static DATA_BLOB NTLMv2_generate_client_data(const DATA_BLOB *names_blob) { uchar client_chal[8]; DATA_BLOB response = data_blob(NULL, 0); char long_date[8]; generate_random_buffer(client_chal, sizeof(client_chal)); put_long_date(long_date, time(NULL)); /* See http://www.ubiqx.org/cifs/SMB.html#SMB.8.5 */ msrpc_gen(&response, "ddbbdb", 0x00000101, /* Header */ 0, /* 'Reserved' */ long_date, 8, /* Timestamp */ client_chal, 8, /* client challenge */ 0, /* Unknown */ names_blob->data, names_blob->length); /* End of name list */ return response; }
static int reply_nt1(char *inbuf, char *outbuf) { /* dual names + lock_and_read + nt SMBs + remote API calls */ int capabilities = CAP_NT_FIND|CAP_LOCK_AND_READ| CAP_LEVEL_II_OPLOCKS; int secword=0; char *p, *q; BOOL negotiate_spnego = False; time_t t = time(NULL); global_encrypted_passwords_negotiated = lp_encrypted_passwords(); /* Check the flags field to see if this is Vista. WinXP sets it and Vista does not. But we have to distinguish from NT which doesn't set it either. */ if ( (SVAL(inbuf, smb_flg2) & FLAGS2_EXTENDED_SECURITY) && ((SVAL(inbuf, smb_flg2) & FLAGS2_UNKNOWN_BIT4) == 0) ) { /* Don't override the SAMBA or CIFSFS arch */ if ((get_remote_arch() != RA_SAMBA) && (get_remote_arch() != RA_CIFSFS)) { set_remote_arch( RA_VISTA ); } } /* do spnego in user level security if the client supports it and we can do encrypted passwords */ if (global_encrypted_passwords_negotiated && (lp_security() != SEC_SHARE) && lp_use_spnego() && (SVAL(inbuf, smb_flg2) & FLAGS2_EXTENDED_SECURITY)) { negotiate_spnego = True; capabilities |= CAP_EXTENDED_SECURITY; add_to_common_flags2(FLAGS2_EXTENDED_SECURITY); /* Ensure FLAGS2_EXTENDED_SECURITY gets set in this reply (already partially constructed. */ SSVAL(outbuf,smb_flg2, SVAL(outbuf,smb_flg2) | FLAGS2_EXTENDED_SECURITY); } capabilities |= CAP_NT_SMBS|CAP_RPC_REMOTE_APIS|CAP_UNICODE; if (lp_unix_extensions()) { capabilities |= CAP_UNIX; } if (lp_large_readwrite() && (SMB_OFF_T_BITS == 64)) capabilities |= CAP_LARGE_READX|CAP_LARGE_WRITEX|CAP_W2K_SMBS; if (SMB_OFF_T_BITS == 64) capabilities |= CAP_LARGE_FILES; if (lp_readraw() && lp_writeraw()) capabilities |= CAP_RAW_MODE; if (lp_nt_status_support()) capabilities |= CAP_STATUS32; if (lp_host_msdfs()) capabilities |= CAP_DFS; if (lp_security() >= SEC_USER) secword |= NEGOTIATE_SECURITY_USER_LEVEL; if (global_encrypted_passwords_negotiated) secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE; if (lp_server_signing()) { if (lp_security() >= SEC_USER) { secword |= NEGOTIATE_SECURITY_SIGNATURES_ENABLED; /* No raw mode with smb signing. */ capabilities &= ~CAP_RAW_MODE; if (lp_server_signing() == Required) secword |=NEGOTIATE_SECURITY_SIGNATURES_REQUIRED; srv_set_signing_negotiated(); } else { DEBUG(0,("reply_nt1: smb signing is incompatible with share level security !\n")); if (lp_server_signing() == Required) { exit_server_cleanly("reply_nt1: smb signing required and share level security selected."); } } } set_message(outbuf,17,0,True); SCVAL(outbuf,smb_vwv1,secword); Protocol = PROTOCOL_NT1; SSVAL(outbuf,smb_vwv1+1,lp_maxmux()); /* maxmpx */ SSVAL(outbuf,smb_vwv2+1,1); /* num vcs */ SIVAL(outbuf,smb_vwv3+1,max_recv); /* max buffer. LOTS! */ SIVAL(outbuf,smb_vwv5+1,0x10000); /* raw size. full 64k */ SIVAL(outbuf,smb_vwv7+1,sys_getpid()); /* session key */ SIVAL(outbuf,smb_vwv9+1,capabilities); /* capabilities */ put_long_date(outbuf+smb_vwv11+1,t); SSVALS(outbuf,smb_vwv15+1,set_server_zone_offset(t)/60); p = q = smb_buf(outbuf); if (!negotiate_spnego) { /* Create a token value and add it to the outgoing packet. */ if (global_encrypted_passwords_negotiated) { /* note that we do not send a challenge at all if we are using plaintext */ get_challenge(p); SCVAL(outbuf,smb_vwv16+1,8); p += 8; } p += srvstr_push(outbuf, p, lp_workgroup(), BUFFER_SIZE - (p-outbuf), STR_UNICODE|STR_TERMINATE|STR_NOALIGN); DEBUG(3,("not using SPNEGO\n")); } else { DATA_BLOB spnego_blob = negprot_spnego(); if (spnego_blob.data == NULL) { return ERROR_NT(NT_STATUS_NO_MEMORY); } memcpy(p, spnego_blob.data, spnego_blob.length); p += spnego_blob.length; data_blob_free(&spnego_blob); SCVAL(outbuf,smb_vwv16+1, 0); DEBUG(3,("using SPNEGO\n")); } SSVAL(outbuf,smb_vwv17, p - q); /* length of challenge+domain strings */ set_message_end(outbuf, p); return (smb_len(outbuf)+4); }
BOOL cli_setpathinfo(struct cli_state *cli, const char *fname, time_t create_time, time_t access_time, time_t write_time, time_t change_time, uint16 mode) { unsigned int data_len = 0; unsigned int param_len = 0; unsigned int rparam_len, rdata_len; uint16 setup = TRANSACT2_SETPATHINFO; pstring param; pstring data; char *rparam=NULL, *rdata=NULL; int count=8; BOOL ret; char *p; memset(param, 0, sizeof(param)); memset(data, 0, sizeof(data)); p = param; /* Add the information level */ SSVAL(p, 0, SMB_FILE_BASIC_INFORMATION); /* Skip reserved */ p += 6; /* Add the file name */ p += clistr_push(cli, p, fname, sizeof(pstring)-6, STR_TERMINATE); param_len = PTR_DIFF(p, param); p = data; /* * Add the create, last access, modification, and status change times */ put_long_date(p, create_time); p += 8; put_long_date(p, access_time); p += 8; put_long_date(p, write_time); p += 8; put_long_date(p, change_time); p += 8; /* Add attributes */ SIVAL(p, 0, mode); p += 4; /* Add padding */ SIVAL(p, 0, 0); p += 4; data_len = PTR_DIFF(p, data); do { ret = (cli_send_trans(cli, SMBtrans2, NULL, /* Name */ -1, 0, /* fid, flags */ &setup, 1, 0, /* setup, length, max */ param, param_len, 10, /* param, length, max */ data, data_len, cli->max_xmit /* data, length, max */ ) && cli_receive_trans(cli, SMBtrans2, &rparam, &rparam_len, &rdata, &rdata_len)); if (!cli_is_dos_error(cli)) break; if (!ret) { /* we need to work around a Win95 bug - sometimes it gives ERRSRV/ERRerror temprarily */ uint8 eclass; uint32 ecode; cli_dos_error(cli, &eclass, &ecode); if (eclass != ERRSRV || ecode != ERRerror) break; smb_msleep(100); } } while (count-- && ret==False); if (!ret) { return False; } SAFE_FREE(rdata); SAFE_FREE(rparam); return True; }