summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/byteorder.h4
-rw-r--r--source3/include/proto.h8
-rw-r--r--source3/include/smb.h7
-rw-r--r--source3/libsmb/credentials.c68
-rw-r--r--source3/pipenetlog.c39
-rw-r--r--source3/pipentlsa.c9
-rw-r--r--source3/pipeutil.c7
-rw-r--r--source3/smbparse.c8
8 files changed, 72 insertions, 78 deletions
diff --git a/source3/include/byteorder.h b/source3/include/byteorder.h
index a6f826b518..06337b91a2 100644
--- a/source3/include/byteorder.h
+++ b/source3/include/byteorder.h
@@ -220,10 +220,10 @@ it also defines lots of intermediate macros, just ignore those :-)
#define DBG_RW_SVAL(string,depth,base,read,inbuf,outbuf) \
RW_SVAL(read,inbuf,outbuf,0) \
DEBUG(5,("%s%04x %s: %04x\n", \
- tab_depth(depth), PTR_DIFF(inbuf,base),string, *(inbuf)));
+ tab_depth(depth), PTR_DIFF(inbuf,base),string, *((uint16*)(inbuf))));
#define DBG_RW_IVAL(string,depth,base,read,inbuf,outbuf) \
RW_IVAL(read,inbuf,outbuf,0) \
DEBUG(5,("%s%04x %s: %08x\n", \
- tab_depth(depth), PTR_DIFF(inbuf,base),string, *(inbuf)));
+ tab_depth(depth), PTR_DIFF(inbuf,base),string, *((uint32*)(inbuf))));
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 324431e2b3..ca60239412 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -63,10 +63,10 @@ int tar_parseargs(int argc, char *argv[], char *Optarg, int Optind);
/*The following definitions come from credentials.c */
void cred_session_key(DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal, char *pass,
- char *session_key);
-void cred_create(char *session_key, DOM_CHAL *stored_cred, UTIME timestamp,
+ uint32 session_key[2]);
+void cred_create(uint32 session_key[2], DOM_CHAL *stor_cred, UTIME timestamp,
DOM_CHAL *cred);
-int cred_assert(DOM_CHAL *cred, char *session_key, DOM_CHAL *stored_cred,
+int cred_assert(DOM_CHAL *cred, uint32 session_key[2], DOM_CHAL *stored_cred,
UTIME timestamp);
/*The following definitions come from dir.c */
@@ -665,7 +665,7 @@ int make_rpc_reply(char *inbuf, char *q, int data_len);
void make_uni_hdr(UNIHDR *hdr, int max_len, int len, uint16 terminate);
void make_uni_hdr2(UNIHDR2 *hdr, int max_len, int len, uint16 terminate);
void make_unistr(UNISTR *str, char *buf);
-void make_unistr2(UNISTR2 *str, char *buf, int len, char terminate);
+void make_unistr2(UNISTR2 *str, char *buf, int len);
void make_dom_rid2(DOM_RID2 *rid2, uint32 rid);
void make_dom_sid2(DOM_SID2 *sid2, char *sid_str);
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 58dfc141bd..8e34b06359 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -394,7 +394,7 @@ typedef struct log_info
/* DOM_CHAL - challenge info */
typedef struct chal_info
{
- uint8 data[8]; /* credentials */
+ uint32 data[2]; /* credentials */
} DOM_CHAL;
@@ -492,7 +492,6 @@ typedef struct rpc_hdr_info
typedef struct dom_query_info
{
uint16 uni_dom_max_len; /* domain name string length * 2 */
- uint16 padding; /* 2 padding bytes? */
uint16 uni_dom_str_len; /* domain name string length * 2 */
uint32 buffer_dom_name; /* undocumented domain name string buffer pointer */
uint32 buffer_dom_sid; /* undocumented domain SID string buffer pointer */
@@ -1018,8 +1017,8 @@ struct dcinfo
DOM_CHAL clnt_cred; /* Last client credential */
DOM_CHAL srv_cred; /* Last server credential */
- char sess_key[8]; /* Session key */
- uchar md4pw[16]; /* md4(machine password) */
+ uint32 sess_key[2]; /* Session key */
+ uchar md4pw[16]; /* md4(machine password) */
};
typedef struct
diff --git a/source3/libsmb/credentials.c b/source3/libsmb/credentials.c
index 3355ab1704..07816bc0cf 100644
--- a/source3/libsmb/credentials.c
+++ b/source3/libsmb/credentials.c
@@ -31,11 +31,12 @@ Output:
8 byte session key
****************************************************************************/
void cred_session_key(DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal, char *pass,
- char *session_key)
+ uint32 session_key[2])
{
uint32 sum[2];
char sum2[8];
char buf[8];
+ char netsesskey[8];
sum[0] = IVAL(clnt_chal->data, 0) + IVAL(srv_chal->data, 0);
sum[1] = IVAL(clnt_chal->data, 4) + IVAL(srv_chal->data, 4);
@@ -44,22 +45,18 @@ void cred_session_key(DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal, char *pass,
SIVAL(sum2,4,sum[1]);
smbhash(pass , sum2, buf);
- smbhash(pass+9, buf , session_key);
+ smbhash(pass+9, buf , netsesskey);
- /* debug output*/
- DEBUG(4,("cred_session_key\n"));
-
- DEBUG(5,(" clnt_chal: "));
- dump_data(5, clnt_chal->data, 8);
+ session_key[0] = IVAL(netsesskey, 0);
+ session_key[1] = IVAL(netsesskey, 4);
- DEBUG(5,(" srv_chal: "));
- dump_data(5, srv_chal->data, 8);
-
- DEBUG(5,(" clnt_chal+srv_chal: "));
- dump_data(5, sum2, 8);
+ /* debug output */
+ DEBUG(4,("cred_session_key\n"));
- DEBUG(5,(" session_key: "));
- dump_data(5, session_key, 16);
+ DEBUG(5,(" clnt_chal: %lx %lx\n", clnt_chal->data[0], clnt_chal->data[1]));
+ DEBUG(5,(" srv_chal : %lx %lx\n", srv_chal ->data[0], srv_chal ->data[1]));
+ DEBUG(5,(" clnt+srv : %lx %lx\n", sum [0], sum [1]));
+ DEBUG(5,(" sess_key : %lx %lx\n", session_key [0], session_key [1]));
}
@@ -74,35 +71,36 @@ Input:
Output:
8 byte credential
****************************************************************************/
-void cred_create(char *session_key, DOM_CHAL *stored_cred, UTIME timestamp,
+void cred_create(uint32 session_key[2], DOM_CHAL *stor_cred, UTIME timestamp,
DOM_CHAL *cred)
{
char key2[7];
char buf[8];
+ char calc_cred[8];
char timecred[8];
+ char netsesskey[8];
+
+ SIVAL(netsesskey, 0, session_key[0]);
+ SIVAL(netsesskey, 4, session_key[1]);
- memcpy(timecred, stored_cred->data, 8);
- SIVAL(timecred, 0, IVAL(stored_cred, 0) + timestamp.time);
+ SIVAL(timecred, 0, IVAL(stor_cred, 0) + timestamp.time);
+ SIVAL(timecred, 4, IVAL(stor_cred, 4));
- smbhash(session_key, timecred, buf);
+ smbhash(netsesskey, timecred, buf);
memset(key2, 0, 7);
- key2[0] = session_key[7];
- smbhash(key2, buf, cred->data);
+ key2[0] = netsesskey[7];
+ smbhash(key2, buf, calc_cred);
+
+ cred->data[0] = IVAL(calc_cred, 0);
+ cred->data[1] = IVAL(calc_cred, 4);
/* debug output*/
DEBUG(4,("cred_create\n"));
- DEBUG(5,(" session_key: "));
- dump_data(5, session_key, 16);
-
- DEBUG(5,(" stored_cred: "));
- dump_data(5, stored_cred->data, 8);
-
- DEBUG(5,(" timecred: "));
- dump_data(5, timecred, 8);
-
- DEBUG(5,(" cred: "));
- dump_data(5, cred->data, 8);
+ DEBUG(5,(" sess_key : %lx %lx\n", session_key [0], session_key [1]));
+ DEBUG(5,(" stor_cred: %lx %lx\n", stor_cred->data[0], stor_cred->data[1]));
+ DEBUG(5,(" timecred : %lx %lx\n", IVAL(timecred, 0), IVAL(timecred, 4)));
+ DEBUG(5,(" calc_cred: %lx %lx\n", cred ->data[0], cred ->data[1]));
}
@@ -119,7 +117,7 @@ Output:
returns 1 if computed credential matches received credential
returns 0 otherwise
****************************************************************************/
-int cred_assert(DOM_CHAL *cred, char *session_key, DOM_CHAL *stored_cred,
+int cred_assert(DOM_CHAL *cred, uint32 session_key[2], DOM_CHAL *stored_cred,
UTIME timestamp)
{
DOM_CHAL cred2;
@@ -129,11 +127,9 @@ int cred_assert(DOM_CHAL *cred, char *session_key, DOM_CHAL *stored_cred,
/* debug output*/
DEBUG(4,("cred_assert\n"));
+ DEBUG(5,(" challenge : %lx %lx\n", cred->data[0], cred->data[1]));
+ DEBUG(5,(" calculated: %lx %lx\n", cred2.data[0], cred2.data[1]));
DEBUG(5,(" challenge: "));
- dump_data(5, cred->data, 8);
-
- DEBUG(5,(" calculated: "));
- dump_data(5, cred2.data, 8);
return memcmp(cred->data, cred2.data, 8) == 0;
}
diff --git a/source3/pipenetlog.c b/source3/pipenetlog.c
index 861bae3809..acb7f806b9 100644
--- a/source3/pipenetlog.c
+++ b/source3/pipenetlog.c
@@ -200,12 +200,12 @@ static void make_lsa_user_info(LSA_USER_INFO *usr,
usr->num_other_sids = num_other_sids;
usr->buffer_other_sids = num_other_sids != 0 ? 1 : 0;
- make_unistr2(&(usr->uni_user_name ), user_name , len_user_name , 0);
- make_unistr2(&(usr->uni_full_name ), full_name , len_full_name , 0);
- make_unistr2(&(usr->uni_logon_script), logon_script, len_logon_script, 0);
- make_unistr2(&(usr->uni_profile_path), profile_path, len_profile_path, 0);
- make_unistr2(&(usr->uni_home_dir ), home_dir , len_home_dir , 0);
- make_unistr2(&(usr->uni_dir_drive ), dir_drive , len_dir_drive , 0);
+ make_unistr2(&(usr->uni_user_name ), user_name , len_user_name );
+ make_unistr2(&(usr->uni_full_name ), full_name , len_full_name );
+ make_unistr2(&(usr->uni_logon_script), logon_script, len_logon_script);
+ make_unistr2(&(usr->uni_profile_path), profile_path, len_profile_path);
+ make_unistr2(&(usr->uni_home_dir ), home_dir , len_home_dir );
+ make_unistr2(&(usr->uni_dir_drive ), dir_drive , len_dir_drive );
usr->num_groups2 = num_groups;
for (i = 0; i < num_groups; i++)
@@ -213,8 +213,8 @@ static void make_lsa_user_info(LSA_USER_INFO *usr,
usr->gids[i] = gids[i];
}
- make_unistr2(&(usr->uni_logon_srv), logon_srv, len_logon_srv, 0);
- make_unistr2(&(usr->uni_logon_dom), logon_dom, len_logon_dom, 0);
+ make_unistr2(&(usr->uni_logon_srv), logon_srv, len_logon_srv);
+ make_unistr2(&(usr->uni_logon_dom), logon_dom, len_logon_dom);
make_dom_sid(&(usr->dom_sid), dom_sid);
make_dom_sid(&(usr->other_sids[0]), other_sids);
@@ -304,11 +304,10 @@ static BOOL update_dcinfo(int cnum, uint16 vuid,
/* create a server challenge for the client */
/* PAXX: set these to random values. */
/* lkcl: paul, you mentioned that it doesn't really matter much */
- for (i = 0; i < 8; i++)
- {
- dc->srv_chal.data[i] = 0xA5;
- dc->srv_cred.data[i] = 0xA5;
- }
+ dc->srv_chal.data[0] = 0x11111111;
+ dc->srv_chal.data[1] = 0x11111111;
+ dc->srv_cred.data[0] = 0x11111111;
+ dc->srv_cred.data[1] = 0x11111111;
/* from client / server challenges and md4 password, generate sess key */
cred_session_key(&(dc->clnt_chal), &(dc->srv_chal),
@@ -335,8 +334,8 @@ static void api_lsa_req_chal( int cnum, uint16 vuid,
strcat(mach_acct, "$");
- DEBUG(6,("q_r.clnt_chal.data(%d) :", sizeof(q_r.clnt_chal.data)));
- dump_data(6, q_r.clnt_chal.data, 8);
+ DEBUG(6,("q_r.clnt_chal.data: %lx %lx\n",
+ q_r.clnt_chal.data[0], q_r.clnt_chal.data[1]));
update_dcinfo(cnum, vuid, &(vuser->dc), &(q_r.clnt_chal), mach_acct);
@@ -352,6 +351,7 @@ static void api_lsa_auth_2( user_struct *vuser,
{
LSA_Q_AUTH_2 q_a;
+ DOM_CHAL srv_cred;
UTIME srv_time;
srv_time.time = 0;
@@ -364,14 +364,15 @@ static void api_lsa_auth_2( user_struct *vuser,
&(vuser->dc.clnt_cred), srv_time);
/* create server challenge for inclusion in the reply */
- cred_create(vuser->dc.sess_key, &(vuser->dc.srv_cred), srv_time, &(vuser->dc.srv_chal));
+ cred_create(vuser->dc.sess_key, &(vuser->dc.srv_cred), srv_time, &srv_cred);
- /* update the client credentials (copy server challenge) for use next time */
- memcpy(vuser->dc.clnt_cred.data, vuser->dc.srv_chal.data, sizeof(vuser->dc.clnt_cred.data));
+ /* update the client credentials for use next time */
+ memcpy(vuser->dc.clnt_cred.data, &(srv_cred.data), sizeof(srv_cred.data));
+ memcpy(vuser->dc.srv_cred .data, &(srv_cred.data), sizeof(srv_cred.data));
/* construct reply. */
*rdata_len = lsa_reply_auth_2(&q_a, *rdata + 0x18, *rdata,
- &(vuser->dc.srv_chal), 0x0);
+ &srv_cred, 0x0);
}
diff --git a/source3/pipentlsa.c b/source3/pipentlsa.c
index 55deffabd6..9a57b6df9b 100644
--- a/source3/pipentlsa.c
+++ b/source3/pipentlsa.c
@@ -59,14 +59,13 @@ static void make_dom_query(DOM_QUERY *d_q, char *dom_name, char *dom_sid)
int domlen = strlen(dom_name);
d_q->uni_dom_max_len = domlen * 2;
- d_q->padding = 0;
d_q->uni_dom_str_len = domlen * 2;
- d_q->buffer_dom_name = 0; /* domain buffer pointer */
- d_q->buffer_dom_sid = 0; /* domain sid pointer */
+ d_q->buffer_dom_name = 1; /* domain buffer pointer */
+ d_q->buffer_dom_sid = 1; /* domain sid pointer */
- /* NOT null-terminated: 4-terminated instead! */
- make_unistr2(&(d_q->uni_domain_name), dom_name, domlen, 4);
+ /* this string is supposed to be character short */
+ make_unistr2(&(d_q->uni_domain_name), dom_name, domlen);
make_dom_sid(&(d_q->dom_sid), dom_sid);
}
diff --git a/source3/pipeutil.c b/source3/pipeutil.c
index ce3f1535c4..b9201f3c95 100644
--- a/source3/pipeutil.c
+++ b/source3/pipeutil.c
@@ -180,18 +180,15 @@ void make_unistr(UNISTR *str, char *buf)
PutUniCode((char *)(str->buffer), buf);
}
-void make_unistr2(UNISTR2 *str, char *buf, int len, char terminate)
+void make_unistr2(UNISTR2 *str, char *buf, int len)
{
/* set up string lengths. add one if string is not null-terminated */
- str->uni_max_len = len + (terminate != 0 ? 1 : 0);
+ str->uni_max_len = len;
str->undoc = 0;
str->uni_str_len = len;
/* store the string (null-terminated copy) */
PutUniCode((char *)str->buffer, buf);
-
- /* overwrite the last character: some strings are terminated with 4 not 0 */
- str->buffer[len] = (uint16)terminate;
}
void make_dom_rid2(DOM_RID2 *rid2, uint32 rid)
diff --git a/source3/smbparse.c b/source3/smbparse.c
index ba3e073e5f..39200f5351 100644
--- a/source3/smbparse.c
+++ b/source3/smbparse.c
@@ -73,6 +73,7 @@ char* smb_io_dom_sid(BOOL io, DOM_SID *sid, char *q, char *base, int align, int
q = align_offset(q, base, align);
+ DBG_RW_CVAL("num_auths ", depth, base, io, q, sid->num_auths); q++;
DBG_RW_CVAL("sid_no ", depth, base, io, q, sid->sid_no); q++;
DBG_RW_CVAL("num_auths ", depth, base, io, q, sid->num_auths); q++;
@@ -279,8 +280,11 @@ char* smb_io_chal(BOOL io, DOM_CHAL *chal, char *q, char *base, int align, int d
q = align_offset(q, base, align);
+ DBG_RW_IVAL("data[0]", depth, base, io, q, chal->data[0]); q += 4;
+ DBG_RW_IVAL("data[1]", depth, base, io, q, chal->data[1]); q += 4;
+/*
DBG_RW_PCVAL("data", depth, base, io, q, chal->data, 8); q += 8;
-
+*/
return q;
}
@@ -510,9 +514,7 @@ char* smb_io_dom_query(BOOL io, DOM_QUERY *d_q, char *q, char *base, int align,
q = align_offset(q, base, align);
-
DBG_RW_SVAL("uni_dom_max_len", depth, base, io, q, d_q->uni_dom_max_len); q += 2; /* domain name string length * 2 */
- DBG_RW_SVAL("padding ", depth, base, io, q, d_q->padding ); q += 2; /* 2 padding bytes */
DBG_RW_SVAL("uni_dom_str_len", depth, base, io, q, d_q->uni_dom_str_len); q += 2; /* domain name string length * 2 */
DBG_RW_IVAL("buffer_dom_name", depth, base, io, q, d_q->buffer_dom_name); q += 4; /* undocumented domain name string buffer pointer */