summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/client.h101
-rw-r--r--source3/include/proto.h13
-rw-r--r--source3/include/rpc_dce.h9
-rw-r--r--source3/lib/membuffer.c13
-rw-r--r--source3/libsmb/clientgen.c44
-rw-r--r--source3/libsmb/pwd_cache.c20
-rw-r--r--source3/rpc_client/cli_pipe.c258
-rw-r--r--source3/rpc_client/cli_samr.c3
-rw-r--r--source3/rpc_parse/parse_rpc.c178
-rw-r--r--source3/rpc_server/srv_pipe_hnd.c26
-rw-r--r--source3/rpcclient/cmd_samr.c12
-rw-r--r--source3/rpcclient/rpcclient.c5
-rw-r--r--source3/smbwrapper/smbw.c2
-rw-r--r--source3/utils/torture.c6
14 files changed, 512 insertions, 178 deletions
diff --git a/source3/include/client.h b/source3/include/client.h
index 495780cbaa..44ac147665 100644
--- a/source3/include/client.h
+++ b/source3/include/client.h
@@ -72,54 +72,59 @@ struct pwd_info
};
struct cli_state {
- int fd;
- uint16 cnum;
- uint16 pid;
- uint16 mid;
- uint16 vuid;
- int protocol;
- int sec_mode;
- int rap_error;
- int privilages;
-
- fstring eff_name;
- fstring desthost;
- fstring user_name;
- fstring domain;
-
- fstring share;
- fstring dev;
- struct nmb_name called;
- struct nmb_name calling;
- fstring full_dest_host_name;
- struct in_addr dest_ip;
-
- struct pwd_info pwd;
- unsigned char cryptkey[8];
- uint32 sesskey;
- int serverzone;
- uint32 servertime;
- int readbraw_supported;
- int writebraw_supported;
- int timeout;
- int max_xmit;
- int max_mux;
- char *outbuf;
- char *inbuf;
- int bufsize;
- int initialised;
- int win95;
- uint32 capabilities;
- /*
- * Only used in NT domain calls.
- */
- uint32 nt_error; /* NT RPC error code. */
- uint16 nt_pipe_fnum; /* Pipe handle. */
- unsigned char sess_key[16]; /* Current session key. */
- DOM_CRED clnt_cred; /* Client credential. */
- fstring mach_acct; /* MYNAME$. */
- fstring srv_name_slash; /* \\remote server. */
- fstring clnt_name_slash; /* \\local client. */
+ int fd;
+ uint16 cnum;
+ uint16 pid;
+ uint16 mid;
+ uint16 vuid;
+ int protocol;
+ int sec_mode;
+ int rap_error;
+ int privilages;
+
+ fstring eff_name;
+ fstring desthost;
+ fstring user_name;
+ fstring domain;
+
+ fstring share;
+ fstring dev;
+ struct nmb_name called;
+ struct nmb_name calling;
+ fstring full_dest_host_name;
+ struct in_addr dest_ip;
+
+ struct pwd_info pwd;
+ unsigned char cryptkey[8];
+ uint32 sesskey;
+ int serverzone;
+ uint32 servertime;
+ int readbraw_supported;
+ int writebraw_supported;
+ int timeout;
+ int max_xmit;
+ int max_mux;
+ char *outbuf;
+ char *inbuf;
+ int bufsize;
+ int initialised;
+ int win95;
+ uint32 capabilities;
+
+ /*
+ * Only used in NT domain calls.
+ */
+
+ uint32 nt_error; /* NT RPC error code. */
+ uint16 nt_pipe_fnum; /* Pipe handle. */
+ unsigned char sess_key[16]; /* Current session key. */
+ unsigned char ntlmssp_hash[256]; /* ntlmssp data. */
+ uint32 ntlmssp_cli_flgs; /* ntlmssp client flags */
+ uint32 ntlmssp_srv_flgs; /* ntlmssp server flags */
+ DOM_CRED clnt_cred; /* Client credential. */
+ fstring mach_acct; /* MYNAME$. */
+ fstring srv_name_slash; /* \\remote server. */
+ fstring clnt_name_slash; /* \\local client. */
};
#endif /* _CLIENT_H */
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 1c31c1076b..4cf63d2797 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -390,7 +390,9 @@ BOOL cli_close(struct cli_state *cli, int fnum);
BOOL cli_lock(struct cli_state *cli, int fnum, uint32 offset, uint32 len, int timeout);
BOOL cli_unlock(struct cli_state *cli, int fnum, uint32 offset, uint32 len, int timeout);
size_t cli_read(struct cli_state *cli, int fnum, char *buf, off_t offset, size_t size);
-size_t cli_write(struct cli_state *cli, int fnum, char *buf, off_t offset, size_t size);
+size_t cli_write(struct cli_state *cli,
+ int fnum, uint16 write_mode,
+ char *buf, off_t offset, size_t size);
BOOL cli_getattrE(struct cli_state *cli, int fd,
uint32 *attr, size_t *size,
time_t *c_time, time_t *a_time, time_t *m_time);
@@ -1551,13 +1553,13 @@ void make_rpc_hdr_auth(RPC_HDR_AUTH *rai,
uint8 auth_type, uint8 auth_level,
uint8 stub_type_len);
void smb_io_rpc_hdr_auth(char *desc, RPC_HDR_AUTH *rai, prs_struct *ps, int depth);
+void make_rpc_auth_verifier(RPC_AUTH_VERIFIER *rav,
+ char *signature, uint32 msg_type);
+void smb_io_rpc_auth_verifier(char *desc, RPC_AUTH_VERIFIER *rav, prs_struct *ps, int depth);
void make_rpc_auth_ntlmssp_neg(RPC_AUTH_NTLMSSP_NEG *neg,
uint32 neg_flgs,
fstring myname, fstring domain);
void smb_io_rpc_auth_ntlmssp_neg(char *desc, RPC_AUTH_NTLMSSP_NEG *neg, prs_struct *ps, int depth);
-void make_rpc_auth_verifier(RPC_AUTH_VERIFIER *rav,
- char *signature, uint32 msg_type);
-void smb_io_rpc_auth_verifier(char *desc, RPC_AUTH_VERIFIER *rav, prs_struct *ps, int depth);
void make_rpc_auth_ntlmssp_chal(RPC_AUTH_NTLMSSP_CHAL *chl,
uint32 neg_flags,
uint8 challenge[8]);
@@ -1567,6 +1569,9 @@ void make_rpc_auth_ntlmssp_resp(RPC_AUTH_NTLMSSP_RESP *rsp,
char *domain, char *user, char *wks,
uint32 neg_flags);
void smb_io_rpc_auth_ntlmssp_resp(char *desc, RPC_AUTH_NTLMSSP_RESP *rsp, prs_struct *ps, int depth);
+void make_rpc_auth_ntlmssp_chk(RPC_AUTH_NTLMSSP_CHK *chk,
+ uint32 ver, uint32 crc32, uint32 seq_num);
+void smb_io_rpc_auth_ntlmssp_chk(char *desc, RPC_AUTH_NTLMSSP_CHK *chk, prs_struct *ps, int depth);
/*The following definitions come from rpc_parse/parse_samr.c */
diff --git a/source3/include/rpc_dce.h b/source3/include/rpc_dce.h
index fe5f809f0d..982ec1f52b 100644
--- a/source3/include/rpc_dce.h
+++ b/source3/include/rpc_dce.h
@@ -59,12 +59,18 @@ enum NTLM_MESSAGE_TYPE
#define NTLMSSP_NEGOTIATE_SEAL 0x00000020
#define NTLMSSP_NEGOTIATE_LM_KEY 0x00000080
#define NTLMSSP_NEGOTIATE_NTLM 0x00000200
+#define NTLMSSP_NEGOTIATE_00001000 0x00001000
+#define NTLMSSP_NEGOTIATE_00002000 0x00002000
#define NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0x00008000
#define NTLMSSP_NEGOTIATE_NTLM2 0x00080000
#define NTLMSSP_NEGOTIATE_TARGET_INFO 0x00800000
#define NTLMSSP_NEGOTIATE_128 0x20000000
#define NTLMSSP_NEGOTIATE_KEY_EXCH 0x40000000
+/* NTLMSSP signature version */
+#define NTLMSSP_SIGN_VERSION 0x01
+
+
/* RPC_IFACE */
typedef struct rpc_iface_info
{
@@ -271,7 +277,8 @@ typedef struct rpc_auth_ntlmssp_resp_info
typedef struct rpc_auth_ntlmssp_chk_info
{
uint32 ver; /* 0x0000 0001 */
- uint8 crc32[8]; /* checksum using 0xEDB8 8320 as a polynomial */
+ uint32 reserved;
+ uint32 crc32; /* checksum using 0xEDB8 8320 as a polynomial */
uint32 seq_num;
} RPC_AUTH_NTLMSSP_CHK;
diff --git a/source3/lib/membuffer.c b/source3/lib/membuffer.c
index 85f63e8c06..18e9fa9453 100644
--- a/source3/lib/membuffer.c
+++ b/source3/lib/membuffer.c
@@ -313,16 +313,19 @@ static BOOL mem_find(struct mem_buf **buf, uint32 offset)
while (f != NULL && offset >= f->offset.end)
{
- f = f->next;
-
DEBUG(200,("mem_find: next[%d..%d]\n",
- f->offset.start, f->offset.end));
+ f->offset.start, f->offset.end));
+
+ f = f->next;
}
(*buf) = f;
- DEBUG(200,("mem_find: found data[%d..%d]\n",
- (*buf)->offset.start,(*buf)->offset.end));
+ if (f != NULL)
+ {
+ DEBUG(200,("mem_find: found data[%d..%d]\n",
+ (*buf)->offset.start,(*buf)->offset.end));
+ }
return f != NULL;
}
diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index 8aa857df8a..5ae84f763b 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -1255,7 +1255,7 @@ size_t cli_read(struct cli_state *cli, int fnum, char *buf, off_t offset, size_t
/****************************************************************************
issue a single SMBwrite and don't wait for a reply
****************************************************************************/
-static void cli_issue_write(struct cli_state *cli, int fnum, off_t offset, char *buf,
+static void cli_issue_write(struct cli_state *cli, int fnum, off_t offset, uint16 mode, char *buf,
size_t size, int i)
{
char *p;
@@ -1272,6 +1272,8 @@ static void cli_issue_write(struct cli_state *cli, int fnum, off_t offset, char
CVAL(cli->outbuf,smb_vwv0) = 0xFF;
SSVAL(cli->outbuf,smb_vwv2,fnum);
SIVAL(cli->outbuf,smb_vwv3,offset);
+ SIVAL(cli->outbuf,smb_vwv5,IS_BITS_SET_ALL(mode, 0x0008) ? 0xFFFFFFFF : 0);
+ SSVAL(cli->outbuf,smb_vwv7,mode);
SSVAL(cli->outbuf,smb_vwv10,size);
SSVAL(cli->outbuf,smb_vwv11,
@@ -1282,13 +1284,20 @@ static void cli_issue_write(struct cli_state *cli, int fnum, off_t offset, char
SSVAL(cli->outbuf,smb_mid,cli->mid + i);
+ show_msg(cli->outbuf);
send_smb(cli->fd,cli->outbuf);
}
/****************************************************************************
write to a file
+ write_mode: 0x0001 disallow write cacheing
+ 0x0002 return bytes remaining
+ 0x0004 use raw named pipe protocol
+ 0x0008 start of message mode named pipe protocol
****************************************************************************/
-size_t cli_write(struct cli_state *cli, int fnum, char *buf, off_t offset, size_t size)
+size_t cli_write(struct cli_state *cli,
+ int fnum, uint16 write_mode,
+ char *buf, off_t offset, size_t size)
{
int total = -1;
int issued=0;
@@ -1305,7 +1314,9 @@ size_t cli_write(struct cli_state *cli, int fnum, char *buf, off_t offset, size_
while (issued - received < mpx && issued < blocks) {
int size1 = MIN(block, size-issued*block);
- cli_issue_write(cli, fnum, offset+issued*block, buf + issued*block,
+ cli_issue_write(cli, fnum, offset+issued*block,
+ write_mode,
+ buf + issued*block,
size1, issued);
issued++;
}
@@ -2226,9 +2237,12 @@ initialise a client structure
BOOL cli_initialise(struct cli_state *cli)
{
if (cli->initialised)
- cli_shutdown(cli);
+ {
+ cli_shutdown(cli);
+ }
memset(cli, 0, sizeof(*cli));
+
cli->fd = -1;
cli->cnum = -1;
cli->pid = (uint16)getpid();
@@ -2241,8 +2255,12 @@ BOOL cli_initialise(struct cli_state *cli)
cli->outbuf = (char *)malloc(cli->bufsize);
cli->inbuf = (char *)malloc(cli->bufsize);
if (!cli->outbuf || !cli->inbuf)
- return False;
+ {
+ return False;
+ }
+
cli->initialised = 1;
+
return True;
}
@@ -2252,9 +2270,13 @@ shutdown a client structure
void cli_shutdown(struct cli_state *cli)
{
if (cli->outbuf)
- free(cli->outbuf);
+ {
+ free(cli->outbuf);
+ }
if (cli->inbuf)
- free(cli->inbuf);
+ {
+ free(cli->inbuf);
+ }
#ifdef WITH_SSL
if (cli->fd != -1)
sslutil_disconnect(cli->fd);
@@ -2454,7 +2476,9 @@ BOOL cli_establish_connection(struct cli_state *cli,
{
DEBUG(1,("failed session setup\n"));
if (do_shutdown)
- cli_shutdown(cli);
+ {
+ cli_shutdown(cli);
+ }
return False;
}
if (do_tcon)
@@ -2464,7 +2488,9 @@ BOOL cli_establish_connection(struct cli_state *cli,
{
DEBUG(1,("failed tcon_X\n"));
if (do_shutdown)
- cli_shutdown(cli);
+ {
+ cli_shutdown(cli);
+ }
return False;
}
}
diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c
index 92eee015b3..c4c578cde6 100644
--- a/source3/libsmb/pwd_cache.c
+++ b/source3/libsmb/pwd_cache.c
@@ -168,8 +168,14 @@ void pwd_set_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16])
void pwd_get_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16])
{
pwd_deobfuscate(pwd);
- memcpy(lm_pwd, pwd->smb_lm_pwd, 16);
- memcpy(nt_pwd, pwd->smb_nt_pwd, 16);
+ if (lm_pwd != NULL)
+ {
+ memcpy(lm_pwd, pwd->smb_lm_pwd, 16);
+ }
+ if (nt_pwd != NULL)
+ {
+ memcpy(nt_pwd, pwd->smb_nt_pwd, 16);
+ }
pwd_obfuscate(pwd);
}
@@ -229,7 +235,13 @@ void pwd_make_lm_nt_owf(struct pwd_info *pwd, uchar cryptkey[8])
void pwd_get_lm_nt_owf(struct pwd_info *pwd, uchar lm_owf[24], uchar nt_owf[24])
{
pwd_deobfuscate(pwd);
- memcpy(lm_owf, pwd->smb_lm_owf, 24);
- memcpy(nt_owf, pwd->smb_nt_owf, 24);
+ if (lm_owf != NULL)
+ {
+ memcpy(lm_owf, pwd->smb_lm_owf, 24);
+ }
+ if (nt_owf != NULL)
+ {
+ memcpy(nt_owf, pwd->smb_nt_owf, 24);
+ }
pwd_obfuscate(pwd);
}
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 44440d9fba..f7060e0f71 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -286,12 +286,12 @@ static BOOL rpc_api_pipe(struct cli_state *cli, uint16 cmd,
- caller is expected to free the header data structure once used.
********************************************************************/
-
static BOOL create_rpc_bind_req(prs_struct *rhdr,
prs_struct *rhdr_rb,
prs_struct *rhdr_auth,
prs_struct *auth_req,
prs_struct *auth_ntlm,
+ uint32 call_id,
RPC_IFACE *abstract, RPC_IFACE *transfer,
char *my_name, char *domain)
{
@@ -303,7 +303,7 @@ static BOOL create_rpc_bind_req(prs_struct *rhdr,
/* create the bind request RPC_HDR_RB */
make_rpc_hdr_rb(&hdr_rb, 0x1630, 0x1630, 0x0,
- 0x1, 0x0, 0x1, abstract, transfer);
+ 0x1, 0x0, 0x1, abstract, transfer);
/* stream the bind request data */
smb_io_rpc_hdr_rb("", &hdr_rb, rhdr_rb, 0);
@@ -329,7 +329,7 @@ static BOOL create_rpc_bind_req(prs_struct *rhdr,
}
/* create the request RPC_HDR */
- make_rpc_hdr(&hdr, RPC_BIND, 0x0, get_rpc_call_id(),
+ make_rpc_hdr(&hdr, RPC_BIND, 0x0, call_id,
rhdr_rb->offset + 0x10,
auth_req != NULL ? auth_req ->offset : 0 +
auth_ntlm != NULL ? auth_ntlm->offset : 0);
@@ -362,6 +362,71 @@ static BOOL create_rpc_bind_req(prs_struct *rhdr,
/*******************************************************************
+ creates a DCE/RPC bind authentication response
+
+ - initialises the parse structure.
+ - dynamically allocates the header data structure
+ - caller is expected to free the header data structure once used.
+
+ ********************************************************************/
+static BOOL create_rpc_bind_resp(struct pwd_info *pwd,
+ char *domain, char *user_name, char *my_name,
+ uint32 ntlmssp_cli_flgs,
+ uint32 call_id,
+ prs_struct *rhdr,
+ prs_struct *rhdr_autha,
+ prs_struct *auth_resp)
+{
+ unsigned char lm_owf[24];
+ unsigned char nt_owf[24];
+ RPC_HDR hdr;
+ RPC_HDR_AUTHA hdr_autha;
+ RPC_AUTH_VERIFIER auth_verifier;
+ RPC_AUTH_NTLMSSP_RESP ntlmssp_resp;
+
+ make_rpc_hdr_autha(&hdr_autha, 0x1630, 0x1630, 0x0a, 0x06, 0x00);
+ smb_io_rpc_hdr_autha("hdr_autha", &hdr_autha, rhdr_autha, 0);
+ mem_realloc_data(rhdr_autha->data, rhdr_autha->offset);
+
+ make_rpc_auth_verifier(&auth_verifier,
+ "NTLMSSP", NTLMSSP_AUTH);
+
+ smb_io_rpc_auth_verifier("auth_verifier", &auth_verifier, auth_resp, 0);
+ mem_realloc_data(auth_resp->data, auth_resp->offset);
+
+ pwd_get_lm_nt_owf(pwd, lm_owf, nt_owf);
+
+ make_rpc_auth_ntlmssp_resp(&ntlmssp_resp,
+ lm_owf, nt_owf,
+ domain, user_name, my_name,
+ ntlmssp_cli_flgs);
+
+ smb_io_rpc_auth_ntlmssp_resp("ntlmssp_resp", &ntlmssp_resp, auth_resp, 0);
+ mem_realloc_data(auth_resp->data, auth_resp->offset);
+
+ /* create the request RPC_HDR */
+ make_rpc_hdr(&hdr, RPC_BINDRESP, 0x0, call_id,
+ auth_resp->offset + rhdr_autha->offset + 0x10,
+ auth_resp->offset);
+
+ smb_io_rpc_hdr("hdr" , &hdr , rhdr, 0);
+ mem_realloc_data(rhdr->data, rhdr->offset);
+
+ if (rhdr->data == NULL || rhdr_autha->data == NULL) return False;
+
+ /***/
+ /*** link rpc header and authentication responses ***/
+ /***/
+
+ prs_link(NULL , rhdr , rhdr_autha);
+ prs_link(rhdr , rhdr_autha , auth_resp );
+ prs_link(rhdr_autha, auth_resp , NULL );
+
+ return True;
+}
+
+
+/*******************************************************************
creates a DCE/RPC bind request
- initialises the parse structure.
@@ -370,8 +435,10 @@ static BOOL create_rpc_bind_req(prs_struct *rhdr,
********************************************************************/
-static BOOL create_rpc_request(prs_struct *rhdr, uint8 op_num, int data_len)
+static BOOL create_rpc_request(prs_struct *rhdr, uint8 op_num, int data_len,
+ int auth_len)
{
+ uint32 alloc_hint;
RPC_HDR_REQ hdr_req;
RPC_HDR hdr;
@@ -380,10 +447,22 @@ static BOOL create_rpc_request(prs_struct *rhdr, uint8 op_num, int data_len)
/* create the rpc header RPC_HDR */
make_rpc_hdr(&hdr , RPC_REQUEST, RPC_FLG_FIRST | RPC_FLG_LAST,
- get_rpc_call_id(), data_len, 0);
+ get_rpc_call_id(), data_len, auth_len);
+
+ if (auth_len != 0)
+ {
+ alloc_hint = data_len - 0x18 - auth_len - 12;
+ }
+ else
+ {
+ alloc_hint = data_len - 0x18;
+ }
+
+ DEBUG(10,("create_rpc_request: data_len: %x auth_len: %x alloc_hint: %x\n",
+ data_len, auth_len, alloc_hint));
/* create the rpc request RPC_HDR_REQ */
- make_rpc_hdr_req(&hdr_req, data_len, op_num);
+ make_rpc_hdr_req(&hdr_req, alloc_hint, op_num);
/* stream-time... */
smb_io_rpc_hdr ("hdr ", &hdr , rhdr, 0);
@@ -405,32 +484,85 @@ BOOL rpc_api_pipe_req(struct cli_state *cli, uint8 op_num,
prs_struct *data, prs_struct *rdata)
{
/* fudge this, at the moment: create the header; memcpy the data. oops. */
+ prs_struct dataa;
prs_struct rparam;
prs_struct hdr;
+ prs_struct hdr_auth;
+ prs_struct auth_verf;
int data_len;
+ int auth_len;
BOOL ret;
+ BOOL auth_verify;
+ BOOL auth_seal;
+ uint32 crc32;
- data_len = data->offset + 0x18;
+ auth_verify = IS_BITS_SET_ALL(cli->ntlmssp_srv_flgs, NTLMSSP_NEGOTIATE_SIGN);
+ auth_seal = IS_BITS_SET_ALL(cli->ntlmssp_srv_flgs, NTLMSSP_NEGOTIATE_SEAL);
+
+ /* happen to know that NTLMSSP authentication verifier is 16 bytes */
+ auth_len = auth_verify ? 16 : 0;
+ data_len = data->offset + auth_len + (auth_verify ? 8 : 0) + 0x18;
data->data->offset.end = data->offset;
- prs_init(&hdr , data_len, 4, SAFETY_MARGIN, False);
- prs_init(&rparam, 0 , 4, 0 , True );
+ prs_init(&hdr , data_len, 4, SAFETY_MARGIN, False);
+ prs_init(&hdr_auth , 8 , 4, SAFETY_MARGIN, False);
+ prs_init(&auth_verf, auth_len, 4, SAFETY_MARGIN, False);
+ prs_init(&rparam , 0 , 4, 0 , True );
- create_rpc_request(&hdr, op_num, data_len);
+ create_rpc_request(&hdr, op_num, data_len, auth_len);
+
+ if (auth_seal)
+ {
+ crc32 = crc32_calc_buffer(data->offset, mem_data(&data->data, 0));
+ NTLMSSPcalc(cli->ntlmssp_hash, mem_data(&data->data, 0), data->offset);
+ }
+
+ if (auth_verify)
+ {
+ RPC_AUTH_NTLMSSP_CHK chk;
+ RPC_HDR_AUTH rhdr_auth;
+
+ make_rpc_hdr_auth(&rhdr_auth, 0x0a, 0x06, 0x02);
+ smb_io_rpc_hdr_auth("hdr_auth", &rhdr_auth, &hdr_auth, 0);
+
+ make_rpc_auth_ntlmssp_chk(&chk, NTLMSSP_SIGN_VERSION, crc32, 0);
+ smb_io_rpc_auth_ntlmssp_chk("auth_sign", &chk, &auth_verf, 0);
+ NTLMSSPcalc(cli->ntlmssp_hash, mem_data(&auth_verf.data, 4), 12);
+ }
+
+ if (auth_seal || auth_verify)
+ {
+ prs_link(NULL , &hdr , data );
+ prs_link(&hdr , data , &hdr_auth );
+ prs_link(data , &hdr_auth , &auth_verf);
+ prs_link(&hdr_auth, &auth_verf, NULL );
+ }
+ else
+ {
+ prs_link(NULL, &hdr, data);
+ prs_link(&hdr, data, NULL);
+ }
mem_realloc_data(hdr.data, data_len);
- hdr.data->offset.end = data_len;
- mem_buf_copy(mem_data(&(hdr.data), 0x18), data->data, 0, data->offset);
- ret = rpc_api_pipe(cli, 0x0026, NULL, &hdr, &rparam, rdata);
+ DEBUG(100,("data_len: %x data_calc_len: %x\n",
+ data_len, mem_buf_len(data->data)));
+
+ /* this is a hack due to limitations in rpc_api_pipe */
+ prs_init(&dataa, mem_buf_len(hdr.data), 4, 0x0, False);
+ mem_buf_copy(dataa.data->data, hdr.data, 0, mem_buf_len(hdr.data));
- prs_mem_free(&rparam);
- prs_mem_free(&hdr);
+ ret = rpc_api_pipe(cli, 0x0026, NULL, &dataa, &rparam, rdata);
+
+ prs_mem_free(&hdr_auth );
+ prs_mem_free(&auth_verf);
+ prs_mem_free(&rparam );
+ prs_mem_free(&hdr );
+ prs_mem_free(&dataa );
return ret;
}
-
/****************************************************************************
do an rpc bind
****************************************************************************/
@@ -574,11 +706,13 @@ do an rpc bind
****************************************************************************/
static BOOL rpc_pipe_bind(struct cli_state *cli, char *pipe_name,
- RPC_IFACE *abstract, RPC_IFACE *transfer, BOOL ntlmssp_auth)
+ RPC_IFACE *abstract, RPC_IFACE *transfer,
+ char *my_name)
{
prs_struct hdr;
prs_struct hdr_rb;
prs_struct hdr_auth;
+ prs_struct hdr_autha;
prs_struct auth_req;
prs_struct auth_ntlm;
prs_struct data;
@@ -586,9 +720,13 @@ static BOOL rpc_pipe_bind(struct cli_state *cli, char *pipe_name,
prs_struct rparam;
BOOL valid_ack = False;
+ BOOL ntlmssp_auth = cli->ntlmssp_cli_flgs != 0;
+ uint32 call_id;
if (pipe_name == NULL || abstract == NULL || transfer == NULL)
- return False;
+ {
+ return False;
+ }
DEBUG(5,("Bind RPC Pipe[%x]: %s\n", cli->nt_pipe_fnum, pipe_name));
@@ -600,14 +738,16 @@ static BOOL rpc_pipe_bind(struct cli_state *cli, char *pipe_name,
prs_init(&auth_req , ntlmssp_auth ? 1024 : 0, 4, SAFETY_MARGIN, False);
prs_init(&auth_ntlm, ntlmssp_auth ? 1024 : 0, 4, SAFETY_MARGIN, False);
- prs_init(&rdata , 0 , 4, SAFETY_MARGIN, True );
- prs_init(&rparam, 0 , 4, SAFETY_MARGIN, True );
+ prs_init(&rdata , 0 , 4, SAFETY_MARGIN, True);
+ prs_init(&rparam , 0 , 4, SAFETY_MARGIN, True);
+ call_id = get_rpc_call_id();
create_rpc_bind_req(&hdr, &hdr_rb,
ntlmssp_auth ? &hdr_auth : NULL,
ntlmssp_auth ? &auth_req : NULL,
ntlmssp_auth ? &auth_ntlm : NULL,
- abstract, transfer, global_myname, global_myworkgroup);
+ call_id,
+ abstract, transfer, global_myname, cli->domain);
/* this is a hack due to limitations in rpc_api_pipe */
prs_init(&data, mem_buf_len(hdr.data), 4, 0x0, False);
@@ -646,6 +786,57 @@ static BOOL rpc_pipe_bind(struct cli_state *cli, char *pipe_name,
smb_io_rpc_auth_ntlmssp_chal("", &rhdr_chal, &rdata, 0);
if (rdata.offset == 0) valid_ack = False;
}
+ if (valid_ack && ntlmssp_auth)
+ {
+ unsigned char p24[24];
+ unsigned char lm_owf[24];
+ unsigned char lm_hash[16];
+
+ prs_struct hdra;
+ prs_struct hdr_autha;
+ prs_struct auth_resp;
+ prs_struct dataa;
+
+ cli->ntlmssp_cli_flgs = rhdr_chal.neg_flags;
+
+ prs_init(&hdra , 0x10, 4, 0x0 , False);
+ prs_init(&hdr_autha, 1024, 4, SAFETY_MARGIN, False);
+ prs_init(&auth_resp, 1024, 4, SAFETY_MARGIN, False);
+
+ pwd_make_lm_nt_owf(&cli->pwd, rhdr_chal.challenge);
+ pwd_get_lm_nt_owf(&cli->pwd, lm_owf, NULL);
+ pwd_get_lm_nt_16(&cli->pwd, lm_hash, NULL);
+ NTLMSSPOWFencrypt(lm_hash, lm_owf, p24);
+ bzero(lm_hash, sizeof(lm_hash));
+ NTLMSSPhash(cli->ntlmssp_hash, p24);
+
+ create_rpc_bind_resp(&cli->pwd, cli->domain,
+ cli->user_name, global_myname,
+ cli->ntlmssp_cli_flgs,
+ call_id,
+ &hdra, &hdr_autha, &auth_resp);
+
+ /* this is a hack due to limitations in rpc_api_pipe */
+ prs_init(&dataa, mem_buf_len(hdra.data), 4, 0x0, False);
+ mem_buf_copy(dataa.data->data, hdra.data, 0, mem_buf_len(hdra.data));
+
+ if (cli_write(cli, cli->nt_pipe_fnum, 0x0008,
+ dataa.data->data, 0,
+ dataa.data->data_used) < 0)
+ {
+ valid_ack = False;
+ }
+
+ if (valid_ack)
+ {
+ cli->ntlmssp_srv_flgs = rhdr_chal.neg_flags;
+ }
+
+ prs_mem_free(&hdra);
+ prs_mem_free(&dataa);
+ prs_mem_free(&hdr_autha);
+ prs_mem_free(&auth_resp);
+ }
}
prs_mem_free(&data );
@@ -690,7 +881,26 @@ BOOL cli_nt_session_open(struct cli_state *cli, char *pipe_name, BOOL encrypted)
}
/******************* bind request on pipe *****************/
- if (!rpc_pipe_bind(cli, pipe_name, &abstract, &transfer, encrypted))
+
+ if (encrypted)
+ {
+ cli->ntlmssp_cli_flgs =
+ NTLMSSP_NEGOTIATE_UNICODE |
+ NTLMSSP_NEGOTIATE_OEM |
+ NTLMSSP_NEGOTIATE_SIGN |
+ NTLMSSP_NEGOTIATE_SEAL |
+ NTLMSSP_NEGOTIATE_LM_KEY |
+ NTLMSSP_NEGOTIATE_NTLM |
+ NTLMSSP_NEGOTIATE_ALWAYS_SIGN |
+ NTLMSSP_NEGOTIATE_00001000 |
+ NTLMSSP_NEGOTIATE_00002000;
+ DEBUG(5,("cli_nt_session_open: neg_flags: %lx\n",
+ cli->ntlmssp_cli_flgs));
+ }
+
+ if (!rpc_pipe_bind(cli, pipe_name,
+ &abstract, &transfer,
+ global_myname))
{
DEBUG(0,("cli_nt_session_open: rpc bind failed. Error was %s\n",
cli_errstr(cli)));
@@ -699,8 +909,8 @@ BOOL cli_nt_session_open(struct cli_state *cli, char *pipe_name, BOOL encrypted)
}
/*
- * Setup the remote server name prefixed by \ and the machine account name.
- */
+ * Setup the remote server name prefixed by \ and the machine account name.
+ */
fstrcpy(cli->srv_name_slash, "\\\\");
fstrcat(cli->srv_name_slash, cli->desthost);
diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c
index ef20a999df..c9e806fd21 100644
--- a/source3/rpc_client/cli_samr.c
+++ b/source3/rpc_client/cli_samr.c
@@ -107,7 +107,7 @@ BOOL do_samr_unknown_8(struct cli_state *cli,
prs_struct rdata;
SAMR_Q_UNKNOWN_8 q_e;
- BOOL valid_un8 = False;
+ BOOL valid_un8 = False;
/* create and send a MSRPC command with api SAMR_ENUM_DOM_USERS */
@@ -128,7 +128,6 @@ BOOL do_samr_unknown_8(struct cli_state *cli,
if (rpc_api_pipe_req(cli, SAMR_UNKNOWN_8, &data, &rdata))
{
#if 0
-
SAMR_R_UNKNOWN_8 r_e;
BOOL p;
diff --git a/source3/rpc_parse/parse_rpc.c b/source3/rpc_parse/parse_rpc.c
index a1773bb827..2204207440 100644
--- a/source3/rpc_parse/parse_rpc.c
+++ b/source3/rpc_parse/parse_rpc.c
@@ -375,13 +375,13 @@ void smb_io_rpc_hdr_ba(char *desc, RPC_HDR_BA *rpc, prs_struct *ps, int depth)
/*******************************************************************
creates an RPC_HDR_REQ structure.
********************************************************************/
-void make_rpc_hdr_req(RPC_HDR_REQ *hdr, uint32 data_len, uint16 opnum)
+void make_rpc_hdr_req(RPC_HDR_REQ *hdr, uint32 alloc_hint, uint16 opnum)
{
if (hdr == NULL) return;
- hdr->alloc_hint = data_len - 0x18; /* allocation hint */
- hdr->context_id = 0; /* presentation context identifier */
- hdr->opnum = opnum; /* opnum */
+ hdr->alloc_hint = alloc_hint; /* allocation hint */
+ hdr->context_id = 0; /* presentation context identifier */
+ hdr->opnum = opnum; /* opnum */
}
/*******************************************************************
@@ -493,6 +493,32 @@ void smb_io_rpc_hdr_auth(char *desc, RPC_HDR_AUTH *rai, prs_struct *ps, int dept
}
/*******************************************************************
+creates an RPC_AUTH_VERIFIER structure.
+********************************************************************/
+void make_rpc_auth_verifier(RPC_AUTH_VERIFIER *rav,
+ char *signature, uint32 msg_type)
+{
+ if (rav == NULL) return;
+
+ fstrcpy(rav->signature, signature); /* "NTLMSSP" */
+ rav->msg_type = msg_type; /* NTLMSSP_MESSAGE_TYPE */
+}
+
+/*******************************************************************
+reads or writes an RPC_AUTH_VERIFIER structure.
+********************************************************************/
+void smb_io_rpc_auth_verifier(char *desc, RPC_AUTH_VERIFIER *rav, prs_struct *ps, int depth)
+{
+ if (rav == NULL) return;
+
+ prs_debug(ps, depth, desc, "smb_io_rpc_auth_verifier");
+ depth++;
+
+ prs_string("signature", ps, depth, rav->signature, 0, sizeof(rav->signature)); /* "NTLMSSP" */
+ prs_uint32("msg_type ", ps, depth, &(rav->msg_type )); /* NTLMSSP_MESSAGE_TYPE */
+}
+
+/*******************************************************************
creates an RPC_AUTH_NTLMSSP_NEG structure.
********************************************************************/
void make_rpc_auth_ntlmssp_neg(RPC_AUTH_NTLMSSP_NEG *neg,
@@ -506,8 +532,8 @@ void make_rpc_auth_ntlmssp_neg(RPC_AUTH_NTLMSSP_NEG *neg,
neg->neg_flgs = neg_flgs ; /* 0x00b2b3 */
- make_str_hdr(&neg->hdr_myname, len_myname, len_myname, 1);
- make_str_hdr(&neg->hdr_domain, len_domain, len_domain, 1);
+ make_str_hdr(&neg->hdr_myname, len_myname, len_myname, 0x20);
+ make_str_hdr(&neg->hdr_domain, len_domain, len_domain, 0x20 + len_myname+1);
fstrcpy(neg->myname, myname);
fstrcpy(neg->domain, domain);
@@ -533,32 +559,6 @@ void smb_io_rpc_auth_ntlmssp_neg(char *desc, RPC_AUTH_NTLMSSP_NEG *neg, prs_stru
}
/*******************************************************************
-creates an RPC_AUTH_VERIFIER structure.
-********************************************************************/
-void make_rpc_auth_verifier(RPC_AUTH_VERIFIER *rav,
- char *signature, uint32 msg_type)
-{
- if (rav == NULL) return;
-
- fstrcpy(rav->signature, signature); /* "NTLMSSP" */
- rav->msg_type = msg_type; /* NTLMSSP_MESSAGE_TYPE */
-}
-
-/*******************************************************************
-reads or writes an RPC_AUTH_VERIFIER structure.
-********************************************************************/
-void smb_io_rpc_auth_verifier(char *desc, RPC_AUTH_VERIFIER *rav, prs_struct *ps, int depth)
-{
- if (rav == NULL) return;
-
- prs_debug(ps, depth, desc, "smb_io_rpc_auth_verifier");
- depth++;
-
- prs_string("signature", ps, depth, rav->signature, 0, sizeof(rav->signature)); /* "NTLMSSP" */
- prs_uint32("msg_type ", ps, depth, &(rav->msg_type )); /* NTLMSSP_MESSAGE_TYPE */
-}
-
-/*******************************************************************
creates an RPC_AUTH_NTLMSSP_CHAL structure.
********************************************************************/
void make_rpc_auth_ntlmssp_chal(RPC_AUTH_NTLMSSP_CHAL *chl,
@@ -606,30 +606,49 @@ void make_rpc_auth_ntlmssp_resp(RPC_AUTH_NTLMSSP_RESP *rsp,
uint32 neg_flags)
{
uint32 offset;
- int dom_len = strlen(domain) * 2;
- int wks_len = strlen(wks ) * 2;
- int usr_len = strlen(user ) * 2;
+ int dom_len = strlen(domain);
+ int wks_len = strlen(wks );
+ int usr_len = strlen(user );
int lm_len = lm_resp != NULL ? 24 : 0;
int nt_len = nt_resp != NULL ? 24 : 0;
+ DEBUG(5,("make_rpc_auth_ntlmssp_resp\n"));
+
if (rsp == NULL) return;
+#ifdef DEBUG_PASSWORD
+ DEBUG(100,("lm_resp\n"));
+ dump_data(100, lm_resp, 24);
+ DEBUG(100,("nt_resp\n"));
+ dump_data(100, nt_resp, 24);
+#endif
+
+ DEBUG(6,("dom: %s user: %s wks: %s neg_flgs: 0x%x\n",
+ domain, user, wks, neg_flags));
+
offset = 0x40;
+ if (IS_BITS_SET_ALL(neg_flags, NTLMSSP_NEGOTIATE_UNICODE))
+ {
+ dom_len *= 2;
+ wks_len *= 2;
+ usr_len *= 2;
+ }
+
make_str_hdr(&rsp->hdr_lm_resp, lm_len, lm_len, offset);
- offset += lm_len * 2;
+ offset += lm_len;
make_str_hdr(&rsp->hdr_nt_resp, nt_len, nt_len, offset);
- offset += nt_len * 2;
+ offset += nt_len;
make_str_hdr(&rsp->hdr_domain , dom_len, dom_len, offset);
- offset += dom_len * 2;
+ offset += dom_len;
make_str_hdr(&rsp->hdr_usr , usr_len, usr_len, offset);
- offset += usr_len * 2;
+ offset += usr_len;
make_str_hdr(&rsp->hdr_wks , wks_len, wks_len, offset);
- offset += wks_len * 2;
+ offset += wks_len;
make_str_hdr(&rsp->hdr_sess_key, 0, 0, offset);
@@ -637,12 +656,20 @@ void make_rpc_auth_ntlmssp_resp(RPC_AUTH_NTLMSSP_RESP *rsp,
memcpy(&rsp->lm_resp, lm_resp, 24);
memcpy(&rsp->nt_resp, nt_resp, 24);
- fstrcpy(rsp->domain, domain);
- fstrcpy(rsp->user , user );
- fstrcpy(rsp->wks , wks );
- rsp->sess_key[0] = 0;
-
+ if (IS_BITS_SET_ALL(neg_flags, NTLMSSP_NEGOTIATE_UNICODE))
+ {
+ struni2((uint16*)rsp->domain, domain);
+ struni2((uint16*)rsp->user , user );
+ struni2((uint16*)rsp->wks , wks );
+ }
+ else
+ {
+ fstrcpy(rsp->domain, domain);
+ fstrcpy(rsp->user , user );
+ fstrcpy(rsp->wks , wks );
+ }
+ rsp->sess_key[0] = 0;
}
/*******************************************************************
@@ -659,12 +686,14 @@ void smb_io_rpc_auth_ntlmssp_resp(char *desc, RPC_AUTH_NTLMSSP_RESP *rsp, prs_st
prs_debug(ps, depth, desc, "smb_io_rpc_auth_ntlmssp_resp");
depth++;
- ZERO_STRUCTP(rsp);
-
if (ps->io)
{
uint32 old_offset;
+
/* reading */
+
+ ZERO_STRUCTP(rsp);
+
smb_io_strhdr("hdr_lm_resp ", &rsp->hdr_lm_resp , ps, depth);
smb_io_strhdr("hdr_nt_resp ", &rsp->hdr_nt_resp , ps, depth);
smb_io_strhdr("hdr_domain ", &rsp->hdr_domain , ps, depth);
@@ -677,30 +706,30 @@ void smb_io_rpc_auth_ntlmssp_resp(char *desc, RPC_AUTH_NTLMSSP_RESP *rsp, prs_st
old_offset = ps->offset;
ps->offset = rsp->hdr_lm_resp .buffer + 0x1c;
- prs_uint8s(False, "lm_resp ", ps, depth, rsp->lm_resp , MIN(rsp->hdr_lm_resp .str_str_len, sizeof(rsp->lm_resp )));
+ prs_uint8s(False, "lm_resp ", ps, depth, (uint8*)rsp->lm_resp , MIN(rsp->hdr_lm_resp .str_str_len, sizeof(rsp->lm_resp )));
old_offset += rsp->hdr_lm_resp .str_str_len;
ps->offset = rsp->hdr_nt_resp .buffer + 0x1c;
- prs_uint8s(False, "nt_resp ", ps, depth, rsp->nt_resp , MIN(rsp->hdr_nt_resp .str_str_len, sizeof(rsp->nt_resp )));
+ prs_uint8s(False, "nt_resp ", ps, depth, (uint8*)rsp->nt_resp , MIN(rsp->hdr_nt_resp .str_str_len, sizeof(rsp->nt_resp )));
old_offset += rsp->hdr_nt_resp .str_str_len;
ps->offset = rsp->hdr_domain .buffer + 0x1c;
- prs_uint8s(True , "domain ", ps, depth, rsp->domain , MIN(rsp->hdr_domain .str_str_len, sizeof(rsp->domain )));
+ prs_uint8s(True , "domain ", ps, depth, (uint8*)rsp->domain , MIN(rsp->hdr_domain .str_str_len, sizeof(rsp->domain )));
old_offset += rsp->hdr_domain .str_str_len;
ps->offset = rsp->hdr_usr .buffer + 0x1c;
- prs_uint8s(True , "user ", ps, depth, rsp->user , MIN(rsp->hdr_usr .str_str_len, sizeof(rsp->user )));
+ prs_uint8s(True , "user ", ps, depth, (uint8*)rsp->user , MIN(rsp->hdr_usr .str_str_len, sizeof(rsp->user )));
old_offset += rsp->hdr_usr .str_str_len;
ps->offset = rsp->hdr_wks .buffer + 0x1c;
- prs_uint8s(True , "wks ", ps, depth, rsp->wks , MIN(rsp->hdr_wks .str_str_len, sizeof(rsp->wks )));
+ prs_uint8s(True , "wks ", ps, depth, (uint8*)rsp->wks , MIN(rsp->hdr_wks .str_str_len, sizeof(rsp->wks )));
old_offset += rsp->hdr_wks .str_str_len;
if (rsp->hdr_sess_key.str_str_len != 0)
{
ps->offset = rsp->hdr_sess_key.buffer + 0x1c;
old_offset += rsp->hdr_sess_key.str_str_len;
- prs_uint8s(False, "sess_key", ps, depth, rsp->sess_key, MIN(rsp->hdr_sess_key.str_str_len, sizeof(rsp->sess_key)));
+ prs_uint8s(False, "sess_key", ps, depth, (uint8*)rsp->sess_key, MIN(rsp->hdr_sess_key.str_str_len, sizeof(rsp->sess_key)));
}
ps->offset = old_offset;
@@ -717,25 +746,42 @@ void smb_io_rpc_auth_ntlmssp_resp(char *desc, RPC_AUTH_NTLMSSP_RESP *rsp, prs_st
prs_uint32("neg_flags", ps, depth, &(rsp->neg_flags)); /* 0x0000 82b1 */
- prs_uint8s(False, "sess_key", ps, depth, rsp->sess_key, MIN(rsp->hdr_sess_key.str_str_len, sizeof(rsp->sess_key)));
- prs_uint8s(True , "wks ", ps, depth, rsp->wks , MIN(rsp->hdr_wks .str_str_len, sizeof(rsp->wks )));
- prs_uint8s(True , "user ", ps, depth, rsp->user , MIN(rsp->hdr_usr .str_str_len, sizeof(rsp->user )));
- prs_uint8s(True , "domain ", ps, depth, rsp->domain , MIN(rsp->hdr_domain .str_str_len, sizeof(rsp->domain )));
- prs_uint8s(False, "nt_resp ", ps, depth, rsp->nt_resp , MIN(rsp->hdr_nt_resp .str_str_len, sizeof(rsp->nt_resp )));
prs_uint8s(False, "lm_resp ", ps, depth, rsp->lm_resp , MIN(rsp->hdr_lm_resp .str_str_len, sizeof(rsp->lm_resp )));
+ prs_uint8s(False, "nt_resp ", ps, depth, rsp->nt_resp , MIN(rsp->hdr_nt_resp .str_str_len, sizeof(rsp->nt_resp )));
+ prs_uint8s(True , "domain ", ps, depth, rsp->domain , MIN(rsp->hdr_domain .str_str_len, sizeof(rsp->domain )));
+ prs_uint8s(True , "user ", ps, depth, rsp->user , MIN(rsp->hdr_usr .str_str_len, sizeof(rsp->user )));
+ prs_uint8s(True , "wks ", ps, depth, rsp->wks , MIN(rsp->hdr_wks .str_str_len, sizeof(rsp->wks )));
+ prs_uint8s(False, "sess_key", ps, depth, rsp->sess_key, MIN(rsp->hdr_sess_key.str_str_len, sizeof(rsp->sess_key)));
}
}
-#if 0
+/*******************************************************************
+creates an RPC_AUTH_NTLMSSP_CHK structure.
+********************************************************************/
+void make_rpc_auth_ntlmssp_chk(RPC_AUTH_NTLMSSP_CHK *chk,
+ uint32 ver, uint32 crc32, uint32 seq_num)
+{
+ if (chk == NULL) return;
-/* attached to the end of encrypted rpc requests and responses */
-/* RPC_AUTH_NTLMSSP_CHK */
-typedef struct rpc_auth_ntlmssp_chk_info
+ chk->ver = ver ;
+ chk->reserved = 0x0;
+ chk->crc32 = crc32 ;
+ chk->seq_num = seq_num ;
+}
+
+/*******************************************************************
+reads or writes an RPC_AUTH_NTLMSSP_CHK structure.
+********************************************************************/
+void smb_io_rpc_auth_ntlmssp_chk(char *desc, RPC_AUTH_NTLMSSP_CHK *chk, prs_struct *ps, int depth)
{
- uint32 ver; /* 0x1 */
- uint8 data[12];
+ if (chk == NULL) return;
-} RPC_AUTH_NTLMSSP_CHK;
+ prs_debug(ps, depth, desc, "smb_io_rpc_auth_ntlmssp_chk");
+ depth++;
-#endif /* 0 */
+ prs_uint32("ver ", ps, depth, &(chk->ver ));
+ prs_uint32("reserved", ps, depth, &(chk->reserved));
+ prs_uint32("crc32 ", ps, depth, &(chk->crc32 ));
+ prs_uint32("seq_num ", ps, depth, &(chk->seq_num ));
+}
diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c
index 31ca1a7c20..4d5fd3865e 100644
--- a/source3/rpc_server/srv_pipe_hnd.c
+++ b/source3/rpc_server/srv_pipe_hnd.c
@@ -211,14 +211,16 @@ int read_pipe(pipes_struct *p, char *data, uint32 pos, int n)
BOOLSTR(p->open),
pos, n));
- if (!p || !p->open) {
+ if (!p || !p->open)
+ {
DEBUG(6,("pipe not open\n"));
return -1;
}
if (p->rhdr.data == NULL || p->rhdr.data->data == NULL ||
- p->rhdr.data->data_used == 0) {
+ p->rhdr.data->data_used == 0)
+ {
return 0;
}
@@ -237,18 +239,21 @@ int read_pipe(pipes_struct *p, char *data, uint32 pos, int n)
DEBUG(6,("read_pipe: len: %d num: %d n: %d\n", len, num, n));
if (num > n) num = n;
- if (num <= 0) {
+ if (num <= 0)
+ {
DEBUG(5,("read_pipe: 0 or -ve data length\n"));
return 0;
}
- if (!IS_BITS_SET_ALL(p->hdr.flags, RPC_FLG_LAST)) {
+ if (!IS_BITS_SET_ALL(p->hdr.flags, RPC_FLG_LAST))
+ {
/* intermediate fragment - possibility of another header */
DEBUG(5,("read_pipe: frag_len: %d data_pos: %d data_hdr_pos: %d\n",
p->hdr.frag_len, data_pos, data_hdr_pos));
- if (data_hdr_pos == p->next_frag_start) {
+ if (data_hdr_pos == p->next_frag_start)
+ {
DEBUG(6,("read_pipe: next fragment header\n"));
/* this is subtracted from the total data bytes, later */
@@ -263,10 +268,10 @@ int read_pipe(pipes_struct *p, char *data, uint32 pos, int n)
p->next_frag_start += p->hdr.frag_len;
p->hdr_offsets += 0x18;
}
-
}
- if (num < hdr_num) {
+ if (num < hdr_num)
+ {
DEBUG(5,("read_pipe: warning - data read only part of a header\n"));
}
@@ -277,12 +282,15 @@ int read_pipe(pipes_struct *p, char *data, uint32 pos, int n)
data_pos += num;
data_hdr_pos += num;
- if (hdr_num == 0x18 && num == 0x18) {
+ if (hdr_num == 0x18 && num == 0x18)
+ {
DEBUG(6,("read_pipe: just header read\n"));
/* advance to the next fragment */
p->frag_len_left -= 0x18;
- } else if (data_hdr_pos == p->next_frag_start) {
+ }
+ else if (data_hdr_pos == p->next_frag_start)
+ {
DEBUG(6,("read_pipe: next fragment expected\n"));
}
diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c
index c45c4c7c23..487c8e46c1 100644
--- a/source3/rpcclient/cmd_samr.c
+++ b/source3/rpcclient/cmd_samr.c
@@ -67,6 +67,14 @@ void cmd_sam_test(struct client_info *info)
/* open SAMR session. */
res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, True) : False;
+ /* establish a connection. */
+ res = res ? do_samr_connect(smb_cli,
+ srv_name, 0x00000020,
+ &info->dom.samr_pol_connect) : False;
+
+ res = res ? do_samr_close(smb_cli,
+ &info->dom.samr_pol_connect) : False;
+
/* close the session */
cli_nt_session_close(smb_cli);
@@ -232,10 +240,10 @@ void cmd_sam_enum_users(struct client_info *info)
}
res = res ? do_samr_close(smb_cli,
- &info->dom.samr_pol_connect) : False;
+ &info->dom.samr_pol_open_domain) : False;
res = res ? do_samr_close(smb_cli,
- &info->dom.samr_pol_open_domain) : False;
+ &info->dom.samr_pol_connect) : False;
/* close the session */
cli_nt_session_close(smb_cli);
diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index 174cea78ad..2183f504c2 100644
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -30,6 +30,7 @@
#endif
extern pstring scope;
+extern pstring global_myname;
extern pstring user_socket_options;
@@ -456,6 +457,7 @@ enum client_action
TimeInit();
charset_initialise();
+ crc32_build_table();
myumask = umask(0);
umask(myumask);
@@ -683,6 +685,9 @@ enum client_action
fprintf(stderr, "Failed to get my hostname.\n");
}
+ fstrcpy(global_myname, cli_info.myhostname);
+ strupper(global_myname);
+
if (!lp_load(servicesf,True, False, False))
{
fprintf(stderr, "Can't load %s - run testparm to debug it\n", servicesf);
diff --git a/source3/smbwrapper/smbw.c b/source3/smbwrapper/smbw.c
index f84623d3df..660e65f421 100644
--- a/source3/smbwrapper/smbw.c
+++ b/source3/smbwrapper/smbw.c
@@ -705,7 +705,7 @@ ssize_t smbw_write(int fd, void *buf, size_t count)
return -1;
}
- ret = cli_write(&file->srv->cli, file->f->cli_fd, buf, file->f->offset, count);
+ ret = cli_write(&file->srv->cli, file->f->cli_fd, 0, buf, file->f->offset, count);
if (ret == -1) {
errno = smbw_errno(&file->srv->cli);
diff --git a/source3/utils/torture.c b/source3/utils/torture.c
index fb320e8b66..8199006068 100644
--- a/source3/utils/torture.c
+++ b/source3/utils/torture.c
@@ -165,12 +165,12 @@ static BOOL rw_torture(struct cli_state *c, int numops)
break;
}
- if (cli_write(c, fnum, (char *)&pid, 0, sizeof(pid)) != sizeof(pid)) {
+ if (cli_write(c, fnum, 0, (char *)&pid, 0, sizeof(pid)) != sizeof(pid)) {
printf("write failed (%s)\n", cli_errstr(c));
}
for (j=0;j<50;j++) {
- if (cli_write(c, fnum, (char *)buf,
+ if (cli_write(c, fnum, 0, (char *)buf,
sizeof(pid)+(j*sizeof(buf)),
sizeof(buf)) != sizeof(buf)) {
printf("write failed (%s)\n", cli_errstr(c));
@@ -818,7 +818,7 @@ static void run_trans2test(void)
fnum = cli_open(&cli, fname2,
O_RDWR | O_CREAT | O_TRUNC, DENY_NONE);
- cli_write(&cli, fnum, (char *)&fnum, 0, sizeof(fnum));
+ cli_write(&cli, fnum, 0, (char *)&fnum, 0, sizeof(fnum));
cli_close(&cli, fnum);
if (!cli_qpathinfo2(&cli, "\\trans2\\", &c_time, &a_time, &m_time2,
&w_time, &size, NULL)) {