fixed a stack overflow bug in api_lsa_req_chal()
authorAndrew Tridgell <tridge@samba.org>
Wed, 15 Oct 1997 04:51:23 +0000 (04:51 +0000)
committerAndrew Tridgell <tridge@samba.org>
Wed, 15 Oct 1997 04:51:23 +0000 (04:51 +0000)
changed the order of arguments to smbhash() in credentials.c. Luke,
when you changed from E1() to smbhash() you didn't notice that the
arguments are in a different order. This is why your new code was
failing.

NT logon still fails, but now gets to SAMLOGON. It shouldn't take much
to get it working now.
(This used to be commit 708edc348f0fb81d9c918e4bf857f339a13a3781)

source3/libsmb/credentials.c
source3/pipenetlog.c

index 07816bc0cf22aec6e4b82e6c3fd6f14514016138..babc8180f2cb07a7f368e6c8162a12d1046c8d85 100644 (file)
@@ -44,8 +44,8 @@ void cred_session_key(DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal, char *pass,
        SIVAL(sum2,0,sum[0]);
        SIVAL(sum2,4,sum[1]);
 
-       smbhash(pass  , sum2, buf);
-       smbhash(pass+9, buf , netsesskey);
+       smbhash(buf, sum2, pass);
+       smbhash(netsesskey, buf, pass+9);
 
        session_key[0] = IVAL(netsesskey, 0);
        session_key[1] = IVAL(netsesskey, 4);
@@ -86,10 +86,10 @@ void cred_create(uint32 session_key[2], DOM_CHAL *stor_cred, UTIME timestamp,
        SIVAL(timecred, 0, IVAL(stor_cred, 0) + timestamp.time);
        SIVAL(timecred, 4, IVAL(stor_cred, 4));
 
-       smbhash(netsesskey, timecred, buf);
+       smbhash(buf, timecred, netsesskey);
        memset(key2, 0, 7);
        key2[0] = netsesskey[7];
-       smbhash(key2, buf, calc_cred);
+       smbhash(calc_cred, buf, key2);
 
        cred->data[0] = IVAL(calc_cred, 0);
        cred->data[1] = IVAL(calc_cred, 4);
index acb7f806b941197ac4e714560e07b769f44b7746..6d406ee7d2a13628b5600f6192bc0270d73183b5 100644 (file)
@@ -292,7 +292,7 @@ static BOOL update_dcinfo(int cnum, uint16 vuid,
        }
 
        {
-               char foo[16];
+               fstring foo;
                for (i = 0; i < 16; i++) sprintf(foo+i*2,"%02x ", dc->md4pw[i]);
                DEBUG(4,("pass %s %s\n", mach_acct, foo));
        }