mirror of
https://github.com/samba-team/samba.git
synced 2025-01-11 05:18:09 +03:00
dce/rpc
This commit is contained in:
parent
bff457b4a4
commit
69f5f9f889
@ -121,6 +121,7 @@ struct cli_state {
|
||||
unsigned char ntlmssp_hash[258]; /* ntlmssp data. */
|
||||
uint32 ntlmssp_cli_flgs; /* ntlmssp client flags */
|
||||
uint32 ntlmssp_srv_flgs; /* ntlmssp server flags */
|
||||
uint32 ntlmssp_seq_num; /* ntlmssp sequence number */
|
||||
DOM_CRED clnt_cred; /* Client credential. */
|
||||
fstring mach_acct; /* MYNAME$. */
|
||||
fstring srv_name_slash; /* \\remote server. */
|
||||
|
@ -1558,7 +1558,8 @@ void make_rpc_hdr_autha(RPC_HDR_AUTHA *rai,
|
||||
void smb_io_rpc_hdr_autha(char *desc, RPC_HDR_AUTHA *rai, prs_struct *ps, int depth);
|
||||
void make_rpc_hdr_auth(RPC_HDR_AUTH *rai,
|
||||
uint8 auth_type, uint8 auth_level,
|
||||
uint8 stub_type_len);
|
||||
uint8 stub_type_len,
|
||||
uint32 ptr);
|
||||
void smb_io_rpc_hdr_auth(char *desc, RPC_HDR_AUTH *rai, prs_struct *ps, int depth);
|
||||
void make_rpc_auth_verifier(RPC_AUTH_VERIFIER *rav,
|
||||
char *signature, uint32 msg_type);
|
||||
|
@ -170,7 +170,7 @@ typedef struct rpc_hdr_auth_info
|
||||
uint8 stub_type_len; /* don't know */
|
||||
uint8 padding; /* padding */
|
||||
|
||||
uint32 unknown; /* 0x0014a0c0 */
|
||||
uint32 unknown; /* pointer */
|
||||
|
||||
} RPC_HDR_AUTH;
|
||||
|
||||
|
@ -1,73 +1,73 @@
|
||||
/*
|
||||
* Dr Dobb's Journal: http://www.ddj.com/ftp/1992/1992.05/crcman.zip
|
||||
* Copyright francesco@aerra.it - code used WITHOUT acknowledgment to
|
||||
* request to use it here yet received.
|
||||
*
|
||||
* Copyright Mark R. Nelson 1992
|
||||
* must work on the dr dobb's version or find another version if
|
||||
* permission not received or permission refused.
|
||||
*
|
||||
* This code used by permission of J Erickson <jerickson@ddj.com>
|
||||
* Tues 6th October 1998. Copyright acknowledged above, as agreed.
|
||||
*
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
extern int DEBUGLEVEL;
|
||||
|
||||
#define CRC32_POLYNOMIAL 0xEDB88320L
|
||||
|
||||
/*****************************************************************
|
||||
Instead of performing a straightforward calculation of the 32 bit
|
||||
CRC using a series of logical operations, this program uses the
|
||||
faster table lookup method. This routine is called once when the
|
||||
program starts up to build the table which will be used later
|
||||
when calculating the CRC values.
|
||||
*****************************************************************/
|
||||
|
||||
static uint32 CRCTable[256];
|
||||
|
||||
void crc32_build_table(void)
|
||||
static unsigned long CRCTable[256] =
|
||||
{
|
||||
int i;
|
||||
int j;
|
||||
uint32 crc;
|
||||
|
||||
for ( i = 0; i <= 255 ; i++ )
|
||||
{
|
||||
crc = i;
|
||||
for ( j = 8 ; j > 0; j-- )
|
||||
{
|
||||
if ( crc & 1 )
|
||||
{
|
||||
crc = ( crc >> 1 ) ^ CRC32_POLYNOMIAL;
|
||||
}
|
||||
else
|
||||
{
|
||||
crc >>= 1;
|
||||
}
|
||||
}
|
||||
CRCTable[ i ] = crc;
|
||||
}
|
||||
}
|
||||
|
||||
/*****************************************************************
|
||||
This routine calculates the CRC for a block of data using the
|
||||
table lookup method.
|
||||
*****************************************************************/
|
||||
0x00000000,0x77073096,0xEE0E612C,0x990951BA,0x076DC419,0x706AF48F,
|
||||
0xE963A535,0x9E6495A3,0x0EDB8832,0x79DCB8A4,0xE0D5E91E,0x97D2D988,
|
||||
0x09B64C2B,0x7EB17CBD,0xE7B82D07,0x90BF1D91,0x1DB71064,0x6AB020F2,
|
||||
0xF3B97148,0x84BE41DE,0x1ADAD47D,0x6DDDE4EB,0xF4D4B551,0x83D385C7,
|
||||
0x136C9856,0x646BA8C0,0xFD62F97A,0x8A65C9EC,0x14015C4F,0x63066CD9,
|
||||
0xFA0F3D63,0x8D080DF5,0x3B6E20C8,0x4C69105E,0xD56041E4,0xA2677172,
|
||||
0x3C03E4D1,0x4B04D447,0xD20D85FD,0xA50AB56B,0x35B5A8FA,0x42B2986C,
|
||||
0xDBBBC9D6,0xACBCF940,0x32D86CE3,0x45DF5C75,0xDCD60DCF,0xABD13D59,
|
||||
0x26D930AC,0x51DE003A,0xC8D75180,0xBFD06116,0x21B4F4B5,0x56B3C423,
|
||||
0xCFBA9599,0xB8BDA50F,0x2802B89E,0x5F058808,0xC60CD9B2,0xB10BE924,
|
||||
0x2F6F7C87,0x58684C11,0xC1611DAB,0xB6662D3D,0x76DC4190,0x01DB7106,
|
||||
0x98D220BC,0xEFD5102A,0x71B18589,0x06B6B51F,0x9FBFE4A5,0xE8B8D433,
|
||||
0x7807C9A2,0x0F00F934,0x9609A88E,0xE10E9818,0x7F6A0DBB,0x086D3D2D,
|
||||
0x91646C97,0xE6635C01,0x6B6B51F4,0x1C6C6162,0x856530D8,0xF262004E,
|
||||
0x6C0695ED,0x1B01A57B,0x8208F4C1,0xF50FC457,0x65B0D9C6,0x12B7E950,
|
||||
0x8BBEB8EA,0xFCB9887C,0x62DD1DDF,0x15DA2D49,0x8CD37CF3,0xFBD44C65,
|
||||
0x4DB26158,0x3AB551CE,0xA3BC0074,0xD4BB30E2,0x4ADFA541,0x3DD895D7,
|
||||
0xA4D1C46D,0xD3D6F4FB,0x4369E96A,0x346ED9FC,0xAD678846,0xDA60B8D0,
|
||||
0x44042D73,0x33031DE5,0xAA0A4C5F,0xDD0D7CC9,0x5005713C,0x270241AA,
|
||||
0xBE0B1010,0xC90C2086,0x5768B525,0x206F85B3,0xB966D409,0xCE61E49F,
|
||||
0x5EDEF90E,0x29D9C998,0xB0D09822,0xC7D7A8B4,0x59B33D17,0x2EB40D81,
|
||||
0xB7BD5C3B,0xC0BA6CAD,0xEDB88320,0x9ABFB3B6,0x03B6E20C,0x74B1D29A,
|
||||
0xEAD54739,0x9DD277AF,0x04DB2615,0x73DC1683,0xE3630B12,0x94643B84,
|
||||
0x0D6D6A3E,0x7A6A5AA8,0xE40ECF0B,0x9309FF9D,0x0A00AE27,0x7D079EB1,
|
||||
0xF00F9344,0x8708A3D2,0x1E01F268,0x6906C2FE,0xF762575D,0x806567CB,
|
||||
0x196C3671,0x6E6B06E7,0xFED41B76,0x89D32BE0,0x10DA7A5A,0x67DD4ACC,
|
||||
0xF9B9DF6F,0x8EBEEFF9,0x17B7BE43,0x60B08ED5,0xD6D6A3E8,0xA1D1937E,
|
||||
0x38D8C2C4,0x4FDFF252,0xD1BB67F1,0xA6BC5767,0x3FB506DD,0x48B2364B,
|
||||
0xD80D2BDA,0xAF0A1B4C,0x36034AF6,0x41047A60,0xDF60EFC3,0xA867DF55,
|
||||
0x316E8EEF,0x4669BE79,0xCB61B38C,0xBC66831A,0x256FD2A0,0x5268E236,
|
||||
0xCC0C7795,0xBB0B4703,0x220216B9,0x5505262F,0xC5BA3BBE,0xB2BD0B28,
|
||||
0x2BB45A92,0x5CB36A04,0xC2D7FFA7,0xB5D0CF31,0x2CD99E8B,0x5BDEAE1D,
|
||||
0x9B64C2B0,0xEC63F226,0x756AA39C,0x026D930A,0x9C0906A9,0xEB0E363F,
|
||||
0x72076785,0x05005713,0x95BF4A82,0xE2B87A14,0x7BB12BAE,0x0CB61B38,
|
||||
0x92D28E9B,0xE5D5BE0D,0x7CDCEFB7,0x0BDBDF21,0x86D3D2D4,0xF1D4E242,
|
||||
0x68DDB3F8,0x1FDA836E,0x81BE16CD,0xF6B9265B,0x6FB077E1,0x18B74777,
|
||||
0x88085AE6,0xFF0F6A70,0x66063BCA,0x11010B5C,0x8F659EFF,0xF862AE69,
|
||||
0x616BFFD3,0x166CCF45,0xA00AE278,0xD70DD2EE,0x4E048354,0x3903B3C2,
|
||||
0xA7672661,0xD06016F7,0x4969474D,0x3E6E77DB,0xAED16A4A,0xD9D65ADC,
|
||||
0x40DF0B66,0x37D83BF0,0xA9BCAE53,0xDEBB9EC5,0x47B2CF7F,0x30B5FFE9,
|
||||
0xBDBDF21C,0xCABAC28A,0x53B39330,0x24B4A3A6,0xBAD03605,0xCDD70693,
|
||||
0x54DE5729,0x23D967BF,0xB3667A2E,0xC4614AB8,0x5D681B02,0x2A6F2B94,
|
||||
0xB40BBE37,0xC30C8EA1,0x5A05DF1B,0x2D02EF8D
|
||||
};
|
||||
|
||||
uint32 crc32_calc_buffer( uint32 count, char *buffer)
|
||||
{
|
||||
char *p;
|
||||
uint32 crc;
|
||||
|
||||
p = buffer;
|
||||
crc = 0xffffffff;
|
||||
|
||||
while ( count-- != 0 )
|
||||
unsigned long crc=0xffffffff;
|
||||
int i;
|
||||
for(i=0;i<count;i++)
|
||||
{
|
||||
uint32 temp1;
|
||||
uint32 temp2;
|
||||
|
||||
temp1 = ( crc >> 8 ) & 0x00FFFFFFL;
|
||||
temp2 = CRCTable[ ( (int) crc ^ *p++ ) & 0xff ];
|
||||
crc = temp1 ^ temp2;
|
||||
crc = (crc>>8) ^ CRCTable[(buffer[i] ^ crc) & 0xff];
|
||||
}
|
||||
return crc;
|
||||
crc^=0xffffffff;
|
||||
DEBUG(10,("crc_32_calc_buffer: %x\n", crc));
|
||||
dump_data(100, buffer, count);
|
||||
return crc;
|
||||
}
|
||||
|
||||
|
@ -219,7 +219,7 @@ void pwd_make_lm_nt_owf(struct pwd_info *pwd, uchar cryptkey[8])
|
||||
|
||||
#ifdef DEBUG_PASSWORD
|
||||
DEBUG(100,("lm_owf_passwd: "));
|
||||
dump_data(100, pwd->smb_nt_owf, sizeof(pwd->smb_nt_owf));
|
||||
dump_data(100, pwd->smb_lm_owf, sizeof(pwd->smb_lm_owf));
|
||||
DEBUG(100,("lm_sess_pwd: "));
|
||||
dump_data(100, pwd->smb_lm_pwd, sizeof(pwd->smb_lm_pwd));
|
||||
#endif
|
||||
|
@ -114,14 +114,12 @@ static BOOL rpc_read(struct cli_state *cli,
|
||||
/****************************************************************************
|
||||
checks the header
|
||||
****************************************************************************/
|
||||
static BOOL rpc_check_hdr(prs_struct *rdata, uint8 *pkt_type,
|
||||
static BOOL rpc_check_hdr(prs_struct *rdata, RPC_HDR *rhdr,
|
||||
BOOL *first, BOOL *last, int *len)
|
||||
{
|
||||
RPC_HDR rhdr;
|
||||
|
||||
DEBUG(5,("rpc_check_hdr: rdata->data->data_used: %d\n", rdata->data->data_used));
|
||||
|
||||
smb_io_rpc_hdr ("rpc_hdr ", &rhdr , rdata, 0);
|
||||
smb_io_rpc_hdr ("rpc_hdr ", rhdr , rdata, 0);
|
||||
|
||||
if (!rdata->offset || rdata->offset != 0x10)
|
||||
{
|
||||
@ -132,14 +130,78 @@ static BOOL rpc_check_hdr(prs_struct *rdata, uint8 *pkt_type,
|
||||
DEBUG(5,("rpc_check_hdr: (after smb_io_rpc_hdr call) rdata->data->data_used: %d\n",
|
||||
rdata->data->data_used));
|
||||
|
||||
(*first ) = IS_BITS_SET_ALL(rhdr.flags, RPC_FLG_FIRST);
|
||||
(*last ) = IS_BITS_SET_ALL(rhdr.flags, RPC_FLG_LAST );
|
||||
(*len ) = rhdr.frag_len - rdata->data->data_used;
|
||||
(*pkt_type) = rhdr.pkt_type;
|
||||
(*first ) = IS_BITS_SET_ALL(rhdr->flags, RPC_FLG_FIRST);
|
||||
(*last ) = IS_BITS_SET_ALL(rhdr->flags, RPC_FLG_LAST );
|
||||
(*len ) = rhdr->frag_len - rdata->data->data_used;
|
||||
|
||||
return True;
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
decrypt data on an rpc pipe
|
||||
****************************************************************************/
|
||||
|
||||
static BOOL rpc_auth_pipe(struct cli_state *cli, prs_struct *rdata,
|
||||
int len, int auth_len)
|
||||
{
|
||||
RPC_AUTH_NTLMSSP_CHK chk;
|
||||
uint32 crc32;
|
||||
int data_len = len - 0x18 - auth_len - 8;
|
||||
char *reply_data = (uchar*)mem_data(&rdata->data, 0x18);
|
||||
|
||||
BOOL auth_verify = IS_BITS_SET_ALL(cli->ntlmssp_srv_flgs, NTLMSSP_NEGOTIATE_SIGN);
|
||||
BOOL auth_seal = IS_BITS_SET_ALL(cli->ntlmssp_srv_flgs, NTLMSSP_NEGOTIATE_SEAL);
|
||||
|
||||
DEBUG(5,("rpc_auth_pipe: len: %d auth_len: %d verify %s seal %s\n",
|
||||
len, auth_len, BOOLSTR(auth_verify), BOOLSTR(auth_seal)));
|
||||
|
||||
/* RPC_HDR_AUTH rhdr_auth;
|
||||
prs_struct auth_req;
|
||||
prs_init(&auth_req , 0x10, 4, 0, True);
|
||||
smb_io_rpc_hdr_auth("hdr_auth", &rhdr_auth, &hdr_auth, 0);
|
||||
prs_mem_free(&auth_req);
|
||||
|
||||
*/
|
||||
if (auth_seal)
|
||||
{
|
||||
DEBUG(10,("rpc_auth_pipe: seal\n"));
|
||||
dump_data(100, reply_data, data_len);
|
||||
NTLMSSPcalc(cli->ntlmssp_hash, reply_data, data_len);
|
||||
dump_data(100, reply_data, data_len);
|
||||
}
|
||||
|
||||
if (auth_verify)
|
||||
{
|
||||
prs_struct auth_verf;
|
||||
char *data = (uchar*)mem_data(&rdata->data, len - auth_len);
|
||||
prs_init(&auth_verf, 0x08, 4, 0, True);
|
||||
DEBUG(10,("rpc_auth_pipe: verify\n"));
|
||||
dump_data(100, data, auth_len);
|
||||
NTLMSSPcalc(cli->ntlmssp_hash, data + 4, auth_len - 4);
|
||||
memcpy(auth_verf.data->data, data, 16);
|
||||
smb_io_rpc_auth_ntlmssp_chk("auth_sign", &chk, &auth_verf, 0);
|
||||
dump_data(100, data, auth_len);
|
||||
prs_mem_free(&auth_verf);
|
||||
}
|
||||
|
||||
if (auth_verify)
|
||||
{
|
||||
crc32 = crc32_calc_buffer(data_len, reply_data);
|
||||
if (chk.crc32 != crc32 ||
|
||||
chk.ver != NTLMSSP_SIGN_VERSION ||
|
||||
chk.seq_num != cli->ntlmssp_seq_num++)
|
||||
{
|
||||
DEBUG(5,("rpc_auth_pipe: verify failed - crc %x ver %x seq %d\n",
|
||||
crc32, NTLMSSP_SIGN_VERSION, cli->ntlmssp_seq_num));
|
||||
DEBUG(5,("rpc_auth_pipe: verify expect - crc %x ver %x seq %d\n",
|
||||
chk.crc32, chk.ver, chk.seq_num));
|
||||
return False;
|
||||
}
|
||||
}
|
||||
return True;
|
||||
}
|
||||
|
||||
|
||||
/****************************************************************************
|
||||
send data on an rpc pipe, which *must* be in one fragment.
|
||||
receive response data from an rpc pipe, which may be large...
|
||||
@ -163,12 +225,13 @@ static BOOL rpc_api_pipe(struct cli_state *cli, uint16 cmd,
|
||||
prs_struct *rparam, prs_struct *rdata)
|
||||
{
|
||||
int len;
|
||||
int alloc_hint = 0;
|
||||
|
||||
uint16 setup[2]; /* only need 2 uint16 setup parameters */
|
||||
uint32 err;
|
||||
uint8 pkt_type = 0xff;
|
||||
BOOL first = True;
|
||||
BOOL last = True;
|
||||
RPC_HDR rhdr;
|
||||
|
||||
/*
|
||||
* Setup the pointers from the incoming.
|
||||
@ -215,12 +278,16 @@ static BOOL rpc_api_pipe(struct cli_state *cli, uint16 cmd,
|
||||
rdata->data->margin = 0;
|
||||
if (rparam) rparam->data->margin = 0;
|
||||
|
||||
if (!rpc_check_hdr(rdata, &pkt_type, &first, &last, &len)) return False;
|
||||
if (!rpc_check_hdr(rdata, &rhdr, &first, &last, &len))
|
||||
{
|
||||
return False;
|
||||
}
|
||||
|
||||
if (pkt_type == RPC_RESPONSE)
|
||||
if (rhdr.pkt_type == RPC_RESPONSE)
|
||||
{
|
||||
RPC_HDR_RESP rhdr_resp;
|
||||
smb_io_rpc_hdr_resp("rpc_hdr_resp", &rhdr_resp, rdata, 0);
|
||||
alloc_hint = rhdr_resp.alloc_hint;
|
||||
}
|
||||
|
||||
DEBUG(5,("rpc_api_pipe: len left: %d smbtrans read: %d\n",
|
||||
@ -236,6 +303,11 @@ static BOOL rpc_api_pipe(struct cli_state *cli, uint16 cmd,
|
||||
}
|
||||
}
|
||||
|
||||
if (rhdr.auth_len != 0 && !rpc_auth_pipe(cli, rdata, rhdr.frag_len, rhdr.auth_len))
|
||||
{
|
||||
return False;
|
||||
}
|
||||
|
||||
/* only one rpc fragment, and it has been read */
|
||||
if (first && last)
|
||||
{
|
||||
@ -245,39 +317,43 @@ static BOOL rpc_api_pipe(struct cli_state *cli, uint16 cmd,
|
||||
|
||||
while (!last) /* read more fragments until we get the last one */
|
||||
{
|
||||
RPC_HDR rhdr;
|
||||
RPC_HDR_RESP rhdr_resp;
|
||||
int num_read;
|
||||
prs_struct hps;
|
||||
|
||||
prs_init(&hps, 0x18, 4, 0, True);
|
||||
prs_init(&hps, 0x8, 4, 0, True);
|
||||
|
||||
num_read = cli_read(cli, cli->nt_pipe_fnum, hps.data->data, 0, 0x18);
|
||||
DEBUG(5,("rpc_api_pipe: read header (size:%d)\n", num_read));
|
||||
|
||||
if (num_read != 0x18) return False;
|
||||
|
||||
smb_io_rpc_hdr ("rpc_hdr ", &rhdr , &hps, 0);
|
||||
if (!rpc_check_hdr(&hps, &rhdr, &first, &last, &len))
|
||||
{
|
||||
return False;
|
||||
}
|
||||
|
||||
smb_io_rpc_hdr_resp("rpc_hdr_resp", &rhdr_resp, &hps, 0);
|
||||
|
||||
prs_mem_free(&hps);
|
||||
|
||||
if (cli_error(cli, NULL, &err)) return False;
|
||||
|
||||
first = IS_BITS_SET_ALL(rhdr.flags, RPC_FLG_FIRST);
|
||||
last = IS_BITS_SET_ALL(rhdr.flags, RPC_FLG_LAST );
|
||||
|
||||
if (first)
|
||||
{
|
||||
DEBUG(0,("rpc_api_pipe: wierd rpc header received\n"));
|
||||
return False;
|
||||
}
|
||||
|
||||
len = rhdr.frag_len - hps.offset;
|
||||
if (!rpc_read(cli, rdata, len, rdata->data->data_used))
|
||||
{
|
||||
return False;
|
||||
}
|
||||
|
||||
if (rhdr.auth_len != 0 && !rpc_auth_pipe(cli, rdata, rhdr.frag_len, rhdr.auth_len))
|
||||
{
|
||||
return False;
|
||||
}
|
||||
}
|
||||
|
||||
return True;
|
||||
@ -316,7 +392,7 @@ static BOOL create_rpc_bind_req(prs_struct *rhdr,
|
||||
|
||||
if (auth_req != NULL && rhdr_auth != NULL && auth_ntlm != NULL)
|
||||
{
|
||||
make_rpc_hdr_auth(&hdr_auth, 0x0a, 0x06, 0x00);
|
||||
make_rpc_hdr_auth(&hdr_auth, 0x0a, 0x06, 0x00, 1);
|
||||
smb_io_rpc_hdr_auth("hdr_auth", &hdr_auth, rhdr_auth, 0);
|
||||
mem_realloc_data(rhdr_auth->data, rhdr_auth->offset);
|
||||
|
||||
@ -335,9 +411,12 @@ static BOOL create_rpc_bind_req(prs_struct *rhdr,
|
||||
|
||||
/* create the request RPC_HDR */
|
||||
make_rpc_hdr(&hdr, RPC_BIND, 0x0, call_id,
|
||||
(auth_req != NULL ? auth_req ->offset : 0) +
|
||||
(auth_ntlm != NULL ? auth_ntlm->offset : 0) +
|
||||
(rhdr_auth != NULL ? rhdr_auth->offset : 0) +
|
||||
rhdr_rb->offset + 0x10,
|
||||
auth_req != NULL ? auth_req ->offset : 0 +
|
||||
auth_ntlm != NULL ? auth_ntlm->offset : 0);
|
||||
(auth_req != NULL ? auth_req ->offset : 0) +
|
||||
(auth_ntlm != NULL ? auth_ntlm->offset : 0));
|
||||
|
||||
smb_io_rpc_hdr("hdr" , &hdr , rhdr, 0);
|
||||
mem_realloc_data(rhdr->data, rhdr->offset);
|
||||
@ -505,7 +584,7 @@ BOOL rpc_api_pipe_req(struct cli_state *cli, uint8 op_num,
|
||||
auth_seal = IS_BITS_SET_ALL(cli->ntlmssp_srv_flgs, NTLMSSP_NEGOTIATE_SEAL);
|
||||
|
||||
/* happen to know that NTLMSSP authentication verifier is 16 bytes */
|
||||
auth_len = auth_verify ? 16 : 0;
|
||||
auth_len = (auth_verify ? 16 : 0);
|
||||
data_len = data->offset + auth_len + (auth_verify ? 8 : 0) + 0x18;
|
||||
data->data->offset.end = data->offset;
|
||||
|
||||
@ -522,15 +601,19 @@ BOOL rpc_api_pipe_req(struct cli_state *cli, uint8 op_num,
|
||||
NTLMSSPcalc(cli->ntlmssp_hash, (uchar*)mem_data(&data->data, 0), data->offset);
|
||||
}
|
||||
|
||||
if (auth_seal || auth_verify)
|
||||
{
|
||||
RPC_HDR_AUTH rhdr_auth;
|
||||
|
||||
make_rpc_hdr_auth(&rhdr_auth, 0x0a, 0x06, 0x08, (auth_verify ? 1 : 0));
|
||||
smb_io_rpc_hdr_auth("hdr_auth", &rhdr_auth, &hdr_auth, 0);
|
||||
}
|
||||
|
||||
if (auth_verify)
|
||||
{
|
||||
RPC_AUTH_NTLMSSP_CHK chk;
|
||||
RPC_HDR_AUTH rhdr_auth;
|
||||
|
||||
make_rpc_hdr_auth(&rhdr_auth, 0x0a, 0x06, 0x08);
|
||||
smb_io_rpc_hdr_auth("hdr_auth", &rhdr_auth, &hdr_auth, 0);
|
||||
|
||||
make_rpc_auth_ntlmssp_chk(&chk, NTLMSSP_SIGN_VERSION, crc32, 0);
|
||||
make_rpc_auth_ntlmssp_chk(&chk, NTLMSSP_SIGN_VERSION, crc32, cli->ntlmssp_seq_num++);
|
||||
smb_io_rpc_auth_ntlmssp_chk("auth_sign", &chk, &auth_verf, 0);
|
||||
NTLMSSPcalc(cli->ntlmssp_hash, (uchar*)mem_data(&auth_verf.data, 4), 12);
|
||||
}
|
||||
@ -737,11 +820,11 @@ static BOOL rpc_pipe_bind(struct cli_state *cli, char *pipe_name,
|
||||
|
||||
if (!valid_pipe_name(pipe_name, abstract, transfer)) return False;
|
||||
|
||||
prs_init(&hdr , 0x10 , 4, 0x0 , False);
|
||||
prs_init(&hdr_rb , 1024 , 4, SAFETY_MARGIN, False);
|
||||
prs_init(&hdr_auth , ntlmssp_auth ? 8 : 0, 4, SAFETY_MARGIN, False);
|
||||
prs_init(&auth_req , ntlmssp_auth ? 1024 : 0, 4, SAFETY_MARGIN, False);
|
||||
prs_init(&auth_ntlm, ntlmssp_auth ? 1024 : 0, 4, SAFETY_MARGIN, False);
|
||||
prs_init(&hdr , 0x10 , 4, 0x0 , False);
|
||||
prs_init(&hdr_rb , 1024 , 4, SAFETY_MARGIN, False);
|
||||
prs_init(&hdr_auth , (ntlmssp_auth ? 8 : 0), 4, SAFETY_MARGIN, False);
|
||||
prs_init(&auth_req , (ntlmssp_auth ? 1024 : 0), 4, SAFETY_MARGIN, False);
|
||||
prs_init(&auth_ntlm, (ntlmssp_auth ? 1024 : 0), 4, SAFETY_MARGIN, False);
|
||||
|
||||
prs_init(&rdata , 0 , 4, SAFETY_MARGIN, True);
|
||||
prs_init(&rparam , 0 , 4, SAFETY_MARGIN, True);
|
||||
@ -810,11 +893,6 @@ static BOOL rpc_pipe_bind(struct cli_state *cli, char *pipe_name,
|
||||
prs_init(&auth_resp, 1024, 4, SAFETY_MARGIN, False);
|
||||
|
||||
pwd_make_lm_nt_owf(&cli->pwd, rhdr_chal.challenge);
|
||||
pwd_get_lm_nt_owf(&cli->pwd, lm_owf, NULL);
|
||||
pwd_get_lm_nt_16(&cli->pwd, lm_hash, NULL);
|
||||
NTLMSSPOWFencrypt(lm_hash, lm_owf, p24);
|
||||
bzero(lm_hash, sizeof(lm_hash));
|
||||
NTLMSSPhash(cli->ntlmssp_hash, p24);
|
||||
|
||||
create_rpc_bind_resp(&cli->pwd, cli->domain,
|
||||
cli->user_name, global_myname,
|
||||
@ -822,6 +900,12 @@ static BOOL rpc_pipe_bind(struct cli_state *cli, char *pipe_name,
|
||||
call_id,
|
||||
&hdra, &hdr_autha, &auth_resp);
|
||||
|
||||
pwd_get_lm_nt_owf(&cli->pwd, lm_owf, NULL);
|
||||
pwd_get_lm_nt_16(&cli->pwd, lm_hash, NULL);
|
||||
NTLMSSPOWFencrypt(lm_hash, lm_owf, p24);
|
||||
bzero(lm_hash, sizeof(lm_hash));
|
||||
NTLMSSPhash(cli->ntlmssp_hash, p24);
|
||||
|
||||
/* this is a hack due to limitations in rpc_api_pipe */
|
||||
prs_init(&dataa, mem_buf_len(hdra.data), 4, 0x0, False);
|
||||
mem_buf_copy(dataa.data->data, hdra.data, 0, mem_buf_len(hdra.data));
|
||||
@ -909,16 +993,16 @@ BOOL cli_nt_session_open(struct cli_state *cli, char *pipe_name, BOOL encrypted)
|
||||
|
||||
if (encrypted)
|
||||
{
|
||||
cli->ntlmssp_cli_flgs =
|
||||
NTLMSSP_NEGOTIATE_UNICODE |
|
||||
/* NTLMSSP_NEGOTIATE_OEM |
|
||||
*/
|
||||
cli->ntlmssp_cli_flgs = 0xb2b3;
|
||||
/* NTLMSSP_NEGOTIATE_UNICODE |
|
||||
NTLMSSP_NEGOTIATE_OEM |
|
||||
|
||||
NTLMSSP_NEGOTIATE_SIGN |
|
||||
NTLMSSP_NEGOTIATE_SEAL |
|
||||
NTLMSSP_NEGOTIATE_LM_KEY |
|
||||
NTLMSSP_NEGOTIATE_NTLM |
|
||||
NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
|
||||
/*
|
||||
|
||||
NTLMSSP_NEGOTIATE_00001000 |
|
||||
NTLMSSP_NEGOTIATE_00002000;
|
||||
*/
|
||||
|
@ -462,7 +462,8 @@ creates an RPC_HDR_AUTH structure.
|
||||
********************************************************************/
|
||||
void make_rpc_hdr_auth(RPC_HDR_AUTH *rai,
|
||||
uint8 auth_type, uint8 auth_level,
|
||||
uint8 stub_type_len)
|
||||
uint8 stub_type_len,
|
||||
uint32 ptr)
|
||||
{
|
||||
if (rai == NULL) return;
|
||||
|
||||
@ -471,7 +472,7 @@ void make_rpc_hdr_auth(RPC_HDR_AUTH *rai,
|
||||
rai->stub_type_len = stub_type_len; /* 0x00 */
|
||||
rai->padding = 0; /* padding 0x00 */
|
||||
|
||||
rai->unknown = 0x0014a0c0; /* non-zero pointer to something */
|
||||
rai->unknown = ptr; /* non-zero pointer to something */
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
@ -532,8 +533,8 @@ void make_rpc_auth_ntlmssp_neg(RPC_AUTH_NTLMSSP_NEG *neg,
|
||||
|
||||
neg->neg_flgs = neg_flgs ; /* 0x00b2b3 */
|
||||
|
||||
make_str_hdr(&neg->hdr_myname, len_myname+1, len_myname+1, 0x20);
|
||||
make_str_hdr(&neg->hdr_domain, len_domain+1, len_domain+1, 0x20 + len_myname+1);
|
||||
make_str_hdr(&neg->hdr_domain, len_domain, len_domain, 0x20 + len_myname);
|
||||
make_str_hdr(&neg->hdr_myname, len_myname, len_myname, 0x20);
|
||||
|
||||
fstrcpy(neg->myname, myname);
|
||||
fstrcpy(neg->domain, domain);
|
||||
@ -551,11 +552,38 @@ void smb_io_rpc_auth_ntlmssp_neg(char *desc, RPC_AUTH_NTLMSSP_NEG *neg, prs_stru
|
||||
|
||||
prs_uint32("neg_flgs ", ps, depth, &(neg->neg_flgs));
|
||||
|
||||
smb_io_strhdr("hdr_myname", &(neg->hdr_myname), ps, depth);
|
||||
smb_io_strhdr("hdr_domain", &(neg->hdr_domain), ps, depth);
|
||||
if (ps->io)
|
||||
{
|
||||
uint32 old_offset;
|
||||
|
||||
prs_string("domain", ps, depth, neg->domain, neg->hdr_domain.str_str_len-1, sizeof(neg->domain));
|
||||
prs_string("myname", ps, depth, neg->myname, neg->hdr_myname.str_str_len-1, sizeof(neg->myname));
|
||||
/* reading */
|
||||
|
||||
ZERO_STRUCTP(neg);
|
||||
|
||||
smb_io_strhdr("hdr_domain", &(neg->hdr_domain), ps, depth);
|
||||
smb_io_strhdr("hdr_myname", &(neg->hdr_myname), ps, depth);
|
||||
|
||||
old_offset = ps->offset;
|
||||
|
||||
ps->offset = neg->hdr_myname .buffer + 0x1c;
|
||||
prs_uint8s(True , "myname", ps, depth, (uint8*)neg->myname , MIN(neg->hdr_myname .str_str_len, sizeof(neg->myname )));
|
||||
old_offset += neg->hdr_myname .str_str_len;
|
||||
|
||||
ps->offset = neg->hdr_domain .buffer + 0x1c;
|
||||
prs_uint8s(True , "domain", ps, depth, (uint8*)neg->domain , MIN(neg->hdr_domain .str_str_len, sizeof(neg->domain )));
|
||||
old_offset += neg->hdr_domain .str_str_len;
|
||||
|
||||
ps->offset = old_offset;
|
||||
}
|
||||
else
|
||||
{
|
||||
/* writing */
|
||||
smb_io_strhdr("hdr_domain", &(neg->hdr_domain), ps, depth);
|
||||
smb_io_strhdr("hdr_myname", &(neg->hdr_myname), ps, depth);
|
||||
|
||||
prs_uint8s(True , "myname", ps, depth, (uint8*)neg->myname , MIN(neg->hdr_myname .str_str_len, sizeof(neg->myname )));
|
||||
prs_uint8s(True , "domain", ps, depth, (uint8*)neg->domain , MIN(neg->hdr_domain .str_str_len, sizeof(neg->domain )));
|
||||
}
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
|
@ -80,7 +80,7 @@ void cmd_sam_ntchange_pwd(struct client_info *info)
|
||||
E_old_pw_hash(lm_newhash, nt_oldhash, nt_hshhash);
|
||||
|
||||
/* open SAMR session. */
|
||||
res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, False) : False;
|
||||
res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, True) : False;
|
||||
|
||||
/* establish a connection. */
|
||||
res = res ? do_samr_unknown_38(smb_cli, srv_name) : False;
|
||||
@ -119,12 +119,13 @@ void cmd_sam_test(struct client_info *info)
|
||||
fstrcpy(sid , info->dom.level5_sid);
|
||||
fstrcpy(domain, info->dom.level5_dom);
|
||||
|
||||
/*
|
||||
if (strlen(sid) == 0)
|
||||
{
|
||||
fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
|
||||
return;
|
||||
}
|
||||
|
||||
*/
|
||||
fstrcpy(srv_name, "\\\\");
|
||||
fstrcat(srv_name, info->dest_host);
|
||||
strupper(srv_name);
|
||||
|
@ -470,26 +470,26 @@ static BOOL pass_check_smb(char *user,char *password, struct passwd *pwd)
|
||||
}
|
||||
|
||||
if (!pass) {
|
||||
DEBUG(1,("Couldn't find user %s\n",user));
|
||||
DEBUG(3,("Couldn't find user %s\n",user));
|
||||
return(False);
|
||||
}
|
||||
|
||||
smb_pass = getsmbpwnam(user);
|
||||
|
||||
if (!smb_pass) {
|
||||
DEBUG(0,("Couldn't find user %s in smb_passwd file.\n", user));
|
||||
DEBUG(3,("Couldn't find user %s in smb_passwd file.\n", user));
|
||||
return(False);
|
||||
}
|
||||
|
||||
/* Quit if the account was disabled. */
|
||||
if(smb_pass->acct_ctrl & ACB_DISABLED) {
|
||||
DEBUG(0,("account for user %s was disabled.\n", user));
|
||||
DEBUG(3,("account for user %s was disabled.\n", user));
|
||||
return(False);
|
||||
}
|
||||
|
||||
/* Ensure the uid's match */
|
||||
if (smb_pass->smb_userid != pass->pw_uid) {
|
||||
DEBUG(0,("Error : UNIX and SMB uids in password files do not match !\n"));
|
||||
DEBUG(3,("Error : UNIX and SMB uids in password files do not match !\n"));
|
||||
return(False);
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user