From 62fdeef1b79c5c4c9bf0e860881651711bb80b9a Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Thu, 8 Oct 1998 23:57:46 +0000 Subject: [PATCH] dce/rpc --- source/include/client.h | 101 ++++++------ source/include/proto.h | 13 +- source/include/rpc_dce.h | 9 +- source/lib/membuffer.c | 13 +- source/libsmb/clientgen.c | 44 ++++-- source/libsmb/pwd_cache.c | 20 ++- source/rpc_client/cli_pipe.c | 258 ++++++++++++++++++++++++++++--- source/rpc_client/cli_samr.c | 3 +- source/rpc_parse/parse_rpc.c | 178 +++++++++++++-------- source/rpc_server/srv_pipe_hnd.c | 26 ++-- source/rpcclient/cmd_samr.c | 12 +- source/rpcclient/rpcclient.c | 5 + source/smbwrapper/smbw.c | 2 +- source/utils/torture.c | 6 +- 14 files changed, 512 insertions(+), 178 deletions(-) diff --git a/source/include/client.h b/source/include/client.h index 495780cbaa5..44ac1476656 100644 --- a/source/include/client.h +++ b/source/include/client.h @@ -72,54 +72,59 @@ struct pwd_info }; struct cli_state { - int fd; - uint16 cnum; - uint16 pid; - uint16 mid; - uint16 vuid; - int protocol; - int sec_mode; - int rap_error; - int privilages; - - fstring eff_name; - fstring desthost; - fstring user_name; - fstring domain; - - fstring share; - fstring dev; - struct nmb_name called; - struct nmb_name calling; - fstring full_dest_host_name; - struct in_addr dest_ip; - - struct pwd_info pwd; - unsigned char cryptkey[8]; - uint32 sesskey; - int serverzone; - uint32 servertime; - int readbraw_supported; - int writebraw_supported; - int timeout; - int max_xmit; - int max_mux; - char *outbuf; - char *inbuf; - int bufsize; - int initialised; - int win95; - uint32 capabilities; - /* - * Only used in NT domain calls. - */ - uint32 nt_error; /* NT RPC error code. */ - uint16 nt_pipe_fnum; /* Pipe handle. */ - unsigned char sess_key[16]; /* Current session key. */ - DOM_CRED clnt_cred; /* Client credential. */ - fstring mach_acct; /* MYNAME$. */ - fstring srv_name_slash; /* \\remote server. */ - fstring clnt_name_slash; /* \\local client. */ + int fd; + uint16 cnum; + uint16 pid; + uint16 mid; + uint16 vuid; + int protocol; + int sec_mode; + int rap_error; + int privilages; + + fstring eff_name; + fstring desthost; + fstring user_name; + fstring domain; + + fstring share; + fstring dev; + struct nmb_name called; + struct nmb_name calling; + fstring full_dest_host_name; + struct in_addr dest_ip; + + struct pwd_info pwd; + unsigned char cryptkey[8]; + uint32 sesskey; + int serverzone; + uint32 servertime; + int readbraw_supported; + int writebraw_supported; + int timeout; + int max_xmit; + int max_mux; + char *outbuf; + char *inbuf; + int bufsize; + int initialised; + int win95; + uint32 capabilities; + + /* + * Only used in NT domain calls. + */ + + uint32 nt_error; /* NT RPC error code. */ + uint16 nt_pipe_fnum; /* Pipe handle. */ + unsigned char sess_key[16]; /* Current session key. */ + unsigned char ntlmssp_hash[256]; /* ntlmssp data. */ + uint32 ntlmssp_cli_flgs; /* ntlmssp client flags */ + uint32 ntlmssp_srv_flgs; /* ntlmssp server flags */ + DOM_CRED clnt_cred; /* Client credential. */ + fstring mach_acct; /* MYNAME$. */ + fstring srv_name_slash; /* \\remote server. */ + fstring clnt_name_slash; /* \\local client. */ }; #endif /* _CLIENT_H */ diff --git a/source/include/proto.h b/source/include/proto.h index 1c31c1076bc..4cf63d27973 100644 --- a/source/include/proto.h +++ b/source/include/proto.h @@ -390,7 +390,9 @@ BOOL cli_close(struct cli_state *cli, int fnum); BOOL cli_lock(struct cli_state *cli, int fnum, uint32 offset, uint32 len, int timeout); BOOL cli_unlock(struct cli_state *cli, int fnum, uint32 offset, uint32 len, int timeout); size_t cli_read(struct cli_state *cli, int fnum, char *buf, off_t offset, size_t size); -size_t cli_write(struct cli_state *cli, int fnum, char *buf, off_t offset, size_t size); +size_t cli_write(struct cli_state *cli, + int fnum, uint16 write_mode, + char *buf, off_t offset, size_t size); BOOL cli_getattrE(struct cli_state *cli, int fd, uint32 *attr, size_t *size, time_t *c_time, time_t *a_time, time_t *m_time); @@ -1551,13 +1553,13 @@ void make_rpc_hdr_auth(RPC_HDR_AUTH *rai, uint8 auth_type, uint8 auth_level, uint8 stub_type_len); void smb_io_rpc_hdr_auth(char *desc, RPC_HDR_AUTH *rai, prs_struct *ps, int depth); +void make_rpc_auth_verifier(RPC_AUTH_VERIFIER *rav, + char *signature, uint32 msg_type); +void smb_io_rpc_auth_verifier(char *desc, RPC_AUTH_VERIFIER *rav, prs_struct *ps, int depth); void make_rpc_auth_ntlmssp_neg(RPC_AUTH_NTLMSSP_NEG *neg, uint32 neg_flgs, fstring myname, fstring domain); void smb_io_rpc_auth_ntlmssp_neg(char *desc, RPC_AUTH_NTLMSSP_NEG *neg, prs_struct *ps, int depth); -void make_rpc_auth_verifier(RPC_AUTH_VERIFIER *rav, - char *signature, uint32 msg_type); -void smb_io_rpc_auth_verifier(char *desc, RPC_AUTH_VERIFIER *rav, prs_struct *ps, int depth); void make_rpc_auth_ntlmssp_chal(RPC_AUTH_NTLMSSP_CHAL *chl, uint32 neg_flags, uint8 challenge[8]); @@ -1567,6 +1569,9 @@ void make_rpc_auth_ntlmssp_resp(RPC_AUTH_NTLMSSP_RESP *rsp, char *domain, char *user, char *wks, uint32 neg_flags); void smb_io_rpc_auth_ntlmssp_resp(char *desc, RPC_AUTH_NTLMSSP_RESP *rsp, prs_struct *ps, int depth); +void make_rpc_auth_ntlmssp_chk(RPC_AUTH_NTLMSSP_CHK *chk, + uint32 ver, uint32 crc32, uint32 seq_num); +void smb_io_rpc_auth_ntlmssp_chk(char *desc, RPC_AUTH_NTLMSSP_CHK *chk, prs_struct *ps, int depth); /*The following definitions come from rpc_parse/parse_samr.c */ diff --git a/source/include/rpc_dce.h b/source/include/rpc_dce.h index fe5f809f0d1..982ec1f52b7 100644 --- a/source/include/rpc_dce.h +++ b/source/include/rpc_dce.h @@ -59,12 +59,18 @@ enum NTLM_MESSAGE_TYPE #define NTLMSSP_NEGOTIATE_SEAL 0x00000020 #define NTLMSSP_NEGOTIATE_LM_KEY 0x00000080 #define NTLMSSP_NEGOTIATE_NTLM 0x00000200 +#define NTLMSSP_NEGOTIATE_00001000 0x00001000 +#define NTLMSSP_NEGOTIATE_00002000 0x00002000 #define NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0x00008000 #define NTLMSSP_NEGOTIATE_NTLM2 0x00080000 #define NTLMSSP_NEGOTIATE_TARGET_INFO 0x00800000 #define NTLMSSP_NEGOTIATE_128 0x20000000 #define NTLMSSP_NEGOTIATE_KEY_EXCH 0x40000000 +/* NTLMSSP signature version */ +#define NTLMSSP_SIGN_VERSION 0x01 + + /* RPC_IFACE */ typedef struct rpc_iface_info { @@ -271,7 +277,8 @@ typedef struct rpc_auth_ntlmssp_resp_info typedef struct rpc_auth_ntlmssp_chk_info { uint32 ver; /* 0x0000 0001 */ - uint8 crc32[8]; /* checksum using 0xEDB8 8320 as a polynomial */ + uint32 reserved; + uint32 crc32; /* checksum using 0xEDB8 8320 as a polynomial */ uint32 seq_num; } RPC_AUTH_NTLMSSP_CHK; diff --git a/source/lib/membuffer.c b/source/lib/membuffer.c index 85f63e8c065..18e9fa94532 100644 --- a/source/lib/membuffer.c +++ b/source/lib/membuffer.c @@ -313,16 +313,19 @@ static BOOL mem_find(struct mem_buf **buf, uint32 offset) while (f != NULL && offset >= f->offset.end) { - f = f->next; - DEBUG(200,("mem_find: next[%d..%d]\n", - f->offset.start, f->offset.end)); + f->offset.start, f->offset.end)); + + f = f->next; } (*buf) = f; - DEBUG(200,("mem_find: found data[%d..%d]\n", - (*buf)->offset.start,(*buf)->offset.end)); + if (f != NULL) + { + DEBUG(200,("mem_find: found data[%d..%d]\n", + (*buf)->offset.start,(*buf)->offset.end)); + } return f != NULL; } diff --git a/source/libsmb/clientgen.c b/source/libsmb/clientgen.c index 8aa857df8ab..5ae84f763b9 100644 --- a/source/libsmb/clientgen.c +++ b/source/libsmb/clientgen.c @@ -1255,7 +1255,7 @@ size_t cli_read(struct cli_state *cli, int fnum, char *buf, off_t offset, size_t /**************************************************************************** issue a single SMBwrite and don't wait for a reply ****************************************************************************/ -static void cli_issue_write(struct cli_state *cli, int fnum, off_t offset, char *buf, +static void cli_issue_write(struct cli_state *cli, int fnum, off_t offset, uint16 mode, char *buf, size_t size, int i) { char *p; @@ -1272,6 +1272,8 @@ static void cli_issue_write(struct cli_state *cli, int fnum, off_t offset, char CVAL(cli->outbuf,smb_vwv0) = 0xFF; SSVAL(cli->outbuf,smb_vwv2,fnum); SIVAL(cli->outbuf,smb_vwv3,offset); + SIVAL(cli->outbuf,smb_vwv5,IS_BITS_SET_ALL(mode, 0x0008) ? 0xFFFFFFFF : 0); + SSVAL(cli->outbuf,smb_vwv7,mode); SSVAL(cli->outbuf,smb_vwv10,size); SSVAL(cli->outbuf,smb_vwv11, @@ -1282,13 +1284,20 @@ static void cli_issue_write(struct cli_state *cli, int fnum, off_t offset, char SSVAL(cli->outbuf,smb_mid,cli->mid + i); + show_msg(cli->outbuf); send_smb(cli->fd,cli->outbuf); } /**************************************************************************** write to a file + write_mode: 0x0001 disallow write cacheing + 0x0002 return bytes remaining + 0x0004 use raw named pipe protocol + 0x0008 start of message mode named pipe protocol ****************************************************************************/ -size_t cli_write(struct cli_state *cli, int fnum, char *buf, off_t offset, size_t size) +size_t cli_write(struct cli_state *cli, + int fnum, uint16 write_mode, + char *buf, off_t offset, size_t size) { int total = -1; int issued=0; @@ -1305,7 +1314,9 @@ size_t cli_write(struct cli_state *cli, int fnum, char *buf, off_t offset, size_ while (issued - received < mpx && issued < blocks) { int size1 = MIN(block, size-issued*block); - cli_issue_write(cli, fnum, offset+issued*block, buf + issued*block, + cli_issue_write(cli, fnum, offset+issued*block, + write_mode, + buf + issued*block, size1, issued); issued++; } @@ -2226,9 +2237,12 @@ initialise a client structure BOOL cli_initialise(struct cli_state *cli) { if (cli->initialised) - cli_shutdown(cli); + { + cli_shutdown(cli); + } memset(cli, 0, sizeof(*cli)); + cli->fd = -1; cli->cnum = -1; cli->pid = (uint16)getpid(); @@ -2241,8 +2255,12 @@ BOOL cli_initialise(struct cli_state *cli) cli->outbuf = (char *)malloc(cli->bufsize); cli->inbuf = (char *)malloc(cli->bufsize); if (!cli->outbuf || !cli->inbuf) - return False; + { + return False; + } + cli->initialised = 1; + return True; } @@ -2252,9 +2270,13 @@ shutdown a client structure void cli_shutdown(struct cli_state *cli) { if (cli->outbuf) - free(cli->outbuf); + { + free(cli->outbuf); + } if (cli->inbuf) - free(cli->inbuf); + { + free(cli->inbuf); + } #ifdef WITH_SSL if (cli->fd != -1) sslutil_disconnect(cli->fd); @@ -2454,7 +2476,9 @@ BOOL cli_establish_connection(struct cli_state *cli, { DEBUG(1,("failed session setup\n")); if (do_shutdown) - cli_shutdown(cli); + { + cli_shutdown(cli); + } return False; } if (do_tcon) @@ -2464,7 +2488,9 @@ BOOL cli_establish_connection(struct cli_state *cli, { DEBUG(1,("failed tcon_X\n")); if (do_shutdown) - cli_shutdown(cli); + { + cli_shutdown(cli); + } return False; } } diff --git a/source/libsmb/pwd_cache.c b/source/libsmb/pwd_cache.c index 92eee015b39..c4c578cde65 100644 --- a/source/libsmb/pwd_cache.c +++ b/source/libsmb/pwd_cache.c @@ -168,8 +168,14 @@ void pwd_set_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16]) void pwd_get_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16]) { pwd_deobfuscate(pwd); - memcpy(lm_pwd, pwd->smb_lm_pwd, 16); - memcpy(nt_pwd, pwd->smb_nt_pwd, 16); + if (lm_pwd != NULL) + { + memcpy(lm_pwd, pwd->smb_lm_pwd, 16); + } + if (nt_pwd != NULL) + { + memcpy(nt_pwd, pwd->smb_nt_pwd, 16); + } pwd_obfuscate(pwd); } @@ -229,7 +235,13 @@ void pwd_make_lm_nt_owf(struct pwd_info *pwd, uchar cryptkey[8]) void pwd_get_lm_nt_owf(struct pwd_info *pwd, uchar lm_owf[24], uchar nt_owf[24]) { pwd_deobfuscate(pwd); - memcpy(lm_owf, pwd->smb_lm_owf, 24); - memcpy(nt_owf, pwd->smb_nt_owf, 24); + if (lm_owf != NULL) + { + memcpy(lm_owf, pwd->smb_lm_owf, 24); + } + if (nt_owf != NULL) + { + memcpy(nt_owf, pwd->smb_nt_owf, 24); + } pwd_obfuscate(pwd); } diff --git a/source/rpc_client/cli_pipe.c b/source/rpc_client/cli_pipe.c index 44440d9fba2..f7060e0f71d 100644 --- a/source/rpc_client/cli_pipe.c +++ b/source/rpc_client/cli_pipe.c @@ -286,12 +286,12 @@ static BOOL rpc_api_pipe(struct cli_state *cli, uint16 cmd, - caller is expected to free the header data structure once used. ********************************************************************/ - static BOOL create_rpc_bind_req(prs_struct *rhdr, prs_struct *rhdr_rb, prs_struct *rhdr_auth, prs_struct *auth_req, prs_struct *auth_ntlm, + uint32 call_id, RPC_IFACE *abstract, RPC_IFACE *transfer, char *my_name, char *domain) { @@ -303,7 +303,7 @@ static BOOL create_rpc_bind_req(prs_struct *rhdr, /* create the bind request RPC_HDR_RB */ make_rpc_hdr_rb(&hdr_rb, 0x1630, 0x1630, 0x0, - 0x1, 0x0, 0x1, abstract, transfer); + 0x1, 0x0, 0x1, abstract, transfer); /* stream the bind request data */ smb_io_rpc_hdr_rb("", &hdr_rb, rhdr_rb, 0); @@ -329,7 +329,7 @@ static BOOL create_rpc_bind_req(prs_struct *rhdr, } /* create the request RPC_HDR */ - make_rpc_hdr(&hdr, RPC_BIND, 0x0, get_rpc_call_id(), + make_rpc_hdr(&hdr, RPC_BIND, 0x0, call_id, rhdr_rb->offset + 0x10, auth_req != NULL ? auth_req ->offset : 0 + auth_ntlm != NULL ? auth_ntlm->offset : 0); @@ -361,6 +361,71 @@ static BOOL create_rpc_bind_req(prs_struct *rhdr, } +/******************************************************************* + creates a DCE/RPC bind authentication response + + - initialises the parse structure. + - dynamically allocates the header data structure + - caller is expected to free the header data structure once used. + + ********************************************************************/ +static BOOL create_rpc_bind_resp(struct pwd_info *pwd, + char *domain, char *user_name, char *my_name, + uint32 ntlmssp_cli_flgs, + uint32 call_id, + prs_struct *rhdr, + prs_struct *rhdr_autha, + prs_struct *auth_resp) +{ + unsigned char lm_owf[24]; + unsigned char nt_owf[24]; + RPC_HDR hdr; + RPC_HDR_AUTHA hdr_autha; + RPC_AUTH_VERIFIER auth_verifier; + RPC_AUTH_NTLMSSP_RESP ntlmssp_resp; + + make_rpc_hdr_autha(&hdr_autha, 0x1630, 0x1630, 0x0a, 0x06, 0x00); + smb_io_rpc_hdr_autha("hdr_autha", &hdr_autha, rhdr_autha, 0); + mem_realloc_data(rhdr_autha->data, rhdr_autha->offset); + + make_rpc_auth_verifier(&auth_verifier, + "NTLMSSP", NTLMSSP_AUTH); + + smb_io_rpc_auth_verifier("auth_verifier", &auth_verifier, auth_resp, 0); + mem_realloc_data(auth_resp->data, auth_resp->offset); + + pwd_get_lm_nt_owf(pwd, lm_owf, nt_owf); + + make_rpc_auth_ntlmssp_resp(&ntlmssp_resp, + lm_owf, nt_owf, + domain, user_name, my_name, + ntlmssp_cli_flgs); + + smb_io_rpc_auth_ntlmssp_resp("ntlmssp_resp", &ntlmssp_resp, auth_resp, 0); + mem_realloc_data(auth_resp->data, auth_resp->offset); + + /* create the request RPC_HDR */ + make_rpc_hdr(&hdr, RPC_BINDRESP, 0x0, call_id, + auth_resp->offset + rhdr_autha->offset + 0x10, + auth_resp->offset); + + smb_io_rpc_hdr("hdr" , &hdr , rhdr, 0); + mem_realloc_data(rhdr->data, rhdr->offset); + + if (rhdr->data == NULL || rhdr_autha->data == NULL) return False; + + /***/ + /*** link rpc header and authentication responses ***/ + /***/ + + prs_link(NULL , rhdr , rhdr_autha); + prs_link(rhdr , rhdr_autha , auth_resp ); + prs_link(rhdr_autha, auth_resp , NULL ); + + return True; +} + + /******************************************************************* creates a DCE/RPC bind request @@ -370,8 +435,10 @@ static BOOL create_rpc_bind_req(prs_struct *rhdr, ********************************************************************/ -static BOOL create_rpc_request(prs_struct *rhdr, uint8 op_num, int data_len) +static BOOL create_rpc_request(prs_struct *rhdr, uint8 op_num, int data_len, + int auth_len) { + uint32 alloc_hint; RPC_HDR_REQ hdr_req; RPC_HDR hdr; @@ -380,10 +447,22 @@ static BOOL create_rpc_request(prs_struct *rhdr, uint8 op_num, int data_len) /* create the rpc header RPC_HDR */ make_rpc_hdr(&hdr , RPC_REQUEST, RPC_FLG_FIRST | RPC_FLG_LAST, - get_rpc_call_id(), data_len, 0); + get_rpc_call_id(), data_len, auth_len); + + if (auth_len != 0) + { + alloc_hint = data_len - 0x18 - auth_len - 12; + } + else + { + alloc_hint = data_len - 0x18; + } + + DEBUG(10,("create_rpc_request: data_len: %x auth_len: %x alloc_hint: %x\n", + data_len, auth_len, alloc_hint)); /* create the rpc request RPC_HDR_REQ */ - make_rpc_hdr_req(&hdr_req, data_len, op_num); + make_rpc_hdr_req(&hdr_req, alloc_hint, op_num); /* stream-time... */ smb_io_rpc_hdr ("hdr ", &hdr , rhdr, 0); @@ -405,32 +484,85 @@ BOOL rpc_api_pipe_req(struct cli_state *cli, uint8 op_num, prs_struct *data, prs_struct *rdata) { /* fudge this, at the moment: create the header; memcpy the data. oops. */ + prs_struct dataa; prs_struct rparam; prs_struct hdr; + prs_struct hdr_auth; + prs_struct auth_verf; int data_len; + int auth_len; BOOL ret; + BOOL auth_verify; + BOOL auth_seal; + uint32 crc32; - data_len = data->offset + 0x18; + auth_verify = IS_BITS_SET_ALL(cli->ntlmssp_srv_flgs, NTLMSSP_NEGOTIATE_SIGN); + auth_seal = IS_BITS_SET_ALL(cli->ntlmssp_srv_flgs, NTLMSSP_NEGOTIATE_SEAL); + + /* happen to know that NTLMSSP authentication verifier is 16 bytes */ + auth_len = auth_verify ? 16 : 0; + data_len = data->offset + auth_len + (auth_verify ? 8 : 0) + 0x18; data->data->offset.end = data->offset; - prs_init(&hdr , data_len, 4, SAFETY_MARGIN, False); - prs_init(&rparam, 0 , 4, 0 , True ); + prs_init(&hdr , data_len, 4, SAFETY_MARGIN, False); + prs_init(&hdr_auth , 8 , 4, SAFETY_MARGIN, False); + prs_init(&auth_verf, auth_len, 4, SAFETY_MARGIN, False); + prs_init(&rparam , 0 , 4, 0 , True ); - create_rpc_request(&hdr, op_num, data_len); + create_rpc_request(&hdr, op_num, data_len, auth_len); + + if (auth_seal) + { + crc32 = crc32_calc_buffer(data->offset, mem_data(&data->data, 0)); + NTLMSSPcalc(cli->ntlmssp_hash, mem_data(&data->data, 0), data->offset); + } + + if (auth_verify) + { + RPC_AUTH_NTLMSSP_CHK chk; + RPC_HDR_AUTH rhdr_auth; + + make_rpc_hdr_auth(&rhdr_auth, 0x0a, 0x06, 0x02); + smb_io_rpc_hdr_auth("hdr_auth", &rhdr_auth, &hdr_auth, 0); + + make_rpc_auth_ntlmssp_chk(&chk, NTLMSSP_SIGN_VERSION, crc32, 0); + smb_io_rpc_auth_ntlmssp_chk("auth_sign", &chk, &auth_verf, 0); + NTLMSSPcalc(cli->ntlmssp_hash, mem_data(&auth_verf.data, 4), 12); + } + + if (auth_seal || auth_verify) + { + prs_link(NULL , &hdr , data ); + prs_link(&hdr , data , &hdr_auth ); + prs_link(data , &hdr_auth , &auth_verf); + prs_link(&hdr_auth, &auth_verf, NULL ); + } + else + { + prs_link(NULL, &hdr, data); + prs_link(&hdr, data, NULL); + } mem_realloc_data(hdr.data, data_len); - hdr.data->offset.end = data_len; - mem_buf_copy(mem_data(&(hdr.data), 0x18), data->data, 0, data->offset); - ret = rpc_api_pipe(cli, 0x0026, NULL, &hdr, &rparam, rdata); + DEBUG(100,("data_len: %x data_calc_len: %x\n", + data_len, mem_buf_len(data->data))); + + /* this is a hack due to limitations in rpc_api_pipe */ + prs_init(&dataa, mem_buf_len(hdr.data), 4, 0x0, False); + mem_buf_copy(dataa.data->data, hdr.data, 0, mem_buf_len(hdr.data)); - prs_mem_free(&rparam); - prs_mem_free(&hdr); + ret = rpc_api_pipe(cli, 0x0026, NULL, &dataa, &rparam, rdata); + + prs_mem_free(&hdr_auth ); + prs_mem_free(&auth_verf); + prs_mem_free(&rparam ); + prs_mem_free(&hdr ); + prs_mem_free(&dataa ); return ret; } - /**************************************************************************** do an rpc bind ****************************************************************************/ @@ -574,11 +706,13 @@ do an rpc bind ****************************************************************************/ static BOOL rpc_pipe_bind(struct cli_state *cli, char *pipe_name, - RPC_IFACE *abstract, RPC_IFACE *transfer, BOOL ntlmssp_auth) + RPC_IFACE *abstract, RPC_IFACE *transfer, + char *my_name) { prs_struct hdr; prs_struct hdr_rb; prs_struct hdr_auth; + prs_struct hdr_autha; prs_struct auth_req; prs_struct auth_ntlm; prs_struct data; @@ -586,9 +720,13 @@ static BOOL rpc_pipe_bind(struct cli_state *cli, char *pipe_name, prs_struct rparam; BOOL valid_ack = False; + BOOL ntlmssp_auth = cli->ntlmssp_cli_flgs != 0; + uint32 call_id; if (pipe_name == NULL || abstract == NULL || transfer == NULL) - return False; + { + return False; + } DEBUG(5,("Bind RPC Pipe[%x]: %s\n", cli->nt_pipe_fnum, pipe_name)); @@ -600,14 +738,16 @@ static BOOL rpc_pipe_bind(struct cli_state *cli, char *pipe_name, prs_init(&auth_req , ntlmssp_auth ? 1024 : 0, 4, SAFETY_MARGIN, False); prs_init(&auth_ntlm, ntlmssp_auth ? 1024 : 0, 4, SAFETY_MARGIN, False); - prs_init(&rdata , 0 , 4, SAFETY_MARGIN, True ); - prs_init(&rparam, 0 , 4, SAFETY_MARGIN, True ); + prs_init(&rdata , 0 , 4, SAFETY_MARGIN, True); + prs_init(&rparam , 0 , 4, SAFETY_MARGIN, True); + call_id = get_rpc_call_id(); create_rpc_bind_req(&hdr, &hdr_rb, ntlmssp_auth ? &hdr_auth : NULL, ntlmssp_auth ? &auth_req : NULL, ntlmssp_auth ? &auth_ntlm : NULL, - abstract, transfer, global_myname, global_myworkgroup); + call_id, + abstract, transfer, global_myname, cli->domain); /* this is a hack due to limitations in rpc_api_pipe */ prs_init(&data, mem_buf_len(hdr.data), 4, 0x0, False); @@ -646,6 +786,57 @@ static BOOL rpc_pipe_bind(struct cli_state *cli, char *pipe_name, smb_io_rpc_auth_ntlmssp_chal("", &rhdr_chal, &rdata, 0); if (rdata.offset == 0) valid_ack = False; } + if (valid_ack && ntlmssp_auth) + { + unsigned char p24[24]; + unsigned char lm_owf[24]; + unsigned char lm_hash[16]; + + prs_struct hdra; + prs_struct hdr_autha; + prs_struct auth_resp; + prs_struct dataa; + + cli->ntlmssp_cli_flgs = rhdr_chal.neg_flags; + + prs_init(&hdra , 0x10, 4, 0x0 , False); + prs_init(&hdr_autha, 1024, 4, SAFETY_MARGIN, False); + prs_init(&auth_resp, 1024, 4, SAFETY_MARGIN, False); + + pwd_make_lm_nt_owf(&cli->pwd, rhdr_chal.challenge); + pwd_get_lm_nt_owf(&cli->pwd, lm_owf, NULL); + pwd_get_lm_nt_16(&cli->pwd, lm_hash, NULL); + NTLMSSPOWFencrypt(lm_hash, lm_owf, p24); + bzero(lm_hash, sizeof(lm_hash)); + NTLMSSPhash(cli->ntlmssp_hash, p24); + + create_rpc_bind_resp(&cli->pwd, cli->domain, + cli->user_name, global_myname, + cli->ntlmssp_cli_flgs, + call_id, + &hdra, &hdr_autha, &auth_resp); + + /* this is a hack due to limitations in rpc_api_pipe */ + prs_init(&dataa, mem_buf_len(hdra.data), 4, 0x0, False); + mem_buf_copy(dataa.data->data, hdra.data, 0, mem_buf_len(hdra.data)); + + if (cli_write(cli, cli->nt_pipe_fnum, 0x0008, + dataa.data->data, 0, + dataa.data->data_used) < 0) + { + valid_ack = False; + } + + if (valid_ack) + { + cli->ntlmssp_srv_flgs = rhdr_chal.neg_flags; + } + + prs_mem_free(&hdra); + prs_mem_free(&dataa); + prs_mem_free(&hdr_autha); + prs_mem_free(&auth_resp); + } } prs_mem_free(&data ); @@ -690,7 +881,26 @@ BOOL cli_nt_session_open(struct cli_state *cli, char *pipe_name, BOOL encrypted) } /******************* bind request on pipe *****************/ - if (!rpc_pipe_bind(cli, pipe_name, &abstract, &transfer, encrypted)) + + if (encrypted) + { + cli->ntlmssp_cli_flgs = + NTLMSSP_NEGOTIATE_UNICODE | + NTLMSSP_NEGOTIATE_OEM | + NTLMSSP_NEGOTIATE_SIGN | + NTLMSSP_NEGOTIATE_SEAL | + NTLMSSP_NEGOTIATE_LM_KEY | + NTLMSSP_NEGOTIATE_NTLM | + NTLMSSP_NEGOTIATE_ALWAYS_SIGN | + NTLMSSP_NEGOTIATE_00001000 | + NTLMSSP_NEGOTIATE_00002000; + DEBUG(5,("cli_nt_session_open: neg_flags: %lx\n", + cli->ntlmssp_cli_flgs)); + } + + if (!rpc_pipe_bind(cli, pipe_name, + &abstract, &transfer, + global_myname)) { DEBUG(0,("cli_nt_session_open: rpc bind failed. Error was %s\n", cli_errstr(cli))); @@ -699,8 +909,8 @@ BOOL cli_nt_session_open(struct cli_state *cli, char *pipe_name, BOOL encrypted) } /* - * Setup the remote server name prefixed by \ and the machine account name. - */ + * Setup the remote server name prefixed by \ and the machine account name. + */ fstrcpy(cli->srv_name_slash, "\\\\"); fstrcat(cli->srv_name_slash, cli->desthost); diff --git a/source/rpc_client/cli_samr.c b/source/rpc_client/cli_samr.c index ef20a999df5..c9e806fd21c 100644 --- a/source/rpc_client/cli_samr.c +++ b/source/rpc_client/cli_samr.c @@ -107,7 +107,7 @@ BOOL do_samr_unknown_8(struct cli_state *cli, prs_struct rdata; SAMR_Q_UNKNOWN_8 q_e; - BOOL valid_un8 = False; + BOOL valid_un8 = False; /* create and send a MSRPC command with api SAMR_ENUM_DOM_USERS */ @@ -128,7 +128,6 @@ BOOL do_samr_unknown_8(struct cli_state *cli, if (rpc_api_pipe_req(cli, SAMR_UNKNOWN_8, &data, &rdata)) { #if 0 - SAMR_R_UNKNOWN_8 r_e; BOOL p; diff --git a/source/rpc_parse/parse_rpc.c b/source/rpc_parse/parse_rpc.c index a1773bb8278..2204207440a 100644 --- a/source/rpc_parse/parse_rpc.c +++ b/source/rpc_parse/parse_rpc.c @@ -375,13 +375,13 @@ void smb_io_rpc_hdr_ba(char *desc, RPC_HDR_BA *rpc, prs_struct *ps, int depth) /******************************************************************* creates an RPC_HDR_REQ structure. ********************************************************************/ -void make_rpc_hdr_req(RPC_HDR_REQ *hdr, uint32 data_len, uint16 opnum) +void make_rpc_hdr_req(RPC_HDR_REQ *hdr, uint32 alloc_hint, uint16 opnum) { if (hdr == NULL) return; - hdr->alloc_hint = data_len - 0x18; /* allocation hint */ - hdr->context_id = 0; /* presentation context identifier */ - hdr->opnum = opnum; /* opnum */ + hdr->alloc_hint = alloc_hint; /* allocation hint */ + hdr->context_id = 0; /* presentation context identifier */ + hdr->opnum = opnum; /* opnum */ } /******************************************************************* @@ -492,6 +492,32 @@ void smb_io_rpc_hdr_auth(char *desc, RPC_HDR_AUTH *rai, prs_struct *ps, int dept prs_uint32("unknown ", ps, depth, &(rai->unknown )); /* 0x0014a0c0 */ } +/******************************************************************* +creates an RPC_AUTH_VERIFIER structure. +********************************************************************/ +void make_rpc_auth_verifier(RPC_AUTH_VERIFIER *rav, + char *signature, uint32 msg_type) +{ + if (rav == NULL) return; + + fstrcpy(rav->signature, signature); /* "NTLMSSP" */ + rav->msg_type = msg_type; /* NTLMSSP_MESSAGE_TYPE */ +} + +/******************************************************************* +reads or writes an RPC_AUTH_VERIFIER structure. +********************************************************************/ +void smb_io_rpc_auth_verifier(char *desc, RPC_AUTH_VERIFIER *rav, prs_struct *ps, int depth) +{ + if (rav == NULL) return; + + prs_debug(ps, depth, desc, "smb_io_rpc_auth_verifier"); + depth++; + + prs_string("signature", ps, depth, rav->signature, 0, sizeof(rav->signature)); /* "NTLMSSP" */ + prs_uint32("msg_type ", ps, depth, &(rav->msg_type )); /* NTLMSSP_MESSAGE_TYPE */ +} + /******************************************************************* creates an RPC_AUTH_NTLMSSP_NEG structure. ********************************************************************/ @@ -506,8 +532,8 @@ void make_rpc_auth_ntlmssp_neg(RPC_AUTH_NTLMSSP_NEG *neg, neg->neg_flgs = neg_flgs ; /* 0x00b2b3 */ - make_str_hdr(&neg->hdr_myname, len_myname, len_myname, 1); - make_str_hdr(&neg->hdr_domain, len_domain, len_domain, 1); + make_str_hdr(&neg->hdr_myname, len_myname, len_myname, 0x20); + make_str_hdr(&neg->hdr_domain, len_domain, len_domain, 0x20 + len_myname+1); fstrcpy(neg->myname, myname); fstrcpy(neg->domain, domain); @@ -532,32 +558,6 @@ void smb_io_rpc_auth_ntlmssp_neg(char *desc, RPC_AUTH_NTLMSSP_NEG *neg, prs_stru prs_string("domain", ps, depth, neg->domain, neg->hdr_domain.str_str_len, sizeof(neg->domain)); } -/******************************************************************* -creates an RPC_AUTH_VERIFIER structure. -********************************************************************/ -void make_rpc_auth_verifier(RPC_AUTH_VERIFIER *rav, - char *signature, uint32 msg_type) -{ - if (rav == NULL) return; - - fstrcpy(rav->signature, signature); /* "NTLMSSP" */ - rav->msg_type = msg_type; /* NTLMSSP_MESSAGE_TYPE */ -} - -/******************************************************************* -reads or writes an RPC_AUTH_VERIFIER structure. -********************************************************************/ -void smb_io_rpc_auth_verifier(char *desc, RPC_AUTH_VERIFIER *rav, prs_struct *ps, int depth) -{ - if (rav == NULL) return; - - prs_debug(ps, depth, desc, "smb_io_rpc_auth_verifier"); - depth++; - - prs_string("signature", ps, depth, rav->signature, 0, sizeof(rav->signature)); /* "NTLMSSP" */ - prs_uint32("msg_type ", ps, depth, &(rav->msg_type )); /* NTLMSSP_MESSAGE_TYPE */ -} - /******************************************************************* creates an RPC_AUTH_NTLMSSP_CHAL structure. ********************************************************************/ @@ -606,30 +606,49 @@ void make_rpc_auth_ntlmssp_resp(RPC_AUTH_NTLMSSP_RESP *rsp, uint32 neg_flags) { uint32 offset; - int dom_len = strlen(domain) * 2; - int wks_len = strlen(wks ) * 2; - int usr_len = strlen(user ) * 2; + int dom_len = strlen(domain); + int wks_len = strlen(wks ); + int usr_len = strlen(user ); int lm_len = lm_resp != NULL ? 24 : 0; int nt_len = nt_resp != NULL ? 24 : 0; + DEBUG(5,("make_rpc_auth_ntlmssp_resp\n")); + if (rsp == NULL) return; +#ifdef DEBUG_PASSWORD + DEBUG(100,("lm_resp\n")); + dump_data(100, lm_resp, 24); + DEBUG(100,("nt_resp\n")); + dump_data(100, nt_resp, 24); +#endif + + DEBUG(6,("dom: %s user: %s wks: %s neg_flgs: 0x%x\n", + domain, user, wks, neg_flags)); + offset = 0x40; + if (IS_BITS_SET_ALL(neg_flags, NTLMSSP_NEGOTIATE_UNICODE)) + { + dom_len *= 2; + wks_len *= 2; + usr_len *= 2; + } + make_str_hdr(&rsp->hdr_lm_resp, lm_len, lm_len, offset); - offset += lm_len * 2; + offset += lm_len; make_str_hdr(&rsp->hdr_nt_resp, nt_len, nt_len, offset); - offset += nt_len * 2; + offset += nt_len; make_str_hdr(&rsp->hdr_domain , dom_len, dom_len, offset); - offset += dom_len * 2; + offset += dom_len; make_str_hdr(&rsp->hdr_usr , usr_len, usr_len, offset); - offset += usr_len * 2; + offset += usr_len; make_str_hdr(&rsp->hdr_wks , wks_len, wks_len, offset); - offset += wks_len * 2; + offset += wks_len; make_str_hdr(&rsp->hdr_sess_key, 0, 0, offset); @@ -637,12 +656,20 @@ void make_rpc_auth_ntlmssp_resp(RPC_AUTH_NTLMSSP_RESP *rsp, memcpy(&rsp->lm_resp, lm_resp, 24); memcpy(&rsp->nt_resp, nt_resp, 24); - fstrcpy(rsp->domain, domain); - fstrcpy(rsp->user , user ); - fstrcpy(rsp->wks , wks ); - rsp->sess_key[0] = 0; - + if (IS_BITS_SET_ALL(neg_flags, NTLMSSP_NEGOTIATE_UNICODE)) + { + struni2((uint16*)rsp->domain, domain); + struni2((uint16*)rsp->user , user ); + struni2((uint16*)rsp->wks , wks ); + } + else + { + fstrcpy(rsp->domain, domain); + fstrcpy(rsp->user , user ); + fstrcpy(rsp->wks , wks ); + } + rsp->sess_key[0] = 0; } /******************************************************************* @@ -659,12 +686,14 @@ void smb_io_rpc_auth_ntlmssp_resp(char *desc, RPC_AUTH_NTLMSSP_RESP *rsp, prs_st prs_debug(ps, depth, desc, "smb_io_rpc_auth_ntlmssp_resp"); depth++; - ZERO_STRUCTP(rsp); - if (ps->io) { uint32 old_offset; + /* reading */ + + ZERO_STRUCTP(rsp); + smb_io_strhdr("hdr_lm_resp ", &rsp->hdr_lm_resp , ps, depth); smb_io_strhdr("hdr_nt_resp ", &rsp->hdr_nt_resp , ps, depth); smb_io_strhdr("hdr_domain ", &rsp->hdr_domain , ps, depth); @@ -677,30 +706,30 @@ void smb_io_rpc_auth_ntlmssp_resp(char *desc, RPC_AUTH_NTLMSSP_RESP *rsp, prs_st old_offset = ps->offset; ps->offset = rsp->hdr_lm_resp .buffer + 0x1c; - prs_uint8s(False, "lm_resp ", ps, depth, rsp->lm_resp , MIN(rsp->hdr_lm_resp .str_str_len, sizeof(rsp->lm_resp ))); + prs_uint8s(False, "lm_resp ", ps, depth, (uint8*)rsp->lm_resp , MIN(rsp->hdr_lm_resp .str_str_len, sizeof(rsp->lm_resp ))); old_offset += rsp->hdr_lm_resp .str_str_len; ps->offset = rsp->hdr_nt_resp .buffer + 0x1c; - prs_uint8s(False, "nt_resp ", ps, depth, rsp->nt_resp , MIN(rsp->hdr_nt_resp .str_str_len, sizeof(rsp->nt_resp ))); + prs_uint8s(False, "nt_resp ", ps, depth, (uint8*)rsp->nt_resp , MIN(rsp->hdr_nt_resp .str_str_len, sizeof(rsp->nt_resp ))); old_offset += rsp->hdr_nt_resp .str_str_len; ps->offset = rsp->hdr_domain .buffer + 0x1c; - prs_uint8s(True , "domain ", ps, depth, rsp->domain , MIN(rsp->hdr_domain .str_str_len, sizeof(rsp->domain ))); + prs_uint8s(True , "domain ", ps, depth, (uint8*)rsp->domain , MIN(rsp->hdr_domain .str_str_len, sizeof(rsp->domain ))); old_offset += rsp->hdr_domain .str_str_len; ps->offset = rsp->hdr_usr .buffer + 0x1c; - prs_uint8s(True , "user ", ps, depth, rsp->user , MIN(rsp->hdr_usr .str_str_len, sizeof(rsp->user ))); + prs_uint8s(True , "user ", ps, depth, (uint8*)rsp->user , MIN(rsp->hdr_usr .str_str_len, sizeof(rsp->user ))); old_offset += rsp->hdr_usr .str_str_len; ps->offset = rsp->hdr_wks .buffer + 0x1c; - prs_uint8s(True , "wks ", ps, depth, rsp->wks , MIN(rsp->hdr_wks .str_str_len, sizeof(rsp->wks ))); + prs_uint8s(True , "wks ", ps, depth, (uint8*)rsp->wks , MIN(rsp->hdr_wks .str_str_len, sizeof(rsp->wks ))); old_offset += rsp->hdr_wks .str_str_len; if (rsp->hdr_sess_key.str_str_len != 0) { ps->offset = rsp->hdr_sess_key.buffer + 0x1c; old_offset += rsp->hdr_sess_key.str_str_len; - prs_uint8s(False, "sess_key", ps, depth, rsp->sess_key, MIN(rsp->hdr_sess_key.str_str_len, sizeof(rsp->sess_key))); + prs_uint8s(False, "sess_key", ps, depth, (uint8*)rsp->sess_key, MIN(rsp->hdr_sess_key.str_str_len, sizeof(rsp->sess_key))); } ps->offset = old_offset; @@ -717,25 +746,42 @@ void smb_io_rpc_auth_ntlmssp_resp(char *desc, RPC_AUTH_NTLMSSP_RESP *rsp, prs_st prs_uint32("neg_flags", ps, depth, &(rsp->neg_flags)); /* 0x0000 82b1 */ - prs_uint8s(False, "sess_key", ps, depth, rsp->sess_key, MIN(rsp->hdr_sess_key.str_str_len, sizeof(rsp->sess_key))); - prs_uint8s(True , "wks ", ps, depth, rsp->wks , MIN(rsp->hdr_wks .str_str_len, sizeof(rsp->wks ))); - prs_uint8s(True , "user ", ps, depth, rsp->user , MIN(rsp->hdr_usr .str_str_len, sizeof(rsp->user ))); - prs_uint8s(True , "domain ", ps, depth, rsp->domain , MIN(rsp->hdr_domain .str_str_len, sizeof(rsp->domain ))); - prs_uint8s(False, "nt_resp ", ps, depth, rsp->nt_resp , MIN(rsp->hdr_nt_resp .str_str_len, sizeof(rsp->nt_resp ))); prs_uint8s(False, "lm_resp ", ps, depth, rsp->lm_resp , MIN(rsp->hdr_lm_resp .str_str_len, sizeof(rsp->lm_resp ))); + prs_uint8s(False, "nt_resp ", ps, depth, rsp->nt_resp , MIN(rsp->hdr_nt_resp .str_str_len, sizeof(rsp->nt_resp ))); + prs_uint8s(True , "domain ", ps, depth, rsp->domain , MIN(rsp->hdr_domain .str_str_len, sizeof(rsp->domain ))); + prs_uint8s(True , "user ", ps, depth, rsp->user , MIN(rsp->hdr_usr .str_str_len, sizeof(rsp->user ))); + prs_uint8s(True , "wks ", ps, depth, rsp->wks , MIN(rsp->hdr_wks .str_str_len, sizeof(rsp->wks ))); + prs_uint8s(False, "sess_key", ps, depth, rsp->sess_key, MIN(rsp->hdr_sess_key.str_str_len, sizeof(rsp->sess_key))); } } -#if 0 +/******************************************************************* +creates an RPC_AUTH_NTLMSSP_CHK structure. +********************************************************************/ +void make_rpc_auth_ntlmssp_chk(RPC_AUTH_NTLMSSP_CHK *chk, + uint32 ver, uint32 crc32, uint32 seq_num) +{ + if (chk == NULL) return; -/* attached to the end of encrypted rpc requests and responses */ -/* RPC_AUTH_NTLMSSP_CHK */ -typedef struct rpc_auth_ntlmssp_chk_info + chk->ver = ver ; + chk->reserved = 0x0; + chk->crc32 = crc32 ; + chk->seq_num = seq_num ; +} + +/******************************************************************* +reads or writes an RPC_AUTH_NTLMSSP_CHK structure. +********************************************************************/ +void smb_io_rpc_auth_ntlmssp_chk(char *desc, RPC_AUTH_NTLMSSP_CHK *chk, prs_struct *ps, int depth) { - uint32 ver; /* 0x1 */ - uint8 data[12]; + if (chk == NULL) return; -} RPC_AUTH_NTLMSSP_CHK; + prs_debug(ps, depth, desc, "smb_io_rpc_auth_ntlmssp_chk"); + depth++; -#endif /* 0 */ + prs_uint32("ver ", ps, depth, &(chk->ver )); + prs_uint32("reserved", ps, depth, &(chk->reserved)); + prs_uint32("crc32 ", ps, depth, &(chk->crc32 )); + prs_uint32("seq_num ", ps, depth, &(chk->seq_num )); +} diff --git a/source/rpc_server/srv_pipe_hnd.c b/source/rpc_server/srv_pipe_hnd.c index 31ca1a7c20e..4d5fd3865e3 100644 --- a/source/rpc_server/srv_pipe_hnd.c +++ b/source/rpc_server/srv_pipe_hnd.c @@ -211,14 +211,16 @@ int read_pipe(pipes_struct *p, char *data, uint32 pos, int n) BOOLSTR(p->open), pos, n)); - if (!p || !p->open) { + if (!p || !p->open) + { DEBUG(6,("pipe not open\n")); return -1; } if (p->rhdr.data == NULL || p->rhdr.data->data == NULL || - p->rhdr.data->data_used == 0) { + p->rhdr.data->data_used == 0) + { return 0; } @@ -237,18 +239,21 @@ int read_pipe(pipes_struct *p, char *data, uint32 pos, int n) DEBUG(6,("read_pipe: len: %d num: %d n: %d\n", len, num, n)); if (num > n) num = n; - if (num <= 0) { + if (num <= 0) + { DEBUG(5,("read_pipe: 0 or -ve data length\n")); return 0; } - if (!IS_BITS_SET_ALL(p->hdr.flags, RPC_FLG_LAST)) { + if (!IS_BITS_SET_ALL(p->hdr.flags, RPC_FLG_LAST)) + { /* intermediate fragment - possibility of another header */ DEBUG(5,("read_pipe: frag_len: %d data_pos: %d data_hdr_pos: %d\n", p->hdr.frag_len, data_pos, data_hdr_pos)); - if (data_hdr_pos == p->next_frag_start) { + if (data_hdr_pos == p->next_frag_start) + { DEBUG(6,("read_pipe: next fragment header\n")); /* this is subtracted from the total data bytes, later */ @@ -263,10 +268,10 @@ int read_pipe(pipes_struct *p, char *data, uint32 pos, int n) p->next_frag_start += p->hdr.frag_len; p->hdr_offsets += 0x18; } - } - if (num < hdr_num) { + if (num < hdr_num) + { DEBUG(5,("read_pipe: warning - data read only part of a header\n")); } @@ -277,12 +282,15 @@ int read_pipe(pipes_struct *p, char *data, uint32 pos, int n) data_pos += num; data_hdr_pos += num; - if (hdr_num == 0x18 && num == 0x18) { + if (hdr_num == 0x18 && num == 0x18) + { DEBUG(6,("read_pipe: just header read\n")); /* advance to the next fragment */ p->frag_len_left -= 0x18; - } else if (data_hdr_pos == p->next_frag_start) { + } + else if (data_hdr_pos == p->next_frag_start) + { DEBUG(6,("read_pipe: next fragment expected\n")); } diff --git a/source/rpcclient/cmd_samr.c b/source/rpcclient/cmd_samr.c index c45c4c7c23d..487c8e46c16 100644 --- a/source/rpcclient/cmd_samr.c +++ b/source/rpcclient/cmd_samr.c @@ -67,6 +67,14 @@ void cmd_sam_test(struct client_info *info) /* open SAMR session. */ res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, True) : False; + /* establish a connection. */ + res = res ? do_samr_connect(smb_cli, + srv_name, 0x00000020, + &info->dom.samr_pol_connect) : False; + + res = res ? do_samr_close(smb_cli, + &info->dom.samr_pol_connect) : False; + /* close the session */ cli_nt_session_close(smb_cli); @@ -232,10 +240,10 @@ void cmd_sam_enum_users(struct client_info *info) } res = res ? do_samr_close(smb_cli, - &info->dom.samr_pol_connect) : False; + &info->dom.samr_pol_open_domain) : False; res = res ? do_samr_close(smb_cli, - &info->dom.samr_pol_open_domain) : False; + &info->dom.samr_pol_connect) : False; /* close the session */ cli_nt_session_close(smb_cli); diff --git a/source/rpcclient/rpcclient.c b/source/rpcclient/rpcclient.c index 174cea78ad5..2183f504c24 100644 --- a/source/rpcclient/rpcclient.c +++ b/source/rpcclient/rpcclient.c @@ -30,6 +30,7 @@ #endif extern pstring scope; +extern pstring global_myname; extern pstring user_socket_options; @@ -456,6 +457,7 @@ enum client_action TimeInit(); charset_initialise(); + crc32_build_table(); myumask = umask(0); umask(myumask); @@ -683,6 +685,9 @@ enum client_action fprintf(stderr, "Failed to get my hostname.\n"); } + fstrcpy(global_myname, cli_info.myhostname); + strupper(global_myname); + if (!lp_load(servicesf,True, False, False)) { fprintf(stderr, "Can't load %s - run testparm to debug it\n", servicesf); diff --git a/source/smbwrapper/smbw.c b/source/smbwrapper/smbw.c index f84623d3df0..660e65f421e 100644 --- a/source/smbwrapper/smbw.c +++ b/source/smbwrapper/smbw.c @@ -705,7 +705,7 @@ ssize_t smbw_write(int fd, void *buf, size_t count) return -1; } - ret = cli_write(&file->srv->cli, file->f->cli_fd, buf, file->f->offset, count); + ret = cli_write(&file->srv->cli, file->f->cli_fd, 0, buf, file->f->offset, count); if (ret == -1) { errno = smbw_errno(&file->srv->cli); diff --git a/source/utils/torture.c b/source/utils/torture.c index fb320e8b661..81990060686 100644 --- a/source/utils/torture.c +++ b/source/utils/torture.c @@ -165,12 +165,12 @@ static BOOL rw_torture(struct cli_state *c, int numops) break; } - if (cli_write(c, fnum, (char *)&pid, 0, sizeof(pid)) != sizeof(pid)) { + if (cli_write(c, fnum, 0, (char *)&pid, 0, sizeof(pid)) != sizeof(pid)) { printf("write failed (%s)\n", cli_errstr(c)); } for (j=0;j<50;j++) { - if (cli_write(c, fnum, (char *)buf, + if (cli_write(c, fnum, 0, (char *)buf, sizeof(pid)+(j*sizeof(buf)), sizeof(buf)) != sizeof(buf)) { printf("write failed (%s)\n", cli_errstr(c)); @@ -818,7 +818,7 @@ static void run_trans2test(void) fnum = cli_open(&cli, fname2, O_RDWR | O_CREAT | O_TRUNC, DENY_NONE); - cli_write(&cli, fnum, (char *)&fnum, 0, sizeof(fnum)); + cli_write(&cli, fnum, 0, (char *)&fnum, 0, sizeof(fnum)); cli_close(&cli, fnum); if (!cli_qpathinfo2(&cli, "\\trans2\\", &c_time, &a_time, &m_time2, &w_time, &size, NULL)) { -- 2.34.1