extern int Protocol;
extern int max_recv;
-extern fstring global_myworkgroup;
-extern fstring remote_machine;
BOOL global_encrypted_passwords_negotiated = False;
BOOL global_spnego_negotiated = False;
struct auth_context *negprot_global_auth_context = NULL;
/* Create a token value and add it to the outgoing packet. */
if (global_encrypted_passwords_negotiated) {
get_challenge(smb_buf(outbuf));
+ SSVAL(outbuf,smb_vwv11, 8);
}
Protocol = PROTOCOL_LANMAN1;
/* Create a token value and add it to the outgoing packet. */
if (global_encrypted_passwords_negotiated) {
get_challenge(smb_buf(outbuf));
+ SSVAL(outbuf,smb_vwv11, 8);
}
Protocol = PROTOCOL_LANMAN2;
static int negprot_spnego(char *p)
{
DATA_BLOB blob;
- extern pstring global_myname;
- uint8 guid[16];
- const char *OIDs_krb5[] = {OID_NTLMSSP,
- OID_KERBEROS5,
+ uint8 guid[17];
+ const char *OIDs_krb5[] = {OID_KERBEROS5,
OID_KERBEROS5_OLD,
+ OID_NTLMSSP,
NULL};
const char *OIDs_plain[] = {OID_NTLMSSP, NULL};
char *principal;
global_spnego_negotiated = True;
- memset(guid, 0, 16);
- safe_strcpy((char *)guid, global_myname, 16);
- strlower((char *)guid);
+ ZERO_STRUCT(guid);
+ safe_strcpy((char *)guid, global_myname(), sizeof(guid)-1);
+
+#ifdef DEVELOPER
+ /* valgrind fixer... */
+ {
+ size_t sl = strlen(guid);
+ if (sizeof(guid)-sl)
+ memset(&guid[sl], '\0', sizeof(guid)-sl);
+ }
+#endif
+
+ strlower_m((char *)guid);
#if 0
/* strangely enough, NT does not sent the single OID NTLMSSP when
if (lp_security() != SEC_ADS) {
blob = spnego_gen_negTokenInit(guid, OIDs_plain, "NONE");
} else {
- ADS_STRUCT *ads;
- ads = ads_init_simple();
- /* win2000 uses host$@REALM, which we will probably use eventually,
- but for now this works */
- asprintf(&principal, "HOST/%s@%s", guid, ads->realm);
+ asprintf(&principal, "%s$@%s", guid, lp_realm());
blob = spnego_gen_negTokenInit(guid, OIDs_krb5, principal);
free(principal);
- ads_destroy(&ads);
}
memcpy(p, blob.data, blob.length);
len = blob.length;
capabilities |= CAP_EXTENDED_SECURITY;
}
- capabilities |= CAP_NT_SMBS|CAP_RPC_REMOTE_APIS|CAP_UNIX;
+ capabilities |= CAP_NT_SMBS|CAP_RPC_REMOTE_APIS;
+
+ if (lp_unix_extensions()) {
+ capabilities |= CAP_UNIX;
+ }
if (lp_large_readwrite() && (SMB_OFF_T_BITS == 64))
capabilities |= CAP_LARGE_READX|CAP_LARGE_WRITEX|CAP_W2K_SMBS;
SSVAL(outbuf,smb_vwv1+1,lp_maxmux()); /* maxmpx */
SSVAL(outbuf,smb_vwv2+1,1); /* num vcs */
- SIVAL(outbuf,smb_vwv3+1,0xffff); /* max buffer. LOTS! */
+ SIVAL(outbuf,smb_vwv3+1,max_recv); /* max buffer. LOTS! */
SIVAL(outbuf,smb_vwv5+1,0x10000); /* raw size. full 64k */
SIVAL(outbuf,smb_vwv7+1,sys_getpid()); /* session key */
SIVAL(outbuf,smb_vwv9+1,capabilities); /* capabilities */
if (!negotiate_spnego) {
/* Create a token value and add it to the outgoing packet. */
if (global_encrypted_passwords_negotiated) {
+ /* note that we do not send a challenge at all if
+ we are using plaintext */
get_challenge(p);
+ SSVALS(outbuf,smb_vwv16+1,8);
+ p += 8;
}
- SSVALS(outbuf,smb_vwv16+1,8);
- p += 8;
- p += srvstr_push(outbuf, p, global_myworkgroup, -1,
+ p += srvstr_push(outbuf, p, lp_workgroup(), -1,
STR_UNICODE|STR_TERMINATE|STR_NOALIGN);
DEBUG(3,("not using SPNEGO\n"));
} else {
#define ARCH_ALL 0x3F
/* List of supported protocols, most desired first */
-static struct {
- char *proto_name;
- char *short_name;
+static const struct {
+ const char *proto_name;
+ const char *short_name;
int (*proto_reply_fn)(char *, char *);
int protocol_level;
} supported_protocols[] = {
char *p;
int bcc = SVAL(smb_buf(inbuf),-2);
int arch = ARCH_ALL;
+
+ static BOOL done_negprot = False;
+
START_PROFILE(SMBnegprot);
+ if (done_negprot) {
+ END_PROFILE(SMBnegprot);
+ exit_server("multiple negprot's are not permitted");
+ }
+ done_negprot = True;
+
p = smb_buf(inbuf)+1;
while (p < (smb_buf(inbuf) + bcc)) {
Index++;