This fixes net rpc vampire when talking to win2k (<sp3). win2k sends
authorTim Potter <tpot@samba.org>
Mon, 26 May 2003 06:59:38 +0000 (06:59 +0000)
committerTim Potter <tpot@samba.org>
Mon, 26 May 2003 06:59:38 +0000 (06:59 +0000)
back a different sized blob of encrypted password data then we were
expecting.  There's an extra 32 bytes of unknown stuff.
(This used to be commit 285952fd626b02362fb6732f90c5a3ce0d2d5ae0)

source3/rpc_parse/parse_net.c
source3/rpc_parse/parse_prs.c

index 2c99d54b1b5b02916adaeb6753b9c6a769fd5f04..7d04eace230fd01401c4757561b50c56d65c87b2 100644 (file)
@@ -2129,12 +2129,12 @@ static BOOL net_io_sam_account_info(const char *desc, uint8 sess_key[16],
                if (!prs_uint32("pwd_len", ps, depth, &len))
                         return False;
                old_offset = ps->data_offset;
-               if (len == 0x44)
+               if (len > 0)
                {
                        if (ps->io)
                        {
                                /* reading */
-                                if (!prs_hash1(ps, ps->data_offset, sess_key))
+                                if (!prs_hash1(ps, ps->data_offset, sess_key, len))
                                         return False;
                        }
                        if (!net_io_sam_passwd_info("pass", &info->pass, 
@@ -2144,7 +2144,7 @@ static BOOL net_io_sam_account_info(const char *desc, uint8 sess_key[16],
                        if (!ps->io)
                        {
                                /* writing */
-                                if (!prs_hash1(ps, old_offset, sess_key))
+                                if (!prs_hash1(ps, old_offset, sess_key, len))
                                         return False;
                        }
                }
index e0a75d738254aeef181710aa3883093ce6895bdd..88150c718b629457a7150fcad202f54de1a95426 100644 (file)
@@ -1316,7 +1316,7 @@ int tdb_prs_fetch(TDB_CONTEXT *tdb, char *keystr, prs_struct *ps, TALLOC_CTX *me
 /*******************************************************************
  hash a stream.
  ********************************************************************/
-BOOL prs_hash1(prs_struct *ps, uint32 offset, uint8 sess_key[16])
+BOOL prs_hash1(prs_struct *ps, uint32 offset, uint8 sess_key[16], int len)
 {
        char *q;
 
@@ -1326,12 +1326,12 @@ BOOL prs_hash1(prs_struct *ps, uint32 offset, uint8 sess_key[16])
 #ifdef DEBUG_PASSWORD
        DEBUG(100, ("prs_hash1\n"));
        dump_data(100, sess_key, 16);
-       dump_data(100, q, 68);
+       dump_data(100, q, len);
 #endif
-       SamOEMhash((uchar *) q, sess_key, 68);
+       SamOEMhash((uchar *) q, sess_key, len);
 
 #ifdef DEBUG_PASSWORD
-       dump_data(100, q, 68);
+       dump_data(100, q, len);
 #endif
 
        return True;