The branch, master has been updated
via b0d7a3d... Thanks to Andrew Bartlett's advice, fix the NTLMSSP
version problem the correct way.
from ac93412... pynet: Raise proper exceptions rather than invoking
sys.exit.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit b0d7a3d123cb96049dc782b317554448acdae1a2
Author: Jeremy Allison <j...@samba.org>
Date: Wed May 19 10:34:44 2010 -0700
Thanks to Andrew Bartlett's advice, fix the NTLMSSP version problem the
correct way.
No more magic blobs :-). Use ndr_push_struct_blob() to
push a properly formatted VERSION struct.
Jeremy.
-----------------------------------------------------------------------
Summary of changes:
libcli/auth/msrpc_parse.c | 5 +++-
librpc/idl/ntlmssp.idl | 2 +-
source3/libsmb/ntlmssp.c | 66 +++++++++++++++++++++++---------------------
3 files changed, 39 insertions(+), 34 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/auth/msrpc_parse.c b/libcli/auth/msrpc_parse.c
index 336611d..7ac6fb5 100644
--- a/libcli/auth/msrpc_parse.c
+++ b/libcli/auth/msrpc_parse.c
@@ -174,7 +174,10 @@ bool msrpc_gen(TALLOC_CTX *mem_ctx,
break;
case 'b':
n = pointers[i].length;
- memcpy(blob->data + head_ofs, pointers[i].data, n);
+ if (pointers[i].data && n) {
+ /* don't follow null pointers... */
+ memcpy(blob->data + head_ofs, pointers[i].data,
n);
+ }
head_ofs += n;
break;
case 'C':
diff --git a/librpc/idl/ntlmssp.idl b/librpc/idl/ntlmssp.idl
index 1227952..eb9ab29 100644
--- a/librpc/idl/ntlmssp.idl
+++ b/librpc/idl/ntlmssp.idl
@@ -86,7 +86,7 @@ interface ntlmssp
/* [MS-NLMP] 2.2.2.10 VERSION */
- typedef struct {
+ typedef [public] struct {
ntlmssp_WindowsMajorVersion ProductMajorVersion;
ntlmssp_WindowsMinorVersion ProductMinorVersion;
uint16 ProductBuild;
diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
index 1f6720c..2fc8adf 100644
--- a/source3/libsmb/ntlmssp.c
+++ b/source3/libsmb/ntlmssp.c
@@ -522,45 +522,47 @@ static NTSTATUS ntlmssp_server_negotiate(struct
ntlmssp_state *ntlmssp_state,
{
/* Marshal the packet in the right format, be it unicode or
ASCII */
const char *gen_string;
- /* "What Windows returns" as a version number. */
- const char vers[] = { 0x6, 0x1, 0xb0, 0x1d, 0, 0, 0, 0xf};
+ DATA_BLOB version_blob = data_blob_null;
if (chal_flags & NTLMSSP_NEGOTIATE_VERSION) {
- DATA_BLOB version_blob =
data_blob_talloc(ntlmssp_state, vers, 8);
-
- if (ntlmssp_state->unicode) {
- gen_string = "CdUdbddBb";
- } else {
- gen_string = "CdAdbddBb";
+ enum ndr_err_code err;
+ struct VERSION vers;
+
+ /* "What Windows returns" as a version number. */
+ ZERO_STRUCT(vers);
+ vers.ProductMajorVersion =
NTLMSSP_WINDOWS_MAJOR_VERSION_6;
+ vers.ProductMinorVersion =
NTLMSSP_WINDOWS_MINOR_VERSION_1;
+ vers.ProductBuild = 0;
+ vers.NTLMRevisionCurrent = NTLMSSP_REVISION_W2K3;
+
+ err = ndr_push_struct_blob(&version_blob,
+ ntlmssp_state,
+ &vers,
+
(ndr_push_flags_fn_t)ndr_push_VERSION);
+
+ if (err) {
+ return NT_STATUS_NO_MEMORY;
}
+ }
- msrpc_gen(ntlmssp_state, reply, gen_string,
- "NTLMSSP",
- NTLMSSP_CHALLENGE,
- target_name,
- chal_flags,
- cryptkey, 8,
- 0, 0,
- struct_blob.data, struct_blob.length,
- version_blob.data, version_blob.length);
- data_blob_free(&version_blob);
+ if (ntlmssp_state->unicode) {
+ gen_string = "CdUdbddBb";
} else {
- if (ntlmssp_state->unicode) {
- gen_string = "CdUdbddB";
- } else {
- gen_string = "CdAdbddB";
- }
-
- msrpc_gen(ntlmssp_state, reply, gen_string,
- "NTLMSSP",
- NTLMSSP_CHALLENGE,
- target_name,
- chal_flags,
- cryptkey, 8,
- 0, 0,
- struct_blob.data, struct_blob.length);
+ gen_string = "CdAdbddBb";
}
+ msrpc_gen(ntlmssp_state, reply, gen_string,
+ "NTLMSSP",
+ NTLMSSP_CHALLENGE,
+ target_name,
+ chal_flags,
+ cryptkey, 8,
+ 0, 0,
+ struct_blob.data, struct_blob.length,
+ version_blob.data, version_blob.length);
+
+ data_blob_free(&version_blob);
+
if (DEBUGLEVEL >= 10) {
if
(NT_STATUS_IS_OK(ntlmssp_pull_CHALLENGE_MESSAGE(reply,
ntlmssp_state,
--
Samba Shared Repository
