summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/client.h1
-rw-r--r--source3/include/proto.h3
-rw-r--r--source3/include/rpc_dce.h2
-rw-r--r--source3/lib/crc32.c116
-rw-r--r--source3/libsmb/pwd_cache.c2
-rw-r--r--source3/rpc_client/cli_pipe.c166
-rw-r--r--source3/rpc_parse/parse_rpc.c44
-rw-r--r--source3/rpcclient/cmd_samr.c5
-rw-r--r--source3/smbd/password.c8
9 files changed, 231 insertions, 116 deletions
diff --git a/source3/include/client.h b/source3/include/client.h
index 0da4b40c18..53674fe80a 100644
--- a/source3/include/client.h
+++ b/source3/include/client.h
@@ -121,6 +121,7 @@ struct cli_state {
unsigned char ntlmssp_hash[258]; /* ntlmssp data. */
uint32 ntlmssp_cli_flgs; /* ntlmssp client flags */
uint32 ntlmssp_srv_flgs; /* ntlmssp server flags */
+ uint32 ntlmssp_seq_num; /* ntlmssp sequence number */
DOM_CRED clnt_cred; /* Client credential. */
fstring mach_acct; /* MYNAME$. */
fstring srv_name_slash; /* \\remote server. */
diff --git a/source3/include/proto.h b/source3/include/proto.h
index e594780535..8a0ff12ed9 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1558,7 +1558,8 @@ void make_rpc_hdr_autha(RPC_HDR_AUTHA *rai,
void smb_io_rpc_hdr_autha(char *desc, RPC_HDR_AUTHA *rai, prs_struct *ps, int depth);
void make_rpc_hdr_auth(RPC_HDR_AUTH *rai,
uint8 auth_type, uint8 auth_level,
- uint8 stub_type_len);
+ uint8 stub_type_len,
+ uint32 ptr);
void smb_io_rpc_hdr_auth(char *desc, RPC_HDR_AUTH *rai, prs_struct *ps, int depth);
void make_rpc_auth_verifier(RPC_AUTH_VERIFIER *rav,
char *signature, uint32 msg_type);
diff --git a/source3/include/rpc_dce.h b/source3/include/rpc_dce.h
index 982ec1f52b..c6499853d6 100644
--- a/source3/include/rpc_dce.h
+++ b/source3/include/rpc_dce.h
@@ -170,7 +170,7 @@ typedef struct rpc_hdr_auth_info
uint8 stub_type_len; /* don't know */
uint8 padding; /* padding */
- uint32 unknown; /* 0x0014a0c0 */
+ uint32 unknown; /* pointer */
} RPC_HDR_AUTH;
diff --git a/source3/lib/crc32.c b/source3/lib/crc32.c
index 7d0b6e350d..b92bc70d12 100644
--- a/source3/lib/crc32.c
+++ b/source3/lib/crc32.c
@@ -1,73 +1,73 @@
/*
- * Dr Dobb's Journal: http://www.ddj.com/ftp/1992/1992.05/crcman.zip
+ * Copyright francesco@aerra.it - code used WITHOUT acknowledgment to
+ * request to use it here yet received.
*
- * Copyright Mark R. Nelson 1992
+ * must work on the dr dobb's version or find another version if
+ * permission not received or permission refused.
*
- * This code used by permission of J Erickson <jerickson@ddj.com>
- * Tues 6th October 1998. Copyright acknowledged above, as agreed.
*
*/
#include "includes.h"
+extern int DEBUGLEVEL;
-#define CRC32_POLYNOMIAL 0xEDB88320L
-
-/*****************************************************************
- Instead of performing a straightforward calculation of the 32 bit
- CRC using a series of logical operations, this program uses the
- faster table lookup method. This routine is called once when the
- program starts up to build the table which will be used later
- when calculating the CRC values.
- *****************************************************************/
-
-static uint32 CRCTable[256];
-
-void crc32_build_table(void)
+static unsigned long CRCTable[256] =
{
- int i;
- int j;
- uint32 crc;
-
- for ( i = 0; i <= 255 ; i++ )
- {
- crc = i;
- for ( j = 8 ; j > 0; j-- )
- {
- if ( crc & 1 )
- {
- crc = ( crc >> 1 ) ^ CRC32_POLYNOMIAL;
- }
- else
- {
- crc >>= 1;
- }
- }
- CRCTable[ i ] = crc;
- }
-}
-
-/*****************************************************************
- This routine calculates the CRC for a block of data using the
- table lookup method.
- *****************************************************************/
+ 0x00000000,0x77073096,0xEE0E612C,0x990951BA,0x076DC419,0x706AF48F,
+ 0xE963A535,0x9E6495A3,0x0EDB8832,0x79DCB8A4,0xE0D5E91E,0x97D2D988,
+ 0x09B64C2B,0x7EB17CBD,0xE7B82D07,0x90BF1D91,0x1DB71064,0x6AB020F2,
+ 0xF3B97148,0x84BE41DE,0x1ADAD47D,0x6DDDE4EB,0xF4D4B551,0x83D385C7,
+ 0x136C9856,0x646BA8C0,0xFD62F97A,0x8A65C9EC,0x14015C4F,0x63066CD9,
+ 0xFA0F3D63,0x8D080DF5,0x3B6E20C8,0x4C69105E,0xD56041E4,0xA2677172,
+ 0x3C03E4D1,0x4B04D447,0xD20D85FD,0xA50AB56B,0x35B5A8FA,0x42B2986C,
+ 0xDBBBC9D6,0xACBCF940,0x32D86CE3,0x45DF5C75,0xDCD60DCF,0xABD13D59,
+ 0x26D930AC,0x51DE003A,0xC8D75180,0xBFD06116,0x21B4F4B5,0x56B3C423,
+ 0xCFBA9599,0xB8BDA50F,0x2802B89E,0x5F058808,0xC60CD9B2,0xB10BE924,
+ 0x2F6F7C87,0x58684C11,0xC1611DAB,0xB6662D3D,0x76DC4190,0x01DB7106,
+ 0x98D220BC,0xEFD5102A,0x71B18589,0x06B6B51F,0x9FBFE4A5,0xE8B8D433,
+ 0x7807C9A2,0x0F00F934,0x9609A88E,0xE10E9818,0x7F6A0DBB,0x086D3D2D,
+ 0x91646C97,0xE6635C01,0x6B6B51F4,0x1C6C6162,0x856530D8,0xF262004E,
+ 0x6C0695ED,0x1B01A57B,0x8208F4C1,0xF50FC457,0x65B0D9C6,0x12B7E950,
+ 0x8BBEB8EA,0xFCB9887C,0x62DD1DDF,0x15DA2D49,0x8CD37CF3,0xFBD44C65,
+ 0x4DB26158,0x3AB551CE,0xA3BC0074,0xD4BB30E2,0x4ADFA541,0x3DD895D7,
+ 0xA4D1C46D,0xD3D6F4FB,0x4369E96A,0x346ED9FC,0xAD678846,0xDA60B8D0,
+ 0x44042D73,0x33031DE5,0xAA0A4C5F,0xDD0D7CC9,0x5005713C,0x270241AA,
+ 0xBE0B1010,0xC90C2086,0x5768B525,0x206F85B3,0xB966D409,0xCE61E49F,
+ 0x5EDEF90E,0x29D9C998,0xB0D09822,0xC7D7A8B4,0x59B33D17,0x2EB40D81,
+ 0xB7BD5C3B,0xC0BA6CAD,0xEDB88320,0x9ABFB3B6,0x03B6E20C,0x74B1D29A,
+ 0xEAD54739,0x9DD277AF,0x04DB2615,0x73DC1683,0xE3630B12,0x94643B84,
+ 0x0D6D6A3E,0x7A6A5AA8,0xE40ECF0B,0x9309FF9D,0x0A00AE27,0x7D079EB1,
+ 0xF00F9344,0x8708A3D2,0x1E01F268,0x6906C2FE,0xF762575D,0x806567CB,
+ 0x196C3671,0x6E6B06E7,0xFED41B76,0x89D32BE0,0x10DA7A5A,0x67DD4ACC,
+ 0xF9B9DF6F,0x8EBEEFF9,0x17B7BE43,0x60B08ED5,0xD6D6A3E8,0xA1D1937E,
+ 0x38D8C2C4,0x4FDFF252,0xD1BB67F1,0xA6BC5767,0x3FB506DD,0x48B2364B,
+ 0xD80D2BDA,0xAF0A1B4C,0x36034AF6,0x41047A60,0xDF60EFC3,0xA867DF55,
+ 0x316E8EEF,0x4669BE79,0xCB61B38C,0xBC66831A,0x256FD2A0,0x5268E236,
+ 0xCC0C7795,0xBB0B4703,0x220216B9,0x5505262F,0xC5BA3BBE,0xB2BD0B28,
+ 0x2BB45A92,0x5CB36A04,0xC2D7FFA7,0xB5D0CF31,0x2CD99E8B,0x5BDEAE1D,
+ 0x9B64C2B0,0xEC63F226,0x756AA39C,0x026D930A,0x9C0906A9,0xEB0E363F,
+ 0x72076785,0x05005713,0x95BF4A82,0xE2B87A14,0x7BB12BAE,0x0CB61B38,
+ 0x92D28E9B,0xE5D5BE0D,0x7CDCEFB7,0x0BDBDF21,0x86D3D2D4,0xF1D4E242,
+ 0x68DDB3F8,0x1FDA836E,0x81BE16CD,0xF6B9265B,0x6FB077E1,0x18B74777,
+ 0x88085AE6,0xFF0F6A70,0x66063BCA,0x11010B5C,0x8F659EFF,0xF862AE69,
+ 0x616BFFD3,0x166CCF45,0xA00AE278,0xD70DD2EE,0x4E048354,0x3903B3C2,
+ 0xA7672661,0xD06016F7,0x4969474D,0x3E6E77DB,0xAED16A4A,0xD9D65ADC,
+ 0x40DF0B66,0x37D83BF0,0xA9BCAE53,0xDEBB9EC5,0x47B2CF7F,0x30B5FFE9,
+ 0xBDBDF21C,0xCABAC28A,0x53B39330,0x24B4A3A6,0xBAD03605,0xCDD70693,
+ 0x54DE5729,0x23D967BF,0xB3667A2E,0xC4614AB8,0x5D681B02,0x2A6F2B94,
+ 0xB40BBE37,0xC30C8EA1,0x5A05DF1B,0x2D02EF8D
+};
uint32 crc32_calc_buffer( uint32 count, char *buffer)
{
- char *p;
- uint32 crc;
-
- p = buffer;
- crc = 0xffffffff;
-
- while ( count-- != 0 )
+ unsigned long crc=0xffffffff;
+ int i;
+ for(i=0;i<count;i++)
{
- uint32 temp1;
- uint32 temp2;
-
- temp1 = ( crc >> 8 ) & 0x00FFFFFFL;
- temp2 = CRCTable[ ( (int) crc ^ *p++ ) & 0xff ];
- crc = temp1 ^ temp2;
+ crc = (crc>>8) ^ CRCTable[(buffer[i] ^ crc) & 0xff];
}
- return crc;
+ crc^=0xffffffff;
+ DEBUG(10,("crc_32_calc_buffer: %x\n", crc));
+ dump_data(100, buffer, count);
+ return crc;
}
-
diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c
index c4c578cde6..bbd5f63d4b 100644
--- a/source3/libsmb/pwd_cache.c
+++ b/source3/libsmb/pwd_cache.c
@@ -219,7 +219,7 @@ void pwd_make_lm_nt_owf(struct pwd_info *pwd, uchar cryptkey[8])
#ifdef DEBUG_PASSWORD
DEBUG(100,("lm_owf_passwd: "));
- dump_data(100, pwd->smb_nt_owf, sizeof(pwd->smb_nt_owf));
+ dump_data(100, pwd->smb_lm_owf, sizeof(pwd->smb_lm_owf));
DEBUG(100,("lm_sess_pwd: "));
dump_data(100, pwd->smb_lm_pwd, sizeof(pwd->smb_lm_pwd));
#endif
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index d21840ec46..93befe7ac4 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -114,14 +114,12 @@ static BOOL rpc_read(struct cli_state *cli,
/****************************************************************************
checks the header
****************************************************************************/
-static BOOL rpc_check_hdr(prs_struct *rdata, uint8 *pkt_type,
+static BOOL rpc_check_hdr(prs_struct *rdata, RPC_HDR *rhdr,
BOOL *first, BOOL *last, int *len)
{
- RPC_HDR rhdr;
-
DEBUG(5,("rpc_check_hdr: rdata->data->data_used: %d\n", rdata->data->data_used));
- smb_io_rpc_hdr ("rpc_hdr ", &rhdr , rdata, 0);
+ smb_io_rpc_hdr ("rpc_hdr ", rhdr , rdata, 0);
if (!rdata->offset || rdata->offset != 0x10)
{
@@ -132,15 +130,79 @@ static BOOL rpc_check_hdr(prs_struct *rdata, uint8 *pkt_type,
DEBUG(5,("rpc_check_hdr: (after smb_io_rpc_hdr call) rdata->data->data_used: %d\n",
rdata->data->data_used));
- (*first ) = IS_BITS_SET_ALL(rhdr.flags, RPC_FLG_FIRST);
- (*last ) = IS_BITS_SET_ALL(rhdr.flags, RPC_FLG_LAST );
- (*len ) = rhdr.frag_len - rdata->data->data_used;
- (*pkt_type) = rhdr.pkt_type;
+ (*first ) = IS_BITS_SET_ALL(rhdr->flags, RPC_FLG_FIRST);
+ (*last ) = IS_BITS_SET_ALL(rhdr->flags, RPC_FLG_LAST );
+ (*len ) = rhdr->frag_len - rdata->data->data_used;
return True;
}
/****************************************************************************
+ decrypt data on an rpc pipe
+ ****************************************************************************/
+
+static BOOL rpc_auth_pipe(struct cli_state *cli, prs_struct *rdata,
+ int len, int auth_len)
+{
+ RPC_AUTH_NTLMSSP_CHK chk;
+ uint32 crc32;
+ int data_len = len - 0x18 - auth_len - 8;
+ char *reply_data = (uchar*)mem_data(&rdata->data, 0x18);
+
+ BOOL auth_verify = IS_BITS_SET_ALL(cli->ntlmssp_srv_flgs, NTLMSSP_NEGOTIATE_SIGN);
+ BOOL auth_seal = IS_BITS_SET_ALL(cli->ntlmssp_srv_flgs, NTLMSSP_NEGOTIATE_SEAL);
+
+ DEBUG(5,("rpc_auth_pipe: len: %d auth_len: %d verify %s seal %s\n",
+ len, auth_len, BOOLSTR(auth_verify), BOOLSTR(auth_seal)));
+
+/* RPC_HDR_AUTH rhdr_auth;
+ prs_struct auth_req;
+ prs_init(&auth_req , 0x10, 4, 0, True);
+ smb_io_rpc_hdr_auth("hdr_auth", &rhdr_auth, &hdr_auth, 0);
+ prs_mem_free(&auth_req);
+
+*/
+ if (auth_seal)
+ {
+ DEBUG(10,("rpc_auth_pipe: seal\n"));
+ dump_data(100, reply_data, data_len);
+ NTLMSSPcalc(cli->ntlmssp_hash, reply_data, data_len);
+ dump_data(100, reply_data, data_len);
+ }
+
+ if (auth_verify)
+ {
+ prs_struct auth_verf;
+ char *data = (uchar*)mem_data(&rdata->data, len - auth_len);
+ prs_init(&auth_verf, 0x08, 4, 0, True);
+ DEBUG(10,("rpc_auth_pipe: verify\n"));
+ dump_data(100, data, auth_len);
+ NTLMSSPcalc(cli->ntlmssp_hash, data + 4, auth_len - 4);
+ memcpy(auth_verf.data->data, data, 16);
+ smb_io_rpc_auth_ntlmssp_chk("auth_sign", &chk, &auth_verf, 0);
+ dump_data(100, data, auth_len);
+ prs_mem_free(&auth_verf);
+ }
+
+ if (auth_verify)
+ {
+ crc32 = crc32_calc_buffer(data_len, reply_data);
+ if (chk.crc32 != crc32 ||
+ chk.ver != NTLMSSP_SIGN_VERSION ||
+ chk.seq_num != cli->ntlmssp_seq_num++)
+ {
+ DEBUG(5,("rpc_auth_pipe: verify failed - crc %x ver %x seq %d\n",
+ crc32, NTLMSSP_SIGN_VERSION, cli->ntlmssp_seq_num));
+ DEBUG(5,("rpc_auth_pipe: verify expect - crc %x ver %x seq %d\n",
+ chk.crc32, chk.ver, chk.seq_num));
+ return False;
+ }
+ }
+ return True;
+}
+
+
+/****************************************************************************
send data on an rpc pipe, which *must* be in one fragment.
receive response data from an rpc pipe, which may be large...
@@ -163,12 +225,13 @@ static BOOL rpc_api_pipe(struct cli_state *cli, uint16 cmd,
prs_struct *rparam, prs_struct *rdata)
{
int len;
+ int alloc_hint = 0;
uint16 setup[2]; /* only need 2 uint16 setup parameters */
uint32 err;
- uint8 pkt_type = 0xff;
BOOL first = True;
BOOL last = True;
+ RPC_HDR rhdr;
/*
* Setup the pointers from the incoming.
@@ -215,12 +278,16 @@ static BOOL rpc_api_pipe(struct cli_state *cli, uint16 cmd,
rdata->data->margin = 0;
if (rparam) rparam->data->margin = 0;
- if (!rpc_check_hdr(rdata, &pkt_type, &first, &last, &len)) return False;
+ if (!rpc_check_hdr(rdata, &rhdr, &first, &last, &len))
+ {
+ return False;
+ }
- if (pkt_type == RPC_RESPONSE)
+ if (rhdr.pkt_type == RPC_RESPONSE)
{
RPC_HDR_RESP rhdr_resp;
smb_io_rpc_hdr_resp("rpc_hdr_resp", &rhdr_resp, rdata, 0);
+ alloc_hint = rhdr_resp.alloc_hint;
}
DEBUG(5,("rpc_api_pipe: len left: %d smbtrans read: %d\n",
@@ -236,6 +303,11 @@ static BOOL rpc_api_pipe(struct cli_state *cli, uint16 cmd,
}
}
+ if (rhdr.auth_len != 0 && !rpc_auth_pipe(cli, rdata, rhdr.frag_len, rhdr.auth_len))
+ {
+ return False;
+ }
+
/* only one rpc fragment, and it has been read */
if (first && last)
{
@@ -245,39 +317,43 @@ static BOOL rpc_api_pipe(struct cli_state *cli, uint16 cmd,
while (!last) /* read more fragments until we get the last one */
{
- RPC_HDR rhdr;
RPC_HDR_RESP rhdr_resp;
int num_read;
prs_struct hps;
- prs_init(&hps, 0x18, 4, 0, True);
+ prs_init(&hps, 0x8, 4, 0, True);
num_read = cli_read(cli, cli->nt_pipe_fnum, hps.data->data, 0, 0x18);
DEBUG(5,("rpc_api_pipe: read header (size:%d)\n", num_read));
if (num_read != 0x18) return False;
- smb_io_rpc_hdr ("rpc_hdr ", &rhdr , &hps, 0);
+ if (!rpc_check_hdr(&hps, &rhdr, &first, &last, &len))
+ {
+ return False;
+ }
+
smb_io_rpc_hdr_resp("rpc_hdr_resp", &rhdr_resp, &hps, 0);
prs_mem_free(&hps);
if (cli_error(cli, NULL, &err)) return False;
- first = IS_BITS_SET_ALL(rhdr.flags, RPC_FLG_FIRST);
- last = IS_BITS_SET_ALL(rhdr.flags, RPC_FLG_LAST );
-
if (first)
{
DEBUG(0,("rpc_api_pipe: wierd rpc header received\n"));
return False;
}
- len = rhdr.frag_len - hps.offset;
if (!rpc_read(cli, rdata, len, rdata->data->data_used))
{
return False;
}
+
+ if (rhdr.auth_len != 0 && !rpc_auth_pipe(cli, rdata, rhdr.frag_len, rhdr.auth_len))
+ {
+ return False;
+ }
}
return True;
@@ -316,7 +392,7 @@ static BOOL create_rpc_bind_req(prs_struct *rhdr,
if (auth_req != NULL && rhdr_auth != NULL && auth_ntlm != NULL)
{
- make_rpc_hdr_auth(&hdr_auth, 0x0a, 0x06, 0x00);
+ make_rpc_hdr_auth(&hdr_auth, 0x0a, 0x06, 0x00, 1);
smb_io_rpc_hdr_auth("hdr_auth", &hdr_auth, rhdr_auth, 0);
mem_realloc_data(rhdr_auth->data, rhdr_auth->offset);
@@ -335,9 +411,12 @@ static BOOL create_rpc_bind_req(prs_struct *rhdr,
/* create the request RPC_HDR */
make_rpc_hdr(&hdr, RPC_BIND, 0x0, call_id,
+ (auth_req != NULL ? auth_req ->offset : 0) +
+ (auth_ntlm != NULL ? auth_ntlm->offset : 0) +
+ (rhdr_auth != NULL ? rhdr_auth->offset : 0) +
rhdr_rb->offset + 0x10,
- auth_req != NULL ? auth_req ->offset : 0 +
- auth_ntlm != NULL ? auth_ntlm->offset : 0);
+ (auth_req != NULL ? auth_req ->offset : 0) +
+ (auth_ntlm != NULL ? auth_ntlm->offset : 0));
smb_io_rpc_hdr("hdr" , &hdr , rhdr, 0);
mem_realloc_data(rhdr->data, rhdr->offset);
@@ -505,7 +584,7 @@ BOOL rpc_api_pipe_req(struct cli_state *cli, uint8 op_num,
auth_seal = IS_BITS_SET_ALL(cli->ntlmssp_srv_flgs, NTLMSSP_NEGOTIATE_SEAL);
/* happen to know that NTLMSSP authentication verifier is 16 bytes */
- auth_len = auth_verify ? 16 : 0;
+ auth_len = (auth_verify ? 16 : 0);
data_len = data->offset + auth_len + (auth_verify ? 8 : 0) + 0x18;
data->data->offset.end = data->offset;
@@ -522,15 +601,19 @@ BOOL rpc_api_pipe_req(struct cli_state *cli, uint8 op_num,
NTLMSSPcalc(cli->ntlmssp_hash, (uchar*)mem_data(&data->data, 0), data->offset);
}
- if (auth_verify)
+ if (auth_seal || auth_verify)
{
- RPC_AUTH_NTLMSSP_CHK chk;
RPC_HDR_AUTH rhdr_auth;
- make_rpc_hdr_auth(&rhdr_auth, 0x0a, 0x06, 0x08);
+ make_rpc_hdr_auth(&rhdr_auth, 0x0a, 0x06, 0x08, (auth_verify ? 1 : 0));
smb_io_rpc_hdr_auth("hdr_auth", &rhdr_auth, &hdr_auth, 0);
+ }
- make_rpc_auth_ntlmssp_chk(&chk, NTLMSSP_SIGN_VERSION, crc32, 0);
+ if (auth_verify)
+ {
+ RPC_AUTH_NTLMSSP_CHK chk;
+
+ make_rpc_auth_ntlmssp_chk(&chk, NTLMSSP_SIGN_VERSION, crc32, cli->ntlmssp_seq_num++);
smb_io_rpc_auth_ntlmssp_chk("auth_sign", &chk, &auth_verf, 0);
NTLMSSPcalc(cli->ntlmssp_hash, (uchar*)mem_data(&auth_verf.data, 4), 12);
}
@@ -737,11 +820,11 @@ static BOOL rpc_pipe_bind(struct cli_state *cli, char *pipe_name,
if (!valid_pipe_name(pipe_name, abstract, transfer)) return False;
- prs_init(&hdr , 0x10 , 4, 0x0 , False);
- prs_init(&hdr_rb , 1024 , 4, SAFETY_MARGIN, False);
- prs_init(&hdr_auth , ntlmssp_auth ? 8 : 0, 4, SAFETY_MARGIN, False);
- prs_init(&auth_req , ntlmssp_auth ? 1024 : 0, 4, SAFETY_MARGIN, False);
- prs_init(&auth_ntlm, ntlmssp_auth ? 1024 : 0, 4, SAFETY_MARGIN, False);
+ prs_init(&hdr , 0x10 , 4, 0x0 , False);
+ prs_init(&hdr_rb , 1024 , 4, SAFETY_MARGIN, False);
+ prs_init(&hdr_auth , (ntlmssp_auth ? 8 : 0), 4, SAFETY_MARGIN, False);
+ prs_init(&auth_req , (ntlmssp_auth ? 1024 : 0), 4, SAFETY_MARGIN, False);
+ prs_init(&auth_ntlm, (ntlmssp_auth ? 1024 : 0), 4, SAFETY_MARGIN, False);
prs_init(&rdata , 0 , 4, SAFETY_MARGIN, True);
prs_init(&rparam , 0 , 4, SAFETY_MARGIN, True);
@@ -810,11 +893,6 @@ static BOOL rpc_pipe_bind(struct cli_state *cli, char *pipe_name,
prs_init(&auth_resp, 1024, 4, SAFETY_MARGIN, False);
pwd_make_lm_nt_owf(&cli->pwd, rhdr_chal.challenge);
- pwd_get_lm_nt_owf(&cli->pwd, lm_owf, NULL);
- pwd_get_lm_nt_16(&cli->pwd, lm_hash, NULL);
- NTLMSSPOWFencrypt(lm_hash, lm_owf, p24);
- bzero(lm_hash, sizeof(lm_hash));
- NTLMSSPhash(cli->ntlmssp_hash, p24);
create_rpc_bind_resp(&cli->pwd, cli->domain,
cli->user_name, global_myname,
@@ -822,6 +900,12 @@ static BOOL rpc_pipe_bind(struct cli_state *cli, char *pipe_name,
call_id,
&hdra, &hdr_autha, &auth_resp);
+ pwd_get_lm_nt_owf(&cli->pwd, lm_owf, NULL);
+ pwd_get_lm_nt_16(&cli->pwd, lm_hash, NULL);
+ NTLMSSPOWFencrypt(lm_hash, lm_owf, p24);
+ bzero(lm_hash, sizeof(lm_hash));
+ NTLMSSPhash(cli->ntlmssp_hash, p24);
+
/* this is a hack due to limitations in rpc_api_pipe */
prs_init(&dataa, mem_buf_len(hdra.data), 4, 0x0, False);
mem_buf_copy(dataa.data->data, hdra.data, 0, mem_buf_len(hdra.data));
@@ -909,16 +993,16 @@ BOOL cli_nt_session_open(struct cli_state *cli, char *pipe_name, BOOL encrypted)
if (encrypted)
{
- cli->ntlmssp_cli_flgs =
- NTLMSSP_NEGOTIATE_UNICODE |
-/* NTLMSSP_NEGOTIATE_OEM |
- */
+ cli->ntlmssp_cli_flgs = 0xb2b3;
+/* NTLMSSP_NEGOTIATE_UNICODE |
+ NTLMSSP_NEGOTIATE_OEM |
+
NTLMSSP_NEGOTIATE_SIGN |
NTLMSSP_NEGOTIATE_SEAL |
NTLMSSP_NEGOTIATE_LM_KEY |
NTLMSSP_NEGOTIATE_NTLM |
NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
-/*
+
NTLMSSP_NEGOTIATE_00001000 |
NTLMSSP_NEGOTIATE_00002000;
*/
diff --git a/source3/rpc_parse/parse_rpc.c b/source3/rpc_parse/parse_rpc.c
index 6b4deb00cf..f9745da4b4 100644
--- a/source3/rpc_parse/parse_rpc.c
+++ b/source3/rpc_parse/parse_rpc.c
@@ -462,7 +462,8 @@ creates an RPC_HDR_AUTH structure.
********************************************************************/
void make_rpc_hdr_auth(RPC_HDR_AUTH *rai,
uint8 auth_type, uint8 auth_level,
- uint8 stub_type_len)
+ uint8 stub_type_len,
+ uint32 ptr)
{
if (rai == NULL) return;
@@ -471,7 +472,7 @@ void make_rpc_hdr_auth(RPC_HDR_AUTH *rai,
rai->stub_type_len = stub_type_len; /* 0x00 */
rai->padding = 0; /* padding 0x00 */
- rai->unknown = 0x0014a0c0; /* non-zero pointer to something */
+ rai->unknown = ptr; /* non-zero pointer to something */
}
/*******************************************************************
@@ -532,8 +533,8 @@ void make_rpc_auth_ntlmssp_neg(RPC_AUTH_NTLMSSP_NEG *neg,
neg->neg_flgs = neg_flgs ; /* 0x00b2b3 */
- make_str_hdr(&neg->hdr_myname, len_myname+1, len_myname+1, 0x20);
- make_str_hdr(&neg->hdr_domain, len_domain+1, len_domain+1, 0x20 + len_myname+1);
+ make_str_hdr(&neg->hdr_domain, len_domain, len_domain, 0x20 + len_myname);
+ make_str_hdr(&neg->hdr_myname, len_myname, len_myname, 0x20);
fstrcpy(neg->myname, myname);
fstrcpy(neg->domain, domain);
@@ -551,11 +552,38 @@ void smb_io_rpc_auth_ntlmssp_neg(char *desc, RPC_AUTH_NTLMSSP_NEG *neg, prs_stru
prs_uint32("neg_flgs ", ps, depth, &(neg->neg_flgs));
- smb_io_strhdr("hdr_myname", &(neg->hdr_myname), ps, depth);
- smb_io_strhdr("hdr_domain", &(neg->hdr_domain), ps, depth);
+ if (ps->io)
+ {
+ uint32 old_offset;
+
+ /* reading */
+
+ ZERO_STRUCTP(neg);
+
+ smb_io_strhdr("hdr_domain", &(neg->hdr_domain), ps, depth);
+ smb_io_strhdr("hdr_myname", &(neg->hdr_myname), ps, depth);
+
+ old_offset = ps->offset;
+
+ ps->offset = neg->hdr_myname .buffer + 0x1c;
+ prs_uint8s(True , "myname", ps, depth, (uint8*)neg->myname , MIN(neg->hdr_myname .str_str_len, sizeof(neg->myname )));
+ old_offset += neg->hdr_myname .str_str_len;
+
+ ps->offset = neg->hdr_domain .buffer + 0x1c;
+ prs_uint8s(True , "domain", ps, depth, (uint8*)neg->domain , MIN(neg->hdr_domain .str_str_len, sizeof(neg->domain )));
+ old_offset += neg->hdr_domain .str_str_len;
+
+ ps->offset = old_offset;
+ }
+ else
+ {
+ /* writing */
+ smb_io_strhdr("hdr_domain", &(neg->hdr_domain), ps, depth);
+ smb_io_strhdr("hdr_myname", &(neg->hdr_myname), ps, depth);
- prs_string("domain", ps, depth, neg->domain, neg->hdr_domain.str_str_len-1, sizeof(neg->domain));
- prs_string("myname", ps, depth, neg->myname, neg->hdr_myname.str_str_len-1, sizeof(neg->myname));
+ prs_uint8s(True , "myname", ps, depth, (uint8*)neg->myname , MIN(neg->hdr_myname .str_str_len, sizeof(neg->myname )));
+ prs_uint8s(True , "domain", ps, depth, (uint8*)neg->domain , MIN(neg->hdr_domain .str_str_len, sizeof(neg->domain )));
+ }
}
/*******************************************************************
diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c
index 81fd373613..2b5fe909ab 100644
--- a/source3/rpcclient/cmd_samr.c
+++ b/source3/rpcclient/cmd_samr.c
@@ -80,7 +80,7 @@ void cmd_sam_ntchange_pwd(struct client_info *info)
E_old_pw_hash(lm_newhash, nt_oldhash, nt_hshhash);
/* open SAMR session. */
- res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, False) : False;
+ res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, True) : False;
/* establish a connection. */
res = res ? do_samr_unknown_38(smb_cli, srv_name) : False;
@@ -119,12 +119,13 @@ void cmd_sam_test(struct client_info *info)
fstrcpy(sid , info->dom.level5_sid);
fstrcpy(domain, info->dom.level5_dom);
+/*
if (strlen(sid) == 0)
{
fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
return;
}
-
+*/
fstrcpy(srv_name, "\\\\");
fstrcat(srv_name, info->dest_host);
strupper(srv_name);
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index b505da18fa..49ad4a514f 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -470,26 +470,26 @@ static BOOL pass_check_smb(char *user,char *password, struct passwd *pwd)
}
if (!pass) {
- DEBUG(1,("Couldn't find user %s\n",user));
+ DEBUG(3,("Couldn't find user %s\n",user));
return(False);
}
smb_pass = getsmbpwnam(user);
if (!smb_pass) {
- DEBUG(0,("Couldn't find user %s in smb_passwd file.\n", user));
+ DEBUG(3,("Couldn't find user %s in smb_passwd file.\n", user));
return(False);
}
/* Quit if the account was disabled. */
if(smb_pass->acct_ctrl & ACB_DISABLED) {
- DEBUG(0,("account for user %s was disabled.\n", user));
+ DEBUG(3,("account for user %s was disabled.\n", user));
return(False);
}
/* Ensure the uid's match */
if (smb_pass->smb_userid != pass->pw_uid) {
- DEBUG(0,("Error : UNIX and SMB uids in password files do not match !\n"));
+ DEBUG(3,("Error : UNIX and SMB uids in password files do not match !\n"));
return(False);
}