}, 0x02 \
} \
+#define SYNT_SVCCTL_V2 \
+{ \
+ { \
+ 0x81, 0xbb, 0x7a, 0x36, \
+ 0x44, 0x98, 0xf1, 0x35, \
+ 0xad, 0x32, 0x98, 0xf0, \
+ 0x38, 0x00, 0x10, 0x03 \
+ }, 0x02 \
+} \
+
#define SYNT_NETLOGON_V2 \
{ \
{ \
}, 0x01 \
} \
+#define SYNT_ATSVC_V1 \
+{ \
+ { \
+ 0x82, 0x06, 0xf7, 0x1f, \
+ 0x51, 0x0a, 0xe8, 0x30, \
+ 0x07, 0x6d, 0x74, 0x0b, \
+ 0xe8, 0xce, 0xe9, 0x8b \
+ }, 0x01 \
+} \
+
+#define SYNT_SPOOLSS_V1 \
+{ \
+ { \
+ 0x78, 0x56, 0x34, 0x12, \
+ 0x34, 0x12, 0xcd, 0xab, \
+ 0xef, 0x00, 0x01, 0x23, \
+ 0x45, 0x67, 0x89, 0xab \
+ }, 0x01 \
+} \
+
#define SYNT_NONE_V0 \
{ \
{ \
}, 0x00 \
} \
-/* pipe string names */
-#define PIPE_SRVSVC "\\PIPE\\srvsvc"
-#define PIPE_SAMR "\\PIPE\\samr"
-#define PIPE_WINREG "\\PIPE\\winreg"
-#define PIPE_WKSSVC "\\PIPE\\wkssvc"
-#define PIPE_NETLOGON "\\PIPE\\NETLOGON"
-#define PIPE_NTLSA "\\PIPE\\ntlsa"
-#define PIPE_NTSVCS "\\PIPE\\ntsvcs"
-#define PIPE_LSASS "\\PIPE\\lsass"
-#define PIPE_LSARPC "\\PIPE\\lsarpc"
-
struct pipe_id_info pipe_names [] =
{
/* client pipe , abstract syntax , server pipe , transfer syntax */
{ PIPE_SAMR , SYNT_SAMR_V1 , PIPE_LSASS , TRANS_SYNT_V2 },
{ PIPE_NETLOGON, SYNT_NETLOGON_V1, PIPE_LSASS , TRANS_SYNT_V2 },
{ PIPE_SRVSVC , SYNT_SRVSVC_V3 , PIPE_NTSVCS , TRANS_SYNT_V2 },
+ { PIPE_SVCCTL , SYNT_SVCCTL_V2 , PIPE_NTSVCS , TRANS_SYNT_V2 },
{ PIPE_WKSSVC , SYNT_WKSSVC_V1 , PIPE_NTSVCS , TRANS_SYNT_V2 },
{ PIPE_WINREG , SYNT_WINREG_V1 , PIPE_WINREG , TRANS_SYNT_V2 },
+ { PIPE_ATSVC , SYNT_ATSVC_V1 , PIPE_ATSVC , TRANS_SYNT_V2 },
+ { PIPE_SPOOLSS , SYNT_SPOOLSS_V1 , PIPE_SPOOLSS , TRANS_SYNT_V2 },
{ NULL , SYNT_NONE_V0 , NULL , SYNT_NONE_V0 }
};
/*******************************************************************
creates an RPC_ADDR_STR structure.
+
+The name can be null (RPC Alter-Context)
********************************************************************/
static void make_rpc_addr_str(RPC_ADDR_STR *str, char *name)
{
- if (str == NULL || name == NULL) return;
-
- str->len = strlen(name) + 1;
- fstrcpy(str->str, name);
+ if (str == NULL ) return;
+ if (name == NULL)
+ {
+ str->len = 1;
+ fstrcpy(str->str, "");
+ }
+ else
+ {
+ str->len = strlen(name) + 1;
+ fstrcpy(str->str, name);
+ }
}
/*******************************************************************
creates an RPC_HDR_BA structure.
lkclXXXX only one reason at the moment!
+jfm: nope two ! The pipe_addr can be NULL !
********************************************************************/
void make_rpc_hdr_ba(RPC_HDR_BA *rpc,
uint8 num_results, uint16 result, uint16 reason,
RPC_IFACE *transfer)
{
- if (rpc == NULL || transfer == NULL || pipe_addr == NULL) return;
+ if (rpc == NULL || transfer == NULL) return;
make_rpc_hdr_bba (&(rpc->bba ), max_tsize, max_rsize, assoc_gid);
make_rpc_addr_str(&(rpc->addr), pipe_addr);
prs_uint32("unknown ", ps, depth, &(rai->unknown )); /* 0x0014a0c0 */
}
+/*******************************************************************
+checks an RPC_HDR_AUTH structure.
+********************************************************************/
+BOOL rpc_hdr_auth_chk(RPC_HDR_AUTH *rai)
+{
+ return (rai->auth_type == 0x0a && rai->auth_level == 0x06);
+}
+
/*******************************************************************
creates an RPC_HDR_AUTH structure.
********************************************************************/
void make_rpc_hdr_auth(RPC_HDR_AUTH *rai,
uint8 auth_type, uint8 auth_level,
- uint8 stub_type_len)
+ uint8 stub_type_len,
+ uint32 ptr)
{
if (rai == NULL) return;
rai->stub_type_len = stub_type_len; /* 0x00 */
rai->padding = 0; /* padding 0x00 */
- rai->unknown = 0x0014a0c0; /* non-zero pointer to something */
+ rai->unknown = ptr; /* non-zero pointer to something */
}
/*******************************************************************
prs_uint32("unknown ", ps, depth, &(rai->unknown )); /* 0x0014a0c0 */
}
+/*******************************************************************
+checks an RPC_AUTH_VERIFIER structure.
+********************************************************************/
+BOOL rpc_auth_verifier_chk(RPC_AUTH_VERIFIER *rav,
+ char *signature, uint32 msg_type)
+{
+ return (strequal(rav->signature, signature) && rav->msg_type == msg_type);
+}
+
/*******************************************************************
creates an RPC_AUTH_VERIFIER structure.
********************************************************************/
neg->neg_flgs = neg_flgs ; /* 0x00b2b3 */
- make_str_hdr(&neg->hdr_myname, len_myname+1, len_myname+1, 0x20);
- make_str_hdr(&neg->hdr_domain, len_domain+1, len_domain+1, 0x20 + len_myname+1);
+ make_str_hdr(&neg->hdr_domain, len_domain, len_domain, 0x20 + len_myname);
+ make_str_hdr(&neg->hdr_myname, len_myname, len_myname, 0x20);
fstrcpy(neg->myname, myname);
fstrcpy(neg->domain, domain);
/*******************************************************************
reads or writes an RPC_AUTH_NTLMSSP_NEG structure.
+
+*** lkclXXXX HACK ALERT! ***
+
********************************************************************/
void smb_io_rpc_auth_ntlmssp_neg(char *desc, RPC_AUTH_NTLMSSP_NEG *neg, prs_struct *ps, int depth)
{
prs_uint32("neg_flgs ", ps, depth, &(neg->neg_flgs));
- smb_io_strhdr("hdr_myname", &(neg->hdr_myname), ps, depth);
- smb_io_strhdr("hdr_domain", &(neg->hdr_domain), ps, depth);
+ if (ps->io)
+ {
+ uint32 old_offset;
+
+ /* reading */
+
+ ZERO_STRUCTP(neg);
+
+ smb_io_strhdr("hdr_domain", &(neg->hdr_domain), ps, depth);
+ smb_io_strhdr("hdr_myname", &(neg->hdr_myname), ps, depth);
+
+ old_offset = ps->offset;
+
+ ps->offset = neg->hdr_myname .buffer + 0x50; /* lkclXXXX HACK! */
+ prs_uint8s(True , "myname", ps, depth, (uint8*)neg->myname , MIN(neg->hdr_myname .str_str_len, sizeof(neg->myname )));
+ old_offset += neg->hdr_myname .str_str_len;
+
+ ps->offset = neg->hdr_domain .buffer + 0x50; /* lkclXXXX HACK! */
+ prs_uint8s(True , "domain", ps, depth, (uint8*)neg->domain , MIN(neg->hdr_domain .str_str_len, sizeof(neg->domain )));
+ old_offset += neg->hdr_domain .str_str_len;
- prs_string("domain", ps, depth, neg->domain, neg->hdr_domain.str_str_len-1, sizeof(neg->domain));
- prs_string("myname", ps, depth, neg->myname, neg->hdr_myname.str_str_len-1, sizeof(neg->myname));
+ ps->offset = old_offset;
+ }
+ else
+ {
+ /* writing */
+ smb_io_strhdr("hdr_domain", &(neg->hdr_domain), ps, depth);
+ smb_io_strhdr("hdr_myname", &(neg->hdr_myname), ps, depth);
+
+ prs_uint8s(True , "myname", ps, depth, (uint8*)neg->myname , MIN(neg->hdr_myname .str_str_len, sizeof(neg->myname )));
+ prs_uint8s(True , "domain", ps, depth, (uint8*)neg->domain , MIN(neg->hdr_domain .str_str_len, sizeof(neg->domain )));
+ }
}
/*******************************************************************
rsp->neg_flags = neg_flags;
- memcpy(&rsp->lm_resp, lm_resp, 24);
- memcpy(&rsp->nt_resp, nt_resp, 24);
+ memcpy(rsp->lm_resp, lm_resp, 24);
+ memcpy(rsp->nt_resp, nt_resp, 24);
if (IS_BITS_SET_ALL(neg_flags, NTLMSSP_NEGOTIATE_UNICODE))
{
- struni2((uint16*)rsp->domain, domain);
- struni2((uint16*)rsp->user , user );
- struni2((uint16*)rsp->wks , wks );
+ ascii_to_unibuf(rsp->domain, domain, sizeof(rsp->domain)-2);
+ ascii_to_unibuf(rsp->user , user , sizeof(rsp->user )-2);
+ ascii_to_unibuf(rsp->wks , wks , sizeof(rsp->wks )-2);
}
else
{
}
}
+/*******************************************************************
+checks an RPC_AUTH_NTLMSSP_CHK structure.
+********************************************************************/
+BOOL rpc_auth_ntlmssp_chk(RPC_AUTH_NTLMSSP_CHK *chk, uint32 crc32, uint32 seq_num)
+{
+ if (chk == NULL)
+ {
+ return False;
+ }
+
+ if (chk->crc32 != crc32 ||
+ chk->ver != NTLMSSP_SIGN_VERSION ||
+ chk->seq_num != seq_num)
+ {
+ DEBUG(5,("verify failed - crc %x ver %x seq %d\n",
+ crc32, NTLMSSP_SIGN_VERSION, seq_num));
+ DEBUG(5,("verify expect - crc %x ver %x seq %d\n",
+ chk->crc32, chk->ver, chk->seq_num));
+ return False;
+ }
+ return True;
+}
+
/*******************************************************************
creates an RPC_AUTH_NTLMSSP_CHK structure.
********************************************************************/