summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--libcli/auth/msrpc_parse.c5
-rw-r--r--librpc/idl/ntlmssp.idl2
-rw-r--r--source3/libsmb/ntlmssp.c66
3 files changed, 39 insertions, 34 deletions
diff --git a/libcli/auth/msrpc_parse.c b/libcli/auth/msrpc_parse.c
index 336611d132..7ac6fb57b2 100644
--- a/libcli/auth/msrpc_parse.c
+++ b/libcli/auth/msrpc_parse.c
@@ -174,7 +174,10 @@ bool msrpc_gen(TALLOC_CTX *mem_ctx,
break;
case 'b':
n = pointers[i].length;
- memcpy(blob->data + head_ofs, pointers[i].data, n);
+ if (pointers[i].data && n) {
+ /* don't follow null pointers... */
+ memcpy(blob->data + head_ofs, pointers[i].data, n);
+ }
head_ofs += n;
break;
case 'C':
diff --git a/librpc/idl/ntlmssp.idl b/librpc/idl/ntlmssp.idl
index 1227952ff2..eb9ab291fc 100644
--- a/librpc/idl/ntlmssp.idl
+++ b/librpc/idl/ntlmssp.idl
@@ -86,7 +86,7 @@ interface ntlmssp
/* [MS-NLMP] 2.2.2.10 VERSION */
- typedef struct {
+ typedef [public] struct {
ntlmssp_WindowsMajorVersion ProductMajorVersion;
ntlmssp_WindowsMinorVersion ProductMinorVersion;
uint16 ProductBuild;
diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
index 1f6720c125..2fc8adff83 100644
--- a/source3/libsmb/ntlmssp.c
+++ b/source3/libsmb/ntlmssp.c
@@ -522,45 +522,47 @@ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state,
{
/* Marshal the packet in the right format, be it unicode or ASCII */
const char *gen_string;
- /* "What Windows returns" as a version number. */
- const char vers[] = { 0x6, 0x1, 0xb0, 0x1d, 0, 0, 0, 0xf};
+ DATA_BLOB version_blob = data_blob_null;
if (chal_flags & NTLMSSP_NEGOTIATE_VERSION) {
- DATA_BLOB version_blob = data_blob_talloc(ntlmssp_state, vers, 8);
-
- if (ntlmssp_state->unicode) {
- gen_string = "CdUdbddBb";
- } else {
- gen_string = "CdAdbddBb";
+ enum ndr_err_code err;
+ struct VERSION vers;
+
+ /* "What Windows returns" as a version number. */
+ ZERO_STRUCT(vers);
+ vers.ProductMajorVersion = NTLMSSP_WINDOWS_MAJOR_VERSION_6;
+ vers.ProductMinorVersion = NTLMSSP_WINDOWS_MINOR_VERSION_1;
+ vers.ProductBuild = 0;
+ vers.NTLMRevisionCurrent = NTLMSSP_REVISION_W2K3;
+
+ err = ndr_push_struct_blob(&version_blob,
+ ntlmssp_state,
+ &vers,
+ (ndr_push_flags_fn_t)ndr_push_VERSION);
+
+ if (err) {
+ return NT_STATUS_NO_MEMORY;
}
+ }
- msrpc_gen(ntlmssp_state, reply, gen_string,
- "NTLMSSP",
- NTLMSSP_CHALLENGE,
- target_name,
- chal_flags,
- cryptkey, 8,
- 0, 0,
- struct_blob.data, struct_blob.length,
- version_blob.data, version_blob.length);
- data_blob_free(&version_blob);
+ if (ntlmssp_state->unicode) {
+ gen_string = "CdUdbddBb";
} else {
- if (ntlmssp_state->unicode) {
- gen_string = "CdUdbddB";
- } else {
- gen_string = "CdAdbddB";
- }
-
- msrpc_gen(ntlmssp_state, reply, gen_string,
- "NTLMSSP",
- NTLMSSP_CHALLENGE,
- target_name,
- chal_flags,
- cryptkey, 8,
- 0, 0,
- struct_blob.data, struct_blob.length);
+ gen_string = "CdAdbddBb";
}
+ msrpc_gen(ntlmssp_state, reply, gen_string,
+ "NTLMSSP",
+ NTLMSSP_CHALLENGE,
+ target_name,
+ chal_flags,
+ cryptkey, 8,
+ 0, 0,
+ struct_blob.data, struct_blob.length,
+ version_blob.data, version_blob.length);
+
+ data_blob_free(&version_blob);
+
if (DEBUGLEVEL >= 10) {
if (NT_STATUS_IS_OK(ntlmssp_pull_CHALLENGE_MESSAGE(reply,
ntlmssp_state,