fixed a stack overflow bug in api_lsa_req_chal()

changed the order of arguments to smbhash() in credentials.c. Luke,
when you changed from E1() to smbhash() you didn't notice that the
arguments are in a different order. This is why your new code was
failing.

NT logon still fails, but now gets to SAMLOGON. It shouldn't take much
to get it working now.

diff --git a/source/libsmb/credentials.c b/source/libsmb/credentials.c
index 07816bc0cf22aec6e4b82e6c3fd6f14514016138..babc8180f2cb07a7f368e6c8162a12d1046c8d85 100644 (file)
--- a/source/libsmb/credentials.c
+++ b/source/libsmb/credentials.c
@@ -44,8 +44,8 @@ void cred_session_key(DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal, char *pass,
        SIVAL(sum2,0,sum[0]);
        SIVAL(sum2,4,sum[1]);
 
-       smbhash(pass  , sum2, buf);
-       smbhash(pass+9, buf , netsesskey);
+       smbhash(buf, sum2, pass);
+       smbhash(netsesskey, buf, pass+9);
 
        session_key[0] = IVAL(netsesskey, 0);
        session_key[1] = IVAL(netsesskey, 4);
@@ -86,10 +86,10 @@ void cred_create(uint32 session_key[2], DOM_CHAL *stor_cred, UTIME timestamp,
        SIVAL(timecred, 0, IVAL(stor_cred, 0) + timestamp.time);
        SIVAL(timecred, 4, IVAL(stor_cred, 4));
 
-       smbhash(netsesskey, timecred, buf);
+       smbhash(buf, timecred, netsesskey);
        memset(key2, 0, 7);
        key2[0] = netsesskey[7];
-       smbhash(key2, buf, calc_cred);
+       smbhash(calc_cred, buf, key2);
 
        cred->data[0] = IVAL(calc_cred, 0);
        cred->data[1] = IVAL(calc_cred, 4);

diff --git a/source/pipenetlog.c b/source/pipenetlog.c
index acb7f806b941197ac4e714560e07b769f44b7746..6d406ee7d2a13628b5600f6192bc0270d73183b5 100644 (file)
--- a/source/pipenetlog.c
+++ b/source/pipenetlog.c
@@ -292,7 +292,7 @@ static BOOL update_dcinfo(int cnum, uint16 vuid,
        }
 
        {
-               char foo[16];
+               fstring foo;
                for (i = 0; i < 16; i++) sprintf(foo+i*2,"%02x ", dc->md4pw[i]);
                DEBUG(4,("pass %s %s\n", mach_acct, foo));
        }