ void init_samr_r_lookup_rids(SAMR_R_LOOKUP_RIDS *r_u, SMB_ASSERT_ARRAY(r_u->hdr_als_name, num_aliases); for (i = 0; i < num_aliases; i++) { - int als_len = als_name[i] != NULL ? strlen(als_name[i]) : 0; + int als_len = als_name[i] != NULL ? strlen(als_name[i])+1 : 0; init_uni_hdr(&r_u->hdr_als_name[i], als_len); init_unistr2(&r_u->uni_als_name[i], als_name[i], als_len); r_u->num_als_usrs[i] = num_als_usrs[i]; @@ -2842,7 +2842,7 @@ void init_sam_user_info11(SAM_USER_INFO_11 *usr, DEBUG(5,("init_sam_user_info11\n")); - len_mach_acct = strlen(mach_acct); + len_mach_acct = strlen(mach_acct)+1; memcpy(&usr->expiry,expiry, sizeof(usr->expiry)); /* expiry time or something? */ memset((char *)usr->padding_1, '\0', sizeof(usr->padding_1)); /* 0 - padding 24 bytes */ @@ -2990,16 +2990,16 @@ void init_sam_user_info21(SAM_USER_INFO_21 *usr, uint32 unknown_5, uint32 unknown_6) { - int len_user_name = user_name != NULL ? strlen(user_name ) : 0; - int len_full_name = full_name != NULL ? strlen(full_name ) : 0; - int len_home_dir = home_dir != NULL ? strlen(home_dir ) : 0; - int len_dir_drive = dir_drive != NULL ? strlen(dir_drive ) : 0; - int len_logon_script = logon_script != NULL ? strlen(logon_script) : 0; - int len_profile_path = profile_path != NULL ? strlen(profile_path) : 0; - int len_description = description != NULL ? strlen(description ) : 0; - int len_workstations = workstations != NULL ? strlen(workstations) : 0; - int len_unknown_str = unknown_str != NULL ? strlen(unknown_str ) : 0; - int len_munged_dial = munged_dial != NULL ? strlen(munged_dial ) : 0; + int len_user_name = user_name != NULL ? strlen(user_name )+1 : 0; + int len_full_name = full_name != NULL ? strlen(full_name )+1 : 0; + int len_home_dir = home_dir != NULL ? strlen(home_dir )+1 : 0; + int len_dir_drive = dir_drive != NULL ? strlen(dir_drive )+1 : 0; + int len_logon_script = logon_script != NULL ? strlen(logon_script)+1 : 0; + int len_profile_path = profile_path != NULL ? strlen(profile_path)+1 : 0; + int len_description = description != NULL ? strlen(description )+1 : 0; + int len_workstations = workstations != NULL ? strlen(workstations)+1 : 0; + int len_unknown_str = unknown_str != NULL ? strlen(unknown_str )+1 : 0; + int len_munged_dial = munged_dial != NULL ? strlen(munged_dial )+1 : 0; usr->logon_time = *logon_time; usr->logoff_time = *logoff_time; @@ -3623,7 +3623,7 @@ void init_samr_q_unknown_13(SAMR_Q_UNKNOWN_13 *q_c, ********************************************************************/ void init_samr_q_unknown_38(SAMR_Q_UNKNOWN_38 *q_u, char *srv_name) { - int len_srv_name = strlen(srv_name); + int len_srv_name = strlen(srv_name)+1; DEBUG(5,("init_q_unknown_38\n")); @@ -3785,8 +3785,8 @@ void init_samr_q_chgpasswd_user(SAMR_Q_CHGPASSWD_USER *q_u, char nt_newpass[516], uchar nt_oldhash[16], char lm_newpass[516], uchar lm_oldhash[16]) { - int len_dest_host = strlen(dest_host); - int len_user_name = strlen(user_name); + int len_dest_host = strlen(dest_host)+1; + int len_user_name = strlen(user_name)+1; DEBUG(5,("init_samr_q_chgpasswd_user\n")); @@ -4003,8 +4003,8 @@ BOOL init_samr_r_enum_domains(SAMR_R_ENUM_DOMAINS * r_u, if(r_u->status == 0) for(i=0;i<num_sam_entries;i++) /* only two domains to send */ { - init_unistr2(&r_u->uni_dom_name[i],domains[i], strlen(domains[i])); - init_sam_entry(&(r_u->sam[i]), strlen(domains[i]), 0); + init_unistr2(&r_u->uni_dom_name[i],domains[i], strlen(domains[i])+1); + init_sam_entry(&(r_u->sam[i]), strlen(domains[i])+1, 0); } else { @@ -4206,49 +4206,51 @@ static BOOL sam_io_user_info23(char *desc, SAM_USER_INFO_23 *usr, prs_struct *ps /* here begins pointed-to data */ + if(!prs_align_needed(ps, usr->hdr_user_name.buffer)) + return False; if(!smb_io_unistr2("uni_user_name", &usr->uni_user_name, usr->hdr_user_name.buffer, ps, depth)) /* username unicode string */ return False; - if(!prs_align(ps)) + if(!prs_align_needed(ps, usr->hdr_full_name.buffer)) return False; if(!smb_io_unistr2("uni_full_name", &usr->uni_full_name, usr->hdr_full_name.buffer, ps, depth)) /* user's full name unicode string */ return False; - if(!prs_align(ps)) + if(!prs_align_needed(ps, usr->hdr_home_dir.buffer)) return False; if(!smb_io_unistr2("uni_home_dir", &usr->uni_home_dir, usr->hdr_home_dir.buffer, ps, depth)) /* home directory unicode string */ return False; - if(!prs_align(ps)) + if(!prs_align_needed(ps, usr->hdr_dir_drive.buffer)) return False; if(!smb_io_unistr2("uni_dir_drive", &usr->uni_dir_drive, usr->hdr_dir_drive.buffer, ps, depth)) /* home directory drive unicode string */ return False; - if(!prs_align(ps)) + if(!prs_align_needed(ps, usr->hdr_logon_script.buffer)) return False; if(!smb_io_unistr2("uni_logon_script", &usr->uni_logon_script, usr->hdr_logon_script.buffer, ps, depth)) /* logon script unicode string */ return False; - if(!prs_align(ps)) + if(!prs_align_needed(ps, usr->hdr_profile_path.buffer)) return False; if(!smb_io_unistr2("uni_profile_path", &usr->uni_profile_path, usr->hdr_profile_path.buffer, ps, depth)) /* profile path unicode string */ return False; - if(!prs_align(ps)) + if(!prs_align_needed(ps, usr->hdr_acct_desc.buffer)) return False; if(!smb_io_unistr2("uni_acct_desc", &usr->uni_acct_desc, usr->hdr_acct_desc.buffer, ps, depth)) /* user desc unicode string */ return False; - if(!prs_align(ps)) + if(!prs_align_needed(ps, usr->hdr_workstations.buffer)) return False; if(!smb_io_unistr2("uni_workstations", &usr->uni_workstations, usr->hdr_workstations.buffer, ps, depth)) /* worksations user can log on from */ return False; - if(!prs_align(ps)) + if(!prs_align_needed(ps, usr->hdr_unknown_str.buffer)) return False; if(!smb_io_unistr2("uni_unknown_str", &usr->uni_unknown_str, usr->hdr_unknown_str.buffer, ps, depth)) /* unknown string */ return False; - if(!prs_align(ps)) + if(!prs_align_needed(ps, usr->hdr_munged_dial.buffer)) return False; if(!smb_io_unistr2("uni_munged_dial", &usr->uni_munged_dial, usr->hdr_munged_dial.buffer, ps, depth)) /* worksations user can log on from */ return False; - if(!prs_align(ps)) - return False; /* ok, this is only guess-work (as usual) */ if (usr->unknown_5 != 0x0) { + if(!prs_align(ps)) + return False; if(!prs_uint32("unknown_6", ps, depth, &usr->unknown_6)) return False; if(!prs_uint32("padding4", ps, depth, &usr->padding4)) @@ -4259,6 +4261,8 @@ static BOOL sam_io_user_info23(char *desc, SAM_USER_INFO_23 *usr, prs_struct *ps } if (usr->ptr_logon_hrs) { + if(!prs_align(ps)) + return False; if(!sam_io_logon_hrs("logon_hrs", &usr->logon_hrs, ps, depth)) return False; } diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c index 9c3d785627..2e12f00bb6 100644 --- a/source3/rpc_server/srv_lsa.c +++ b/source3/rpc_server/srv_lsa.c @@ -88,7 +88,7 @@ Init dom_query static void init_dom_query(DOM_QUERY *d_q, char *dom_name, DOM_SID *dom_sid) { - int domlen = (dom_name != NULL) ? strlen(dom_name) : 0; + int domlen = (dom_name != NULL) ? strlen(dom_name)+1 : 0; d_q->uni_dom_max_len = domlen * 2; d_q->uni_dom_str_len = domlen * 2; @@ -183,7 +183,7 @@ static int init_dom_ref(DOM_R_REF *ref, char *dom_name, DOM_SID *dom_sid) ref->max_entries = MAX_REF_DOMAINS; ref->num_ref_doms_2 = num+1; - len = (dom_name != NULL) ? strlen(dom_name) : 0; + len = (dom_name != NULL) ? strlen(dom_name)+1 : 0; if(dom_name != NULL && len == 0) len = 1; diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c index 84ac1ae004..72a86c8d80 100644 --- a/source3/rpc_server/srv_samr.c +++ b/source3/rpc_server/srv_samr.c @@ -71,7 +71,7 @@ static BOOL get_sampwd_entries(SAM_USER_INFO_21 *pw_buf, continue; } - user_name_len = strlen(pwd->smb_name); + user_name_len = strlen(pwd->smb_name)+1; init_unistr2(&(pw_buf[(*num_entries)].uni_user_name), pwd->smb_name, user_name_len); init_uni_hdr(&(pw_buf[(*num_entries)].hdr_user_name), user_name_len); pw_buf[(*num_entries)].user_rid = pwd->user_rid; @@ -688,7 +688,7 @@ static BOOL samr_reply_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS *q_u, got_grps = True; num_entries = 1; ZERO_STRUCTP(&pass[0]); - init_unistr2(&(pass[0].uni_user_name), dummy_group, strlen(dummy_group)); + init_unistr2(&(pass[0].uni_user_name), dummy_group, strlen(dummy_group)+1); pass[0].user_rid = DOMAIN_GROUP_RID_ADMINS; if (r_e.status == 0 && got_grps) @@ -758,7 +758,7 @@ static BOOL samr_reply_enum_dom_aliases(SAMR_Q_ENUM_DOM_ALIASES *q_u, char *name; while (num_entries < MAX_SAM_ENTRIES && ((name = builtin_alias_rids[num_entries].name) != NULL)) { - init_unistr2(&(pass[num_entries].uni_user_name), name, strlen(name)); + init_unistr2(&(pass[num_entries].uni_user_name), name, strlen(name)+1); pass[num_entries].user_rid = builtin_alias_rids[num_entries].rid; num_entries++; } @@ -786,7 +786,7 @@ static BOOL samr_reply_enum_dom_aliases(SAMR_Q_ENUM_DOM_ALIASES *q_u, continue; } - init_unistr2(&(pass[num_entries].uni_user_name), name, strlen(name)); + init_unistr2(&(pass[num_entries].uni_user_name), name, strlen(name)+1); pass[num_entries].user_rid = pdb_gid_to_group_rid(grp->gr_gid); num_entries++; } @@ -2121,7 +2121,7 @@ static BOOL api_samr_enum_domains(pipes_struct *p) ZERO_STRUCT(q_u); ZERO_STRUCT(r_u); - fstrcpy(dom[0],global_myname); + fstrcpy(dom[0],global_myworkgroup); fstrcpy(dom[1],"Builtin"); if(!samr_io_q_enum_domains("", &q_u, data, 0)) { @@ -2376,9 +2376,12 @@ static BOOL set_user_info_24(const SAM_USER_INFO_24 *id24, uint32 rid) pdb_init_sam(&new_pwd); copy_sam_passwd(&new_pwd, pwd); + memset(buf, 0, sizeof(buf)); + if (!decode_pw_buffer((const char *)id24->pass, buf, 256, &len)) return False; +DEBUG(0,("set_user_info_24:nt_lm_owf_gen\n")); nt_lm_owf_gen(buf, nt_hash, lm_hash); new_pwd.smb_passwd = lm_hash; @@ -2390,6 +2393,7 @@ static BOOL set_user_info_24(const SAM_USER_INFO_24 *id24, uint32 rid) return False; memset(buf, 0, sizeof(buf)); +DEBUG(0,("set_user_info_24:mod_sam21pwd_entry\n")); /* update the SAMBA password */ if(!mod_sam21pwd_entry(&new_pwd, True)) |