diff options
-rw-r--r-- | source/include/proto.h | 3 | ||||
-rw-r--r-- | source/include/rpc_dce.h | 22 | ||||
-rw-r--r-- | source/rpc_parse/parse_prs.c | 8 | ||||
-rw-r--r-- | source/rpc_parse/parse_rpc.c | 15 | ||||
-rw-r--r-- | source/rpc_server/srv_pipe_hnd.c | 14 | ||||
-rw-r--r-- | source/smbd/ipc.c | 12 | ||||
-rw-r--r-- | source/smbd/pipes.c | 47 | ||||
-rw-r--r-- | source/smbd/process.c | 2 | ||||
-rw-r--r-- | source/smbd/reply.c | 4 |
9 files changed, 105 insertions, 22 deletions
diff --git a/source/include/proto.h b/source/include/proto.h index e5b6c0b08e6..7492cb7615e 100644 --- a/source/include/proto.h +++ b/source/include/proto.h @@ -1489,6 +1489,7 @@ void prs_init(prs_struct *ps, uint32 size, uint8 align, uint32 margin, BOOL io); void prs_mem_free(prs_struct *ps); +void prs_link(prs_struct *ps, prs_struct const *const to); void prs_align(prs_struct *ps); BOOL prs_grow(prs_struct *ps); BOOL prs_uint8(char *name, prs_struct *ps, int depth, uint8 *data8); @@ -1827,6 +1828,7 @@ void reset_chain_p(void); void init_rpc_pipe_hnd(void); pipes_struct *open_rpc_pipe_p(char *pipe_name, connection_struct *conn, uint16 vuid); +int write_pipe(pipes_struct *p, char *data, int n); int read_pipe(pipes_struct *p, char *data, uint32 pos, int n); BOOL set_rpc_pipe_hnd_state(pipes_struct *p, uint16 device_state); BOOL close_rpc_pipe_hnd(pipes_struct *p, connection_struct *conn); @@ -2160,6 +2162,7 @@ BOOL domain_client_validate( char *user, char *domain, int reply_open_pipe_and_X(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize); +int reply_pipe_write_and_X(char *inbuf,char *outbuf,int length,int bufsize); int reply_pipe_read_and_X(char *inbuf,char *outbuf,int length,int bufsize); int reply_pipe_close(connection_struct *conn, char *inbuf,char *outbuf); diff --git a/source/include/rpc_dce.h b/source/include/rpc_dce.h index 4362b40cd2a..a599abb19ca 100644 --- a/source/include/rpc_dce.h +++ b/source/include/rpc_dce.h @@ -47,7 +47,7 @@ enum NTLM_MESSAGE_TYPE NTLMSSP_NEGOTIATE = 1, NTLMSSP_CHALLENGE = 2, NTLMSSP_AUTH = 3, - NTLMSSP_UNKNOWN = 4 + NTLMSSP_UNKNOWN = 4, }; /* NTLMSSP negotiation flags */ @@ -220,7 +220,9 @@ typedef struct rpc_auth_ntlmssp_chal_info uint32 neg_flags; /* 0x0000 82b1 */ uint8 challenge[8]; /* ntlm challenge */ +#if 0 uint8 reserved [8]; /* zeros */ +#endif } RPC_AUTH_NTLMSSP_CHAL; @@ -231,17 +233,17 @@ typedef struct rpc_auth_ntlmssp_resp_info STRHDR hdr_lm_resp; /* 24 byte response */ STRHDR hdr_nt_resp; /* 24 byte response */ STRHDR hdr_domain; - UNIHDR hdr_usr; - UNIHDR hdr_wks; - UNIHDR hdr_sess_key; /* NULL unless negotiated */ + STRHDR hdr_usr; + STRHDR hdr_wks; + STRHDR hdr_sess_key; /* NULL unless negotiated */ uint32 neg_flags; /* 0x0000 82b1 */ - fstring uni_sess_key; - fstring uni_wks; - fstring uni_usr; - fstring uni_domain; - fstring str_nt_resp; - fstring str_lm_resp; + fstring sess_key; + fstring wks; + fstring user; + fstring domain; + fstring nt_resp; + fstring lm_resp; } RPC_AUTH_NTLMSSP_RESP; diff --git a/source/rpc_parse/parse_prs.c b/source/rpc_parse/parse_prs.c index f166bbd7047..34f72596ce0 100644 --- a/source/rpc_parse/parse_prs.c +++ b/source/rpc_parse/parse_prs.c @@ -67,6 +67,14 @@ void prs_mem_free(prs_struct *ps) } /******************************************************************* + link one parsing structure to another + ********************************************************************/ +void prs_link(prs_struct *ps, prs_struct const *const to) +{ + DEBUG(0,("NOT IMPLEMENTED\n")); +} + +/******************************************************************* align a pointer to a multiple of align_offset bytes. looks like it will work for offsets of 0, 2 and 4... ********************************************************************/ diff --git a/source/rpc_parse/parse_rpc.c b/source/rpc_parse/parse_rpc.c index 6a1d2f57130..90a013dc12b 100644 --- a/source/rpc_parse/parse_rpc.c +++ b/source/rpc_parse/parse_rpc.c @@ -470,7 +470,7 @@ void make_rpc_auth_verifier(RPC_AUTH_VERIFIER *rav, rav->stub_type_len = stub_type_len; /* 0x00 */ rav->padding = 0; /* padding 0x00 */ - rav->ptr_0 = 1; /* non-zero pointer to something */ + rav->ptr_0 = 0x0014a0c0; /* non-zero pointer to something */ fstrcpy(rav->signature, signature); /* "NTLMSSP" */ rav->msg_type = msg_type; /* NTLMSSP_MESSAGE_TYPE */ @@ -511,7 +511,9 @@ void make_rpc_auth_ntlmssp_chal(RPC_AUTH_NTLMSSP_CHAL *chl, chl->neg_flags = neg_flags; /* 0x0082b1 */ memcpy(chl->challenge, challenge, sizeof(chl->challenge)); +/* bzero (chl->reserved , sizeof(chl->reserved)); + */ } /******************************************************************* @@ -529,7 +531,9 @@ void smb_io_rpc_auth_ntlmssp_chal(char *desc, RPC_AUTH_NTLMSSP_CHAL *chl, prs_st prs_uint32("neg_flags", ps, depth, &(chl->neg_flags)); /* 0x0000 82b1 */ prs_uint8s (False, "challenge", ps, depth, chl->challenge, sizeof(chl->challenge)); +/* prs_uint8s (False, "reserved ", ps, depth, chl->reserved , sizeof(chl->reserved )); + */ } /******************************************************************* @@ -551,22 +555,19 @@ void make_rpc_auth_ntlmssp_resp(RPC_AUTH_NTLMSSP_RESP *rsp, make_str_hdr(&rsp->hdr_lm_resp, lm_len, lm_len, 1); make_str_hdr(&rsp->hdr_nt_resp, nt_len, nt_len, 1); make_str_hdr(&rsp->hdr_domain , dom_len, dom_len, 1); -#if BROKEN_CODE make_str_hdr(&rsp->hdr_usr , usr_len, usr_len, 1); make_str_hdr(&rsp->hdr_wks , wks_len, wks_len, 1); make_str_hdr(&rsp->hdr_sess_key, 0, 0, 1); -#endif rsp->neg_flags = neg_flags; -#if BROKEN_CODE memcpy(&rsp->lm_resp, lm_resp, 24); memcpy(&rsp->nt_resp, nt_resp, 24); fstrcpy(rsp->domain, domain); fstrcpy(rsp->user , user ); fstrcpy(rsp->wks , wks ); rsp->sess_key[0] = 0; -#endif + } @@ -583,22 +584,18 @@ void smb_io_rpc_auth_ntlmssp_resp(char *desc, RPC_AUTH_NTLMSSP_RESP *rsp, prs_st smb_io_strhdr("hdr_lm_resp ", &rsp->hdr_lm_resp , ps, depth); smb_io_strhdr("hdr_nt_resp ", &rsp->hdr_nt_resp , ps, depth); smb_io_strhdr("hdr_domain ", &rsp->hdr_domain , ps, depth); -#if BROKEN_CODE smb_io_strhdr("hdr_user ", &rsp->hdr_usr , ps, depth); smb_io_strhdr("hdr_wks ", &rsp->hdr_wks , ps, depth); smb_io_strhdr("hdr_sess_key", &rsp->hdr_sess_key, ps, depth); -#endif prs_uint32("neg_flags", ps, depth, &(rsp->neg_flags)); /* 0x0000 82b1 */ -#if BROKEN_CODE prs_string("sess_key", ps, depth, rsp->sess_key, rsp->hdr_sess_key.str_str_len, sizeof(rsp->sess_key)); prs_string("wks ", ps, depth, rsp->wks , rsp->hdr_wks .str_str_len, sizeof(rsp->wks )); prs_string("user ", ps, depth, rsp->user , rsp->hdr_usr .str_str_len, sizeof(rsp->user )); prs_string("domain ", ps, depth, rsp->domain , rsp->hdr_domain .str_str_len, sizeof(rsp->domain )); prs_string("nt_resp ", ps, depth, rsp->nt_resp , rsp->hdr_nt_resp .str_str_len, sizeof(rsp->nt_resp )); prs_string("lm_resp ", ps, depth, rsp->lm_resp , rsp->hdr_lm_resp .str_str_len, sizeof(rsp->lm_resp )); -#endif } #if 0 diff --git a/source/rpc_server/srv_pipe_hnd.c b/source/rpc_server/srv_pipe_hnd.c index cb1ec963d93..e898a8606f2 100644 --- a/source/rpc_server/srv_pipe_hnd.c +++ b/source/rpc_server/srv_pipe_hnd.c @@ -154,6 +154,20 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, /**************************************************************************** + writes data to a pipe. + ****************************************************************************/ +int write_pipe(pipes_struct *p, char *data, int n) +{ + DEBUG(6,("write_pipe: %x", p->pnum)); + + DEBUG(6,("name: %s open: %s len: %d", + p->name, BOOLSTR(p->open), n)); + + return -1; +} + + +/**************************************************************************** reads data from a pipe. headers are interspersed with the data at regular intervals. by the time diff --git a/source/smbd/ipc.c b/source/smbd/ipc.c index ebb3c11da83..f2831ce888c 100644 --- a/source/smbd/ipc.c +++ b/source/smbd/ipc.c @@ -3159,6 +3159,7 @@ static struct api_cmd api_fd_commands[] = static BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *pd) { BOOL ntlmssp_auth = False; + uint16 assoc_gid; fstring ack_pipe_name; int i = 0; @@ -3214,10 +3215,19 @@ static BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *pd) /*** do the bind ack first ***/ /***/ + if (ntlmssp_auth) + { + assoc_gid = 0x7a77; + } + else + { + assoc_gid = p->hdr_rb.bba.assoc_gid; + } + make_rpc_hdr_ba(&p->hdr_ba, p->hdr_rb.bba.max_tsize, p->hdr_rb.bba.max_rsize, - p->hdr_rb.bba.assoc_gid, + assoc_gid, ack_pipe_name, 0x1, 0x0, 0x0, &(p->hdr_rb.transfer)); diff --git a/source/smbd/pipes.c b/source/smbd/pipes.c index 15d395b29a3..00eec4e0e35 100644 --- a/source/smbd/pipes.c +++ b/source/smbd/pipes.c @@ -106,6 +106,50 @@ int reply_open_pipe_and_X(connection_struct *conn, /**************************************************************************** + reply to a write and X + + This code is basically stolen from reply_write_and_X with some + wrinkles to handle pipes. +****************************************************************************/ +int reply_pipe_write_and_X(char *inbuf,char *outbuf,int length,int bufsize) +{ + pipes_struct *p = get_rpc_pipe_p(inbuf,smb_vwv2); + uint32 smb_offs = IVAL(inbuf,smb_vwv3); + size_t numtowrite = SVAL(inbuf,smb_vwv10); + BOOL write_through = BITSETW(inbuf+smb_vwv7, 0); + int nwritten = -1; + int smb_doff = SVAL(inbuf, smb_vwv11); + char *data; + + if (!p) return(ERROR(ERRDOS,ERRbadfid)); + + data = smb_buf(inbuf) + smb_doff; + + if (numtowrite == 0) + { + nwritten = 0; + } + else + { + nwritten = write_pipe(p, data, numtowrite); + } + + if ((nwritten == 0 && numtowrite != 0) || (nwritten < 0)) + { + return (UNIXERROR(ERRDOS,ERRnoaccess)); + } + + set_message(outbuf,6,0,True); + + SSVAL(outbuf,smb_vwv2,nwritten); + + DEBUG(3,("writeX-IPC pnum=%04x nwritten=%d\n", + p->pnum, nwritten)); + + return chain_reply(inbuf,outbuf,length,bufsize); +} + +/**************************************************************************** reply to a read and X This code is basically stolen from reply_read_and_X with some @@ -134,11 +178,12 @@ int reply_pipe_read_and_X(char *inbuf,char *outbuf,int length,int bufsize) SSVAL(outbuf,smb_vwv6,smb_offset(data,outbuf)); SSVAL(smb_buf(outbuf),-2,nread); - DEBUG(3,("readX pnum=%04x min=%d max=%d nread=%d\n", + DEBUG(3,("readX-IPC pnum=%04x min=%d max=%d nread=%d\n", p->pnum, smb_mincnt, smb_maxcnt, nread)); return chain_reply(inbuf,outbuf,length,bufsize); } + /**************************************************************************** reply to a close ****************************************************************************/ diff --git a/source/smbd/process.c b/source/smbd/process.c index 656e2e99e12..6e1bdc941a3 100644 --- a/source/smbd/process.c +++ b/source/smbd/process.c @@ -329,7 +329,7 @@ struct smb_message_struct {SMBopenX,"SMBopenX",reply_open_and_X,AS_USER | CAN_IPC | QUEUE_IN_OPLOCK }, {SMBreadX,"SMBreadX",reply_read_and_X,AS_USER | CAN_IPC }, - {SMBwriteX,"SMBwriteX",reply_write_and_X,AS_USER}, + {SMBwriteX,"SMBwriteX",reply_write_and_X,AS_USER | CAN_IPC }, {SMBlockingX,"SMBlockingX",reply_lockingX,AS_USER}, {SMBffirst,"SMBffirst",reply_search,AS_USER}, diff --git a/source/smbd/reply.c b/source/smbd/reply.c index 6dfff54a0ff..7cbd0520d94 100644 --- a/source/smbd/reply.c +++ b/source/smbd/reply.c @@ -2250,6 +2250,10 @@ int reply_write_and_X(connection_struct *conn, char *inbuf,char *outbuf,int leng int smb_doff = SVAL(inbuf,smb_vwv11); char *data; + /* If it's an IPC, pass off the pipe handler. */ + if (IS_IPC(conn)) + return reply_pipe_write_and_X(inbuf,outbuf,length,bufsize); + CHECK_FSP(fsp,conn); CHECK_WRITE(fsp); CHECK_ERROR(fsp); |