diff options
-rw-r--r-- | libcli/auth/msrpc_parse.c | 5 | ||||
-rw-r--r-- | librpc/idl/ntlmssp.idl | 2 | ||||
-rw-r--r-- | source3/libsmb/ntlmssp.c | 66 |
3 files changed, 39 insertions, 34 deletions
diff --git a/libcli/auth/msrpc_parse.c b/libcli/auth/msrpc_parse.c index 336611d132..7ac6fb57b2 100644 --- a/libcli/auth/msrpc_parse.c +++ b/libcli/auth/msrpc_parse.c @@ -174,7 +174,10 @@ bool msrpc_gen(TALLOC_CTX *mem_ctx, break; case 'b': n = pointers[i].length; - memcpy(blob->data + head_ofs, pointers[i].data, n); + if (pointers[i].data && n) { + /* don't follow null pointers... */ + memcpy(blob->data + head_ofs, pointers[i].data, n); + } head_ofs += n; break; case 'C': diff --git a/librpc/idl/ntlmssp.idl b/librpc/idl/ntlmssp.idl index 1227952ff2..eb9ab291fc 100644 --- a/librpc/idl/ntlmssp.idl +++ b/librpc/idl/ntlmssp.idl @@ -86,7 +86,7 @@ interface ntlmssp /* [MS-NLMP] 2.2.2.10 VERSION */ - typedef struct { + typedef [public] struct { ntlmssp_WindowsMajorVersion ProductMajorVersion; ntlmssp_WindowsMinorVersion ProductMinorVersion; uint16 ProductBuild; diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c index 1f6720c125..2fc8adff83 100644 --- a/source3/libsmb/ntlmssp.c +++ b/source3/libsmb/ntlmssp.c @@ -522,45 +522,47 @@ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state, { /* Marshal the packet in the right format, be it unicode or ASCII */ const char *gen_string; - /* "What Windows returns" as a version number. */ - const char vers[] = { 0x6, 0x1, 0xb0, 0x1d, 0, 0, 0, 0xf}; + DATA_BLOB version_blob = data_blob_null; if (chal_flags & NTLMSSP_NEGOTIATE_VERSION) { - DATA_BLOB version_blob = data_blob_talloc(ntlmssp_state, vers, 8); - - if (ntlmssp_state->unicode) { - gen_string = "CdUdbddBb"; - } else { - gen_string = "CdAdbddBb"; + enum ndr_err_code err; + struct VERSION vers; + + /* "What Windows returns" as a version number. */ + ZERO_STRUCT(vers); + vers.ProductMajorVersion = NTLMSSP_WINDOWS_MAJOR_VERSION_6; + vers.ProductMinorVersion = NTLMSSP_WINDOWS_MINOR_VERSION_1; + vers.ProductBuild = 0; + vers.NTLMRevisionCurrent = NTLMSSP_REVISION_W2K3; + + err = ndr_push_struct_blob(&version_blob, + ntlmssp_state, + &vers, + (ndr_push_flags_fn_t)ndr_push_VERSION); + + if (err) { + return NT_STATUS_NO_MEMORY; } + } - msrpc_gen(ntlmssp_state, reply, gen_string, - "NTLMSSP", - NTLMSSP_CHALLENGE, - target_name, - chal_flags, - cryptkey, 8, - 0, 0, - struct_blob.data, struct_blob.length, - version_blob.data, version_blob.length); - data_blob_free(&version_blob); + if (ntlmssp_state->unicode) { + gen_string = "CdUdbddBb"; } else { - if (ntlmssp_state->unicode) { - gen_string = "CdUdbddB"; - } else { - gen_string = "CdAdbddB"; - } - - msrpc_gen(ntlmssp_state, reply, gen_string, - "NTLMSSP", - NTLMSSP_CHALLENGE, - target_name, - chal_flags, - cryptkey, 8, - 0, 0, - struct_blob.data, struct_blob.length); + gen_string = "CdAdbddBb"; } + msrpc_gen(ntlmssp_state, reply, gen_string, + "NTLMSSP", + NTLMSSP_CHALLENGE, + target_name, + chal_flags, + cryptkey, 8, + 0, 0, + struct_blob.data, struct_blob.length, + version_blob.data, version_blob.length); + + data_blob_free(&version_blob); + if (DEBUGLEVEL >= 10) { if (NT_STATUS_IS_OK(ntlmssp_pull_CHALLENGE_MESSAGE(reply, ntlmssp_state, |