diff options
Diffstat (limited to 'source3/rpc_server')
-rw-r--r-- | source3/rpc_server/srv_pipe_hnd.c | 4 | ||||
-rw-r--r-- | source3/rpc_server/srv_util.c | 50 |
2 files changed, 52 insertions, 2 deletions
diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index b1aede6166..27e156943c 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -159,7 +159,7 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, SERIOUSLY ALPHA CODE! ****************************************************************************/ -int write_pipe(pipes_struct *p, char *data, int n) +ssize_t write_pipe(pipes_struct *p, char *data, size_t n) { prs_struct pd; struct mem_buf data_buf; @@ -182,7 +182,7 @@ int write_pipe(pipes_struct *p, char *data, int n) pd.io = True; pd.offset = 0; - return rpc_command(p, &pd) ? n : -1; + return rpc_command(p, &pd) ? ((ssize_t)n) : -1; } diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c index f9532981e0..dc0918f1bf 100644 --- a/source3/rpc_server/srv_util.c +++ b/source3/rpc_server/srv_util.c @@ -208,6 +208,52 @@ BOOL create_rpc_reply(pipes_struct *p, return p->rhdr.data != NULL && p->rhdr.offset == 0x18; } +static BOOL api_pipe_ntlmssp_verify(pipes_struct *p) +{ + uchar lm_owf[24]; + uchar nt_owf[24]; + + DEBUG(5,("api_pipe_ntlmssp_verify: checking user details\n")); + + if (p->ntlmssp_resp.hdr_lm_resp.str_str_len == 0) return False; + if (p->ntlmssp_resp.hdr_nt_resp.str_str_len == 0) return False; + if (p->ntlmssp_resp.hdr_usr .str_str_len == 0) return False; + if (p->ntlmssp_resp.hdr_domain .str_str_len == 0) return False; + if (p->ntlmssp_resp.hdr_wks .str_str_len == 0) return False; + + memset(p->user_name, 0, sizeof(p->user_name)); + memset(p->domain , 0, sizeof(p->domain )); + memset(p->wks , 0, sizeof(p->wks )); + + if (IS_BITS_SET_ALL(p->ntlmssp_chal.neg_flags, NTLMSSP_NEGOTIATE_UNICODE)) + { + fstrcpy(p->user_name, unistrn2((uint16*)p->ntlmssp_resp.user , p->ntlmssp_resp.hdr_usr .str_str_len/2)); + fstrcpy(p->domain , unistrn2((uint16*)p->ntlmssp_resp.domain, p->ntlmssp_resp.hdr_domain.str_str_len/2)); + fstrcpy(p->wks , unistrn2((uint16*)p->ntlmssp_resp.wks , p->ntlmssp_resp.hdr_wks .str_str_len/2)); + } + else + { + fstrcpy(p->user_name, p->ntlmssp_resp.user ); + fstrcpy(p->domain , p->ntlmssp_resp.domain); + fstrcpy(p->wks , p->ntlmssp_resp.wks ); + } + + DEBUG(5,("user: %s domain: %s wks: %s\n", p->user_name, p->domain, p->wks)); + + memcpy(lm_owf, p->ntlmssp_resp.lm_resp, sizeof(lm_owf)); + memcpy(nt_owf, p->ntlmssp_resp.nt_resp, sizeof(nt_owf)); + +#ifdef DEBUG_PASSWORD + DEBUG(100,"lm, nt owfs:\n")); + dump_data(100, lm_owf, sizeof(lm_owf)); + dump_data(100, nt_owf, sizeof(nt_owf)); +#endif + return True; +#if 0 + return pass_check_smb(p->user_name, p->domain, + p->ntplssp_chal.challenge, lm_owf, nt_owf); +#endif +} static BOOL api_pipe_ntlmssp(pipes_struct *p, prs_struct *pd) { @@ -222,6 +268,10 @@ static BOOL api_pipe_ntlmssp(pipes_struct *p, prs_struct *pd) case NTLMSSP_AUTH: { smb_io_rpc_auth_ntlmssp_resp("", &p->ntlmssp_resp, pd, 0); + if (!api_pipe_ntlmssp_verify(p)) + { + pd->offset = 0; + } break; } default: |