sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code

dce/rpc

Browse Source 
(This used to be commit 69f5f9f889)
This commit is contained in:
Luke Leighton 1998-10-14 06:29:20 +00:00
parent 99208208fa
commit 935dc98f66
9 changed files with 232 additions and 117 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
source3/include/client.h
View File

@ -121,6 +121,7 @@ struct cli_state {
unsigned char ntlmssp_hash[258]; /* ntlmssp data. */
uint32 ntlmssp_cli_flgs; /* ntlmssp client flags */
uint32 ntlmssp_srv_flgs; /* ntlmssp server flags */
uint32 ntlmssp_seq_num; /* ntlmssp sequence number */
DOM_CRED clnt_cred; /* Client credential. */
fstring mach_acct; /* MYNAME$. */
fstring srv_name_slash; /* \\remote server. */

3
source3/include/proto.h
View File

@ -1558,7 +1558,8 @@ void make_rpc_hdr_autha(RPC_HDR_AUTHA *rai,
void smb_io_rpc_hdr_autha(char *desc, RPC_HDR_AUTHA *rai, prs_struct *ps, int depth);
void make_rpc_hdr_auth(RPC_HDR_AUTH *rai,
uint8 auth_type, uint8 auth_level,
uint8 stub_type_len);
uint8 stub_type_len,
uint32 ptr);
void smb_io_rpc_hdr_auth(char *desc, RPC_HDR_AUTH *rai, prs_struct *ps, int depth);
void make_rpc_auth_verifier(RPC_AUTH_VERIFIER *rav,
char *signature, uint32 msg_type);

2
source3/include/rpc_dce.h
View File

@ -170,7 +170,7 @@ typedef struct rpc_hdr_auth_info
uint8 stub_type_len; /* don't know */
uint8 padding; /* padding */
uint32 unknown; /* 0x0014a0c0 */
uint32 unknown; /* pointer */
} RPC_HDR_AUTH;

116
source3/lib/crc32.c
View File

@ -1,73 +1,73 @@
/*
* Dr Dobb's Journal: http://www.ddj.com/ftp/1992/1992.05/crcman.zip
* Copyright francesco@aerra.it - code used WITHOUT acknowledgment to
* request to use it here yet received.
*
* Copyright Mark R. Nelson 1992
* must work on the dr dobb's version or find another version if
* permission not received or permission refused.
*
* This code used by permission of J Erickson <jerickson@ddj.com>
* Tues 6th October 1998. Copyright acknowledged above, as agreed.
*
*/
#include "includes.h"
extern int DEBUGLEVEL;
#define CRC32_POLYNOMIAL 0xEDB88320L
/*****************************************************************
Instead of performing a straightforward calculation of the 32 bit
CRC using a series of logical operations, this program uses the
faster table lookup method. This routine is called once when the
program starts up to build the table which will be used later
when calculating the CRC values.
*****************************************************************/
static uint32 CRCTable[256];
void crc32_build_table(void)
static unsigned long CRCTable[256] =
{
int i;
int j;
uint32 crc;
for ( i = 0; i <= 255 ; i++ )
{
crc = i;
for ( j = 8 ; j > 0; j-- )
{
if ( crc & 1 )
{
crc = ( crc >> 1 ) ^ CRC32_POLYNOMIAL;
}
else
{
crc >>= 1;
}
}
CRCTable[ i ] = crc;
}
}
/*****************************************************************
This routine calculates the CRC for a block of data using the
table lookup method.
*****************************************************************/
0x00000000,0x77073096,0xEE0E612C,0x990951BA,0x076DC419,0x706AF48F,
0xE963A535,0x9E6495A3,0x0EDB8832,0x79DCB8A4,0xE0D5E91E,0x97D2D988,
0x09B64C2B,0x7EB17CBD,0xE7B82D07,0x90BF1D91,0x1DB71064,0x6AB020F2,
0xF3B97148,0x84BE41DE,0x1ADAD47D,0x6DDDE4EB,0xF4D4B551,0x83D385C7,
0x136C9856,0x646BA8C0,0xFD62F97A,0x8A65C9EC,0x14015C4F,0x63066CD9,
0xFA0F3D63,0x8D080DF5,0x3B6E20C8,0x4C69105E,0xD56041E4,0xA2677172,
0x3C03E4D1,0x4B04D447,0xD20D85FD,0xA50AB56B,0x35B5A8FA,0x42B2986C,
0xDBBBC9D6,0xACBCF940,0x32D86CE3,0x45DF5C75,0xDCD60DCF,0xABD13D59,
0x26D930AC,0x51DE003A,0xC8D75180,0xBFD06116,0x21B4F4B5,0x56B3C423,
0xCFBA9599,0xB8BDA50F,0x2802B89E,0x5F058808,0xC60CD9B2,0xB10BE924,
0x2F6F7C87,0x58684C11,0xC1611DAB,0xB6662D3D,0x76DC4190,0x01DB7106,
0x98D220BC,0xEFD5102A,0x71B18589,0x06B6B51F,0x9FBFE4A5,0xE8B8D433,
0x7807C9A2,0x0F00F934,0x9609A88E,0xE10E9818,0x7F6A0DBB,0x086D3D2D,
0x91646C97,0xE6635C01,0x6B6B51F4,0x1C6C6162,0x856530D8,0xF262004E,
0x6C0695ED,0x1B01A57B,0x8208F4C1,0xF50FC457,0x65B0D9C6,0x12B7E950,
0x8BBEB8EA,0xFCB9887C,0x62DD1DDF,0x15DA2D49,0x8CD37CF3,0xFBD44C65,
0x4DB26158,0x3AB551CE,0xA3BC0074,0xD4BB30E2,0x4ADFA541,0x3DD895D7,
0xA4D1C46D,0xD3D6F4FB,0x4369E96A,0x346ED9FC,0xAD678846,0xDA60B8D0,
0x44042D73,0x33031DE5,0xAA0A4C5F,0xDD0D7CC9,0x5005713C,0x270241AA,
0xBE0B1010,0xC90C2086,0x5768B525,0x206F85B3,0xB966D409,0xCE61E49F,
0x5EDEF90E,0x29D9C998,0xB0D09822,0xC7D7A8B4,0x59B33D17,0x2EB40D81,
0xB7BD5C3B,0xC0BA6CAD,0xEDB88320,0x9ABFB3B6,0x03B6E20C,0x74B1D29A,
0xEAD54739,0x9DD277AF,0x04DB2615,0x73DC1683,0xE3630B12,0x94643B84,
0x0D6D6A3E,0x7A6A5AA8,0xE40ECF0B,0x9309FF9D,0x0A00AE27,0x7D079EB1,
0xF00F9344,0x8708A3D2,0x1E01F268,0x6906C2FE,0xF762575D,0x806567CB,
0x196C3671,0x6E6B06E7,0xFED41B76,0x89D32BE0,0x10DA7A5A,0x67DD4ACC,
0xF9B9DF6F,0x8EBEEFF9,0x17B7BE43,0x60B08ED5,0xD6D6A3E8,0xA1D1937E,
0x38D8C2C4,0x4FDFF252,0xD1BB67F1,0xA6BC5767,0x3FB506DD,0x48B2364B,
0xD80D2BDA,0xAF0A1B4C,0x36034AF6,0x41047A60,0xDF60EFC3,0xA867DF55,
0x316E8EEF,0x4669BE79,0xCB61B38C,0xBC66831A,0x256FD2A0,0x5268E236,
0xCC0C7795,0xBB0B4703,0x220216B9,0x5505262F,0xC5BA3BBE,0xB2BD0B28,
0x2BB45A92,0x5CB36A04,0xC2D7FFA7,0xB5D0CF31,0x2CD99E8B,0x5BDEAE1D,
0x9B64C2B0,0xEC63F226,0x756AA39C,0x026D930A,0x9C0906A9,0xEB0E363F,
0x72076785,0x05005713,0x95BF4A82,0xE2B87A14,0x7BB12BAE,0x0CB61B38,
0x92D28E9B,0xE5D5BE0D,0x7CDCEFB7,0x0BDBDF21,0x86D3D2D4,0xF1D4E242,
0x68DDB3F8,0x1FDA836E,0x81BE16CD,0xF6B9265B,0x6FB077E1,0x18B74777,
0x88085AE6,0xFF0F6A70,0x66063BCA,0x11010B5C,0x8F659EFF,0xF862AE69,
0x616BFFD3,0x166CCF45,0xA00AE278,0xD70DD2EE,0x4E048354,0x3903B3C2,
0xA7672661,0xD06016F7,0x4969474D,0x3E6E77DB,0xAED16A4A,0xD9D65ADC,
0x40DF0B66,0x37D83BF0,0xA9BCAE53,0xDEBB9EC5,0x47B2CF7F,0x30B5FFE9,
0xBDBDF21C,0xCABAC28A,0x53B39330,0x24B4A3A6,0xBAD03605,0xCDD70693,
0x54DE5729,0x23D967BF,0xB3667A2E,0xC4614AB8,0x5D681B02,0x2A6F2B94,
0xB40BBE37,0xC30C8EA1,0x5A05DF1B,0x2D02EF8D
};
uint32 crc32_calc_buffer( uint32 count, char *buffer)
{
char *p;
uint32 crc;
p = buffer;
crc = 0xffffffff;
while ( count-- != 0 )
unsigned long crc=0xffffffff;
int i;
for(i=0;i<count;i++)
{
uint32 temp1;
uint32 temp2;
temp1 = ( crc >> 8 ) & 0x00FFFFFFL;
temp2 = CRCTable[ ( (int) crc ^ *p++ ) & 0xff ];
crc = temp1 ^ temp2;
crc = (crc>>8) ^ CRCTable[(buffer[i] ^ crc) & 0xff];
}
return crc;
crc^=0xffffffff;
DEBUG(10,("crc_32_calc_buffer: %x\n", crc));
dump_data(100, buffer, count);
return crc;
}

2
source3/libsmb/pwd_cache.c
View File

@ -219,7 +219,7 @@ void pwd_make_lm_nt_owf(struct pwd_info *pwd, uchar cryptkey[8])
#ifdef DEBUG_PASSWORD
DEBUG(100,("lm_owf_passwd: "));
dump_data(100, pwd->smb_nt_owf, sizeof(pwd->smb_nt_owf));
dump_data(100, pwd->smb_lm_owf, sizeof(pwd->smb_lm_owf));
DEBUG(100,("lm_sess_pwd: "));
dump_data(100, pwd->smb_lm_pwd, sizeof(pwd->smb_lm_pwd));
#endif

168
source3/rpc_client/cli_pipe.c
View File

@ -114,14 +114,12 @@ static BOOL rpc_read(struct cli_state *cli,
/****************************************************************************
checks the header
****************************************************************************/
static BOOL rpc_check_hdr(prs_struct *rdata, uint8 *pkt_type,
static BOOL rpc_check_hdr(prs_struct *rdata, RPC_HDR *rhdr,
BOOL *first, BOOL *last, int *len)
{
RPC_HDR rhdr;
DEBUG(5,("rpc_check_hdr: rdata->data->data_used: %d\n", rdata->data->data_used));
smb_io_rpc_hdr ("rpc_hdr ", &rhdr , rdata, 0);
smb_io_rpc_hdr ("rpc_hdr ", rhdr , rdata, 0);
if (!rdata->offset || rdata->offset != 0x10)
{
@ -132,14 +130,78 @@ static BOOL rpc_check_hdr(prs_struct *rdata, uint8 *pkt_type,
DEBUG(5,("rpc_check_hdr: (after smb_io_rpc_hdr call) rdata->data->data_used: %d\n",
rdata->data->data_used));
(*first ) = IS_BITS_SET_ALL(rhdr.flags, RPC_FLG_FIRST);
(*last ) = IS_BITS_SET_ALL(rhdr.flags, RPC_FLG_LAST );
(*len ) = rhdr.frag_len - rdata->data->data_used;
(*pkt_type) = rhdr.pkt_type;
(*first ) = IS_BITS_SET_ALL(rhdr->flags, RPC_FLG_FIRST);
(*last ) = IS_BITS_SET_ALL(rhdr->flags, RPC_FLG_LAST );
(*len ) = rhdr->frag_len - rdata->data->data_used;
return True;
}
/****************************************************************************
decrypt data on an rpc pipe
****************************************************************************/
static BOOL rpc_auth_pipe(struct cli_state *cli, prs_struct *rdata,
int len, int auth_len)
{
RPC_AUTH_NTLMSSP_CHK chk;
uint32 crc32;
int data_len = len - 0x18 - auth_len - 8;
char *reply_data = (uchar*)mem_data(&rdata->data, 0x18);
BOOL auth_verify = IS_BITS_SET_ALL(cli->ntlmssp_srv_flgs, NTLMSSP_NEGOTIATE_SIGN);
BOOL auth_seal = IS_BITS_SET_ALL(cli->ntlmssp_srv_flgs, NTLMSSP_NEGOTIATE_SEAL);
DEBUG(5,("rpc_auth_pipe: len: %d auth_len: %d verify %s seal %s\n",
len, auth_len, BOOLSTR(auth_verify), BOOLSTR(auth_seal)));
/* RPC_HDR_AUTH rhdr_auth;
prs_struct auth_req;
prs_init(&auth_req , 0x10, 4, 0, True);
smb_io_rpc_hdr_auth("hdr_auth", &rhdr_auth, &hdr_auth, 0);
prs_mem_free(&auth_req);
*/
if (auth_seal)
{
DEBUG(10,("rpc_auth_pipe: seal\n"));
dump_data(100, reply_data, data_len);
NTLMSSPcalc(cli->ntlmssp_hash, reply_data, data_len);
dump_data(100, reply_data, data_len);
}
if (auth_verify)
{
prs_struct auth_verf;
char *data = (uchar*)mem_data(&rdata->data, len - auth_len);
prs_init(&auth_verf, 0x08, 4, 0, True);
DEBUG(10,("rpc_auth_pipe: verify\n"));
dump_data(100, data, auth_len);
NTLMSSPcalc(cli->ntlmssp_hash, data + 4, auth_len - 4);
memcpy(auth_verf.data->data, data, 16);
smb_io_rpc_auth_ntlmssp_chk("auth_sign", &chk, &auth_verf, 0);
dump_data(100, data, auth_len);
prs_mem_free(&auth_verf);
}
if (auth_verify)
{
crc32 = crc32_calc_buffer(data_len, reply_data);
if (chk.crc32 != crc32 ||
chk.ver != NTLMSSP_SIGN_VERSION ||
chk.seq_num != cli->ntlmssp_seq_num++)
{
DEBUG(5,("rpc_auth_pipe: verify failed - crc %x ver %x seq %d\n",
crc32, NTLMSSP_SIGN_VERSION, cli->ntlmssp_seq_num));
DEBUG(5,("rpc_auth_pipe: verify expect - crc %x ver %x seq %d\n",
chk.crc32, chk.ver, chk.seq_num));
return False;
}
}
return True;
}
/****************************************************************************
send data on an rpc pipe, which *must* be in one fragment.
receive response data from an rpc pipe, which may be large...
@ -163,12 +225,13 @@ static BOOL rpc_api_pipe(struct cli_state *cli, uint16 cmd,
prs_struct *rparam, prs_struct *rdata)
{
int len;
int alloc_hint = 0;
uint16 setup[2]; /* only need 2 uint16 setup parameters */
uint32 err;
uint8 pkt_type = 0xff;
BOOL first = True;
BOOL last = True;
RPC_HDR rhdr;
/*
* Setup the pointers from the incoming.
@ -215,12 +278,16 @@ static BOOL rpc_api_pipe(struct cli_state *cli, uint16 cmd,
rdata->data->margin = 0;
if (rparam) rparam->data->margin = 0;
if (!rpc_check_hdr(rdata, &pkt_type, &first, &last, &len)) return False;
if (!rpc_check_hdr(rdata, &rhdr, &first, &last, &len))
{
return False;
}
if (pkt_type == RPC_RESPONSE)
if (rhdr.pkt_type == RPC_RESPONSE)
{
RPC_HDR_RESP rhdr_resp;
smb_io_rpc_hdr_resp("rpc_hdr_resp", &rhdr_resp, rdata, 0);
alloc_hint = rhdr_resp.alloc_hint;
}
DEBUG(5,("rpc_api_pipe: len left: %d smbtrans read: %d\n",
@ -236,6 +303,11 @@ static BOOL rpc_api_pipe(struct cli_state *cli, uint16 cmd,
}
}
if (rhdr.auth_len != 0 && !rpc_auth_pipe(cli, rdata, rhdr.frag_len, rhdr.auth_len))
{
return False;
}
/* only one rpc fragment, and it has been read */
if (first && last)
{
@ -245,39 +317,43 @@ static BOOL rpc_api_pipe(struct cli_state *cli, uint16 cmd,
while (!last) /* read more fragments until we get the last one */
{
RPC_HDR rhdr;
RPC_HDR_RESP rhdr_resp;
int num_read;
prs_struct hps;
prs_init(&hps, 0x18, 4, 0, True);
prs_init(&hps, 0x8, 4, 0, True);
num_read = cli_read(cli, cli->nt_pipe_fnum, hps.data->data, 0, 0x18);
DEBUG(5,("rpc_api_pipe: read header (size:%d)\n", num_read));
if (num_read != 0x18) return False;
smb_io_rpc_hdr ("rpc_hdr ", &rhdr , &hps, 0);
if (!rpc_check_hdr(&hps, &rhdr, &first, &last, &len))
{
return False;
}
smb_io_rpc_hdr_resp("rpc_hdr_resp", &rhdr_resp, &hps, 0);
prs_mem_free(&hps);
if (cli_error(cli, NULL, &err)) return False;
first = IS_BITS_SET_ALL(rhdr.flags, RPC_FLG_FIRST);
last = IS_BITS_SET_ALL(rhdr.flags, RPC_FLG_LAST );
if (first)
{
DEBUG(0,("rpc_api_pipe: wierd rpc header received\n"));
return False;
}
len = rhdr.frag_len - hps.offset;
if (!rpc_read(cli, rdata, len, rdata->data->data_used))
{
return False;
}
if (rhdr.auth_len != 0 && !rpc_auth_pipe(cli, rdata, rhdr.frag_len, rhdr.auth_len))
{
return False;
}
}
return True;
@ -316,7 +392,7 @@ static BOOL create_rpc_bind_req(prs_struct *rhdr,
if (auth_req != NULL && rhdr_auth != NULL && auth_ntlm != NULL)
{
make_rpc_hdr_auth(&hdr_auth, 0x0a, 0x06, 0x00);
make_rpc_hdr_auth(&hdr_auth, 0x0a, 0x06, 0x00, 1);
smb_io_rpc_hdr_auth("hdr_auth", &hdr_auth, rhdr_auth, 0);
mem_realloc_data(rhdr_auth->data, rhdr_auth->offset);
@ -335,9 +411,12 @@ static BOOL create_rpc_bind_req(prs_struct *rhdr,
/* create the request RPC_HDR */
make_rpc_hdr(&hdr, RPC_BIND, 0x0, call_id,
(auth_req != NULL ? auth_req ->offset : 0) +
(auth_ntlm != NULL ? auth_ntlm->offset : 0) +
(rhdr_auth != NULL ? rhdr_auth->offset : 0) +
rhdr_rb->offset + 0x10,
auth_req != NULL ? auth_req ->offset : 0 +
auth_ntlm != NULL ? auth_ntlm->offset : 0);
(auth_req != NULL ? auth_req ->offset : 0) +
(auth_ntlm != NULL ? auth_ntlm->offset : 0));
smb_io_rpc_hdr("hdr" , &hdr , rhdr, 0);
mem_realloc_data(rhdr->data, rhdr->offset);
@ -505,7 +584,7 @@ BOOL rpc_api_pipe_req(struct cli_state *cli, uint8 op_num,
auth_seal = IS_BITS_SET_ALL(cli->ntlmssp_srv_flgs, NTLMSSP_NEGOTIATE_SEAL);
/* happen to know that NTLMSSP authentication verifier is 16 bytes */
auth_len = auth_verify ? 16 : 0;
auth_len = (auth_verify ? 16 : 0);
data_len = data->offset + auth_len + (auth_verify ? 8 : 0) + 0x18;
data->data->offset.end = data->offset;
@ -522,15 +601,19 @@ BOOL rpc_api_pipe_req(struct cli_state *cli, uint8 op_num,
NTLMSSPcalc(cli->ntlmssp_hash, (uchar*)mem_data(&data->data, 0), data->offset);
}
if (auth_seal || auth_verify)
{
RPC_HDR_AUTH rhdr_auth;
make_rpc_hdr_auth(&rhdr_auth, 0x0a, 0x06, 0x08, (auth_verify ? 1 : 0));
smb_io_rpc_hdr_auth("hdr_auth", &rhdr_auth, &hdr_auth, 0);
}
if (auth_verify)
{
RPC_AUTH_NTLMSSP_CHK chk;
RPC_HDR_AUTH rhdr_auth;
make_rpc_hdr_auth(&rhdr_auth, 0x0a, 0x06, 0x08);
smb_io_rpc_hdr_auth("hdr_auth", &rhdr_auth, &hdr_auth, 0);
make_rpc_auth_ntlmssp_chk(&chk, NTLMSSP_SIGN_VERSION, crc32, 0);
make_rpc_auth_ntlmssp_chk(&chk, NTLMSSP_SIGN_VERSION, crc32, cli->ntlmssp_seq_num++);
smb_io_rpc_auth_ntlmssp_chk("auth_sign", &chk, &auth_verf, 0);
NTLMSSPcalc(cli->ntlmssp_hash, (uchar*)mem_data(&auth_verf.data, 4), 12);
}
@ -737,11 +820,11 @@ static BOOL rpc_pipe_bind(struct cli_state *cli, char *pipe_name,
if (!valid_pipe_name(pipe_name, abstract, transfer)) return False;
prs_init(&hdr , 0x10 , 4, 0x0 , False);
prs_init(&hdr_rb , 1024 , 4, SAFETY_MARGIN, False);
prs_init(&hdr_auth , ntlmssp_auth ? 8 : 0, 4, SAFETY_MARGIN, False);
prs_init(&auth_req , ntlmssp_auth ? 1024 : 0, 4, SAFETY_MARGIN, False);
prs_init(&auth_ntlm, ntlmssp_auth ? 1024 : 0, 4, SAFETY_MARGIN, False);
prs_init(&hdr , 0x10 , 4, 0x0 , False);
prs_init(&hdr_rb , 1024 , 4, SAFETY_MARGIN, False);
prs_init(&hdr_auth , (ntlmssp_auth ? 8 : 0), 4, SAFETY_MARGIN, False);
prs_init(&auth_req , (ntlmssp_auth ? 1024 : 0), 4, SAFETY_MARGIN, False);
prs_init(&auth_ntlm, (ntlmssp_auth ? 1024 : 0), 4, SAFETY_MARGIN, False);
prs_init(&rdata , 0 , 4, SAFETY_MARGIN, True);
prs_init(&rparam , 0 , 4, SAFETY_MARGIN, True);
@ -810,11 +893,6 @@ static BOOL rpc_pipe_bind(struct cli_state *cli, char *pipe_name,
prs_init(&auth_resp, 1024, 4, SAFETY_MARGIN, False);
pwd_make_lm_nt_owf(&cli->pwd, rhdr_chal.challenge);
pwd_get_lm_nt_owf(&cli->pwd, lm_owf, NULL);
pwd_get_lm_nt_16(&cli->pwd, lm_hash, NULL);
NTLMSSPOWFencrypt(lm_hash, lm_owf, p24);
bzero(lm_hash, sizeof(lm_hash));
NTLMSSPhash(cli->ntlmssp_hash, p24);
create_rpc_bind_resp(&cli->pwd, cli->domain,
cli->user_name, global_myname,
@ -822,6 +900,12 @@ static BOOL rpc_pipe_bind(struct cli_state *cli, char *pipe_name,
call_id,
&hdra, &hdr_autha, &auth_resp);
pwd_get_lm_nt_owf(&cli->pwd, lm_owf, NULL);
pwd_get_lm_nt_16(&cli->pwd, lm_hash, NULL);
NTLMSSPOWFencrypt(lm_hash, lm_owf, p24);
bzero(lm_hash, sizeof(lm_hash));
NTLMSSPhash(cli->ntlmssp_hash, p24);
/* this is a hack due to limitations in rpc_api_pipe */
prs_init(&dataa, mem_buf_len(hdra.data), 4, 0x0, False);
mem_buf_copy(dataa.data->data, hdra.data, 0, mem_buf_len(hdra.data));
@ -909,16 +993,16 @@ BOOL cli_nt_session_open(struct cli_state *cli, char *pipe_name, BOOL encrypted)
if (encrypted)
{
cli->ntlmssp_cli_flgs =
NTLMSSP_NEGOTIATE_UNICODE |
/* NTLMSSP_NEGOTIATE_OEM |
*/
cli->ntlmssp_cli_flgs = 0xb2b3;
/* NTLMSSP_NEGOTIATE_UNICODE |
NTLMSSP_NEGOTIATE_OEM |
NTLMSSP_NEGOTIATE_SIGN |
NTLMSSP_NEGOTIATE_SEAL |
NTLMSSP_NEGOTIATE_LM_KEY |
NTLMSSP_NEGOTIATE_NTLM |
NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
/*
NTLMSSP_NEGOTIATE_00001000 |
NTLMSSP_NEGOTIATE_00002000;
*/

44
source3/rpc_parse/parse_rpc.c
View File

@ -462,7 +462,8 @@ creates an RPC_HDR_AUTH structure.
********************************************************************/
void make_rpc_hdr_auth(RPC_HDR_AUTH *rai,
uint8 auth_type, uint8 auth_level,
uint8 stub_type_len)
uint8 stub_type_len,
uint32 ptr)
{
if (rai == NULL) return;
@ -471,7 +472,7 @@ void make_rpc_hdr_auth(RPC_HDR_AUTH *rai,
rai->stub_type_len = stub_type_len; /* 0x00 */
rai->padding = 0; /* padding 0x00 */
rai->unknown = 0x0014a0c0; /* non-zero pointer to something */
rai->unknown = ptr; /* non-zero pointer to something */
}
/*******************************************************************
@ -532,8 +533,8 @@ void make_rpc_auth_ntlmssp_neg(RPC_AUTH_NTLMSSP_NEG *neg,
neg->neg_flgs = neg_flgs ; /* 0x00b2b3 */
make_str_hdr(&neg->hdr_myname, len_myname+1, len_myname+1, 0x20);
make_str_hdr(&neg->hdr_domain, len_domain+1, len_domain+1, 0x20 + len_myname+1);
make_str_hdr(&neg->hdr_domain, len_domain, len_domain, 0x20 + len_myname);
make_str_hdr(&neg->hdr_myname, len_myname, len_myname, 0x20);
fstrcpy(neg->myname, myname);
fstrcpy(neg->domain, domain);
@ -551,11 +552,38 @@ void smb_io_rpc_auth_ntlmssp_neg(char *desc, RPC_AUTH_NTLMSSP_NEG *neg, prs_stru
prs_uint32("neg_flgs ", ps, depth, &(neg->neg_flgs));
smb_io_strhdr("hdr_myname", &(neg->hdr_myname), ps, depth);
smb_io_strhdr("hdr_domain", &(neg->hdr_domain), ps, depth);
if (ps->io)
{
uint32 old_offset;
prs_string("domain", ps, depth, neg->domain, neg->hdr_domain.str_str_len-1, sizeof(neg->domain));
prs_string("myname", ps, depth, neg->myname, neg->hdr_myname.str_str_len-1, sizeof(neg->myname));
/* reading */
ZERO_STRUCTP(neg);
smb_io_strhdr("hdr_domain", &(neg->hdr_domain), ps, depth);
smb_io_strhdr("hdr_myname", &(neg->hdr_myname), ps, depth);
old_offset = ps->offset;
ps->offset = neg->hdr_myname .buffer + 0x1c;
prs_uint8s(True , "myname", ps, depth, (uint8*)neg->myname , MIN(neg->hdr_myname .str_str_len, sizeof(neg->myname )));
old_offset += neg->hdr_myname .str_str_len;
ps->offset = neg->hdr_domain .buffer + 0x1c;
prs_uint8s(True , "domain", ps, depth, (uint8*)neg->domain , MIN(neg->hdr_domain .str_str_len, sizeof(neg->domain )));
old_offset += neg->hdr_domain .str_str_len;
ps->offset = old_offset;
}
else
{
/* writing */
smb_io_strhdr("hdr_domain", &(neg->hdr_domain), ps, depth);
smb_io_strhdr("hdr_myname", &(neg->hdr_myname), ps, depth);
prs_uint8s(True , "myname", ps, depth, (uint8*)neg->myname , MIN(neg->hdr_myname .str_str_len, sizeof(neg->myname )));
prs_uint8s(True , "domain", ps, depth, (uint8*)neg->domain , MIN(neg->hdr_domain .str_str_len, sizeof(neg->domain )));
}
}
/*******************************************************************

5
source3/rpcclient/cmd_samr.c
View File

@ -80,7 +80,7 @@ void cmd_sam_ntchange_pwd(struct client_info *info)
E_old_pw_hash(lm_newhash, nt_oldhash, nt_hshhash);
/* open SAMR session. */
res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, False) : False;
res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, True) : False;
/* establish a connection. */
res = res ? do_samr_unknown_38(smb_cli, srv_name) : False;
@ -119,12 +119,13 @@ void cmd_sam_test(struct client_info *info)
fstrcpy(sid , info->dom.level5_sid);
fstrcpy(domain, info->dom.level5_dom);
/*
if (strlen(sid) == 0)
{
fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
return;
}
*/
fstrcpy(srv_name, "\\\\");
fstrcat(srv_name, info->dest_host);
strupper(srv_name);

8
source3/smbd/password.c
View File

@ -470,26 +470,26 @@ static BOOL pass_check_smb(char *user,char *password, struct passwd *pwd)
}
if (!pass) {
DEBUG(1,("Couldn't find user %s\n",user));
DEBUG(3,("Couldn't find user %s\n",user));
return(False);
}
smb_pass = getsmbpwnam(user);
if (!smb_pass) {
DEBUG(0,("Couldn't find user %s in smb_passwd file.\n", user));
DEBUG(3,("Couldn't find user %s in smb_passwd file.\n", user));
return(False);
}
/* Quit if the account was disabled. */
if(smb_pass->acct_ctrl & ACB_DISABLED) {
DEBUG(0,("account for user %s was disabled.\n", user));
DEBUG(3,("account for user %s was disabled.\n", user));
return(False);
}
/* Ensure the uid's match */
if (smb_pass->smb_userid != pass->pw_uid) {
DEBUG(0,("Error : UNIX and SMB uids in password files do not match !\n"));
DEBUG(3,("Error : UNIX and SMB uids in password files do not match !\n"));
return(False);
}