summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source/include/proto.h3
-rw-r--r--source/include/rpc_dce.h22
-rw-r--r--source/rpc_parse/parse_prs.c8
-rw-r--r--source/rpc_parse/parse_rpc.c15
-rw-r--r--source/rpc_server/srv_pipe_hnd.c14
-rw-r--r--source/smbd/ipc.c12
-rw-r--r--source/smbd/pipes.c47
-rw-r--r--source/smbd/process.c2
-rw-r--r--source/smbd/reply.c4
9 files changed, 105 insertions, 22 deletions
diff --git a/source/include/proto.h b/source/include/proto.h
index e5b6c0b08e6..7492cb7615e 100644
--- a/source/include/proto.h
+++ b/source/include/proto.h
@@ -1489,6 +1489,7 @@ void prs_init(prs_struct *ps, uint32 size,
uint8 align, uint32 margin,
BOOL io);
void prs_mem_free(prs_struct *ps);
+void prs_link(prs_struct *ps, prs_struct const *const to);
void prs_align(prs_struct *ps);
BOOL prs_grow(prs_struct *ps);
BOOL prs_uint8(char *name, prs_struct *ps, int depth, uint8 *data8);
@@ -1827,6 +1828,7 @@ void reset_chain_p(void);
void init_rpc_pipe_hnd(void);
pipes_struct *open_rpc_pipe_p(char *pipe_name,
connection_struct *conn, uint16 vuid);
+int write_pipe(pipes_struct *p, char *data, int n);
int read_pipe(pipes_struct *p, char *data, uint32 pos, int n);
BOOL set_rpc_pipe_hnd_state(pipes_struct *p, uint16 device_state);
BOOL close_rpc_pipe_hnd(pipes_struct *p, connection_struct *conn);
@@ -2160,6 +2162,7 @@ BOOL domain_client_validate( char *user, char *domain,
int reply_open_pipe_and_X(connection_struct *conn,
char *inbuf,char *outbuf,int length,int bufsize);
+int reply_pipe_write_and_X(char *inbuf,char *outbuf,int length,int bufsize);
int reply_pipe_read_and_X(char *inbuf,char *outbuf,int length,int bufsize);
int reply_pipe_close(connection_struct *conn, char *inbuf,char *outbuf);
diff --git a/source/include/rpc_dce.h b/source/include/rpc_dce.h
index 4362b40cd2a..a599abb19ca 100644
--- a/source/include/rpc_dce.h
+++ b/source/include/rpc_dce.h
@@ -47,7 +47,7 @@ enum NTLM_MESSAGE_TYPE
NTLMSSP_NEGOTIATE = 1,
NTLMSSP_CHALLENGE = 2,
NTLMSSP_AUTH = 3,
- NTLMSSP_UNKNOWN = 4
+ NTLMSSP_UNKNOWN = 4,
};
/* NTLMSSP negotiation flags */
@@ -220,7 +220,9 @@ typedef struct rpc_auth_ntlmssp_chal_info
uint32 neg_flags; /* 0x0000 82b1 */
uint8 challenge[8]; /* ntlm challenge */
+#if 0
uint8 reserved [8]; /* zeros */
+#endif
} RPC_AUTH_NTLMSSP_CHAL;
@@ -231,17 +233,17 @@ typedef struct rpc_auth_ntlmssp_resp_info
STRHDR hdr_lm_resp; /* 24 byte response */
STRHDR hdr_nt_resp; /* 24 byte response */
STRHDR hdr_domain;
- UNIHDR hdr_usr;
- UNIHDR hdr_wks;
- UNIHDR hdr_sess_key; /* NULL unless negotiated */
+ STRHDR hdr_usr;
+ STRHDR hdr_wks;
+ STRHDR hdr_sess_key; /* NULL unless negotiated */
uint32 neg_flags; /* 0x0000 82b1 */
- fstring uni_sess_key;
- fstring uni_wks;
- fstring uni_usr;
- fstring uni_domain;
- fstring str_nt_resp;
- fstring str_lm_resp;
+ fstring sess_key;
+ fstring wks;
+ fstring user;
+ fstring domain;
+ fstring nt_resp;
+ fstring lm_resp;
} RPC_AUTH_NTLMSSP_RESP;
diff --git a/source/rpc_parse/parse_prs.c b/source/rpc_parse/parse_prs.c
index f166bbd7047..34f72596ce0 100644
--- a/source/rpc_parse/parse_prs.c
+++ b/source/rpc_parse/parse_prs.c
@@ -67,6 +67,14 @@ void prs_mem_free(prs_struct *ps)
}
/*******************************************************************
+ link one parsing structure to another
+ ********************************************************************/
+void prs_link(prs_struct *ps, prs_struct const *const to)
+{
+ DEBUG(0,("NOT IMPLEMENTED\n"));
+}
+
+/*******************************************************************
align a pointer to a multiple of align_offset bytes. looks like it
will work for offsets of 0, 2 and 4...
********************************************************************/
diff --git a/source/rpc_parse/parse_rpc.c b/source/rpc_parse/parse_rpc.c
index 6a1d2f57130..90a013dc12b 100644
--- a/source/rpc_parse/parse_rpc.c
+++ b/source/rpc_parse/parse_rpc.c
@@ -470,7 +470,7 @@ void make_rpc_auth_verifier(RPC_AUTH_VERIFIER *rav,
rav->stub_type_len = stub_type_len; /* 0x00 */
rav->padding = 0; /* padding 0x00 */
- rav->ptr_0 = 1; /* non-zero pointer to something */
+ rav->ptr_0 = 0x0014a0c0; /* non-zero pointer to something */
fstrcpy(rav->signature, signature); /* "NTLMSSP" */
rav->msg_type = msg_type; /* NTLMSSP_MESSAGE_TYPE */
@@ -511,7 +511,9 @@ void make_rpc_auth_ntlmssp_chal(RPC_AUTH_NTLMSSP_CHAL *chl,
chl->neg_flags = neg_flags; /* 0x0082b1 */
memcpy(chl->challenge, challenge, sizeof(chl->challenge));
+/*
bzero (chl->reserved , sizeof(chl->reserved));
+ */
}
/*******************************************************************
@@ -529,7 +531,9 @@ void smb_io_rpc_auth_ntlmssp_chal(char *desc, RPC_AUTH_NTLMSSP_CHAL *chl, prs_st
prs_uint32("neg_flags", ps, depth, &(chl->neg_flags)); /* 0x0000 82b1 */
prs_uint8s (False, "challenge", ps, depth, chl->challenge, sizeof(chl->challenge));
+/*
prs_uint8s (False, "reserved ", ps, depth, chl->reserved , sizeof(chl->reserved ));
+ */
}
/*******************************************************************
@@ -551,22 +555,19 @@ void make_rpc_auth_ntlmssp_resp(RPC_AUTH_NTLMSSP_RESP *rsp,
make_str_hdr(&rsp->hdr_lm_resp, lm_len, lm_len, 1);
make_str_hdr(&rsp->hdr_nt_resp, nt_len, nt_len, 1);
make_str_hdr(&rsp->hdr_domain , dom_len, dom_len, 1);
-#if BROKEN_CODE
make_str_hdr(&rsp->hdr_usr , usr_len, usr_len, 1);
make_str_hdr(&rsp->hdr_wks , wks_len, wks_len, 1);
make_str_hdr(&rsp->hdr_sess_key, 0, 0, 1);
-#endif
rsp->neg_flags = neg_flags;
-#if BROKEN_CODE
memcpy(&rsp->lm_resp, lm_resp, 24);
memcpy(&rsp->nt_resp, nt_resp, 24);
fstrcpy(rsp->domain, domain);
fstrcpy(rsp->user , user );
fstrcpy(rsp->wks , wks );
rsp->sess_key[0] = 0;
-#endif
+
}
@@ -583,22 +584,18 @@ void smb_io_rpc_auth_ntlmssp_resp(char *desc, RPC_AUTH_NTLMSSP_RESP *rsp, prs_st
smb_io_strhdr("hdr_lm_resp ", &rsp->hdr_lm_resp , ps, depth);
smb_io_strhdr("hdr_nt_resp ", &rsp->hdr_nt_resp , ps, depth);
smb_io_strhdr("hdr_domain ", &rsp->hdr_domain , ps, depth);
-#if BROKEN_CODE
smb_io_strhdr("hdr_user ", &rsp->hdr_usr , ps, depth);
smb_io_strhdr("hdr_wks ", &rsp->hdr_wks , ps, depth);
smb_io_strhdr("hdr_sess_key", &rsp->hdr_sess_key, ps, depth);
-#endif
prs_uint32("neg_flags", ps, depth, &(rsp->neg_flags)); /* 0x0000 82b1 */
-#if BROKEN_CODE
prs_string("sess_key", ps, depth, rsp->sess_key, rsp->hdr_sess_key.str_str_len, sizeof(rsp->sess_key));
prs_string("wks ", ps, depth, rsp->wks , rsp->hdr_wks .str_str_len, sizeof(rsp->wks ));
prs_string("user ", ps, depth, rsp->user , rsp->hdr_usr .str_str_len, sizeof(rsp->user ));
prs_string("domain ", ps, depth, rsp->domain , rsp->hdr_domain .str_str_len, sizeof(rsp->domain ));
prs_string("nt_resp ", ps, depth, rsp->nt_resp , rsp->hdr_nt_resp .str_str_len, sizeof(rsp->nt_resp ));
prs_string("lm_resp ", ps, depth, rsp->lm_resp , rsp->hdr_lm_resp .str_str_len, sizeof(rsp->lm_resp ));
-#endif
}
#if 0
diff --git a/source/rpc_server/srv_pipe_hnd.c b/source/rpc_server/srv_pipe_hnd.c
index cb1ec963d93..e898a8606f2 100644
--- a/source/rpc_server/srv_pipe_hnd.c
+++ b/source/rpc_server/srv_pipe_hnd.c
@@ -154,6 +154,20 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name,
/****************************************************************************
+ writes data to a pipe.
+ ****************************************************************************/
+int write_pipe(pipes_struct *p, char *data, int n)
+{
+ DEBUG(6,("write_pipe: %x", p->pnum));
+
+ DEBUG(6,("name: %s open: %s len: %d",
+ p->name, BOOLSTR(p->open), n));
+
+ return -1;
+}
+
+
+/****************************************************************************
reads data from a pipe.
headers are interspersed with the data at regular intervals. by the time
diff --git a/source/smbd/ipc.c b/source/smbd/ipc.c
index ebb3c11da83..f2831ce888c 100644
--- a/source/smbd/ipc.c
+++ b/source/smbd/ipc.c
@@ -3159,6 +3159,7 @@ static struct api_cmd api_fd_commands[] =
static BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *pd)
{
BOOL ntlmssp_auth = False;
+ uint16 assoc_gid;
fstring ack_pipe_name;
int i = 0;
@@ -3214,10 +3215,19 @@ static BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *pd)
/*** do the bind ack first ***/
/***/
+ if (ntlmssp_auth)
+ {
+ assoc_gid = 0x7a77;
+ }
+ else
+ {
+ assoc_gid = p->hdr_rb.bba.assoc_gid;
+ }
+
make_rpc_hdr_ba(&p->hdr_ba,
p->hdr_rb.bba.max_tsize,
p->hdr_rb.bba.max_rsize,
- p->hdr_rb.bba.assoc_gid,
+ assoc_gid,
ack_pipe_name,
0x1, 0x0, 0x0,
&(p->hdr_rb.transfer));
diff --git a/source/smbd/pipes.c b/source/smbd/pipes.c
index 15d395b29a3..00eec4e0e35 100644
--- a/source/smbd/pipes.c
+++ b/source/smbd/pipes.c
@@ -106,6 +106,50 @@ int reply_open_pipe_and_X(connection_struct *conn,
/****************************************************************************
+ reply to a write and X
+
+ This code is basically stolen from reply_write_and_X with some
+ wrinkles to handle pipes.
+****************************************************************************/
+int reply_pipe_write_and_X(char *inbuf,char *outbuf,int length,int bufsize)
+{
+ pipes_struct *p = get_rpc_pipe_p(inbuf,smb_vwv2);
+ uint32 smb_offs = IVAL(inbuf,smb_vwv3);
+ size_t numtowrite = SVAL(inbuf,smb_vwv10);
+ BOOL write_through = BITSETW(inbuf+smb_vwv7, 0);
+ int nwritten = -1;
+ int smb_doff = SVAL(inbuf, smb_vwv11);
+ char *data;
+
+ if (!p) return(ERROR(ERRDOS,ERRbadfid));
+
+ data = smb_buf(inbuf) + smb_doff;
+
+ if (numtowrite == 0)
+ {
+ nwritten = 0;
+ }
+ else
+ {
+ nwritten = write_pipe(p, data, numtowrite);
+ }
+
+ if ((nwritten == 0 && numtowrite != 0) || (nwritten < 0))
+ {
+ return (UNIXERROR(ERRDOS,ERRnoaccess));
+ }
+
+ set_message(outbuf,6,0,True);
+
+ SSVAL(outbuf,smb_vwv2,nwritten);
+
+ DEBUG(3,("writeX-IPC pnum=%04x nwritten=%d\n",
+ p->pnum, nwritten));
+
+ return chain_reply(inbuf,outbuf,length,bufsize);
+}
+
+/****************************************************************************
reply to a read and X
This code is basically stolen from reply_read_and_X with some
@@ -134,11 +178,12 @@ int reply_pipe_read_and_X(char *inbuf,char *outbuf,int length,int bufsize)
SSVAL(outbuf,smb_vwv6,smb_offset(data,outbuf));
SSVAL(smb_buf(outbuf),-2,nread);
- DEBUG(3,("readX pnum=%04x min=%d max=%d nread=%d\n",
+ DEBUG(3,("readX-IPC pnum=%04x min=%d max=%d nread=%d\n",
p->pnum, smb_mincnt, smb_maxcnt, nread));
return chain_reply(inbuf,outbuf,length,bufsize);
}
+
/****************************************************************************
reply to a close
****************************************************************************/
diff --git a/source/smbd/process.c b/source/smbd/process.c
index 656e2e99e12..6e1bdc941a3 100644
--- a/source/smbd/process.c
+++ b/source/smbd/process.c
@@ -329,7 +329,7 @@ struct smb_message_struct
{SMBopenX,"SMBopenX",reply_open_and_X,AS_USER | CAN_IPC | QUEUE_IN_OPLOCK },
{SMBreadX,"SMBreadX",reply_read_and_X,AS_USER | CAN_IPC },
- {SMBwriteX,"SMBwriteX",reply_write_and_X,AS_USER},
+ {SMBwriteX,"SMBwriteX",reply_write_and_X,AS_USER | CAN_IPC },
{SMBlockingX,"SMBlockingX",reply_lockingX,AS_USER},
{SMBffirst,"SMBffirst",reply_search,AS_USER},
diff --git a/source/smbd/reply.c b/source/smbd/reply.c
index 6dfff54a0ff..7cbd0520d94 100644
--- a/source/smbd/reply.c
+++ b/source/smbd/reply.c
@@ -2250,6 +2250,10 @@ int reply_write_and_X(connection_struct *conn, char *inbuf,char *outbuf,int leng
int smb_doff = SVAL(inbuf,smb_vwv11);
char *data;
+ /* If it's an IPC, pass off the pipe handler. */
+ if (IS_IPC(conn))
+ return reply_pipe_write_and_X(inbuf,outbuf,length,bufsize);
+
CHECK_FSP(fsp,conn);
CHECK_WRITE(fsp);
CHECK_ERROR(fsp);