dce/rpc

author Luke Leighton <lkcl@samba.org>

Thu, 8 Oct 1998 23:57:46 +0000 (23:57 +0000)

committer Luke Leighton <lkcl@samba.org>

Thu, 8 Oct 1998 23:57:46 +0000 (23:57 +0000)
author Luke Leighton <lkcl@samba.org>
Thu, 8 Oct 1998 23:57:46 +0000 (23:57 +0000)
committer Luke Leighton <lkcl@samba.org>
Thu, 8 Oct 1998 23:57:46 +0000 (23:57 +0000)
diff --git a/source/include/client.h b/source/include/client.h

index 495780cbaa5f59cffc1bd3f9f516becc1fbabf36..44ac14766566a64790367b52f10a880a143587ea 100644 (file)
--- a/source/include/client.h
+++ b/source/include/client.h
@@ -72,54 +72,59 @@ struct pwd_info
  };
  
  struct cli_state {
-  int fd;
-  uint16 cnum;
-  uint16 pid;
-  uint16 mid;
-  uint16 vuid;
-  int protocol;
-  int sec_mode;
-  int rap_error;
-  int privilages;
-
-  fstring eff_name;
-  fstring desthost;
-  fstring user_name;
-  fstring domain;
-
-  fstring share;
-  fstring dev;
-  struct nmb_name called;
-  struct nmb_name calling;
-  fstring full_dest_host_name;
-  struct in_addr dest_ip;
-
-  struct pwd_info pwd;
-  unsigned char cryptkey[8];
-  uint32 sesskey;
-  int serverzone;
-  uint32 servertime;
-  int readbraw_supported;
-  int writebraw_supported;
-  int timeout;
-  int max_xmit;
-  int max_mux;
-  char *outbuf;
-  char *inbuf;
-  int bufsize;
-  int initialised;
-  int win95;
-  uint32 capabilities;
-  /*
-   * Only used in NT domain calls.
-   */
-  uint32 nt_error;                   /* NT RPC error code. */
-  uint16 nt_pipe_fnum;               /* Pipe handle. */
-  unsigned char sess_key[16];        /* Current session key. */
-  DOM_CRED clnt_cred;                /* Client credential. */
-  fstring mach_acct;                 /* MYNAME$. */
-  fstring srv_name_slash;            /* \\remote server. */
-  fstring clnt_name_slash;            /* \\local client. */
+       int fd;
+       uint16 cnum;
+       uint16 pid;
+       uint16 mid;
+       uint16 vuid;
+       int protocol;
+       int sec_mode;
+       int rap_error;
+       int privilages;
+
+       fstring eff_name;
+       fstring desthost;
+       fstring user_name;
+       fstring domain;
+
+       fstring share;
+       fstring dev;
+       struct nmb_name called;
+       struct nmb_name calling;
+       fstring full_dest_host_name;
+       struct in_addr dest_ip;
+
+       struct pwd_info pwd;
+       unsigned char cryptkey[8];
+       uint32 sesskey;
+       int serverzone;
+       uint32 servertime;
+       int readbraw_supported;
+       int writebraw_supported;
+       int timeout;
+       int max_xmit;
+       int max_mux;
+       char *outbuf;
+       char *inbuf;
+       int bufsize;
+       int initialised;
+       int win95;
+       uint32 capabilities;
+
+       /*
+        * Only used in NT domain calls.
+        */
+
+       uint32 nt_error;                   /* NT RPC error code. */
+       uint16 nt_pipe_fnum;               /* Pipe handle. */
+       unsigned char sess_key[16];        /* Current session key. */
+       unsigned char ntlmssp_hash[256];   /* ntlmssp data. */
+       uint32 ntlmssp_cli_flgs;           /* ntlmssp client flags */
+       uint32 ntlmssp_srv_flgs;           /* ntlmssp server flags */
+       DOM_CRED clnt_cred;                /* Client credential. */
+       fstring mach_acct;                 /* MYNAME$. */
+       fstring srv_name_slash;            /* \\remote server. */
+       fstring clnt_name_slash;           /* \\local client. */
  };
  
  #endif /* _CLIENT_H */
diff --git a/source/include/proto.h b/source/include/proto.h

index 1c31c1076bc4f5aaed9ceccc26c92f39b47cf787..4cf63d279735148ea238caa007beeb0ff5dd0f02 100644 (file)
--- a/source/include/proto.h
+++ b/source/include/proto.h
@@ -390,7 +390,9 @@ BOOL cli_close(struct cli_state *cli, int fnum);
  BOOL cli_lock(struct cli_state *cli, int fnum, uint32 offset, uint32 len, int timeout);
  BOOL cli_unlock(struct cli_state *cli, int fnum, uint32 offset, uint32 len, int timeout);
  size_t cli_read(struct cli_state *cli, int fnum, char *buf, off_t offset, size_t size);
-size_t cli_write(struct cli_state *cli, int fnum, char *buf, off_t offset, size_t size);
+size_t cli_write(struct cli_state *cli,
+                               int fnum, uint16 write_mode,
+                               char *buf, off_t offset, size_t size);
  BOOL cli_getattrE(struct cli_state *cli, int fd, 
                   uint32 *attr, size_t *size, 
                   time_t *c_time, time_t *a_time, time_t *m_time);
@@ -1551,13 +1553,13 @@ void make_rpc_hdr_auth(RPC_HDR_AUTH *rai,
                                 uint8 auth_type, uint8 auth_level,
                                 uint8 stub_type_len);
  void smb_io_rpc_hdr_auth(char *desc, RPC_HDR_AUTH *rai, prs_struct *ps, int depth);
+void make_rpc_auth_verifier(RPC_AUTH_VERIFIER *rav,
+                               char *signature, uint32 msg_type);
+void smb_io_rpc_auth_verifier(char *desc, RPC_AUTH_VERIFIER *rav, prs_struct *ps, int depth);
  void make_rpc_auth_ntlmssp_neg(RPC_AUTH_NTLMSSP_NEG *neg,
                                 uint32 neg_flgs,
                                 fstring myname, fstring domain);
  void smb_io_rpc_auth_ntlmssp_neg(char *desc, RPC_AUTH_NTLMSSP_NEG *neg, prs_struct *ps, int depth);
-void make_rpc_auth_verifier(RPC_AUTH_VERIFIER *rav,
-                               char *signature, uint32 msg_type);
-void smb_io_rpc_auth_verifier(char *desc, RPC_AUTH_VERIFIER *rav, prs_struct *ps, int depth);
  void make_rpc_auth_ntlmssp_chal(RPC_AUTH_NTLMSSP_CHAL *chl,
                                 uint32 neg_flags,
                                 uint8 challenge[8]);
@@ -1567,6 +1569,9 @@ void make_rpc_auth_ntlmssp_resp(RPC_AUTH_NTLMSSP_RESP *rsp,
                                 char *domain, char *user, char *wks,
                                 uint32 neg_flags);
  void smb_io_rpc_auth_ntlmssp_resp(char *desc, RPC_AUTH_NTLMSSP_RESP *rsp, prs_struct *ps, int depth);
+void make_rpc_auth_ntlmssp_chk(RPC_AUTH_NTLMSSP_CHK *chk,
+                               uint32 ver, uint32 crc32, uint32 seq_num);
+void smb_io_rpc_auth_ntlmssp_chk(char *desc, RPC_AUTH_NTLMSSP_CHK *chk, prs_struct *ps, int depth);
  
  /*The following definitions come from  rpc_parse/parse_samr.c  */
  
diff --git a/source/include/rpc_dce.h b/source/include/rpc_dce.h

index fe5f809f0d16b6eaa008631acbaacd6f0d19531c..982ec1f52b70d6ce8e1093c54599bb4704cc8c2d 100644 (file)
--- a/source/include/rpc_dce.h
+++ b/source/include/rpc_dce.h
@@ -59,12 +59,18 @@ enum NTLM_MESSAGE_TYPE
  #define NTLMSSP_NEGOTIATE_SEAL             0x00000020
  #define NTLMSSP_NEGOTIATE_LM_KEY           0x00000080
  #define NTLMSSP_NEGOTIATE_NTLM             0x00000200
+#define NTLMSSP_NEGOTIATE_00001000         0x00001000
+#define NTLMSSP_NEGOTIATE_00002000         0x00002000
  #define NTLMSSP_NEGOTIATE_ALWAYS_SIGN      0x00008000
  #define NTLMSSP_NEGOTIATE_NTLM2            0x00080000
  #define NTLMSSP_NEGOTIATE_TARGET_INFO      0x00800000
  #define NTLMSSP_NEGOTIATE_128              0x20000000
  #define NTLMSSP_NEGOTIATE_KEY_EXCH         0x40000000
  
+/* NTLMSSP signature version */
+#define NTLMSSP_SIGN_VERSION 0x01
+
+
  /* RPC_IFACE */
  typedef struct rpc_iface_info
  {
@@ -271,7 +277,8 @@ typedef struct rpc_auth_ntlmssp_resp_info
  typedef struct rpc_auth_ntlmssp_chk_info
  {
         uint32 ver; /* 0x0000 0001 */
-       uint8  crc32[8]; /* checksum using 0xEDB8 8320 as a polynomial */
+       uint32 reserved;
+       uint32 crc32; /* checksum using 0xEDB8 8320 as a polynomial */
         uint32 seq_num;
  
  } RPC_AUTH_NTLMSSP_CHK;
diff --git a/source/lib/membuffer.c b/source/lib/membuffer.c

index 85f63e8c06551220cde57e8dc8115d21945bc710..18e9fa94532594b1526a0b8e2786fdb126d0de6e 100644 (file)
--- a/source/lib/membuffer.c
+++ b/source/lib/membuffer.c
@@ -313,16 +313,19 @@ static BOOL mem_find(struct mem_buf **buf, uint32 offset)
  
         while (f != NULL && offset >= f->offset.end)
         {
-               f = f->next;
-
                 DEBUG(200,("mem_find: next[%d..%d]\n",
-             f->offset.start, f->offset.end));
+                       f->offset.start, f->offset.end));
+
+               f = f->next;
         }
  
         (*buf) = f;
  
-       DEBUG(200,("mem_find: found data[%d..%d]\n",
-             (*buf)->offset.start,(*buf)->offset.end));
+       if (f != NULL)
+       {
+               DEBUG(200,("mem_find: found data[%d..%d]\n",
+                     (*buf)->offset.start,(*buf)->offset.end));
+       }
  
         return f != NULL;
  }
diff --git a/source/libsmb/clientgen.c b/source/libsmb/clientgen.c

index 8aa857df8ab63a5156276836d0158d312bfff797..5ae84f763b93e99aaef85850dfff414fdbd2de74 100644 (file)
--- a/source/libsmb/clientgen.c
+++ b/source/libsmb/clientgen.c
@@ -1255,7 +1255,7 @@ size_t cli_read(struct cli_state *cli, int fnum, char *buf, off_t offset, size_t
  /****************************************************************************
  issue a single SMBwrite and don't wait for a reply
  ****************************************************************************/
-static void cli_issue_write(struct cli_state *cli, int fnum, off_t offset, char *buf,
+static void cli_issue_write(struct cli_state *cli, int fnum, off_t offset, uint16 mode, char *buf,
                             size_t size, int i)
  {
         char *p;
@@ -1272,6 +1272,8 @@ static void cli_issue_write(struct cli_state *cli, int fnum, off_t offset, char
         CVAL(cli->outbuf,smb_vwv0) = 0xFF;
         SSVAL(cli->outbuf,smb_vwv2,fnum);
         SIVAL(cli->outbuf,smb_vwv3,offset);
+       SIVAL(cli->outbuf,smb_vwv5,IS_BITS_SET_ALL(mode, 0x0008) ? 0xFFFFFFFF : 0);
+       SSVAL(cli->outbuf,smb_vwv7,mode);
         
         SSVAL(cli->outbuf,smb_vwv10,size);
         SSVAL(cli->outbuf,smb_vwv11,
@@ -1282,13 +1284,20 @@ static void cli_issue_write(struct cli_state *cli, int fnum, off_t offset, char
  
         SSVAL(cli->outbuf,smb_mid,cli->mid + i);
         
+       show_msg(cli->outbuf);
         send_smb(cli->fd,cli->outbuf);
  }
  
  /****************************************************************************
    write to a file
+  write_mode: 0x0001 disallow write cacheing
+              0x0002 return bytes remaining
+              0x0004 use raw named pipe protocol
+              0x0008 start of message mode named pipe protocol
  ****************************************************************************/
-size_t cli_write(struct cli_state *cli, int fnum, char *buf, off_t offset, size_t size)
+size_t cli_write(struct cli_state *cli,
+                               int fnum, uint16 write_mode,
+                               char *buf, off_t offset, size_t size)
  {
         int total = -1;
         int issued=0;
@@ -1305,7 +1314,9 @@ size_t cli_write(struct cli_state *cli, int fnum, char *buf, off_t offset, size_
  
                 while (issued - received < mpx && issued < blocks) {
                         int size1 = MIN(block, size-issued*block);
-                       cli_issue_write(cli, fnum, offset+issued*block, buf + issued*block,
+                       cli_issue_write(cli, fnum, offset+issued*block,
+                                       write_mode,
+                                       buf + issued*block,
                                         size1, issued);
                         issued++;
                 }
@@ -2226,9 +2237,12 @@ initialise a client structure
  BOOL cli_initialise(struct cli_state *cli)
  {
         if (cli->initialised)
-      cli_shutdown(cli);
+       {
+               cli_shutdown(cli);
+       }
  
         memset(cli, 0, sizeof(*cli));
+
         cli->fd = -1;
         cli->cnum = -1;
         cli->pid = (uint16)getpid();
@@ -2241,8 +2255,12 @@ BOOL cli_initialise(struct cli_state *cli)
         cli->outbuf = (char *)malloc(cli->bufsize);
         cli->inbuf = (char *)malloc(cli->bufsize);
         if (!cli->outbuf || !cli->inbuf)
-      return False;
+       {
+               return False;
+       }
+
         cli->initialised = 1;
+
         return True;
  }
  
@@ -2252,9 +2270,13 @@ shutdown a client structure
  void cli_shutdown(struct cli_state *cli)
  {
         if (cli->outbuf)
-      free(cli->outbuf);
+       {
+               free(cli->outbuf);
+       }
         if (cli->inbuf)
-      free(cli->inbuf);
+       {
+               free(cli->inbuf);
+       }
  #ifdef WITH_SSL
      if (cli->fd != -1)
        sslutil_disconnect(cli->fd);
@@ -2454,7 +2476,9 @@ BOOL cli_establish_connection(struct cli_state *cli,
                 {
                         DEBUG(1,("failed session setup\n"));
                         if (do_shutdown)
-              cli_shutdown(cli);
+                       {
+                               cli_shutdown(cli);
+                       }
                         return False;
                 }
                 if (do_tcon)
@@ -2464,7 +2488,9 @@ BOOL cli_establish_connection(struct cli_state *cli,
                         {
                                 DEBUG(1,("failed tcon_X\n"));
                                 if (do_shutdown)
-                  cli_shutdown(cli);
+                               {
+                                       cli_shutdown(cli);
+                               }
                                 return False;
                         }
                 }
diff --git a/source/libsmb/pwd_cache.c b/source/libsmb/pwd_cache.c

index 92eee015b39b4a82f47a27d01cbe9cda9a7e76c1..c4c578cde65d91fc51e0b1ccadab5411d2cb0a7f 100644 (file)
--- a/source/libsmb/pwd_cache.c
+++ b/source/libsmb/pwd_cache.c
@@ -168,8 +168,14 @@ void pwd_set_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16])
  void pwd_get_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16])
  {
         pwd_deobfuscate(pwd);
-       memcpy(lm_pwd, pwd->smb_lm_pwd, 16);
-       memcpy(nt_pwd, pwd->smb_nt_pwd, 16);
+       if (lm_pwd != NULL)
+       {
+               memcpy(lm_pwd, pwd->smb_lm_pwd, 16);
+       }
+       if (nt_pwd != NULL)
+       {
+               memcpy(nt_pwd, pwd->smb_nt_pwd, 16);
+       }
         pwd_obfuscate(pwd);
  }
  
@@ -229,7 +235,13 @@ void pwd_make_lm_nt_owf(struct pwd_info *pwd, uchar cryptkey[8])
  void pwd_get_lm_nt_owf(struct pwd_info *pwd, uchar lm_owf[24], uchar nt_owf[24])
  {
         pwd_deobfuscate(pwd);
-       memcpy(lm_owf, pwd->smb_lm_owf, 24);
-       memcpy(nt_owf, pwd->smb_nt_owf, 24);
+       if (lm_owf != NULL)
+       {
+               memcpy(lm_owf, pwd->smb_lm_owf, 24);
+       }
+       if (nt_owf != NULL)
+       {
+               memcpy(nt_owf, pwd->smb_nt_owf, 24);
+       }
         pwd_obfuscate(pwd);
  }
diff --git a/source/rpc_client/cli_pipe.c b/source/rpc_client/cli_pipe.c

index 44440d9fba223a1e118d24f033a36a786e6e1c97..f7060e0f71d7cc992c63199a9343a9204b7359c8 100644 (file)
--- a/source/rpc_client/cli_pipe.c
+++ b/source/rpc_client/cli_pipe.c
@@ -286,12 +286,12 @@ static BOOL rpc_api_pipe(struct cli_state *cli, uint16 cmd,
   - caller is expected to free the header data structure once used.
  
   ********************************************************************/
-
  static BOOL create_rpc_bind_req(prs_struct *rhdr,
                                  prs_struct *rhdr_rb,
                                  prs_struct *rhdr_auth,
                                  prs_struct *auth_req,
                                  prs_struct *auth_ntlm,
+                               uint32 call_id,
                                  RPC_IFACE *abstract, RPC_IFACE *transfer,
                                  char *my_name, char *domain)
  {
@@ -303,7 +303,7 @@ static BOOL create_rpc_bind_req(prs_struct *rhdr,
  
         /* create the bind request RPC_HDR_RB */
         make_rpc_hdr_rb(&hdr_rb, 0x1630, 0x1630, 0x0,
-       0x1, 0x0, 0x1, abstract, transfer);
+                       0x1, 0x0, 0x1, abstract, transfer);
  
         /* stream the bind request data */
         smb_io_rpc_hdr_rb("", &hdr_rb,  rhdr_rb, 0);
@@ -329,7 +329,7 @@ static BOOL create_rpc_bind_req(prs_struct *rhdr,
         }
  
         /* create the request RPC_HDR */
-       make_rpc_hdr(&hdr, RPC_BIND, 0x0, get_rpc_call_id(),
+       make_rpc_hdr(&hdr, RPC_BIND, 0x0, call_id,
                      rhdr_rb->offset + 0x10,
                      auth_req  != NULL ? auth_req ->offset : 0 +
                      auth_ntlm != NULL ? auth_ntlm->offset : 0);
@@ -361,6 +361,71 @@ static BOOL create_rpc_bind_req(prs_struct *rhdr,
  }
  
  
+/*******************************************************************
+ creates a DCE/RPC bind authentication response
+
+ - initialises the parse structure.
+ - dynamically allocates the header data structure
+ - caller is expected to free the header data structure once used.
+
+ ********************************************************************/
+static BOOL create_rpc_bind_resp(struct pwd_info *pwd,
+                               char *domain, char *user_name, char *my_name,
+                               uint32 ntlmssp_cli_flgs,
+                               uint32 call_id,
+                               prs_struct *rhdr,
+                                prs_struct *rhdr_autha,
+                                prs_struct *auth_resp)
+{
+       unsigned char lm_owf[24];
+       unsigned char nt_owf[24];
+       RPC_HDR               hdr;
+       RPC_HDR_AUTHA         hdr_autha;
+       RPC_AUTH_VERIFIER     auth_verifier;
+       RPC_AUTH_NTLMSSP_RESP ntlmssp_resp;
+
+       make_rpc_hdr_autha(&hdr_autha, 0x1630, 0x1630, 0x0a, 0x06, 0x00);
+       smb_io_rpc_hdr_autha("hdr_autha", &hdr_autha, rhdr_autha, 0);
+       mem_realloc_data(rhdr_autha->data, rhdr_autha->offset);
+
+       make_rpc_auth_verifier(&auth_verifier,
+                              "NTLMSSP", NTLMSSP_AUTH);
+
+       smb_io_rpc_auth_verifier("auth_verifier", &auth_verifier, auth_resp, 0);
+       mem_realloc_data(auth_resp->data, auth_resp->offset);
+
+       pwd_get_lm_nt_owf(pwd, lm_owf, nt_owf);
+                       
+       make_rpc_auth_ntlmssp_resp(&ntlmssp_resp,
+                                lm_owf, nt_owf,
+                                domain, user_name, my_name,
+                                ntlmssp_cli_flgs);
+
+       smb_io_rpc_auth_ntlmssp_resp("ntlmssp_resp", &ntlmssp_resp, auth_resp, 0);
+       mem_realloc_data(auth_resp->data, auth_resp->offset);
+
+       /* create the request RPC_HDR */
+       make_rpc_hdr(&hdr, RPC_BINDRESP, 0x0, call_id,
+                    auth_resp->offset + rhdr_autha->offset + 0x10,
+                    auth_resp->offset);
+
+       smb_io_rpc_hdr("hdr"   , &hdr   , rhdr, 0);
+       mem_realloc_data(rhdr->data, rhdr->offset);
+
+       if (rhdr->data == NULL || rhdr_autha->data == NULL) return False;
+
+       /***/
+       /*** link rpc header and authentication responses ***/
+       /***/
+
+       prs_link(NULL      , rhdr       , rhdr_autha);
+       prs_link(rhdr      , rhdr_autha , auth_resp );
+       prs_link(rhdr_autha, auth_resp  , NULL );
+
+       return True;
+}
+
+
  /*******************************************************************
   creates a DCE/RPC bind request
  
@@ -370,8 +435,10 @@ static BOOL create_rpc_bind_req(prs_struct *rhdr,
  
   ********************************************************************/
  
-static BOOL create_rpc_request(prs_struct *rhdr, uint8 op_num, int data_len)
+static BOOL create_rpc_request(prs_struct *rhdr, uint8 op_num, int data_len,
+                               int auth_len)
  {
+       uint32 alloc_hint;
         RPC_HDR_REQ hdr_req;
         RPC_HDR     hdr;
  
@@ -380,10 +447,22 @@ static BOOL create_rpc_request(prs_struct *rhdr, uint8 op_num, int data_len)
  
         /* create the rpc header RPC_HDR */
         make_rpc_hdr(&hdr   , RPC_REQUEST, RPC_FLG_FIRST | RPC_FLG_LAST,
-                    get_rpc_call_id(), data_len, 0);
+                    get_rpc_call_id(), data_len, auth_len);
+
+       if (auth_len != 0)
+       {
+               alloc_hint = data_len - 0x18 - auth_len - 12;
+       }
+       else
+       {
+               alloc_hint = data_len - 0x18;
+       }
+
+       DEBUG(10,("create_rpc_request: data_len: %x auth_len: %x alloc_hint: %x\n",
+                  data_len, auth_len, alloc_hint));
  
         /* create the rpc request RPC_HDR_REQ */
-       make_rpc_hdr_req(&hdr_req, data_len, op_num);
+       make_rpc_hdr_req(&hdr_req, alloc_hint, op_num);
  
         /* stream-time... */
         smb_io_rpc_hdr    ("hdr    ", &hdr    , rhdr, 0);
@@ -405,32 +484,85 @@ BOOL rpc_api_pipe_req(struct cli_state *cli, uint8 op_num,
                        prs_struct *data, prs_struct *rdata)
  {
         /* fudge this, at the moment: create the header; memcpy the data.  oops. */
+       prs_struct dataa;
         prs_struct rparam;
         prs_struct hdr;
+       prs_struct hdr_auth;
+       prs_struct auth_verf;
         int data_len;
+       int auth_len;
         BOOL ret;
+       BOOL auth_verify;
+       BOOL auth_seal;
+       uint32 crc32;
  
-       data_len               = data->offset + 0x18;
+       auth_verify = IS_BITS_SET_ALL(cli->ntlmssp_srv_flgs, NTLMSSP_NEGOTIATE_SIGN);
+       auth_seal   = IS_BITS_SET_ALL(cli->ntlmssp_srv_flgs, NTLMSSP_NEGOTIATE_SEAL);
+
+       /* happen to know that NTLMSSP authentication verifier is 16 bytes */
+       auth_len               = auth_verify ? 16 : 0;
+       data_len               = data->offset + auth_len + (auth_verify ? 8 : 0) + 0x18;
         data->data->offset.end = data->offset;
  
-       prs_init(&hdr   , data_len, 4, SAFETY_MARGIN, False);
-       prs_init(&rparam, 0       , 4, 0            , True );
+       prs_init(&hdr      , data_len, 4, SAFETY_MARGIN, False);
+       prs_init(&hdr_auth , 8       , 4, SAFETY_MARGIN, False);
+       prs_init(&auth_verf, auth_len, 4, SAFETY_MARGIN, False);
+       prs_init(&rparam   , 0       , 4, 0            , True );
  
-       create_rpc_request(&hdr, op_num, data_len);
+       create_rpc_request(&hdr, op_num, data_len, auth_len);
+
+       if (auth_seal)
+       {
+               crc32 = crc32_calc_buffer(data->offset, mem_data(&data->data, 0));
+               NTLMSSPcalc(cli->ntlmssp_hash, mem_data(&data->data, 0), data->offset);
+       }
+
+       if (auth_verify)
+       {
+               RPC_AUTH_NTLMSSP_CHK chk;
+               RPC_HDR_AUTH         rhdr_auth;
+
+               make_rpc_hdr_auth(&rhdr_auth, 0x0a, 0x06, 0x02);
+               smb_io_rpc_hdr_auth("hdr_auth", &rhdr_auth, &hdr_auth, 0);
+
+               make_rpc_auth_ntlmssp_chk(&chk, NTLMSSP_SIGN_VERSION, crc32, 0);
+               smb_io_rpc_auth_ntlmssp_chk("auth_sign", &chk, &auth_verf, 0);
+               NTLMSSPcalc(cli->ntlmssp_hash, mem_data(&auth_verf.data, 4), 12);
+       }
+
+       if (auth_seal || auth_verify)
+       {
+               prs_link(NULL     , &hdr      , data      );
+               prs_link(&hdr     , data      , &hdr_auth );
+               prs_link(data     , &hdr_auth , &auth_verf);
+               prs_link(&hdr_auth, &auth_verf, NULL      );
+       }
+       else
+       {
+               prs_link(NULL, &hdr, data);
+               prs_link(&hdr, data, NULL);
+       }
  
         mem_realloc_data(hdr.data, data_len);
-       hdr.data->offset.end = data_len;
-       mem_buf_copy(mem_data(&(hdr.data), 0x18), data->data, 0, data->offset);
  
-       ret = rpc_api_pipe(cli, 0x0026, NULL, &hdr, &rparam, rdata);
+       DEBUG(100,("data_len: %x data_calc_len: %x\n",
+               data_len, mem_buf_len(data->data)));
+
+       /* this is a hack due to limitations in rpc_api_pipe */
+       prs_init(&dataa, mem_buf_len(hdr.data), 4, 0x0, False);
+       mem_buf_copy(dataa.data->data, hdr.data, 0, mem_buf_len(hdr.data));
  
-       prs_mem_free(&rparam);
-       prs_mem_free(&hdr);
+       ret = rpc_api_pipe(cli, 0x0026, NULL, &dataa, &rparam, rdata);
+
+       prs_mem_free(&hdr_auth );
+       prs_mem_free(&auth_verf);
+       prs_mem_free(&rparam   );
+       prs_mem_free(&hdr      );
+       prs_mem_free(&dataa    );
  
         return ret;
  }
  
-
  /****************************************************************************
  do an rpc bind
  ****************************************************************************/
@@ -574,11 +706,13 @@ do an rpc bind
  ****************************************************************************/
  
  static BOOL rpc_pipe_bind(struct cli_state *cli, char *pipe_name,
-                   RPC_IFACE *abstract, RPC_IFACE *transfer, BOOL ntlmssp_auth)
+                               RPC_IFACE *abstract, RPC_IFACE *transfer, 
+                               char *my_name)
  {
         prs_struct hdr;
         prs_struct hdr_rb;
         prs_struct hdr_auth;
+       prs_struct hdr_autha;
         prs_struct auth_req;
         prs_struct auth_ntlm;
         prs_struct data;
@@ -586,9 +720,13 @@ static BOOL rpc_pipe_bind(struct cli_state *cli, char *pipe_name,
         prs_struct rparam;
  
         BOOL valid_ack = False;
+       BOOL ntlmssp_auth = cli->ntlmssp_cli_flgs != 0;
+       uint32 call_id;
  
         if (pipe_name == NULL || abstract == NULL || transfer == NULL)
-       return False;
+       {
+               return False;
+       }
  
         DEBUG(5,("Bind RPC Pipe[%x]: %s\n", cli->nt_pipe_fnum, pipe_name));
  
@@ -600,14 +738,16 @@ static BOOL rpc_pipe_bind(struct cli_state *cli, char *pipe_name,
         prs_init(&auth_req , ntlmssp_auth ? 1024 : 0, 4, SAFETY_MARGIN, False);
         prs_init(&auth_ntlm, ntlmssp_auth ? 1024 : 0, 4, SAFETY_MARGIN, False);
  
-       prs_init(&rdata , 0   , 4, SAFETY_MARGIN, True );
-       prs_init(&rparam, 0   , 4, SAFETY_MARGIN, True );
+       prs_init(&rdata    , 0   , 4, SAFETY_MARGIN, True);
+       prs_init(&rparam   , 0   , 4, SAFETY_MARGIN, True);
  
+       call_id = get_rpc_call_id();
         create_rpc_bind_req(&hdr, &hdr_rb,
                             ntlmssp_auth ? &hdr_auth : NULL,
                             ntlmssp_auth ? &auth_req : NULL,
                             ntlmssp_auth ? &auth_ntlm : NULL,
-                           abstract, transfer, global_myname, global_myworkgroup);
+                           call_id,
+                           abstract, transfer, global_myname, cli->domain);
  
         /* this is a hack due to limitations in rpc_api_pipe */
         prs_init(&data, mem_buf_len(hdr.data), 4, 0x0, False);
@@ -646,6 +786,57 @@ static BOOL rpc_pipe_bind(struct cli_state *cli, char *pipe_name,
                         smb_io_rpc_auth_ntlmssp_chal("", &rhdr_chal, &rdata, 0);
                         if (rdata.offset == 0) valid_ack = False;
                 }
+               if (valid_ack && ntlmssp_auth)
+               {
+                       unsigned char p24[24];
+                       unsigned char lm_owf[24];
+                       unsigned char lm_hash[16];
+
+                       prs_struct hdra;
+                       prs_struct hdr_autha;
+                       prs_struct auth_resp;
+                       prs_struct dataa;
+
+                       cli->ntlmssp_cli_flgs = rhdr_chal.neg_flags;
+
+                       prs_init(&hdra     , 0x10, 4, 0x0          , False);
+                       prs_init(&hdr_autha, 1024, 4, SAFETY_MARGIN, False);
+                       prs_init(&auth_resp, 1024, 4, SAFETY_MARGIN, False);
+
+                       pwd_make_lm_nt_owf(&cli->pwd, rhdr_chal.challenge);
+                       pwd_get_lm_nt_owf(&cli->pwd, lm_owf, NULL);
+                       pwd_get_lm_nt_16(&cli->pwd, lm_hash, NULL);
+                       NTLMSSPOWFencrypt(lm_hash, lm_owf, p24);
+                       bzero(lm_hash, sizeof(lm_hash));
+                       NTLMSSPhash(cli->ntlmssp_hash, p24);
+
+                       create_rpc_bind_resp(&cli->pwd, cli->domain,
+                                            cli->user_name, global_myname, 
+                                            cli->ntlmssp_cli_flgs,
+                                            call_id,
+                                            &hdra, &hdr_autha, &auth_resp);
+                                           
+                       /* this is a hack due to limitations in rpc_api_pipe */
+                       prs_init(&dataa, mem_buf_len(hdra.data), 4, 0x0, False);
+                       mem_buf_copy(dataa.data->data, hdra.data, 0, mem_buf_len(hdra.data));
+
+                       if (cli_write(cli, cli->nt_pipe_fnum, 0x0008,
+                                 dataa.data->data, 0,
+                                 dataa.data->data_used) < 0)
+                       {
+                               valid_ack = False;
+                       }
+
+                       if (valid_ack)
+                       {
+                               cli->ntlmssp_srv_flgs = rhdr_chal.neg_flags;
+                       }
+
+                       prs_mem_free(&hdra);
+                       prs_mem_free(&dataa);
+                       prs_mem_free(&hdr_autha);
+                       prs_mem_free(&auth_resp);
+               }
         }
  
         prs_mem_free(&data     );
@@ -690,7 +881,26 @@ BOOL cli_nt_session_open(struct cli_state *cli, char *pipe_name, BOOL encrypted)
         }
  
         /******************* bind request on pipe *****************/
-       if (!rpc_pipe_bind(cli, pipe_name, &abstract, &transfer, encrypted))
+
+       if (encrypted)
+       {
+               cli->ntlmssp_cli_flgs =
+                                   NTLMSSP_NEGOTIATE_UNICODE |
+                                   NTLMSSP_NEGOTIATE_OEM |
+                                   NTLMSSP_NEGOTIATE_SIGN |
+                                   NTLMSSP_NEGOTIATE_SEAL |
+                                   NTLMSSP_NEGOTIATE_LM_KEY |
+                                   NTLMSSP_NEGOTIATE_NTLM |
+                                   NTLMSSP_NEGOTIATE_ALWAYS_SIGN |
+                                   NTLMSSP_NEGOTIATE_00001000 |
+                                   NTLMSSP_NEGOTIATE_00002000;
+               DEBUG(5,("cli_nt_session_open: neg_flags: %lx\n",
+                        cli->ntlmssp_cli_flgs));
+       }
+
+       if (!rpc_pipe_bind(cli, pipe_name,
+                          &abstract, &transfer,
+                          global_myname))
         {
                 DEBUG(0,("cli_nt_session_open: rpc bind failed. Error was %s\n",
                           cli_errstr(cli)));
@@ -699,8 +909,8 @@ BOOL cli_nt_session_open(struct cli_state *cli, char *pipe_name, BOOL encrypted)
         }
  
         /* 
-       * Setup the remote server name prefixed by \ and the machine account name.
-       */
+        * Setup the remote server name prefixed by \ and the machine account name.
+        */
  
         fstrcpy(cli->srv_name_slash, "\\\\");
         fstrcat(cli->srv_name_slash, cli->desthost);
diff --git a/source/rpc_client/cli_samr.c b/source/rpc_client/cli_samr.c

index ef20a999df59ae71f845dfa0d6e6ab6e8b35929a..c9e806fd21c9d933db390661ce16d99e89e7bf81 100644 (file)
--- a/source/rpc_client/cli_samr.c
+++ b/source/rpc_client/cli_samr.c
@@ -107,7 +107,7 @@ BOOL do_samr_unknown_8(struct cli_state *cli,
         prs_struct rdata;
  
         SAMR_Q_UNKNOWN_8 q_e;
-    BOOL valid_un8 = False;
+       BOOL valid_un8 = False;
  
         /* create and send a MSRPC command with api SAMR_ENUM_DOM_USERS */
  
@@ -128,7 +128,6 @@ BOOL do_samr_unknown_8(struct cli_state *cli,
         if (rpc_api_pipe_req(cli, SAMR_UNKNOWN_8, &data, &rdata))
         {
  #if 0
-
                 SAMR_R_UNKNOWN_8 r_e;
                 BOOL p;
  
diff --git a/source/rpc_parse/parse_rpc.c b/source/rpc_parse/parse_rpc.c

index a1773bb8278981b2db1961ddaf35f96a7173f4a9..2204207440ad01c9ff75304ae563b6638efe7d71 100644 (file)
--- a/source/rpc_parse/parse_rpc.c
+++ b/source/rpc_parse/parse_rpc.c
@@ -375,13 +375,13 @@ void smb_io_rpc_hdr_ba(char *desc,  RPC_HDR_BA *rpc, prs_struct *ps, int depth)
  /*******************************************************************
  creates an RPC_HDR_REQ structure.
  ********************************************************************/
-void make_rpc_hdr_req(RPC_HDR_REQ *hdr, uint32 data_len, uint16 opnum)
+void make_rpc_hdr_req(RPC_HDR_REQ *hdr, uint32 alloc_hint, uint16 opnum)
  {
         if (hdr == NULL) return;
  
-       hdr->alloc_hint   = data_len - 0x18; /* allocation hint */
-       hdr->context_id   = 0;               /* presentation context identifier */
-       hdr->opnum        = opnum;           /* opnum */
+       hdr->alloc_hint   = alloc_hint; /* allocation hint */
+       hdr->context_id   = 0;         /* presentation context identifier */
+       hdr->opnum        = opnum;     /* opnum */
  }
  
  /*******************************************************************
@@ -492,6 +492,32 @@ void smb_io_rpc_hdr_auth(char *desc, RPC_HDR_AUTH *rai, prs_struct *ps, int dept
         prs_uint32("unknown      ", ps, depth, &(rai->unknown      )); /* 0x0014a0c0 */
  }
  
+/*******************************************************************
+creates an RPC_AUTH_VERIFIER structure.
+********************************************************************/
+void make_rpc_auth_verifier(RPC_AUTH_VERIFIER *rav,
+                               char *signature, uint32 msg_type)
+{
+       if (rav == NULL) return;
+
+       fstrcpy(rav->signature, signature); /* "NTLMSSP" */
+       rav->msg_type = msg_type; /* NTLMSSP_MESSAGE_TYPE */
+}
+
+/*******************************************************************
+reads or writes an RPC_AUTH_VERIFIER structure.
+********************************************************************/
+void smb_io_rpc_auth_verifier(char *desc, RPC_AUTH_VERIFIER *rav, prs_struct *ps, int depth)
+{
+       if (rav == NULL) return;
+
+       prs_debug(ps, depth, desc, "smb_io_rpc_auth_verifier");
+       depth++;
+
+       prs_string("signature", ps, depth, rav->signature, 0, sizeof(rav->signature)); /* "NTLMSSP" */
+       prs_uint32("msg_type ", ps, depth, &(rav->msg_type  )); /* NTLMSSP_MESSAGE_TYPE */
+}
+
  /*******************************************************************
  creates an RPC_AUTH_NTLMSSP_NEG structure.
  ********************************************************************/
@@ -506,8 +532,8 @@ void make_rpc_auth_ntlmssp_neg(RPC_AUTH_NTLMSSP_NEG *neg,
  
         neg->neg_flgs = neg_flgs ; /* 0x00b2b3 */
  
-       make_str_hdr(&neg->hdr_myname, len_myname, len_myname, 1); 
-       make_str_hdr(&neg->hdr_domain, len_domain, len_domain, 1); 
+       make_str_hdr(&neg->hdr_myname, len_myname, len_myname, 0x20); 
+       make_str_hdr(&neg->hdr_domain, len_domain, len_domain, 0x20 + len_myname+1); 
  
         fstrcpy(neg->myname, myname);
         fstrcpy(neg->domain, domain);
@@ -532,32 +558,6 @@ void smb_io_rpc_auth_ntlmssp_neg(char *desc, RPC_AUTH_NTLMSSP_NEG *neg, prs_stru
         prs_string("domain", ps, depth, neg->domain, neg->hdr_domain.str_str_len, sizeof(neg->domain)); 
  }
  
-/*******************************************************************
-creates an RPC_AUTH_VERIFIER structure.
-********************************************************************/
-void make_rpc_auth_verifier(RPC_AUTH_VERIFIER *rav,
-                               char *signature, uint32 msg_type)
-{
-       if (rav == NULL) return;
-
-       fstrcpy(rav->signature, signature); /* "NTLMSSP" */
-       rav->msg_type = msg_type; /* NTLMSSP_MESSAGE_TYPE */
-}
-
-/*******************************************************************
-reads or writes an RPC_AUTH_VERIFIER structure.
-********************************************************************/
-void smb_io_rpc_auth_verifier(char *desc, RPC_AUTH_VERIFIER *rav, prs_struct *ps, int depth)
-{
-       if (rav == NULL) return;
-
-       prs_debug(ps, depth, desc, "smb_io_rpc_auth_verifier");
-       depth++;
-
-       prs_string("signature", ps, depth, rav->signature, 0, sizeof(rav->signature)); /* "NTLMSSP" */
-       prs_uint32("msg_type ", ps, depth, &(rav->msg_type  )); /* NTLMSSP_MESSAGE_TYPE */
-}
-
  /*******************************************************************
  creates an RPC_AUTH_NTLMSSP_CHAL structure.
  ********************************************************************/
@@ -606,30 +606,49 @@ void make_rpc_auth_ntlmssp_resp(RPC_AUTH_NTLMSSP_RESP *rsp,
                                 uint32 neg_flags)
  {
         uint32 offset;
-       int dom_len = strlen(domain) * 2;
-       int wks_len = strlen(wks   ) * 2;
-       int usr_len = strlen(user  ) * 2;
+       int dom_len = strlen(domain);
+       int wks_len = strlen(wks   );
+       int usr_len = strlen(user  );
         int lm_len  = lm_resp != NULL ? 24 : 0;
         int nt_len  = nt_resp != NULL ? 24 : 0;
  
+       DEBUG(5,("make_rpc_auth_ntlmssp_resp\n"));
+
         if (rsp == NULL) return;
  
+#ifdef DEBUG_PASSWORD
+       DEBUG(100,("lm_resp\n"));
+       dump_data(100, lm_resp, 24);
+       DEBUG(100,("nt_resp\n"));
+       dump_data(100, nt_resp, 24);
+#endif
+
+       DEBUG(6,("dom: %s user: %s wks: %s neg_flgs: 0x%x\n",
+                 domain, user, wks, neg_flags));
+
         offset = 0x40;
  
+       if (IS_BITS_SET_ALL(neg_flags, NTLMSSP_NEGOTIATE_UNICODE))
+       {
+               dom_len *= 2;
+               wks_len *= 2;
+               usr_len *= 2;
+       }
+
         make_str_hdr(&rsp->hdr_lm_resp, lm_len, lm_len, offset);
-       offset += lm_len * 2;
+       offset += lm_len;
  
         make_str_hdr(&rsp->hdr_nt_resp, nt_len, nt_len, offset);
-       offset += nt_len * 2;
+       offset += nt_len;
  
         make_str_hdr(&rsp->hdr_domain , dom_len, dom_len, offset);
-       offset += dom_len * 2;
+       offset += dom_len;
  
         make_str_hdr(&rsp->hdr_usr    , usr_len, usr_len, offset);
-       offset += usr_len * 2;
+       offset += usr_len;
  
         make_str_hdr(&rsp->hdr_wks    , wks_len, wks_len, offset);
-       offset += wks_len * 2;
+       offset += wks_len;
  
         make_str_hdr(&rsp->hdr_sess_key, 0, 0, offset);
  
@@ -637,12 +656,20 @@ void make_rpc_auth_ntlmssp_resp(RPC_AUTH_NTLMSSP_RESP *rsp,
  
         memcpy(&rsp->lm_resp, lm_resp, 24);
         memcpy(&rsp->nt_resp, nt_resp, 24);
-       fstrcpy(rsp->domain, domain);
-       fstrcpy(rsp->user  , user  );
-       fstrcpy(rsp->wks   , wks   );
-       rsp->sess_key[0] = 0;
  
-       
+       if (IS_BITS_SET_ALL(neg_flags, NTLMSSP_NEGOTIATE_UNICODE))
+       {
+               struni2((uint16*)rsp->domain, domain);
+               struni2((uint16*)rsp->user  , user  );
+               struni2((uint16*)rsp->wks   , wks   );
+       }
+       else
+       {
+               fstrcpy(rsp->domain, domain);
+               fstrcpy(rsp->user  , user  );
+               fstrcpy(rsp->wks   , wks   );
+       }
+       rsp->sess_key[0] = 0;
  }
  
  /*******************************************************************
@@ -659,12 +686,14 @@ void smb_io_rpc_auth_ntlmssp_resp(char *desc, RPC_AUTH_NTLMSSP_RESP *rsp, prs_st
         prs_debug(ps, depth, desc, "smb_io_rpc_auth_ntlmssp_resp");
         depth++;
  
-       ZERO_STRUCTP(rsp);
-
         if (ps->io)
         {
                 uint32 old_offset;
+
                 /* reading */
+
+               ZERO_STRUCTP(rsp);
+
                 smb_io_strhdr("hdr_lm_resp ", &rsp->hdr_lm_resp , ps, depth); 
                 smb_io_strhdr("hdr_nt_resp ", &rsp->hdr_nt_resp , ps, depth); 
                 smb_io_strhdr("hdr_domain  ", &rsp->hdr_domain  , ps, depth); 
@@ -677,30 +706,30 @@ void smb_io_rpc_auth_ntlmssp_resp(char *desc, RPC_AUTH_NTLMSSP_RESP *rsp, prs_st
                 old_offset = ps->offset;
  
                 ps->offset = rsp->hdr_lm_resp .buffer + 0x1c;
-               prs_uint8s(False, "lm_resp ", ps, depth, rsp->lm_resp , MIN(rsp->hdr_lm_resp .str_str_len, sizeof(rsp->lm_resp ))); 
+               prs_uint8s(False, "lm_resp ", ps, depth, (uint8*)rsp->lm_resp , MIN(rsp->hdr_lm_resp .str_str_len, sizeof(rsp->lm_resp ))); 
                 old_offset += rsp->hdr_lm_resp .str_str_len;
  
                 ps->offset = rsp->hdr_nt_resp .buffer + 0x1c;
-               prs_uint8s(False, "nt_resp ", ps, depth, rsp->nt_resp , MIN(rsp->hdr_nt_resp .str_str_len, sizeof(rsp->nt_resp ))); 
+               prs_uint8s(False, "nt_resp ", ps, depth, (uint8*)rsp->nt_resp , MIN(rsp->hdr_nt_resp .str_str_len, sizeof(rsp->nt_resp ))); 
                 old_offset += rsp->hdr_nt_resp .str_str_len;
  
                 ps->offset = rsp->hdr_domain  .buffer + 0x1c;
-               prs_uint8s(True , "domain  ", ps, depth, rsp->domain  , MIN(rsp->hdr_domain  .str_str_len, sizeof(rsp->domain  ))); 
+               prs_uint8s(True , "domain  ", ps, depth, (uint8*)rsp->domain  , MIN(rsp->hdr_domain  .str_str_len, sizeof(rsp->domain  ))); 
                 old_offset += rsp->hdr_domain  .str_str_len;
  
                 ps->offset = rsp->hdr_usr     .buffer + 0x1c;
-               prs_uint8s(True , "user    ", ps, depth, rsp->user    , MIN(rsp->hdr_usr     .str_str_len, sizeof(rsp->user    ))); 
+               prs_uint8s(True , "user    ", ps, depth, (uint8*)rsp->user    , MIN(rsp->hdr_usr     .str_str_len, sizeof(rsp->user    ))); 
                 old_offset += rsp->hdr_usr     .str_str_len;
  
                 ps->offset = rsp->hdr_wks     .buffer + 0x1c;
-               prs_uint8s(True , "wks     ", ps, depth, rsp->wks     , MIN(rsp->hdr_wks     .str_str_len, sizeof(rsp->wks     ))); 
+               prs_uint8s(True , "wks     ", ps, depth, (uint8*)rsp->wks     , MIN(rsp->hdr_wks     .str_str_len, sizeof(rsp->wks     ))); 
                 old_offset += rsp->hdr_wks     .str_str_len;
  
                 if (rsp->hdr_sess_key.str_str_len != 0)
                 {
                         ps->offset = rsp->hdr_sess_key.buffer + 0x1c;
                         old_offset += rsp->hdr_sess_key.str_str_len;
-                       prs_uint8s(False, "sess_key", ps, depth, rsp->sess_key, MIN(rsp->hdr_sess_key.str_str_len, sizeof(rsp->sess_key))); 
+                       prs_uint8s(False, "sess_key", ps, depth, (uint8*)rsp->sess_key, MIN(rsp->hdr_sess_key.str_str_len, sizeof(rsp->sess_key))); 
                 }
  
                 ps->offset = old_offset;
@@ -717,25 +746,42 @@ void smb_io_rpc_auth_ntlmssp_resp(char *desc, RPC_AUTH_NTLMSSP_RESP *rsp, prs_st
  
                 prs_uint32("neg_flags", ps, depth, &(rsp->neg_flags)); /* 0x0000 82b1 */
  
-               prs_uint8s(False, "sess_key", ps, depth, rsp->sess_key, MIN(rsp->hdr_sess_key.str_str_len, sizeof(rsp->sess_key))); 
-               prs_uint8s(True , "wks     ", ps, depth, rsp->wks     , MIN(rsp->hdr_wks     .str_str_len, sizeof(rsp->wks     ))); 
-               prs_uint8s(True , "user    ", ps, depth, rsp->user    , MIN(rsp->hdr_usr     .str_str_len, sizeof(rsp->user    ))); 
-               prs_uint8s(True , "domain  ", ps, depth, rsp->domain  , MIN(rsp->hdr_domain  .str_str_len, sizeof(rsp->domain  ))); 
-               prs_uint8s(False, "nt_resp ", ps, depth, rsp->nt_resp , MIN(rsp->hdr_nt_resp .str_str_len, sizeof(rsp->nt_resp ))); 
                 prs_uint8s(False, "lm_resp ", ps, depth, rsp->lm_resp , MIN(rsp->hdr_lm_resp .str_str_len, sizeof(rsp->lm_resp ))); 
+               prs_uint8s(False, "nt_resp ", ps, depth, rsp->nt_resp , MIN(rsp->hdr_nt_resp .str_str_len, sizeof(rsp->nt_resp ))); 
+               prs_uint8s(True , "domain  ", ps, depth, rsp->domain  , MIN(rsp->hdr_domain  .str_str_len, sizeof(rsp->domain  ))); 
+               prs_uint8s(True , "user    ", ps, depth, rsp->user    , MIN(rsp->hdr_usr     .str_str_len, sizeof(rsp->user    ))); 
+               prs_uint8s(True , "wks     ", ps, depth, rsp->wks     , MIN(rsp->hdr_wks     .str_str_len, sizeof(rsp->wks     ))); 
+               prs_uint8s(False, "sess_key", ps, depth, rsp->sess_key, MIN(rsp->hdr_sess_key.str_str_len, sizeof(rsp->sess_key))); 
         }
  }
  
-#if 0
+/*******************************************************************
+creates an RPC_AUTH_NTLMSSP_CHK structure.
+********************************************************************/
+void make_rpc_auth_ntlmssp_chk(RPC_AUTH_NTLMSSP_CHK *chk,
+                               uint32 ver, uint32 crc32, uint32 seq_num)
+{
+       if (chk == NULL) return;
  
-/* attached to the end of encrypted rpc requests and responses */
-/* RPC_AUTH_NTLMSSP_CHK */
-typedef struct rpc_auth_ntlmssp_chk_info
+       chk->ver      = ver     ;
+       chk->reserved = 0x0;
+       chk->crc32    = crc32   ;
+       chk->seq_num  = seq_num ;
+}
+
+/*******************************************************************
+reads or writes an RPC_AUTH_NTLMSSP_CHK structure.
+********************************************************************/
+void smb_io_rpc_auth_ntlmssp_chk(char *desc, RPC_AUTH_NTLMSSP_CHK *chk, prs_struct *ps, int depth)
  {
-       uint32 ver; /* 0x1 */
-       uint8 data[12];
+       if (chk == NULL) return;
  
-} RPC_AUTH_NTLMSSP_CHK;
+       prs_debug(ps, depth, desc, "smb_io_rpc_auth_ntlmssp_chk");
+       depth++;
  
-#endif /* 0 */
+       prs_uint32("ver     ", ps, depth, &(chk->ver     )); 
+       prs_uint32("reserved", ps, depth, &(chk->reserved)); 
+       prs_uint32("crc32   ", ps, depth, &(chk->crc32   )); 
+       prs_uint32("seq_num ", ps, depth, &(chk->seq_num )); 
+}
  
diff --git a/source/rpc_server/srv_pipe_hnd.c b/source/rpc_server/srv_pipe_hnd.c

index 31ca1a7c20ef4b94627d717653519737594d2edb..4d5fd3865e3251834dbf1ac5d7f976e79a11a963 100644 (file)
--- a/source/rpc_server/srv_pipe_hnd.c
+++ b/source/rpc_server/srv_pipe_hnd.c
@@ -211,14 +211,16 @@ int read_pipe(pipes_struct *p, char *data, uint32 pos, int n)
                  BOOLSTR(p->open),
                  pos, n));
  
-       if (!p || !p->open) {
+       if (!p || !p->open)
+       {
                 DEBUG(6,("pipe not open\n"));
                 return -1;              
         }
  
  
         if (p->rhdr.data == NULL || p->rhdr.data->data == NULL ||
-           p->rhdr.data->data_used == 0) {
+           p->rhdr.data->data_used == 0)
+       {
                 return 0;
         }
  
@@ -237,18 +239,21 @@ int read_pipe(pipes_struct *p, char *data, uint32 pos, int n)
         DEBUG(6,("read_pipe: len: %d num: %d n: %d\n", len, num, n));
         
         if (num > n) num = n;
-       if (num <= 0) {
+       if (num <= 0)
+       {
                 DEBUG(5,("read_pipe: 0 or -ve data length\n"));
                 return 0;
         }
  
-       if (!IS_BITS_SET_ALL(p->hdr.flags, RPC_FLG_LAST)) {
+       if (!IS_BITS_SET_ALL(p->hdr.flags, RPC_FLG_LAST))
+       {
                 /* intermediate fragment - possibility of another header */
                 
                 DEBUG(5,("read_pipe: frag_len: %d data_pos: %d data_hdr_pos: %d\n",
                          p->hdr.frag_len, data_pos, data_hdr_pos));
                 
-               if (data_hdr_pos == p->next_frag_start) {
+               if (data_hdr_pos == p->next_frag_start)
+               {
                         DEBUG(6,("read_pipe: next fragment header\n"));
  
                         /* this is subtracted from the total data bytes, later */
@@ -263,10 +268,10 @@ int read_pipe(pipes_struct *p, char *data, uint32 pos, int n)
                         p->next_frag_start += p->hdr.frag_len;
                         p->hdr_offsets += 0x18;
                 }                       
-               
         }
         
-       if (num < hdr_num) {
+       if (num < hdr_num)
+       {
                 DEBUG(5,("read_pipe: warning - data read only part of a header\n"));
         }
  
@@ -277,12 +282,15 @@ int read_pipe(pipes_struct *p, char *data, uint32 pos, int n)
         data_pos += num;
         data_hdr_pos += num;
         
-       if (hdr_num == 0x18 && num == 0x18) {
+       if (hdr_num == 0x18 && num == 0x18)
+       {
                 DEBUG(6,("read_pipe: just header read\n"));
  
                 /* advance to the next fragment */
                 p->frag_len_left -= 0x18; 
-       } else if (data_hdr_pos == p->next_frag_start) {
+       }
+       else if (data_hdr_pos == p->next_frag_start)
+       {
                 DEBUG(6,("read_pipe: next fragment expected\n"));
         }
  
diff --git a/source/rpcclient/cmd_samr.c b/source/rpcclient/cmd_samr.c

index c45c4c7c23d063608ac0c08cc638f5686cbc4d66..487c8e46c162079900bf475cd85284496edfd196 100644 (file)
--- a/source/rpcclient/cmd_samr.c
+++ b/source/rpcclient/cmd_samr.c
@@ -67,6 +67,14 @@ void cmd_sam_test(struct client_info *info)
         /* open SAMR session.  */
         res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, True) : False;
  
+       /* establish a connection. */
+       res = res ? do_samr_connect(smb_cli, 
+                               srv_name, 0x00000020,
+                               &info->dom.samr_pol_connect) : False;
+
+       res = res ? do_samr_close(smb_cli,
+                   &info->dom.samr_pol_connect) : False;
+
         /* close the session */
         cli_nt_session_close(smb_cli);
  
@@ -232,10 +240,10 @@ void cmd_sam_enum_users(struct client_info *info)
         }
  
         res = res ? do_samr_close(smb_cli,
-                   &info->dom.samr_pol_connect) : False;
+                   &info->dom.samr_pol_open_domain) : False;
  
         res = res ? do_samr_close(smb_cli,
-                   &info->dom.samr_pol_open_domain) : False;
+                   &info->dom.samr_pol_connect) : False;
  
         /* close the session */
         cli_nt_session_close(smb_cli);
diff --git a/source/rpcclient/rpcclient.c b/source/rpcclient/rpcclient.c

index 174cea78ad5686da68145618565b665a6c9ed6b5..2183f504c243d9aae7673e35b4e8a05ff59d0011 100644 (file)
--- a/source/rpcclient/rpcclient.c
+++ b/source/rpcclient/rpcclient.c
@@ -30,6 +30,7 @@
  #endif
  
  extern pstring scope;
+extern pstring global_myname;
  
  extern pstring user_socket_options;
  
@@ -456,6 +457,7 @@ enum client_action
  
         TimeInit();
         charset_initialise();
+       crc32_build_table();
  
         myumask = umask(0);
         umask(myumask);
@@ -683,6 +685,9 @@ enum client_action
                 fprintf(stderr, "Failed to get my hostname.\n");
         }
  
+       fstrcpy(global_myname, cli_info.myhostname);
+       strupper(global_myname);
+
         if (!lp_load(servicesf,True, False, False))
         {
                 fprintf(stderr, "Can't load %s - run testparm to debug it\n", servicesf);
diff --git a/source/smbwrapper/smbw.c b/source/smbwrapper/smbw.c

index f84623d3df0de8298593a11d565818a0c3928de7..660e65f421e8e78c35433aad92f5b3aae38d640d 100644 (file)
--- a/source/smbwrapper/smbw.c
+++ b/source/smbwrapper/smbw.c
@@ -705,7 +705,7 @@ ssize_t smbw_write(int fd, void *buf, size_t count)
                 return -1;
         }
         
-       ret = cli_write(&file->srv->cli, file->f->cli_fd, buf, file->f->offset, count);
+       ret = cli_write(&file->srv->cli, file->f->cli_fd, 0, buf, file->f->offset, count);
  
         if (ret == -1) {
                 errno = smbw_errno(&file->srv->cli);
diff --git a/source/utils/torture.c b/source/utils/torture.c

index fb320e8b661210e368c1c0dc22762ffb21a4870f..81990060686b83e4aa42689b76119f151d568de1 100644 (file)
--- a/source/utils/torture.c
+++ b/source/utils/torture.c
@@ -165,12 +165,12 @@ static BOOL rw_torture(struct cli_state *c, int numops)
                         break;
                 }
  
-               if (cli_write(c, fnum, (char *)&pid, 0, sizeof(pid)) != sizeof(pid)) {
+               if (cli_write(c, fnum, 0, (char *)&pid, 0, sizeof(pid)) != sizeof(pid)) {
                         printf("write failed (%s)\n", cli_errstr(c));
                 }
  
                 for (j=0;j<50;j++) {
-                       if (cli_write(c, fnum, (char *)buf, 
+                       if (cli_write(c, fnum, 0, (char *)buf, 
                                       sizeof(pid)+(j*sizeof(buf)), 
                                       sizeof(buf)) != sizeof(buf)) {
                                 printf("write failed (%s)\n", cli_errstr(c));
@@ -818,7 +818,7 @@ static void run_trans2test(void)
  
         fnum = cli_open(&cli, fname2, 
                         O_RDWR | O_CREAT | O_TRUNC, DENY_NONE);
-       cli_write(&cli, fnum,  (char *)&fnum, 0, sizeof(fnum));
+       cli_write(&cli, fnum,  0, (char *)&fnum, 0, sizeof(fnum));
         cli_close(&cli, fnum);
         if (!cli_qpathinfo2(&cli, "\\trans2\\", &c_time, &a_time, &m_time2, 
                             &w_time, &size, NULL)) {
author	Luke Leighton <lkcl@samba.org>
	Thu, 8 Oct 1998 23:57:46 +0000 (23:57 +0000)
committer	Luke Leighton <lkcl@samba.org>
	Thu, 8 Oct 1998 23:57:46 +0000 (23:57 +0000)
source/include/client.h		patch \| blob \| history
source/include/proto.h		patch \| blob \| history
source/include/rpc_dce.h		patch \| blob \| history
source/lib/membuffer.c		patch \| blob \| history
source/libsmb/clientgen.c		patch \| blob \| history
source/libsmb/pwd_cache.c		patch \| blob \| history
source/rpc_client/cli_pipe.c		patch \| blob \| history
source/rpc_client/cli_samr.c		patch \| blob \| history
source/rpc_parse/parse_rpc.c		patch \| blob \| history
source/rpc_server/srv_pipe_hnd.c		patch \| blob \| history
source/rpcclient/cmd_samr.c		patch \| blob \| history
source/rpcclient/rpcclient.c		patch \| blob \| history
source/smbwrapper/smbw.c		patch \| blob \| history
source/utils/torture.c		patch \| blob \| history