static bool test_NetrMessageBufferSend(struct torture_context *tctx, struct dcerpc_pipe *p) { NTSTATUS status; struct wkssvc_NetrMessageBufferSend r; const char *message = SMBTORTURE_MESSAGE; size_t size; uint16_t *msg; struct dcerpc_binding_handle *b = p->binding_handle; if (!push_ucs2_talloc(tctx, &msg, message, &size)) { return false; } r.in.server_name = dcerpc_server_name(p); r.in.message_name = dcerpc_server_name(p); r.in.message_sender_name = dcerpc_server_name(p); r.in.message_buffer = (uint8_t *)msg; r.in.message_size = size; torture_comment(tctx, "Testing NetrMessageBufferSend\n"); status = dcerpc_wkssvc_NetrMessageBufferSend_r(b, tctx, &r); torture_assert_ntstatus_ok(tctx, status, "NetrMessageBufferSend failed"); torture_assert_werr_ok(tctx, r.out.result, "NetrMessageBufferSend failed"); return true; }
static bool is_8_3(const char *fname, bool check_case, bool allow_wildcards, const struct share_params *p) { const char *f; smb_ucs2_t *ucs2name; NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; size_t size; if (!fname || !*fname) return False; if ((f = strrchr(fname, '/')) == NULL) f = fname; else f++; if (strlen(f) > 12) return False; if (!push_ucs2_talloc(NULL, &ucs2name, f, &size)) { DEBUG(0,("is_8_3: internal error push_ucs2_talloc() failed!\n")); goto done; } ret = is_8_3_w(ucs2name, allow_wildcards); done: TALLOC_FREE(ucs2name); if (!NT_STATUS_IS_OK(ret)) { return False; } return True; }
int rpcstr_push_talloc(TALLOC_CTX *ctx, smb_ucs2_t **dest, const char *src) { size_t size; if (push_ucs2_talloc(ctx, dest, src, &size)) return size; else return -1; }
static bool must_mangle(const char *name, const struct share_params *p) { smb_ucs2_t *name_ucs2 = NULL; NTSTATUS status; size_t converted_size; if (!push_ucs2_talloc(NULL, &name_ucs2, name, &converted_size)) { DEBUG(0, ("push_ucs2_talloc failed!\n")); return False; } status = is_valid_name(name_ucs2, False, False); TALLOC_FREE(name_ucs2); /* We return true if we *must* mangle, so if it's * a valid name (status == OK) then we must return * false. Bug #6939. */ return !NT_STATUS_IS_OK(status); }
static bool must_mangle(const char *name, const struct share_params *p) { smb_ucs2_t *name_ucs2 = NULL; NTSTATUS status; size_t converted_size; char magic_char; magic_char = lp_magicchar(p); if (!push_ucs2_talloc(NULL, &name_ucs2, name, &converted_size)) { DEBUG(0, ("push_ucs2_talloc failed!\n")); return False; } status = is_valid_name(name_ucs2, False, False); TALLOC_FREE(name_ucs2); return NT_STATUS_IS_OK(status); }
bool E_md4hash(const char *passwd, uint8_t p16[16]) { size_t len; smb_ucs2_t *wpwd; bool ret; ret = push_ucs2_talloc(NULL, &wpwd, passwd, &len); if (!ret || len < 2) { /* We don't want to return fixed data, as most callers * don't check */ mdfour(p16, (const uint8_t *)passwd, strlen(passwd)); return false; } len -= 2; mdfour(p16, (const uint8_t *)wpwd, len); talloc_free(wpwd); return true; }
static bool hash_name_to_8_3(const char *in, char out[13], bool cache83, int default_case, const struct share_params *p) { smb_ucs2_t *in_ucs2 = NULL; size_t converted_size; char magic_char; magic_char = lp_magicchar(p); DEBUG(5,("hash_name_to_8_3( %s, cache83 = %s)\n", in, cache83 ? "True" : "False")); if (!push_ucs2_talloc(NULL, &in_ucs2, in, &converted_size)) { DEBUG(0, ("push_ucs2_talloc failed!\n")); return False; } /* If it's already 8.3, just copy. */ if (NT_STATUS_IS_OK(is_valid_name(in_ucs2, False, False)) && NT_STATUS_IS_OK(is_8_3_w(in_ucs2, False))) { TALLOC_FREE(in_ucs2); strlcpy(out, in, 13); return True; } TALLOC_FREE(in_ucs2); if (!to_8_3(magic_char, in, out, default_case)) { return False; } cache_mangled_name(out, in); DEBUG(5,("hash_name_to_8_3(%s) ==> [%s]\n", in, out)); return True; }
static WERROR cmd_wkssvc_messagebuffersend(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv) { const char *server_name = cli->desthost; const char *message_name = cli->desthost; const char *message_sender_name = cli->desthost; smb_ucs2_t *message_buffer = NULL; size_t message_size = 0; const char *message = "my message"; NTSTATUS status; WERROR werr; struct dcerpc_binding_handle *b = cli->binding_handle; if (argc > 1) { message = argv[1]; } if (!push_ucs2_talloc(mem_ctx, &message_buffer, message, &message_size)) { return WERR_NOT_ENOUGH_MEMORY; } status = dcerpc_wkssvc_NetrMessageBufferSend(b, mem_ctx, server_name, message_name, message_sender_name, (uint8_t *)message_buffer, message_size, &werr); if (!NT_STATUS_IS_OK(status)) { return ntstatus_to_werror(status); } return werr; }
/* Does both the NTLMv2 owfs of a user's password */ bool ntv2_owf_gen(const uint8_t owf[16], const char *user_in, const char *domain_in, uint8_t kr_buf[16]) { smb_ucs2_t *user; smb_ucs2_t *domain; size_t user_byte_len; size_t domain_byte_len; bool ret; HMACMD5Context ctx; TALLOC_CTX *mem_ctx = talloc_init("ntv2_owf_gen for %s\\%s", domain_in, user_in); if (!mem_ctx) { return false; } if (!user_in) { user_in = ""; } if (!domain_in) { domain_in = ""; } user_in = strupper_talloc(mem_ctx, user_in); if (user_in == NULL) { talloc_free(mem_ctx); return false; } ret = push_ucs2_talloc(mem_ctx, &user, user_in, &user_byte_len ); if (!ret) { DEBUG(0, ("push_uss2_talloc() for user failed)\n")); talloc_free(mem_ctx); return false; } ret = push_ucs2_talloc(mem_ctx, &domain, domain_in, &domain_byte_len); if (!ret) { DEBUG(0, ("push_ucs2_talloc() for domain failed\n")); talloc_free(mem_ctx); return false; } SMB_ASSERT(user_byte_len >= 2); SMB_ASSERT(domain_byte_len >= 2); /* We don't want null termination */ user_byte_len = user_byte_len - 2; domain_byte_len = domain_byte_len - 2; hmac_md5_init_limK_to_64(owf, 16, &ctx); hmac_md5_update((uint8_t *)user, user_byte_len, &ctx); hmac_md5_update((uint8_t *)domain, domain_byte_len, &ctx); hmac_md5_final(kr_buf, &ctx); #ifdef DEBUG_PASSWORD DEBUG(100, ("ntv2_owf_gen: user, domain, owfkey, kr\n")); dump_data(100, (uint8_t *)user, user_byte_len); dump_data(100, (uint8_t *)domain, domain_byte_len); dump_data(100, owf, 16); dump_data(100, kr_buf, 16); #endif talloc_free(mem_ctx); return true; }
static bool test_plaintext(enum ntlm_break break_which) { NTSTATUS nt_status; uint32 flags = 0; DATA_BLOB nt_response = data_blob_null; DATA_BLOB lm_response = data_blob_null; char *password; smb_ucs2_t *nt_response_ucs2; size_t converted_size; uchar user_session_key[16]; uchar lm_key[16]; static const uchar zeros[8] = { 0, }; DATA_BLOB chall = data_blob(zeros, sizeof(zeros)); char *error_string; ZERO_STRUCT(user_session_key); flags |= WBFLAG_PAM_LMKEY; flags |= WBFLAG_PAM_USER_SESSION_KEY; if (!push_ucs2_talloc(talloc_tos(), &nt_response_ucs2, opt_password, &converted_size)) { DEBUG(0, ("push_ucs2_talloc failed!\n")); exit(1); } nt_response.data = (unsigned char *)nt_response_ucs2; nt_response.length = strlen_w(nt_response_ucs2)*sizeof(smb_ucs2_t); if ((password = strupper_talloc(talloc_tos(), opt_password)) == NULL) { DEBUG(0, ("strupper_talloc() failed!\n")); exit(1); } if (!convert_string_talloc(talloc_tos(), CH_UNIX, CH_DOS, password, strlen(password)+1, &lm_response.data, &lm_response.length, True)) { DEBUG(0, ("convert_string_talloc failed!\n")); exit(1); } TALLOC_FREE(password); switch (break_which) { case BREAK_NONE: break; case BREAK_LM: lm_response.data[0]++; break; case BREAK_NT: nt_response.data[0]++; break; case NO_LM: TALLOC_FREE(lm_response.data); lm_response.length = 0; break; case NO_NT: TALLOC_FREE(nt_response.data); nt_response.length = 0; break; } nt_status = contact_winbind_auth_crap(opt_username, opt_domain, opt_workstation, &chall, &lm_response, &nt_response, flags, lm_key, user_session_key, &error_string, NULL); TALLOC_FREE(nt_response.data); TALLOC_FREE(lm_response.data); data_blob_free(&chall); if (!NT_STATUS_IS_OK(nt_status)) { d_printf("%s (0x%x)\n", error_string, NT_STATUS_V(nt_status)); SAFE_FREE(error_string); return break_which == BREAK_NT; } return break_which != BREAK_NT; }
int ms_fnmatch(const char *pattern, const char *string, bool translate_pattern, bool is_case_sensitive) { smb_ucs2_t *p = NULL; smb_ucs2_t *s = NULL; int ret, count, i; struct max_n *max_n = NULL; struct max_n *max_n_free = NULL; struct max_n one_max_n; size_t converted_size; if (ISDOTDOT(string)) { string = "."; } if (strpbrk(pattern, "<>*?\"") == NULL) { /* this is not just an optmisation - it is essential for LANMAN1 correctness */ if (is_case_sensitive) { return strcmp(pattern, string); } else { return StrCaseCmp(pattern, string); } } if (!push_ucs2_talloc(talloc_tos(), &p, pattern, &converted_size)) { return -1; } if (!push_ucs2_talloc(talloc_tos(), &s, string, &converted_size)) { TALLOC_FREE(p); return -1; } if (translate_pattern) { /* for older negotiated protocols it is possible to translate the pattern to produce a "new style" pattern that exactly matches w2k behaviour */ for (i=0;p[i];i++) { if (p[i] == UCS2_CHAR('?')) { p[i] = UCS2_CHAR('>'); } else if (p[i] == UCS2_CHAR('.') && (p[i+1] == UCS2_CHAR('?') || p[i+1] == UCS2_CHAR('*') || p[i+1] == 0)) { p[i] = UCS2_CHAR('"'); } else if (p[i] == UCS2_CHAR('*') && p[i+1] == UCS2_CHAR('.')) { p[i] = UCS2_CHAR('<'); } } } for (count=i=0;p[i];i++) { if (p[i] == UCS2_CHAR('*') || p[i] == UCS2_CHAR('<')) count++; } if (count != 0) { if (count == 1) { /* * We're doing this a LOT, so save the effort to allocate */ ZERO_STRUCT(one_max_n); max_n = &one_max_n; } else { max_n = SMB_CALLOC_ARRAY(struct max_n, count); if (!max_n) { TALLOC_FREE(p); TALLOC_FREE(s); return -1; } max_n_free = max_n; } } ret = ms_fnmatch_core(p, s, max_n, strrchr_w(s, UCS2_CHAR('.')), is_case_sensitive); SAFE_FREE(max_n_free); TALLOC_FREE(p); TALLOC_FREE(s); return ret; }