static bool test_NetrMessageBufferSend(struct torture_context *tctx,
struct dcerpc_pipe *p)
{
NTSTATUS status;
struct wkssvc_NetrMessageBufferSend r;
const char *message = SMBTORTURE_MESSAGE;
size_t size;
uint16_t *msg;
struct dcerpc_binding_handle *b = p->binding_handle;
if (!push_ucs2_talloc(tctx, &msg, message, &size)) {
return false;
}
r.in.server_name = dcerpc_server_name(p);
r.in.message_name = dcerpc_server_name(p);
r.in.message_sender_name = dcerpc_server_name(p);
r.in.message_buffer = (uint8_t *)msg;
r.in.message_size = size;
torture_comment(tctx, "Testing NetrMessageBufferSend\n");
status = dcerpc_wkssvc_NetrMessageBufferSend_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status,
"NetrMessageBufferSend failed");
torture_assert_werr_ok(tctx, r.out.result,
"NetrMessageBufferSend failed");
return true;
}
static bool is_8_3(const char *fname, bool check_case, bool allow_wildcards,
const struct share_params *p)
{
const char *f;
smb_ucs2_t *ucs2name;
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
size_t size;
if (!fname || !*fname)
return False;
if ((f = strrchr(fname, '/')) == NULL)
f = fname;
else
f++;
if (strlen(f) > 12)
return False;
if (!push_ucs2_talloc(NULL, &ucs2name, f, &size)) {
DEBUG(0,("is_8_3: internal error push_ucs2_talloc() failed!\n"));
goto done;
}
ret = is_8_3_w(ucs2name, allow_wildcards);
done:
TALLOC_FREE(ucs2name);
if (!NT_STATUS_IS_OK(ret)) {
return False;
}
return True;
}
int rpcstr_push_talloc(TALLOC_CTX *ctx, smb_ucs2_t **dest, const char *src)
{
size_t size;
if (push_ucs2_talloc(ctx, dest, src, &size))
return size;
else
return -1;
}
static bool must_mangle(const char *name,
const struct share_params *p)
{
smb_ucs2_t *name_ucs2 = NULL;
NTSTATUS status;
size_t converted_size;
if (!push_ucs2_talloc(NULL, &name_ucs2, name, &converted_size)) {
DEBUG(0, ("push_ucs2_talloc failed!\n"));
return False;
}
status = is_valid_name(name_ucs2, False, False);
TALLOC_FREE(name_ucs2);
/* We return true if we *must* mangle, so if it's
* a valid name (status == OK) then we must return
* false. Bug #6939. */
return !NT_STATUS_IS_OK(status);
}
static bool must_mangle(const char *name,
const struct share_params *p)
{
smb_ucs2_t *name_ucs2 = NULL;
NTSTATUS status;
size_t converted_size;
char magic_char;
magic_char = lp_magicchar(p);
if (!push_ucs2_talloc(NULL, &name_ucs2, name, &converted_size)) {
DEBUG(0, ("push_ucs2_talloc failed!\n"));
return False;
}
status = is_valid_name(name_ucs2, False, False);
TALLOC_FREE(name_ucs2);
return NT_STATUS_IS_OK(status);
}
bool E_md4hash(const char *passwd, uint8_t p16[16])
{
size_t len;
smb_ucs2_t *wpwd;
bool ret;
ret = push_ucs2_talloc(NULL, &wpwd, passwd, &len);
if (!ret || len < 2) {
/* We don't want to return fixed data, as most callers
* don't check */
mdfour(p16, (const uint8_t *)passwd, strlen(passwd));
return false;
}
len -= 2;
mdfour(p16, (const uint8_t *)wpwd, len);
talloc_free(wpwd);
return true;
}
static bool hash_name_to_8_3(const char *in,
char out[13],
bool cache83,
int default_case,
const struct share_params *p)
{
smb_ucs2_t *in_ucs2 = NULL;
size_t converted_size;
char magic_char;
magic_char = lp_magicchar(p);
DEBUG(5,("hash_name_to_8_3( %s, cache83 = %s)\n", in,
cache83 ? "True" : "False"));
if (!push_ucs2_talloc(NULL, &in_ucs2, in, &converted_size)) {
DEBUG(0, ("push_ucs2_talloc failed!\n"));
return False;
}
/* If it's already 8.3, just copy. */
if (NT_STATUS_IS_OK(is_valid_name(in_ucs2, False, False)) &&
NT_STATUS_IS_OK(is_8_3_w(in_ucs2, False))) {
TALLOC_FREE(in_ucs2);
strlcpy(out, in, 13);
return True;
}
TALLOC_FREE(in_ucs2);
if (!to_8_3(magic_char, in, out, default_case)) {
return False;
}
cache_mangled_name(out, in);
DEBUG(5,("hash_name_to_8_3(%s) ==> [%s]\n", in, out));
return True;
}
static WERROR cmd_wkssvc_messagebuffersend(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
int argc,
const char **argv)
{
const char *server_name = cli->desthost;
const char *message_name = cli->desthost;
const char *message_sender_name = cli->desthost;
smb_ucs2_t *message_buffer = NULL;
size_t message_size = 0;
const char *message = "my message";
NTSTATUS status;
WERROR werr;
struct dcerpc_binding_handle *b = cli->binding_handle;
if (argc > 1) {
message = argv[1];
}
if (!push_ucs2_talloc(mem_ctx, &message_buffer, message,
&message_size))
{
return WERR_NOT_ENOUGH_MEMORY;
}
status = dcerpc_wkssvc_NetrMessageBufferSend(b, mem_ctx,
server_name,
message_name,
message_sender_name,
(uint8_t *)message_buffer,
message_size,
&werr);
if (!NT_STATUS_IS_OK(status)) {
return ntstatus_to_werror(status);
}
return werr;
}
/* Does both the NTLMv2 owfs of a user's password */
bool ntv2_owf_gen(const uint8_t owf[16],
const char *user_in, const char *domain_in,
uint8_t kr_buf[16])
{
smb_ucs2_t *user;
smb_ucs2_t *domain;
size_t user_byte_len;
size_t domain_byte_len;
bool ret;
HMACMD5Context ctx;
TALLOC_CTX *mem_ctx = talloc_init("ntv2_owf_gen for %s\\%s", domain_in, user_in);
if (!mem_ctx) {
return false;
}
if (!user_in) {
user_in = "";
}
if (!domain_in) {
domain_in = "";
}
user_in = strupper_talloc(mem_ctx, user_in);
if (user_in == NULL) {
talloc_free(mem_ctx);
return false;
}
ret = push_ucs2_talloc(mem_ctx, &user, user_in, &user_byte_len );
if (!ret) {
DEBUG(0, ("push_uss2_talloc() for user failed)\n"));
talloc_free(mem_ctx);
return false;
}
ret = push_ucs2_talloc(mem_ctx, &domain, domain_in, &domain_byte_len);
if (!ret) {
DEBUG(0, ("push_ucs2_talloc() for domain failed\n"));
talloc_free(mem_ctx);
return false;
}
SMB_ASSERT(user_byte_len >= 2);
SMB_ASSERT(domain_byte_len >= 2);
/* We don't want null termination */
user_byte_len = user_byte_len - 2;
domain_byte_len = domain_byte_len - 2;
hmac_md5_init_limK_to_64(owf, 16, &ctx);
hmac_md5_update((uint8_t *)user, user_byte_len, &ctx);
hmac_md5_update((uint8_t *)domain, domain_byte_len, &ctx);
hmac_md5_final(kr_buf, &ctx);
#ifdef DEBUG_PASSWORD
DEBUG(100, ("ntv2_owf_gen: user, domain, owfkey, kr\n"));
dump_data(100, (uint8_t *)user, user_byte_len);
dump_data(100, (uint8_t *)domain, domain_byte_len);
dump_data(100, owf, 16);
dump_data(100, kr_buf, 16);
#endif
talloc_free(mem_ctx);
return true;
}
static bool test_plaintext(enum ntlm_break break_which)
{
NTSTATUS nt_status;
uint32 flags = 0;
DATA_BLOB nt_response = data_blob_null;
DATA_BLOB lm_response = data_blob_null;
char *password;
smb_ucs2_t *nt_response_ucs2;
size_t converted_size;
uchar user_session_key[16];
uchar lm_key[16];
static const uchar zeros[8] = { 0, };
DATA_BLOB chall = data_blob(zeros, sizeof(zeros));
char *error_string;
ZERO_STRUCT(user_session_key);
flags |= WBFLAG_PAM_LMKEY;
flags |= WBFLAG_PAM_USER_SESSION_KEY;
if (!push_ucs2_talloc(talloc_tos(), &nt_response_ucs2, opt_password,
&converted_size))
{
DEBUG(0, ("push_ucs2_talloc failed!\n"));
exit(1);
}
nt_response.data = (unsigned char *)nt_response_ucs2;
nt_response.length = strlen_w(nt_response_ucs2)*sizeof(smb_ucs2_t);
if ((password = strupper_talloc(talloc_tos(), opt_password)) == NULL) {
DEBUG(0, ("strupper_talloc() failed!\n"));
exit(1);
}
if (!convert_string_talloc(talloc_tos(), CH_UNIX,
CH_DOS, password,
strlen(password)+1,
&lm_response.data,
&lm_response.length, True)) {
DEBUG(0, ("convert_string_talloc failed!\n"));
exit(1);
}
TALLOC_FREE(password);
switch (break_which) {
case BREAK_NONE:
break;
case BREAK_LM:
lm_response.data[0]++;
break;
case BREAK_NT:
nt_response.data[0]++;
break;
case NO_LM:
TALLOC_FREE(lm_response.data);
lm_response.length = 0;
break;
case NO_NT:
TALLOC_FREE(nt_response.data);
nt_response.length = 0;
break;
}
nt_status = contact_winbind_auth_crap(opt_username, opt_domain,
opt_workstation,
&chall,
&lm_response,
&nt_response,
flags,
lm_key,
user_session_key,
&error_string, NULL);
TALLOC_FREE(nt_response.data);
TALLOC_FREE(lm_response.data);
data_blob_free(&chall);
if (!NT_STATUS_IS_OK(nt_status)) {
d_printf("%s (0x%x)\n",
error_string,
NT_STATUS_V(nt_status));
SAFE_FREE(error_string);
return break_which == BREAK_NT;
}
return break_which != BREAK_NT;
}
int ms_fnmatch(const char *pattern, const char *string, bool translate_pattern,
bool is_case_sensitive)
{
smb_ucs2_t *p = NULL;
smb_ucs2_t *s = NULL;
int ret, count, i;
struct max_n *max_n = NULL;
struct max_n *max_n_free = NULL;
struct max_n one_max_n;
size_t converted_size;
if (ISDOTDOT(string)) {
string = ".";
}
if (strpbrk(pattern, "<>*?\"") == NULL) {
/* this is not just an optmisation - it is essential
for LANMAN1 correctness */
if (is_case_sensitive) {
return strcmp(pattern, string);
} else {
return StrCaseCmp(pattern, string);
}
}
if (!push_ucs2_talloc(talloc_tos(), &p, pattern, &converted_size)) {
return -1;
}
if (!push_ucs2_talloc(talloc_tos(), &s, string, &converted_size)) {
TALLOC_FREE(p);
return -1;
}
if (translate_pattern) {
/*
for older negotiated protocols it is possible to
translate the pattern to produce a "new style"
pattern that exactly matches w2k behaviour
*/
for (i=0;p[i];i++) {
if (p[i] == UCS2_CHAR('?')) {
p[i] = UCS2_CHAR('>');
} else if (p[i] == UCS2_CHAR('.') &&
(p[i+1] == UCS2_CHAR('?') ||
p[i+1] == UCS2_CHAR('*') ||
p[i+1] == 0)) {
p[i] = UCS2_CHAR('"');
} else if (p[i] == UCS2_CHAR('*') && p[i+1] == UCS2_CHAR('.')) {
p[i] = UCS2_CHAR('<');
}
}
}
for (count=i=0;p[i];i++) {
if (p[i] == UCS2_CHAR('*') || p[i] == UCS2_CHAR('<')) count++;
}
if (count != 0) {
if (count == 1) {
/*
* We're doing this a LOT, so save the effort to allocate
*/
ZERO_STRUCT(one_max_n);
max_n = &one_max_n;
}
else {
max_n = SMB_CALLOC_ARRAY(struct max_n, count);
if (!max_n) {
TALLOC_FREE(p);
TALLOC_FREE(s);
return -1;
}
max_n_free = max_n;
}
}
ret = ms_fnmatch_core(p, s, max_n, strrchr_w(s, UCS2_CHAR('.')), is_case_sensitive);
SAFE_FREE(max_n_free);
TALLOC_FREE(p);
TALLOC_FREE(s);
return ret;
}