From 395c366237dec1a38a53248d2e8df17f877207aa Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 4 Jan 2008 22:56:31 +0100 Subject: Do not pass emtpy wkssvc_PasswordBuffers to rpc functions. Guenther (This used to be commit fe75e5ccdfc2609380367e59215637b0de1ef241) --- source3/lib/netapi/joindomain.c | 12 ++++-------- source3/libsmb/smbencrypt.c | 20 ++++++++++++++------ 2 files changed, 18 insertions(+), 14 deletions(-) diff --git a/source3/lib/netapi/joindomain.c b/source3/lib/netapi/joindomain.c index 0d4452e1df..c7849c952f 100644 --- a/source3/lib/netapi/joindomain.c +++ b/source3/lib/netapi/joindomain.c @@ -90,13 +90,11 @@ static WERROR NetJoinDomainRemote(struct libnetapi_ctx *ctx, { struct cli_state *cli = NULL; struct rpc_pipe_client *pipe_cli = NULL; - struct wkssvc_PasswordBuffer encrypted_password; + struct wkssvc_PasswordBuffer *encrypted_password = NULL; NTSTATUS status; WERROR werr; unsigned int old_timeout = 0; - ZERO_STRUCT(encrypted_password); - status = cli_full_connection(&cli, NULL, server_name, NULL, 0, "IPC$", "IPC", @@ -129,7 +127,7 @@ static WERROR NetJoinDomainRemote(struct libnetapi_ctx *ctx, status = rpccli_wkssvc_NetrJoinDomain2(pipe_cli, ctx, server_name, domain_name, account_ou, Account, - &encrypted_password, + encrypted_password, join_flags, &werr); if (!NT_STATUS_IS_OK(status)) { werr = ntstatus_to_werror(status); @@ -277,13 +275,11 @@ static WERROR NetUnjoinDomainRemote(struct libnetapi_ctx *ctx, { struct cli_state *cli = NULL; struct rpc_pipe_client *pipe_cli = NULL; - struct wkssvc_PasswordBuffer encrypted_password; + struct wkssvc_PasswordBuffer *encrypted_password = NULL; NTSTATUS status; WERROR werr; unsigned int old_timeout = 0; - ZERO_STRUCT(encrypted_password); - status = cli_full_connection(&cli, NULL, server_name, NULL, 0, "IPC$", "IPC", @@ -316,7 +312,7 @@ static WERROR NetUnjoinDomainRemote(struct libnetapi_ctx *ctx, status = rpccli_wkssvc_NetrUnjoinDomain2(pipe_cli, ctx, server_name, account, - &encrypted_password, + encrypted_password, unjoin_flags, &werr); if (!NT_STATUS_IS_OK(status)) { diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c index 9e37d1d6cf..d7f6f604f7 100644 --- a/source3/libsmb/smbencrypt.c +++ b/source3/libsmb/smbencrypt.c @@ -704,16 +704,22 @@ char *decrypt_trustdom_secret(const char *pass, DATA_BLOB *data_in) void encode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx, const char *pwd, DATA_BLOB *session_key, - struct wkssvc_PasswordBuffer *pwd_buf) + struct wkssvc_PasswordBuffer **pwd_buf) { uint8_t buffer[516]; struct MD5Context ctx; - - DATA_BLOB confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16); - + struct wkssvc_PasswordBuffer *my_pwd_buf = NULL; + DATA_BLOB confounded_session_key; int confounder_len = 8; uint8_t confounder[8]; + my_pwd_buf = talloc_zero(mem_ctx, struct wkssvc_PasswordBuffer); + if (!my_pwd_buf) { + return; + } + + confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16); + encode_pw_buffer(buffer, pwd, STR_UNICODE); generate_random_buffer((uint8_t *)confounder, confounder_len); @@ -725,10 +731,12 @@ void encode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx, SamOEMhashBlob(buffer, 516, &confounded_session_key); - memcpy(&pwd_buf->data[0], confounder, confounder_len); - memcpy(&pwd_buf->data[8], buffer, 516); + memcpy(&my_pwd_buf->data[0], confounder, confounder_len); + memcpy(&my_pwd_buf->data[8], buffer, 516); data_blob_free(&confounded_session_key); + + *pwd_buf = my_pwd_buf; } WERROR decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx, -- cgit