diff options
| -rw-r--r-- | source/include/byteorder.h | 4 | ||||
| -rw-r--r-- | source/include/proto.h | 8 | ||||
| -rw-r--r-- | source/include/smb.h | 7 | ||||
| -rw-r--r-- | source/libsmb/credentials.c | 68 | ||||
| -rw-r--r-- | source/pipenetlog.c | 39 | ||||
| -rw-r--r-- | source/pipentlsa.c | 9 | ||||
| -rw-r--r-- | source/pipeutil.c | 7 | ||||
| -rw-r--r-- | source/smbparse.c | 8 |
8 files changed, 72 insertions, 78 deletions
diff --git a/source/include/byteorder.h b/source/include/byteorder.h index a6f826b518d..06337b91a2b 100644 --- a/source/include/byteorder.h +++ b/source/include/byteorder.h @@ -220,10 +220,10 @@ it also defines lots of intermediate macros, just ignore those :-) #define DBG_RW_SVAL(string,depth,base,read,inbuf,outbuf) \ RW_SVAL(read,inbuf,outbuf,0) \ DEBUG(5,("%s%04x %s: %04x\n", \ - tab_depth(depth), PTR_DIFF(inbuf,base),string, *(inbuf))); + tab_depth(depth), PTR_DIFF(inbuf,base),string, *((uint16*)(inbuf)))); #define DBG_RW_IVAL(string,depth,base,read,inbuf,outbuf) \ RW_IVAL(read,inbuf,outbuf,0) \ DEBUG(5,("%s%04x %s: %08x\n", \ - tab_depth(depth), PTR_DIFF(inbuf,base),string, *(inbuf))); + tab_depth(depth), PTR_DIFF(inbuf,base),string, *((uint32*)(inbuf)))); diff --git a/source/include/proto.h b/source/include/proto.h index 324431e2b3d..ca60239412f 100644 --- a/source/include/proto.h +++ b/source/include/proto.h @@ -63,10 +63,10 @@ int tar_parseargs(int argc, char *argv[], char *Optarg, int Optind); /*The following definitions come from credentials.c */ void cred_session_key(DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal, char *pass, - char *session_key); -void cred_create(char *session_key, DOM_CHAL *stored_cred, UTIME timestamp, + uint32 session_key[2]); +void cred_create(uint32 session_key[2], DOM_CHAL *stor_cred, UTIME timestamp, DOM_CHAL *cred); -int cred_assert(DOM_CHAL *cred, char *session_key, DOM_CHAL *stored_cred, +int cred_assert(DOM_CHAL *cred, uint32 session_key[2], DOM_CHAL *stored_cred, UTIME timestamp); /*The following definitions come from dir.c */ @@ -665,7 +665,7 @@ int make_rpc_reply(char *inbuf, char *q, int data_len); void make_uni_hdr(UNIHDR *hdr, int max_len, int len, uint16 terminate); void make_uni_hdr2(UNIHDR2 *hdr, int max_len, int len, uint16 terminate); void make_unistr(UNISTR *str, char *buf); -void make_unistr2(UNISTR2 *str, char *buf, int len, char terminate); +void make_unistr2(UNISTR2 *str, char *buf, int len); void make_dom_rid2(DOM_RID2 *rid2, uint32 rid); void make_dom_sid2(DOM_SID2 *sid2, char *sid_str); diff --git a/source/include/smb.h b/source/include/smb.h index 58dfc141bd4..8e34b063596 100644 --- a/source/include/smb.h +++ b/source/include/smb.h @@ -394,7 +394,7 @@ typedef struct log_info /* DOM_CHAL - challenge info */ typedef struct chal_info { - uint8 data[8]; /* credentials */ + uint32 data[2]; /* credentials */ } DOM_CHAL; @@ -492,7 +492,6 @@ typedef struct rpc_hdr_info typedef struct dom_query_info { uint16 uni_dom_max_len; /* domain name string length * 2 */ - uint16 padding; /* 2 padding bytes? */ uint16 uni_dom_str_len; /* domain name string length * 2 */ uint32 buffer_dom_name; /* undocumented domain name string buffer pointer */ uint32 buffer_dom_sid; /* undocumented domain SID string buffer pointer */ @@ -1018,8 +1017,8 @@ struct dcinfo DOM_CHAL clnt_cred; /* Last client credential */ DOM_CHAL srv_cred; /* Last server credential */ - char sess_key[8]; /* Session key */ - uchar md4pw[16]; /* md4(machine password) */ + uint32 sess_key[2]; /* Session key */ + uchar md4pw[16]; /* md4(machine password) */ }; typedef struct diff --git a/source/libsmb/credentials.c b/source/libsmb/credentials.c index 3355ab17040..07816bc0cf2 100644 --- a/source/libsmb/credentials.c +++ b/source/libsmb/credentials.c @@ -31,11 +31,12 @@ Output: 8 byte session key ****************************************************************************/ void cred_session_key(DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal, char *pass, - char *session_key) + uint32 session_key[2]) { uint32 sum[2]; char sum2[8]; char buf[8]; + char netsesskey[8]; sum[0] = IVAL(clnt_chal->data, 0) + IVAL(srv_chal->data, 0); sum[1] = IVAL(clnt_chal->data, 4) + IVAL(srv_chal->data, 4); @@ -44,22 +45,18 @@ void cred_session_key(DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal, char *pass, SIVAL(sum2,4,sum[1]); smbhash(pass , sum2, buf); - smbhash(pass+9, buf , session_key); + smbhash(pass+9, buf , netsesskey); - /* debug output*/ - DEBUG(4,("cred_session_key\n")); - - DEBUG(5,(" clnt_chal: ")); - dump_data(5, clnt_chal->data, 8); + session_key[0] = IVAL(netsesskey, 0); + session_key[1] = IVAL(netsesskey, 4); - DEBUG(5,(" srv_chal: ")); - dump_data(5, srv_chal->data, 8); - - DEBUG(5,(" clnt_chal+srv_chal: ")); - dump_data(5, sum2, 8); + /* debug output */ + DEBUG(4,("cred_session_key\n")); - DEBUG(5,(" session_key: ")); - dump_data(5, session_key, 16); + DEBUG(5,(" clnt_chal: %lx %lx\n", clnt_chal->data[0], clnt_chal->data[1])); + DEBUG(5,(" srv_chal : %lx %lx\n", srv_chal ->data[0], srv_chal ->data[1])); + DEBUG(5,(" clnt+srv : %lx %lx\n", sum [0], sum [1])); + DEBUG(5,(" sess_key : %lx %lx\n", session_key [0], session_key [1])); } @@ -74,35 +71,36 @@ Input: Output: 8 byte credential ****************************************************************************/ -void cred_create(char *session_key, DOM_CHAL *stored_cred, UTIME timestamp, +void cred_create(uint32 session_key[2], DOM_CHAL *stor_cred, UTIME timestamp, DOM_CHAL *cred) { char key2[7]; char buf[8]; + char calc_cred[8]; char timecred[8]; + char netsesskey[8]; + + SIVAL(netsesskey, 0, session_key[0]); + SIVAL(netsesskey, 4, session_key[1]); - memcpy(timecred, stored_cred->data, 8); - SIVAL(timecred, 0, IVAL(stored_cred, 0) + timestamp.time); + SIVAL(timecred, 0, IVAL(stor_cred, 0) + timestamp.time); + SIVAL(timecred, 4, IVAL(stor_cred, 4)); - smbhash(session_key, timecred, buf); + smbhash(netsesskey, timecred, buf); memset(key2, 0, 7); - key2[0] = session_key[7]; - smbhash(key2, buf, cred->data); + key2[0] = netsesskey[7]; + smbhash(key2, buf, calc_cred); + + cred->data[0] = IVAL(calc_cred, 0); + cred->data[1] = IVAL(calc_cred, 4); /* debug output*/ DEBUG(4,("cred_create\n")); - DEBUG(5,(" session_key: ")); - dump_data(5, session_key, 16); - - DEBUG(5,(" stored_cred: ")); - dump_data(5, stored_cred->data, 8); - - DEBUG(5,(" timecred: ")); - dump_data(5, timecred, 8); - - DEBUG(5,(" cred: ")); - dump_data(5, cred->data, 8); + DEBUG(5,(" sess_key : %lx %lx\n", session_key [0], session_key [1])); + DEBUG(5,(" stor_cred: %lx %lx\n", stor_cred->data[0], stor_cred->data[1])); + DEBUG(5,(" timecred : %lx %lx\n", IVAL(timecred, 0), IVAL(timecred, 4))); + DEBUG(5,(" calc_cred: %lx %lx\n", cred ->data[0], cred ->data[1])); } @@ -119,7 +117,7 @@ Output: returns 1 if computed credential matches received credential returns 0 otherwise ****************************************************************************/ -int cred_assert(DOM_CHAL *cred, char *session_key, DOM_CHAL *stored_cred, +int cred_assert(DOM_CHAL *cred, uint32 session_key[2], DOM_CHAL *stored_cred, UTIME timestamp) { DOM_CHAL cred2; @@ -129,11 +127,9 @@ int cred_assert(DOM_CHAL *cred, char *session_key, DOM_CHAL *stored_cred, /* debug output*/ DEBUG(4,("cred_assert\n")); + DEBUG(5,(" challenge : %lx %lx\n", cred->data[0], cred->data[1])); + DEBUG(5,(" calculated: %lx %lx\n", cred2.data[0], cred2.data[1])); DEBUG(5,(" challenge: ")); - dump_data(5, cred->data, 8); - - DEBUG(5,(" calculated: ")); - dump_data(5, cred2.data, 8); return memcmp(cred->data, cred2.data, 8) == 0; } diff --git a/source/pipenetlog.c b/source/pipenetlog.c index 861bae3809b..acb7f806b94 100644 --- a/source/pipenetlog.c +++ b/source/pipenetlog.c @@ -200,12 +200,12 @@ static void make_lsa_user_info(LSA_USER_INFO *usr, usr->num_other_sids = num_other_sids; usr->buffer_other_sids = num_other_sids != 0 ? 1 : 0; - make_unistr2(&(usr->uni_user_name ), user_name , len_user_name , 0); - make_unistr2(&(usr->uni_full_name ), full_name , len_full_name , 0); - make_unistr2(&(usr->uni_logon_script), logon_script, len_logon_script, 0); - make_unistr2(&(usr->uni_profile_path), profile_path, len_profile_path, 0); - make_unistr2(&(usr->uni_home_dir ), home_dir , len_home_dir , 0); - make_unistr2(&(usr->uni_dir_drive ), dir_drive , len_dir_drive , 0); + make_unistr2(&(usr->uni_user_name ), user_name , len_user_name ); + make_unistr2(&(usr->uni_full_name ), full_name , len_full_name ); + make_unistr2(&(usr->uni_logon_script), logon_script, len_logon_script); + make_unistr2(&(usr->uni_profile_path), profile_path, len_profile_path); + make_unistr2(&(usr->uni_home_dir ), home_dir , len_home_dir ); + make_unistr2(&(usr->uni_dir_drive ), dir_drive , len_dir_drive ); usr->num_groups2 = num_groups; for (i = 0; i < num_groups; i++) @@ -213,8 +213,8 @@ static void make_lsa_user_info(LSA_USER_INFO *usr, usr->gids[i] = gids[i]; } - make_unistr2(&(usr->uni_logon_srv), logon_srv, len_logon_srv, 0); - make_unistr2(&(usr->uni_logon_dom), logon_dom, len_logon_dom, 0); + make_unistr2(&(usr->uni_logon_srv), logon_srv, len_logon_srv); + make_unistr2(&(usr->uni_logon_dom), logon_dom, len_logon_dom); make_dom_sid(&(usr->dom_sid), dom_sid); make_dom_sid(&(usr->other_sids[0]), other_sids); @@ -304,11 +304,10 @@ static BOOL update_dcinfo(int cnum, uint16 vuid, /* create a server challenge for the client */ /* PAXX: set these to random values. */ /* lkcl: paul, you mentioned that it doesn't really matter much */ - for (i = 0; i < 8; i++) - { - dc->srv_chal.data[i] = 0xA5; - dc->srv_cred.data[i] = 0xA5; - } + dc->srv_chal.data[0] = 0x11111111; + dc->srv_chal.data[1] = 0x11111111; + dc->srv_cred.data[0] = 0x11111111; + dc->srv_cred.data[1] = 0x11111111; /* from client / server challenges and md4 password, generate sess key */ cred_session_key(&(dc->clnt_chal), &(dc->srv_chal), @@ -335,8 +334,8 @@ static void api_lsa_req_chal( int cnum, uint16 vuid, strcat(mach_acct, "$"); - DEBUG(6,("q_r.clnt_chal.data(%d) :", sizeof(q_r.clnt_chal.data))); - dump_data(6, q_r.clnt_chal.data, 8); + DEBUG(6,("q_r.clnt_chal.data: %lx %lx\n", + q_r.clnt_chal.data[0], q_r.clnt_chal.data[1])); update_dcinfo(cnum, vuid, &(vuser->dc), &(q_r.clnt_chal), mach_acct); @@ -352,6 +351,7 @@ static void api_lsa_auth_2( user_struct *vuser, { LSA_Q_AUTH_2 q_a; + DOM_CHAL srv_cred; UTIME srv_time; srv_time.time = 0; @@ -364,14 +364,15 @@ static void api_lsa_auth_2( user_struct *vuser, &(vuser->dc.clnt_cred), srv_time); /* create server challenge for inclusion in the reply */ - cred_create(vuser->dc.sess_key, &(vuser->dc.srv_cred), srv_time, &(vuser->dc.srv_chal)); + cred_create(vuser->dc.sess_key, &(vuser->dc.srv_cred), srv_time, &srv_cred); - /* update the client credentials (copy server challenge) for use next time */ - memcpy(vuser->dc.clnt_cred.data, vuser->dc.srv_chal.data, sizeof(vuser->dc.clnt_cred.data)); + /* update the client credentials for use next time */ + memcpy(vuser->dc.clnt_cred.data, &(srv_cred.data), sizeof(srv_cred.data)); + memcpy(vuser->dc.srv_cred .data, &(srv_cred.data), sizeof(srv_cred.data)); /* construct reply. */ *rdata_len = lsa_reply_auth_2(&q_a, *rdata + 0x18, *rdata, - &(vuser->dc.srv_chal), 0x0); + &srv_cred, 0x0); } diff --git a/source/pipentlsa.c b/source/pipentlsa.c index 55deffabd6f..9a57b6df9b7 100644 --- a/source/pipentlsa.c +++ b/source/pipentlsa.c @@ -59,14 +59,13 @@ static void make_dom_query(DOM_QUERY *d_q, char *dom_name, char *dom_sid) int domlen = strlen(dom_name); d_q->uni_dom_max_len = domlen * 2; - d_q->padding = 0; d_q->uni_dom_str_len = domlen * 2; - d_q->buffer_dom_name = 0; /* domain buffer pointer */ - d_q->buffer_dom_sid = 0; /* domain sid pointer */ + d_q->buffer_dom_name = 1; /* domain buffer pointer */ + d_q->buffer_dom_sid = 1; /* domain sid pointer */ - /* NOT null-terminated: 4-terminated instead! */ - make_unistr2(&(d_q->uni_domain_name), dom_name, domlen, 4); + /* this string is supposed to be character short */ + make_unistr2(&(d_q->uni_domain_name), dom_name, domlen); make_dom_sid(&(d_q->dom_sid), dom_sid); } diff --git a/source/pipeutil.c b/source/pipeutil.c index ce3f1535c4c..b9201f3c958 100644 --- a/source/pipeutil.c +++ b/source/pipeutil.c @@ -180,18 +180,15 @@ void make_unistr(UNISTR *str, char *buf) PutUniCode((char *)(str->buffer), buf); } -void make_unistr2(UNISTR2 *str, char *buf, int len, char terminate) +void make_unistr2(UNISTR2 *str, char *buf, int len) { /* set up string lengths. add one if string is not null-terminated */ - str->uni_max_len = len + (terminate != 0 ? 1 : 0); + str->uni_max_len = len; str->undoc = 0; str->uni_str_len = len; /* store the string (null-terminated copy) */ PutUniCode((char *)str->buffer, buf); - - /* overwrite the last character: some strings are terminated with 4 not 0 */ - str->buffer[len] = (uint16)terminate; } void make_dom_rid2(DOM_RID2 *rid2, uint32 rid) diff --git a/source/smbparse.c b/source/smbparse.c index ba3e073e5fb..39200f53516 100644 --- a/source/smbparse.c +++ b/source/smbparse.c @@ -73,6 +73,7 @@ char* smb_io_dom_sid(BOOL io, DOM_SID *sid, char *q, char *base, int align, int q = align_offset(q, base, align); + DBG_RW_CVAL("num_auths ", depth, base, io, q, sid->num_auths); q++; DBG_RW_CVAL("sid_no ", depth, base, io, q, sid->sid_no); q++; DBG_RW_CVAL("num_auths ", depth, base, io, q, sid->num_auths); q++; @@ -279,8 +280,11 @@ char* smb_io_chal(BOOL io, DOM_CHAL *chal, char *q, char *base, int align, int d q = align_offset(q, base, align); + DBG_RW_IVAL("data[0]", depth, base, io, q, chal->data[0]); q += 4; + DBG_RW_IVAL("data[1]", depth, base, io, q, chal->data[1]); q += 4; +/* DBG_RW_PCVAL("data", depth, base, io, q, chal->data, 8); q += 8; - +*/ return q; } @@ -510,9 +514,7 @@ char* smb_io_dom_query(BOOL io, DOM_QUERY *d_q, char *q, char *base, int align, q = align_offset(q, base, align); - DBG_RW_SVAL("uni_dom_max_len", depth, base, io, q, d_q->uni_dom_max_len); q += 2; /* domain name string length * 2 */ - DBG_RW_SVAL("padding ", depth, base, io, q, d_q->padding ); q += 2; /* 2 padding bytes */ DBG_RW_SVAL("uni_dom_str_len", depth, base, io, q, d_q->uni_dom_str_len); q += 2; /* domain name string length * 2 */ DBG_RW_IVAL("buffer_dom_name", depth, base, io, q, d_q->buffer_dom_name); q += 4; /* undocumented domain name string buffer pointer */ |