mirror of
https://github.com/samba-team/samba.git
synced 2025-01-15 23:24:37 +03:00
fix WinXP & Win2K3 remote_arch and check pointer in ntlmssp code before dereferencing
This commit is contained in:
parent
d81b0d2690
commit
2487480228
@ -85,6 +85,7 @@ PIDDIR = @piddir@
|
||||
# man pages language(s)
|
||||
man_langs = "@manlangs@"
|
||||
|
||||
LIBSMBCLIENT=bin/libsmbclient.a @LIBSMBCLIENT_SHARED@
|
||||
LIBSMBCLIENT_MAJOR=0
|
||||
LIBSMBCLIENT_MINOR=1
|
||||
|
||||
@ -897,7 +898,7 @@ bin/libbigballofmud.a: $(LIBBIGBALLOFMUD_OBJS)
|
||||
@echo Linking bigballofmud non-shared library $@
|
||||
-$(AR) -rc $@ $(LIBBIGBALLOFMUD_OBJS)
|
||||
|
||||
libsmbclient: bin/libsmbclient.a @LIBSMBCLIENT_SHARED@
|
||||
libsmbclient: $(LIBSMBCLIENT)
|
||||
|
||||
bin/librpc_lsarpc.@SHLIBEXT@: $(RPC_LSA_OBJ)
|
||||
@echo "Linking $@"
|
||||
@ -1135,7 +1136,7 @@ TOPFILES=dynconfig.o dynconfig.po
|
||||
|
||||
clean: delheaders python_clean
|
||||
-rm -f core */*~ *~ */*.o */*.po */*.po32 */*.@SHLIBEXT@ \
|
||||
$(TOPFILES) $(BIN_PROGS) $(SBIN_PROGS) $(MODULES) $(TORTURE_PROGS) .headers.stamp
|
||||
$(TOPFILES) $(BIN_PROGS) $(SBIN_PROGS) $(MODULES) $(TORTURE_PROGS) $(LIBSMBCLIENT) .headers.stamp
|
||||
|
||||
# Making this target will just make sure that the prototype files
|
||||
# exist, not necessarily that they are up to date. Since they're
|
||||
|
@ -1740,6 +1740,22 @@ BOOL is_myworkgroup(const char *s)
|
||||
return(ret);
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
we distinguish between 2K and XP by the "Native Lan Manager" string
|
||||
WinXP => "Windows 2002 5.1"
|
||||
Win2k => "Windows 2000 5.0"
|
||||
NT4 => "Windows NT 4.0"
|
||||
Win9x => "Windows 4.0"
|
||||
********************************************************************/
|
||||
|
||||
void ra_lanman_string( const char *native_lanman )
|
||||
{
|
||||
if ( 0 == strcmp( native_lanman, "Windows 2002 5.1" ) )
|
||||
set_remote_arch( RA_WINXP );
|
||||
else if ( 0 == strcmp( native_lanman, "Windows .NET 5.2" ) )
|
||||
set_remote_arch( RA_WIN2K3 );
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
Set the horrid remote_arch string based on an enum.
|
||||
********************************************************************/
|
||||
|
@ -396,8 +396,10 @@ static int reply_spnego_auth(connection_struct *conn, char *inbuf, char *outbuf,
|
||||
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
|
||||
}
|
||||
|
||||
if ( global_ntlmssp_state ) {
|
||||
nt_status = auth_ntlmssp_update(global_ntlmssp_state,
|
||||
auth, &auth_reply);
|
||||
}
|
||||
|
||||
data_blob_free(&auth);
|
||||
|
||||
@ -422,6 +424,10 @@ static int reply_sesssetup_and_X_spnego(connection_struct *conn, char *inbuf,
|
||||
DATA_BLOB blob1;
|
||||
int ret;
|
||||
size_t bufrem;
|
||||
fstring native_os, native_lanman;
|
||||
char *p2;
|
||||
uint16 data_blob_len = SVAL(inbuf, smb_vwv7);
|
||||
enum remote_arch_types ra_type = get_remote_arch();
|
||||
|
||||
DEBUG(3,("Doing spnego session setup\n"));
|
||||
|
||||
@ -431,19 +437,27 @@ static int reply_sesssetup_and_X_spnego(connection_struct *conn, char *inbuf,
|
||||
|
||||
p = (uint8 *)smb_buf(inbuf);
|
||||
|
||||
if (SVAL(inbuf, smb_vwv7) == 0) {
|
||||
if (data_blob_len == 0) {
|
||||
/* an invalid request */
|
||||
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
|
||||
}
|
||||
|
||||
bufrem = smb_bufrem(inbuf, p);
|
||||
/* pull the spnego blob */
|
||||
blob1 = data_blob(p, MIN(bufrem, SVAL(inbuf, smb_vwv7)));
|
||||
blob1 = data_blob(p, MIN(bufrem, data_blob_len));
|
||||
|
||||
#if 0
|
||||
file_save("negotiate.dat", blob1.data, blob1.length);
|
||||
#endif
|
||||
|
||||
p2 = inbuf + smb_vwv13 + data_blob_len;
|
||||
p2 += srvstr_pull_buf(inbuf, native_os, p2, sizeof(native_os), STR_TERMINATE);
|
||||
p2 += srvstr_pull_buf(inbuf, native_lanman, p2, sizeof(native_lanman), STR_TERMINATE);
|
||||
DEBUG(3,("NativeOS=[%s] NativeLanMan=[%s]\n", native_os, native_lanman));
|
||||
|
||||
if ( ra_type == RA_WIN2K )
|
||||
ra_lanman_string( native_lanman );
|
||||
|
||||
if (blob1.data[0] == ASN1_APPLICATION(0)) {
|
||||
/* its a negTokenTarg packet */
|
||||
ret = reply_spnego_negotiate(conn, inbuf, outbuf, length, bufsize, blob1);
|
||||
@ -606,21 +620,8 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,
|
||||
DEBUG(3,("Domain=[%s] NativeOS=[%s] NativeLanMan=[%s]\n",
|
||||
domain,native_os,native_lanman));
|
||||
|
||||
/*
|
||||
* we distinguish between 2K and XP by the "Native Lan Manager" string
|
||||
* WinXP => "Windows 2002 5.1"
|
||||
* Win2k => "Windows 2000 5.0"
|
||||
* NT4 => "Windows NT 4.0"
|
||||
* Win9x => "Windows 4.0"
|
||||
*/
|
||||
|
||||
if ( ra_type == RA_WIN2K ) {
|
||||
if ( 0 == strcmp( native_lanman, "Windows 2002 5.1" ) )
|
||||
set_remote_arch( RA_WINXP );
|
||||
else if ( 0 == strcmp( native_lanman, "Windows .NET 5.2" ) )
|
||||
set_remote_arch( RA_WIN2K3 );
|
||||
}
|
||||
|
||||
if ( ra_type == RA_WIN2K )
|
||||
ra_lanman_string( native_lanman );
|
||||
|
||||
}
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user