sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-03 12:58:35 +03:00
Code

This fixes net rpc vampire when talking to win2k (<sp3). win2k sends

Browse Source 
back a different sized blob of encrypted password data then we were
expecting.  There's an extra 32 bytes of unknown stuff.
(This used to be commit 285952fd626b02362fb6732f90c5a3ce0d2d5ae0)
This commit is contained in:
Tim Potter 2003-05-26 06:59:38 +00:00
parent ac33cc9ca3
commit 0d3097c135
2 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
source3/rpc_parse/parse_net.c
View File

@ -2129,12 +2129,12 @@ static BOOL net_io_sam_account_info(const char *desc, uint8 sess_key[16],
if (!prs_uint32("pwd_len", ps, depth, &len))
return False;
old_offset = ps->data_offset;
if (len == 0x44)
if (len > 0)
{
if (ps->io)
{
/* reading */
if (!prs_hash1(ps, ps->data_offset, sess_key))
if (!prs_hash1(ps, ps->data_offset, sess_key, len))
return False;
}
if (!net_io_sam_passwd_info("pass", &info->pass,
@ -2144,7 +2144,7 @@ static BOOL net_io_sam_account_info(const char *desc, uint8 sess_key[16],
if (!ps->io)
{
/* writing */
if (!prs_hash1(ps, old_offset, sess_key))
if (!prs_hash1(ps, old_offset, sess_key, len))
return False;
}
}

8
source3/rpc_parse/parse_prs.c
View File

@ -1316,7 +1316,7 @@ int tdb_prs_fetch(TDB_CONTEXT *tdb, char *keystr, prs_struct *ps, TALLOC_CTX *me
/*******************************************************************
hash a stream.
********************************************************************/
BOOL prs_hash1(prs_struct *ps, uint32 offset, uint8 sess_key[16])
BOOL prs_hash1(prs_struct *ps, uint32 offset, uint8 sess_key[16], int len)
{
char *q;
@ -1326,12 +1326,12 @@ BOOL prs_hash1(prs_struct *ps, uint32 offset, uint8 sess_key[16])
#ifdef DEBUG_PASSWORD
DEBUG(100, ("prs_hash1\n"));
dump_data(100, sess_key, 16);
dump_data(100, q, 68);
dump_data(100, q, len);
#endif
SamOEMhash((uchar *) q, sess_key, 68);
SamOEMhash((uchar *) q, sess_key, len);
#ifdef DEBUG_PASSWORD
dump_data(100, q, 68);
dump_data(100, q, len);
#endif
return True;