dce/rpc

diff --git a/source/include/client.h b/source/include/client.h
index 0da4b40c18a713fa3b1e8fef1cdd37eacd2ccbed..53674fe80a402300723ae2372b78c6cfaf1e8be1 100644 (file)
--- a/source/include/client.h
+++ b/source/include/client.h
@@ -121,6 +121,7 @@ struct cli_state {
        unsigned char ntlmssp_hash[258];   /* ntlmssp data. */
        uint32 ntlmssp_cli_flgs;           /* ntlmssp client flags */
        uint32 ntlmssp_srv_flgs;           /* ntlmssp server flags */
+       uint32 ntlmssp_seq_num;            /* ntlmssp sequence number */
        DOM_CRED clnt_cred;                /* Client credential. */
        fstring mach_acct;                 /* MYNAME$. */
        fstring srv_name_slash;            /* \\remote server. */

diff --git a/source/include/proto.h b/source/include/proto.h
index e5947805356622facb86f73ca99a919261ba8a0b..8a0ff12ed9e88d29b98d333f3312e1a635cfae9c 100644 (file)
--- a/source/include/proto.h
+++ b/source/include/proto.h
@@ -1558,7 +1558,8 @@ void make_rpc_hdr_autha(RPC_HDR_AUTHA *rai,
 void smb_io_rpc_hdr_autha(char *desc, RPC_HDR_AUTHA *rai, prs_struct *ps, int depth);
 void make_rpc_hdr_auth(RPC_HDR_AUTH *rai,
                                uint8 auth_type, uint8 auth_level,
-                               uint8 stub_type_len);
+                               uint8 stub_type_len,
+                               uint32 ptr);
 void smb_io_rpc_hdr_auth(char *desc, RPC_HDR_AUTH *rai, prs_struct *ps, int depth);
 void make_rpc_auth_verifier(RPC_AUTH_VERIFIER *rav,
                                char *signature, uint32 msg_type);

diff --git a/source/include/rpc_dce.h b/source/include/rpc_dce.h
index 982ec1f52b70d6ce8e1093c54599bb4704cc8c2d..c6499853d6a53a8b7753fbd28407441d40853fc6 100644 (file)
--- a/source/include/rpc_dce.h
+++ b/source/include/rpc_dce.h
@@ -170,7 +170,7 @@ typedef struct rpc_hdr_auth_info
        uint8 stub_type_len; /* don't know */
        uint8 padding; /* padding */
 
-       uint32 unknown; /* 0x0014a0c0 */
+       uint32 unknown; /* pointer */
 
 } RPC_HDR_AUTH;
 

diff --git a/source/lib/crc32.c b/source/lib/crc32.c
index 7d0b6e350d33331f13d2628fffcaa9813b11f202..b92bc70d1246fb6de556103f6faec2927ac9dd41 100644 (file)
--- a/source/lib/crc32.c
+++ b/source/lib/crc32.c
@@ -1,73 +1,73 @@
 /* 
- * Dr Dobb's Journal: http://www.ddj.com/ftp/1992/1992.05/crcman.zip
+ * Copyright francesco@aerra.it - code used WITHOUT acknowledgment to
+ *                                request to use it here yet received.
  *
- * Copyright Mark R. Nelson 1992
+ * must work on the dr dobb's version or find another version if
+ * permission not received or permission refused.
  *
- * This code used by permission of J Erickson <jerickson@ddj.com>
- * Tues 6th October 1998.  Copyright acknowledged above, as agreed.
  *
  */
 
 #include "includes.h"
+extern int DEBUGLEVEL;
 
-#define CRC32_POLYNOMIAL     0xEDB88320L
-
-/*****************************************************************
- Instead of performing a straightforward calculation of the 32 bit
- CRC using a series of logical operations, this program uses the
- faster table lookup method.  This routine is called once when the
- program starts up to build the table which will be used later
- when calculating the CRC values.
- *****************************************************************/
-
-static uint32 CRCTable[256];
-
-void crc32_build_table(void)
+static unsigned long CRCTable[256] = 
 {
-       int i;
-       int j;
-       uint32 crc;
-
-       for ( i = 0; i <= 255 ; i++ )
-       {
-               crc = i;
-               for ( j = 8 ; j > 0; j-- )
-               {
-                       if ( crc & 1 )
-                       {
-                               crc = ( crc >> 1 ) ^ CRC32_POLYNOMIAL;
-                       }
-                       else
-                       {
-                               crc >>= 1;
-                       }
-               }
-               CRCTable[ i ] = crc;
-       }
-}
-
-/*****************************************************************
- This routine calculates the CRC for a block of data using the
- table lookup method. 
- *****************************************************************/
+        0x00000000,0x77073096,0xEE0E612C,0x990951BA,0x076DC419,0x706AF48F,
+        0xE963A535,0x9E6495A3,0x0EDB8832,0x79DCB8A4,0xE0D5E91E,0x97D2D988,
+        0x09B64C2B,0x7EB17CBD,0xE7B82D07,0x90BF1D91,0x1DB71064,0x6AB020F2,
+        0xF3B97148,0x84BE41DE,0x1ADAD47D,0x6DDDE4EB,0xF4D4B551,0x83D385C7,
+        0x136C9856,0x646BA8C0,0xFD62F97A,0x8A65C9EC,0x14015C4F,0x63066CD9,
+        0xFA0F3D63,0x8D080DF5,0x3B6E20C8,0x4C69105E,0xD56041E4,0xA2677172,
+        0x3C03E4D1,0x4B04D447,0xD20D85FD,0xA50AB56B,0x35B5A8FA,0x42B2986C,
+        0xDBBBC9D6,0xACBCF940,0x32D86CE3,0x45DF5C75,0xDCD60DCF,0xABD13D59,
+        0x26D930AC,0x51DE003A,0xC8D75180,0xBFD06116,0x21B4F4B5,0x56B3C423,
+        0xCFBA9599,0xB8BDA50F,0x2802B89E,0x5F058808,0xC60CD9B2,0xB10BE924,
+        0x2F6F7C87,0x58684C11,0xC1611DAB,0xB6662D3D,0x76DC4190,0x01DB7106,
+        0x98D220BC,0xEFD5102A,0x71B18589,0x06B6B51F,0x9FBFE4A5,0xE8B8D433,
+        0x7807C9A2,0x0F00F934,0x9609A88E,0xE10E9818,0x7F6A0DBB,0x086D3D2D,
+        0x91646C97,0xE6635C01,0x6B6B51F4,0x1C6C6162,0x856530D8,0xF262004E,
+        0x6C0695ED,0x1B01A57B,0x8208F4C1,0xF50FC457,0x65B0D9C6,0x12B7E950,
+        0x8BBEB8EA,0xFCB9887C,0x62DD1DDF,0x15DA2D49,0x8CD37CF3,0xFBD44C65,
+        0x4DB26158,0x3AB551CE,0xA3BC0074,0xD4BB30E2,0x4ADFA541,0x3DD895D7,
+        0xA4D1C46D,0xD3D6F4FB,0x4369E96A,0x346ED9FC,0xAD678846,0xDA60B8D0,
+        0x44042D73,0x33031DE5,0xAA0A4C5F,0xDD0D7CC9,0x5005713C,0x270241AA,
+        0xBE0B1010,0xC90C2086,0x5768B525,0x206F85B3,0xB966D409,0xCE61E49F,
+        0x5EDEF90E,0x29D9C998,0xB0D09822,0xC7D7A8B4,0x59B33D17,0x2EB40D81,
+        0xB7BD5C3B,0xC0BA6CAD,0xEDB88320,0x9ABFB3B6,0x03B6E20C,0x74B1D29A,
+        0xEAD54739,0x9DD277AF,0x04DB2615,0x73DC1683,0xE3630B12,0x94643B84,
+        0x0D6D6A3E,0x7A6A5AA8,0xE40ECF0B,0x9309FF9D,0x0A00AE27,0x7D079EB1,
+        0xF00F9344,0x8708A3D2,0x1E01F268,0x6906C2FE,0xF762575D,0x806567CB,
+        0x196C3671,0x6E6B06E7,0xFED41B76,0x89D32BE0,0x10DA7A5A,0x67DD4ACC,
+        0xF9B9DF6F,0x8EBEEFF9,0x17B7BE43,0x60B08ED5,0xD6D6A3E8,0xA1D1937E,
+        0x38D8C2C4,0x4FDFF252,0xD1BB67F1,0xA6BC5767,0x3FB506DD,0x48B2364B,
+        0xD80D2BDA,0xAF0A1B4C,0x36034AF6,0x41047A60,0xDF60EFC3,0xA867DF55,
+        0x316E8EEF,0x4669BE79,0xCB61B38C,0xBC66831A,0x256FD2A0,0x5268E236,
+        0xCC0C7795,0xBB0B4703,0x220216B9,0x5505262F,0xC5BA3BBE,0xB2BD0B28,
+        0x2BB45A92,0x5CB36A04,0xC2D7FFA7,0xB5D0CF31,0x2CD99E8B,0x5BDEAE1D,
+        0x9B64C2B0,0xEC63F226,0x756AA39C,0x026D930A,0x9C0906A9,0xEB0E363F,
+        0x72076785,0x05005713,0x95BF4A82,0xE2B87A14,0x7BB12BAE,0x0CB61B38,
+        0x92D28E9B,0xE5D5BE0D,0x7CDCEFB7,0x0BDBDF21,0x86D3D2D4,0xF1D4E242,
+        0x68DDB3F8,0x1FDA836E,0x81BE16CD,0xF6B9265B,0x6FB077E1,0x18B74777,
+        0x88085AE6,0xFF0F6A70,0x66063BCA,0x11010B5C,0x8F659EFF,0xF862AE69,
+        0x616BFFD3,0x166CCF45,0xA00AE278,0xD70DD2EE,0x4E048354,0x3903B3C2,
+        0xA7672661,0xD06016F7,0x4969474D,0x3E6E77DB,0xAED16A4A,0xD9D65ADC,
+        0x40DF0B66,0x37D83BF0,0xA9BCAE53,0xDEBB9EC5,0x47B2CF7F,0x30B5FFE9,
+        0xBDBDF21C,0xCABAC28A,0x53B39330,0x24B4A3A6,0xBAD03605,0xCDD70693,
+        0x54DE5729,0x23D967BF,0xB3667A2E,0xC4614AB8,0x5D681B02,0x2A6F2B94,
+        0xB40BBE37,0xC30C8EA1,0x5A05DF1B,0x2D02EF8D
+};
 
 uint32 crc32_calc_buffer( uint32 count, char *buffer)
 {
-       char *p;
-       uint32 crc;
-
-       p = buffer;
-       crc = 0xffffffff;
-
-       while ( count-- != 0 )
+        unsigned long crc=0xffffffff;
+       int i;
+        for(i=0;i<count;i++)
        {
-               uint32 temp1;
-               uint32 temp2;
-
-               temp1 = ( crc >> 8 ) & 0x00FFFFFFL;
-               temp2 = CRCTable[ ( (int) crc ^ *p++ ) & 0xff ];
-               crc = temp1 ^ temp2;
+                crc = (crc>>8) ^ CRCTable[(buffer[i] ^ crc) & 0xff];
        }
-       return crc;
+        crc^=0xffffffff;
+       DEBUG(10,("crc_32_calc_buffer: %x\n", crc));
+       dump_data(100, buffer, count);
+        return crc;
 }
-

diff --git a/source/libsmb/pwd_cache.c b/source/libsmb/pwd_cache.c
index c4c578cde65d91fc51e0b1ccadab5411d2cb0a7f..bbd5f63d4b7dd6ac905133b09ce2ebbbcd90d96a 100644 (file)
--- a/source/libsmb/pwd_cache.c
+++ b/source/libsmb/pwd_cache.c
@@ -219,7 +219,7 @@ void pwd_make_lm_nt_owf(struct pwd_info *pwd, uchar cryptkey[8])
 
 #ifdef DEBUG_PASSWORD
        DEBUG(100,("lm_owf_passwd: "));
-       dump_data(100, pwd->smb_nt_owf, sizeof(pwd->smb_nt_owf));
+       dump_data(100, pwd->smb_lm_owf, sizeof(pwd->smb_lm_owf));
        DEBUG(100,("lm_sess_pwd: "));
        dump_data(100, pwd->smb_lm_pwd, sizeof(pwd->smb_lm_pwd));
 #endif

diff --git a/source/rpc_client/cli_pipe.c b/source/rpc_client/cli_pipe.c
index d21840ec46b06221f0a12dba29033440776ff0b5..93befe7ac4b0f494d8992760bff7e72870c5e51d 100644 (file)
--- a/source/rpc_client/cli_pipe.c
+++ b/source/rpc_client/cli_pipe.c
@@ -114,14 +114,12 @@ static BOOL rpc_read(struct cli_state *cli,
 /****************************************************************************
  checks the header
  ****************************************************************************/
-static BOOL rpc_check_hdr(prs_struct *rdata, uint8 *pkt_type,
+static BOOL rpc_check_hdr(prs_struct *rdata, RPC_HDR *rhdr, 
                           BOOL *first, BOOL *last, int *len)
 {
-       RPC_HDR    rhdr;
-
        DEBUG(5,("rpc_check_hdr: rdata->data->data_used: %d\n", rdata->data->data_used));
 
-       smb_io_rpc_hdr   ("rpc_hdr   ", &rhdr   , rdata, 0);
+       smb_io_rpc_hdr   ("rpc_hdr   ", rhdr   , rdata, 0);
 
        if (!rdata->offset || rdata->offset != 0x10)
        {
@@ -132,14 +130,78 @@ static BOOL rpc_check_hdr(prs_struct *rdata, uint8 *pkt_type,
        DEBUG(5,("rpc_check_hdr: (after smb_io_rpc_hdr call) rdata->data->data_used: %d\n",
                  rdata->data->data_used));
 
-       (*first   ) = IS_BITS_SET_ALL(rhdr.flags, RPC_FLG_FIRST);
-       (*last    ) = IS_BITS_SET_ALL(rhdr.flags, RPC_FLG_LAST );
-       (*len     ) = rhdr.frag_len - rdata->data->data_used;
-       (*pkt_type) = rhdr.pkt_type;
+       (*first   ) = IS_BITS_SET_ALL(rhdr->flags, RPC_FLG_FIRST);
+       (*last    ) = IS_BITS_SET_ALL(rhdr->flags, RPC_FLG_LAST );
+       (*len     ) = rhdr->frag_len - rdata->data->data_used;
 
        return True;
 }
 
+/****************************************************************************
+ decrypt data on an rpc pipe
+ ****************************************************************************/
+
+static BOOL rpc_auth_pipe(struct cli_state *cli, prs_struct *rdata,
+                               int len, int auth_len)
+{
+       RPC_AUTH_NTLMSSP_CHK chk;
+       uint32 crc32;
+       int data_len = len - 0x18 - auth_len - 8;
+       char *reply_data = (uchar*)mem_data(&rdata->data, 0x18);
+
+       BOOL auth_verify = IS_BITS_SET_ALL(cli->ntlmssp_srv_flgs, NTLMSSP_NEGOTIATE_SIGN);
+       BOOL auth_seal   = IS_BITS_SET_ALL(cli->ntlmssp_srv_flgs, NTLMSSP_NEGOTIATE_SEAL);
+
+       DEBUG(5,("rpc_auth_pipe: len: %d auth_len: %d verify %s seal %s\n",
+                 len, auth_len, BOOLSTR(auth_verify), BOOLSTR(auth_seal)));
+
+/*     RPC_HDR_AUTH         rhdr_auth; 
+       prs_struct auth_req;
+       prs_init(&auth_req , 0x10, 4, 0, True);
+       smb_io_rpc_hdr_auth("hdr_auth", &rhdr_auth, &hdr_auth, 0);
+       prs_mem_free(&auth_req);
+
+*/
+       if (auth_seal)
+       {
+               DEBUG(10,("rpc_auth_pipe: seal\n"));
+               dump_data(100, reply_data, data_len);
+               NTLMSSPcalc(cli->ntlmssp_hash, reply_data, data_len);
+               dump_data(100, reply_data, data_len);
+       }
+
+       if (auth_verify)
+       {
+               prs_struct auth_verf;
+               char *data = (uchar*)mem_data(&rdata->data, len - auth_len);
+               prs_init(&auth_verf, 0x08, 4, 0, True);
+               DEBUG(10,("rpc_auth_pipe: verify\n"));
+               dump_data(100, data, auth_len);
+               NTLMSSPcalc(cli->ntlmssp_hash, data + 4, auth_len - 4);
+               memcpy(auth_verf.data->data, data, 16);
+               smb_io_rpc_auth_ntlmssp_chk("auth_sign", &chk, &auth_verf, 0);
+               dump_data(100, data, auth_len);
+               prs_mem_free(&auth_verf);
+       }
+
+       if (auth_verify)
+       {
+               crc32 = crc32_calc_buffer(data_len, reply_data);
+               if (chk.crc32 != crc32 ||
+                   chk.ver   != NTLMSSP_SIGN_VERSION ||
+                   chk.seq_num != cli->ntlmssp_seq_num++)
+               {
+                       DEBUG(5,("rpc_auth_pipe: verify failed - crc %x ver %x seq %d\n",
+                               crc32, NTLMSSP_SIGN_VERSION, cli->ntlmssp_seq_num));
+                       DEBUG(5,("rpc_auth_pipe: verify expect - crc %x ver %x seq %d\n",
+                               chk.crc32, chk.ver, chk.seq_num));
+                       return False;
+               }
+       }
+       return True;
+}
+
+
 /****************************************************************************
  send data on an rpc pipe, which *must* be in one fragment.
  receive response data from an rpc pipe, which may be large...
@@ -163,12 +225,13 @@ static BOOL rpc_api_pipe(struct cli_state *cli, uint16 cmd,
                   prs_struct *rparam, prs_struct *rdata)
 {
        int len;
+       int alloc_hint = 0;
 
        uint16 setup[2]; /* only need 2 uint16 setup parameters */
        uint32 err;
-       uint8 pkt_type = 0xff;
        BOOL first = True;
        BOOL last  = True;
+       RPC_HDR    rhdr;
 
        /*
        * Setup the pointers from the incoming.
@@ -215,12 +278,16 @@ static BOOL rpc_api_pipe(struct cli_state *cli, uint16 cmd,
        rdata->data->margin = 0;
        if (rparam) rparam->data->margin = 0;
 
-       if (!rpc_check_hdr(rdata, &pkt_type, &first, &last, &len)) return False;
+       if (!rpc_check_hdr(rdata, &rhdr, &first, &last, &len))
+       {
+               return False;
+       }
 
-       if (pkt_type == RPC_RESPONSE)
+       if (rhdr.pkt_type == RPC_RESPONSE)
        {
                RPC_HDR_RESP rhdr_resp;
                smb_io_rpc_hdr_resp("rpc_hdr_resp", &rhdr_resp, rdata, 0);
+               alloc_hint = rhdr_resp.alloc_hint;
        }
 
        DEBUG(5,("rpc_api_pipe: len left: %d smbtrans read: %d\n",
@@ -236,6 +303,11 @@ static BOOL rpc_api_pipe(struct cli_state *cli, uint16 cmd,
                }
        }
 
+       if (rhdr.auth_len != 0 && !rpc_auth_pipe(cli, rdata, rhdr.frag_len, rhdr.auth_len))
+       {
+               return False;
+       }
+
        /* only one rpc fragment, and it has been read */
        if (first && last)
        {
@@ -245,39 +317,43 @@ static BOOL rpc_api_pipe(struct cli_state *cli, uint16 cmd,
 
        while (!last) /* read more fragments until we get the last one */
        {
-               RPC_HDR      rhdr;
                RPC_HDR_RESP rhdr_resp;
                int num_read;
                prs_struct hps;
 
-               prs_init(&hps, 0x18, 4, 0, True);
+               prs_init(&hps, 0x8, 4, 0, True);
 
                num_read = cli_read(cli, cli->nt_pipe_fnum, hps.data->data, 0, 0x18);
                DEBUG(5,("rpc_api_pipe: read header (size:%d)\n", num_read));
 
                if (num_read != 0x18) return False;
 
-               smb_io_rpc_hdr     ("rpc_hdr     ", &rhdr     , &hps, 0);
+               if (!rpc_check_hdr(&hps, &rhdr, &first, &last, &len))
+               {
+                       return False;
+               }
+
                smb_io_rpc_hdr_resp("rpc_hdr_resp", &rhdr_resp, &hps, 0);
 
                prs_mem_free(&hps);
 
                if (cli_error(cli, NULL, &err)) return False;
 
-               first = IS_BITS_SET_ALL(rhdr.flags, RPC_FLG_FIRST);
-               last  = IS_BITS_SET_ALL(rhdr.flags, RPC_FLG_LAST );
-
                if (first)
                {
                        DEBUG(0,("rpc_api_pipe: wierd rpc header received\n"));
                        return False;
                }
 
-               len = rhdr.frag_len - hps.offset;
                if (!rpc_read(cli, rdata, len, rdata->data->data_used))
                {
                        return False;
                }
+
+               if (rhdr.auth_len != 0 && !rpc_auth_pipe(cli, rdata, rhdr.frag_len, rhdr.auth_len))
+               {
+                       return False;
+               }
        }
 
        return True;
@@ -316,7 +392,7 @@ static BOOL create_rpc_bind_req(prs_struct *rhdr,
 
        if (auth_req != NULL && rhdr_auth != NULL && auth_ntlm != NULL)
        {
-               make_rpc_hdr_auth(&hdr_auth, 0x0a, 0x06, 0x00);
+               make_rpc_hdr_auth(&hdr_auth, 0x0a, 0x06, 0x00, 1);
                smb_io_rpc_hdr_auth("hdr_auth", &hdr_auth, rhdr_auth, 0);
                mem_realloc_data(rhdr_auth->data, rhdr_auth->offset);
 
@@ -335,9 +411,12 @@ static BOOL create_rpc_bind_req(prs_struct *rhdr,
 
        /* create the request RPC_HDR */
        make_rpc_hdr(&hdr, RPC_BIND, 0x0, call_id,
+                    (auth_req  != NULL ? auth_req ->offset : 0) +
+                    (auth_ntlm != NULL ? auth_ntlm->offset : 0) +
+                    (rhdr_auth != NULL ? rhdr_auth->offset : 0) +
                     rhdr_rb->offset + 0x10,
-                    auth_req  != NULL ? auth_req ->offset : 0 +
-                    auth_ntlm != NULL ? auth_ntlm->offset : 0);
+                    (auth_req  != NULL ? auth_req ->offset : 0) +
+                    (auth_ntlm != NULL ? auth_ntlm->offset : 0));
 
        smb_io_rpc_hdr("hdr"   , &hdr   , rhdr, 0);
        mem_realloc_data(rhdr->data, rhdr->offset);
@@ -505,7 +584,7 @@ BOOL rpc_api_pipe_req(struct cli_state *cli, uint8 op_num,
        auth_seal   = IS_BITS_SET_ALL(cli->ntlmssp_srv_flgs, NTLMSSP_NEGOTIATE_SEAL);
 
        /* happen to know that NTLMSSP authentication verifier is 16 bytes */
-       auth_len               = auth_verify ? 16 : 0;
+       auth_len               = (auth_verify ? 16 : 0);
        data_len               = data->offset + auth_len + (auth_verify ? 8 : 0) + 0x18;
        data->data->offset.end = data->offset;
 
@@ -522,15 +601,19 @@ BOOL rpc_api_pipe_req(struct cli_state *cli, uint8 op_num,
                NTLMSSPcalc(cli->ntlmssp_hash, (uchar*)mem_data(&data->data, 0), data->offset);
        }
 
-       if (auth_verify)
+       if (auth_seal || auth_verify)
        {
-               RPC_AUTH_NTLMSSP_CHK chk;
                RPC_HDR_AUTH         rhdr_auth;
 
-               make_rpc_hdr_auth(&rhdr_auth, 0x0a, 0x06, 0x08);
+               make_rpc_hdr_auth(&rhdr_auth, 0x0a, 0x06, 0x08, (auth_verify ? 1 : 0));
                smb_io_rpc_hdr_auth("hdr_auth", &rhdr_auth, &hdr_auth, 0);
+       }
 
-               make_rpc_auth_ntlmssp_chk(&chk, NTLMSSP_SIGN_VERSION, crc32, 0);
+       if (auth_verify)
+       {
+               RPC_AUTH_NTLMSSP_CHK chk;
+
+               make_rpc_auth_ntlmssp_chk(&chk, NTLMSSP_SIGN_VERSION, crc32, cli->ntlmssp_seq_num++);
                smb_io_rpc_auth_ntlmssp_chk("auth_sign", &chk, &auth_verf, 0);
                NTLMSSPcalc(cli->ntlmssp_hash, (uchar*)mem_data(&auth_verf.data, 4), 12);
        }
@@ -737,11 +820,11 @@ static BOOL rpc_pipe_bind(struct cli_state *cli, char *pipe_name,
 
        if (!valid_pipe_name(pipe_name, abstract, transfer)) return False;
 
-       prs_init(&hdr      , 0x10                   , 4, 0x0          , False);
-       prs_init(&hdr_rb   , 1024                   , 4, SAFETY_MARGIN, False);
-       prs_init(&hdr_auth , ntlmssp_auth ?    8 : 0, 4, SAFETY_MARGIN, False);
-       prs_init(&auth_req , ntlmssp_auth ? 1024 : 0, 4, SAFETY_MARGIN, False);
-       prs_init(&auth_ntlm, ntlmssp_auth ? 1024 : 0, 4, SAFETY_MARGIN, False);
+       prs_init(&hdr      , 0x10                     , 4, 0x0          , False);
+       prs_init(&hdr_rb   , 1024                     , 4, SAFETY_MARGIN, False);
+       prs_init(&hdr_auth , (ntlmssp_auth ?    8 : 0), 4, SAFETY_MARGIN, False);
+       prs_init(&auth_req , (ntlmssp_auth ? 1024 : 0), 4, SAFETY_MARGIN, False);
+       prs_init(&auth_ntlm, (ntlmssp_auth ? 1024 : 0), 4, SAFETY_MARGIN, False);
 
        prs_init(&rdata    , 0   , 4, SAFETY_MARGIN, True);
        prs_init(&rparam   , 0   , 4, SAFETY_MARGIN, True);
@@ -810,11 +893,6 @@ static BOOL rpc_pipe_bind(struct cli_state *cli, char *pipe_name,
                        prs_init(&auth_resp, 1024, 4, SAFETY_MARGIN, False);
 
                        pwd_make_lm_nt_owf(&cli->pwd, rhdr_chal.challenge);
-                       pwd_get_lm_nt_owf(&cli->pwd, lm_owf, NULL);
-                       pwd_get_lm_nt_16(&cli->pwd, lm_hash, NULL);
-                       NTLMSSPOWFencrypt(lm_hash, lm_owf, p24);
-                       bzero(lm_hash, sizeof(lm_hash));
-                       NTLMSSPhash(cli->ntlmssp_hash, p24);
 
                        create_rpc_bind_resp(&cli->pwd, cli->domain,
                                             cli->user_name, global_myname, 
@@ -822,6 +900,12 @@ static BOOL rpc_pipe_bind(struct cli_state *cli, char *pipe_name,
                                             call_id,
                                             &hdra, &hdr_autha, &auth_resp);
                                            
+                       pwd_get_lm_nt_owf(&cli->pwd, lm_owf, NULL);
+                       pwd_get_lm_nt_16(&cli->pwd, lm_hash, NULL);
+                       NTLMSSPOWFencrypt(lm_hash, lm_owf, p24);
+                       bzero(lm_hash, sizeof(lm_hash));
+                       NTLMSSPhash(cli->ntlmssp_hash, p24);
+
                        /* this is a hack due to limitations in rpc_api_pipe */
                        prs_init(&dataa, mem_buf_len(hdra.data), 4, 0x0, False);
                        mem_buf_copy(dataa.data->data, hdra.data, 0, mem_buf_len(hdra.data));
@@ -909,16 +993,16 @@ BOOL cli_nt_session_open(struct cli_state *cli, char *pipe_name, BOOL encrypted)
 
        if (encrypted)
        {
-               cli->ntlmssp_cli_flgs = 
-                                   NTLMSSP_NEGOTIATE_UNICODE |
-/*                                 NTLMSSP_NEGOTIATE_OEM |
- */
+               cli->ntlmssp_cli_flgs = 0xb2b3;
+/*                                 NTLMSSP_NEGOTIATE_UNICODE |
+                                   NTLMSSP_NEGOTIATE_OEM |
+ 
                                    NTLMSSP_NEGOTIATE_SIGN |
                                    NTLMSSP_NEGOTIATE_SEAL |
                                    NTLMSSP_NEGOTIATE_LM_KEY |
                                    NTLMSSP_NEGOTIATE_NTLM |
                                    NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
-/*
+
                                    NTLMSSP_NEGOTIATE_00001000 |
                                    NTLMSSP_NEGOTIATE_00002000;
  */

diff --git a/source/rpc_parse/parse_rpc.c b/source/rpc_parse/parse_rpc.c
index 6b4deb00cf1345a65510e44912e2769380b3392c..f9745da4b4d01830da4c800132ef803421805192 100644 (file)
--- a/source/rpc_parse/parse_rpc.c
+++ b/source/rpc_parse/parse_rpc.c
@@ -462,7 +462,8 @@ creates an RPC_HDR_AUTH structure.
 ********************************************************************/
 void make_rpc_hdr_auth(RPC_HDR_AUTH *rai,
                                uint8 auth_type, uint8 auth_level,
-                               uint8 stub_type_len)
+                               uint8 stub_type_len,
+                               uint32 ptr)
 {
        if (rai == NULL) return;
 
@@ -471,7 +472,7 @@ void make_rpc_hdr_auth(RPC_HDR_AUTH *rai,
        rai->stub_type_len = stub_type_len; /* 0x00 */
        rai->padding       = 0; /* padding 0x00 */
 
-       rai->unknown       = 0x0014a0c0; /* non-zero pointer to something */
+       rai->unknown       = ptr; /* non-zero pointer to something */
 }
 
 /*******************************************************************
@@ -532,8 +533,8 @@ void make_rpc_auth_ntlmssp_neg(RPC_AUTH_NTLMSSP_NEG *neg,
 
        neg->neg_flgs = neg_flgs ; /* 0x00b2b3 */
 
-       make_str_hdr(&neg->hdr_myname, len_myname+1, len_myname+1, 0x20); 
-       make_str_hdr(&neg->hdr_domain, len_domain+1, len_domain+1, 0x20 + len_myname+1); 
+       make_str_hdr(&neg->hdr_domain, len_domain, len_domain, 0x20 + len_myname); 
+       make_str_hdr(&neg->hdr_myname, len_myname, len_myname, 0x20); 
 
        fstrcpy(neg->myname, myname);
        fstrcpy(neg->domain, domain);
@@ -551,11 +552,38 @@ void smb_io_rpc_auth_ntlmssp_neg(char *desc, RPC_AUTH_NTLMSSP_NEG *neg, prs_stru
 
        prs_uint32("neg_flgs ", ps, depth, &(neg->neg_flgs));
 
-       smb_io_strhdr("hdr_myname", &(neg->hdr_myname), ps, depth); 
-       smb_io_strhdr("hdr_domain", &(neg->hdr_domain), ps, depth); 
+       if (ps->io)
+       {
+               uint32 old_offset;
+
+               /* reading */
+
+               ZERO_STRUCTP(neg);
+
+               smb_io_strhdr("hdr_domain", &(neg->hdr_domain), ps, depth); 
+               smb_io_strhdr("hdr_myname", &(neg->hdr_myname), ps, depth); 
+
+               old_offset = ps->offset;
+
+               ps->offset = neg->hdr_myname  .buffer + 0x1c;
+               prs_uint8s(True , "myname", ps, depth, (uint8*)neg->myname  , MIN(neg->hdr_myname  .str_str_len, sizeof(neg->myname  ))); 
+               old_offset += neg->hdr_myname  .str_str_len;
+
+               ps->offset = neg->hdr_domain  .buffer + 0x1c;
+               prs_uint8s(True , "domain", ps, depth, (uint8*)neg->domain  , MIN(neg->hdr_domain  .str_str_len, sizeof(neg->domain  ))); 
+               old_offset += neg->hdr_domain  .str_str_len;
+
+               ps->offset = old_offset;
+       }
+       else
+       {
+               /* writing */
+               smb_io_strhdr("hdr_domain", &(neg->hdr_domain), ps, depth); 
+               smb_io_strhdr("hdr_myname", &(neg->hdr_myname), ps, depth); 
 
-       prs_string("domain", ps, depth, neg->domain, neg->hdr_domain.str_str_len-1, sizeof(neg->domain)); 
-       prs_string("myname", ps, depth, neg->myname, neg->hdr_myname.str_str_len-1, sizeof(neg->myname)); 
+               prs_uint8s(True , "myname", ps, depth, (uint8*)neg->myname  , MIN(neg->hdr_myname  .str_str_len, sizeof(neg->myname  ))); 
+               prs_uint8s(True , "domain", ps, depth, (uint8*)neg->domain  , MIN(neg->hdr_domain  .str_str_len, sizeof(neg->domain  ))); 
+       }
 }
 
 /*******************************************************************

diff --git a/source/rpcclient/cmd_samr.c b/source/rpcclient/cmd_samr.c
index 81fd37361317376583c344246cdc959d2d39a155..2b5fe909ab31f11e0980d808d9bf34377ae83904 100644 (file)
--- a/source/rpcclient/cmd_samr.c
+++ b/source/rpcclient/cmd_samr.c
@@ -80,7 +80,7 @@ void cmd_sam_ntchange_pwd(struct client_info *info)
        E_old_pw_hash(lm_newhash, nt_oldhash, nt_hshhash);
 
        /* open SAMR session.  */
-       res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, False) : False;
+       res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, True) : False;
 
        /* establish a connection. */
        res = res ? do_samr_unknown_38(smb_cli, srv_name) : False;
@@ -119,12 +119,13 @@ void cmd_sam_test(struct client_info *info)
        fstrcpy(sid   , info->dom.level5_sid);
        fstrcpy(domain, info->dom.level5_dom);
 
+/*
        if (strlen(sid) == 0)
        {
                fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
                return;
        }
-
+*/
        fstrcpy(srv_name, "\\\\");
        fstrcat(srv_name, info->dest_host);
        strupper(srv_name);

diff --git a/source/smbd/password.c b/source/smbd/password.c
index b505da18fa0788464097e794689d9610d9c3f16c..49ad4a514f9e3ddb8ee21d65c3db52047df3c41c 100644 (file)
--- a/source/smbd/password.c
+++ b/source/smbd/password.c
@@ -470,26 +470,26 @@ static BOOL pass_check_smb(char *user,char *password, struct passwd *pwd)
        }
 
        if (!pass) {
-               DEBUG(1,("Couldn't find user %s\n",user));
+               DEBUG(3,("Couldn't find user %s\n",user));
                return(False);
        }
 
        smb_pass = getsmbpwnam(user);
 
        if (!smb_pass) {
-               DEBUG(0,("Couldn't find user %s in smb_passwd file.\n", user));
+               DEBUG(3,("Couldn't find user %s in smb_passwd file.\n", user));
                return(False);
        }
 
        /* Quit if the account was disabled. */
        if(smb_pass->acct_ctrl & ACB_DISABLED) {
-               DEBUG(0,("account for user %s was disabled.\n", user));
+               DEBUG(3,("account for user %s was disabled.\n", user));
                return(False);
         }
 
        /* Ensure the uid's match */
        if (smb_pass->smb_userid != pass->pw_uid)       {
-               DEBUG(0,("Error : UNIX and SMB uids in password files do not match !\n"));
+               DEBUG(3,("Error : UNIX and SMB uids in password files do not match !\n"));
                return(False);
        }