sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-12-21 20:23:50 +03:00
Code Activity

samr_querydom_info level 1: found the meaning of the unknow fields. And

Browse Source 
discovered that our reply is short by 4 bytes since day 1 of this code.

Added a decode function to rpcclient too.

splitted the STRING2 fields filling while trying to understand the win9x
userlist bug. (didn't fix the bug, but the reply looks closer to NT).

        J.F.
This commit is contained in:
Jean-François Micouleau
-
parent 54c968913d
commit bfbe7f377e
6 changed files with 136 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
source/rpc_parse/parse_misc.c
View File

@@ -820,23 +820,23 @@ void copy_unistr2(UNISTR2 *str, const UNISTR2 *from)
Creates a STRING2 structure.
********************************************************************/
void init_string2(STRING2 *str, const char *buf, int len)
void init_string2(STRING2 *str, const char *buf, int max_len, int str_len)
{
int alloc_len = 0;
/* set up string lengths. */
str->str_max_len = len;
str->str_max_len = max_len;
str->undoc = 0;
str->str_str_len = len;
str->str_str_len = str_len;
/* store the string */
if(len != 0) {
if (len < MAX_STRINGLEN)
if(str_len != 0) {
if (str_len < MAX_STRINGLEN)
alloc_len = MAX_STRINGLEN;
str->buffer = talloc_zero(get_talloc_ctx(), alloc_len);
if (str->buffer == NULL)
smb_panic("init_string2: malloc fail\n");
memcpy(str->buffer, buf, len);
memcpy(str->buffer, buf, str_len);
}
}

4
source/rpc_parse/parse_net.c
View File

@@ -1019,8 +1019,8 @@ void init_id_info2(NET_ID_INFO_2 * id, const char *domain_name,
init_unistr2(&id->uni_user_name, user_name, len_user_name);
init_unistr2(&id->uni_wksta_name, wksta_name, len_wksta_name);
init_string2(&id->nt_chal_resp, (const char *)nt_chal_resp, nt_chal_resp_len);
init_string2(&id->lm_chal_resp, (const char *)lm_chal_resp, lm_chal_resp_len);
init_string2(&id->nt_chal_resp, (const char *)nt_chal_resp, nt_chal_resp_len, nt_chal_resp_len);
init_string2(&id->lm_chal_resp, (const char *)lm_chal_resp, lm_chal_resp_len, lm_chal_resp_len);
}

4
source/rpc_parse/parse_prs.c
View File

@@ -851,12 +851,12 @@ BOOL prs_buffer2(BOOL charmode, char *name, prs_struct *ps, int depth, BUFFER2 *
BOOL prs_string2(BOOL charmode, char *name, prs_struct *ps, int depth, STRING2 *str)
{
int i;
char *q = prs_mem_get(ps, str->str_str_len);
char *q = prs_mem_get(ps, str->str_max_len);
if (q == NULL)
return False;
if (UNMARSHALLING(ps)) {
str->buffer = (unsigned char *)prs_alloc_mem(ps,str->str_str_len);
str->buffer = (unsigned char *)prs_alloc_mem(ps,str->str_max_len);
if (str->buffer == NULL)
return False;
}

41
source/rpc_parse/parse_samr.c
View File

@@ -725,9 +725,18 @@ inits a structure.
void init_unk_info1(SAM_UNK_INFO_1 * u_1)
{
memset(u_1->padding, 0, sizeof(u_1->padding)); /* 12 bytes zeros */
u_1->unknown_1 = 0x80000000;
u_1->unknown_2 = 0x00000000;
u_1->min_length_password = 0;
u_1->password_history = 0;
u_1->flag = 0;
/* password never expire */
u_1->expire.high = 0x80000000;
u_1->expire.low = 0;
/* can change the password now */
u_1->min_passwordage.high = 0;
u_1->min_passwordage.low = 0;
}
/*******************************************************************
@@ -743,12 +752,15 @@ static BOOL sam_io_unk_info1(char *desc, SAM_UNK_INFO_1 * u_1,
prs_debug(ps, depth, desc, "sam_io_unk_info1");
depth++;
if(!prs_uint8s(False, "padding", ps, depth, u_1->padding, sizeof(u_1->padding)))
if(!prs_uint16("min_length_password", ps, depth, &u_1->min_length_password))
return False;
if(!prs_uint32("unknown_1", ps, depth, &u_1->unknown_1)) /* 0x8000 0000 */
if(!prs_uint16("password_history", ps, depth, &u_1->password_history))
return False;
if(!prs_uint32("unknown_2", ps, depth, &u_1->unknown_2)) /* 0x0000 0000 */
if(!prs_uint32("flag", ps, depth, &u_1->flag))
return False;
if(!smb_io_time("expire", &u_1->expire, ps, depth))
return False;
if(!smb_io_time("min_passwordage", &u_1->min_passwordage, ps, depth))
return False;
return True;
@@ -1122,8 +1134,7 @@ static void init_sam_entry4(SAM_ENTRY4 * sam, uint32 user_idx,
DEBUG(5, ("init_sam_entry4\n"));
sam->user_idx = user_idx;
init_str_hdr(&sam->hdr_acct_name, len_acct_name, len_acct_name,
len_acct_name != 0);
init_str_hdr(&sam->hdr_acct_name, len_acct_name+1, len_acct_name, len_acct_name != 0);
}
/*******************************************************************
@@ -1779,7 +1790,7 @@ NTSTATUS init_sam_dispinfo_4(TALLOC_CTX *ctx, SAM_DISPINFO_4 *sam, uint32 *num_e
init_sam_entry4(&sam->sam[i], start_idx + i + 1, len_sam_name);
unistr2_to_ascii(sam_name, &pass[i].uni_user_name, sizeof(sam_name));
init_string2(&sam->str[i].acct_name, sam_name, len_sam_name);
init_string2(&sam->str[i].acct_name, sam_name, len_sam_name+1, len_sam_name);
dsize += sizeof(SAM_ENTRY4);
dsize += len_sam_name;
@@ -1836,8 +1847,6 @@ static BOOL sam_io_sam_dispinfo_4(char *desc, SAM_DISPINFO_4 * sam,
if(!smb_io_string2("acct_name", &sam->str[i].acct_name,
sam->sam[i].hdr_acct_name.buffer, ps, depth))
return False;
if(!prs_align(ps))
return False;
}
return True;
@@ -1879,7 +1888,7 @@ NTSTATUS init_sam_dispinfo_5(TALLOC_CTX *ctx, SAM_DISPINFO_5 *sam, uint32 *num_e
len_sam_name = strlen(grp[i].name);
init_sam_entry5(&sam->sam[i], start_idx + i + 1, len_sam_name);
init_string2(&sam->str[i].grp_name, grp[i].name, len_sam_name);
init_string2(&sam->str[i].grp_name, grp[i].name, len_sam_name+1, len_sam_name);
dsize += sizeof(SAM_ENTRY5);
dsize += len_sam_name;
@@ -1954,7 +1963,11 @@ void init_samr_r_query_dispinfo(SAMR_R_QUERY_DISPINFO * r_u,
{
DEBUG(5, ("init_samr_r_query_dispinfo: level %d\n", switch_level));
r_u->total_size = data_size; /* not calculated */
if (switch_level==4)
r_u->total_size = 0; /* not calculated */
else
r_u->total_size = data_size; /* not calculated */
r_u->data_size = data_size;
r_u->switch_level = switch_level;