int
smbbuffergetstring(SmbBuffer *b, SmbHeader *h, ulong flags, char **sp)
{
if (flags & SMB_STRING_UNICODE)
return smbbuffergetucs2(b, flags, sp);
else if (flags & SMB_STRING_ASCII)
return smbbuffergetstr(b, flags, sp);
else if (h->flags2 & SMB_FLAGS2_UNICODE)
return smbbuffergetucs2(b, flags, sp);
else
return smbbuffergetstr(b, flags, sp);
}
static SmbProcessResult
netserverenum2(SmbBuffer *inparam, SmbBuffer *outparam, SmbBuffer *outdata)
{
uint16_t level, rbl;
char *domain;
uint32_t servertype;
SmbProcessResult pr;
SmbServerInfo *si[3];
SmbServerInfo domainsi;
int entries;
/* WrLehDz
* ushort sLevel, RCVBUF pbBuffer, RCVBUFLEN cbBuffer, ENTCOUNT pcEntriesRead, ushort *pcTotalAvail,
* ulong fServerType, char *pszDomain
*/
if (!smbbuffergets(inparam, &level)
|| !smbbuffergets(inparam, &rbl)
|| !smbbuffergetl(inparam, &servertype)
|| !smbbuffergetstr(inparam, 0, &domain)) {
fmtfail:
pr = SmbProcessResultFormat;
goto done;
}
smblogprintif(smbglobals.log.rap2, "netserverenum2(%lud, %lud, 0x%.8lux, %s)\n",
level, smbbufferwritespace(outdata), servertype, domain);
if (level > 1)
goto fmtfail;
if (servertype == 0xffffffff)
servertype &= ~(SV_TYPE_DOMAIN_ENUM | SV_TYPE_LOCAL_LIST_ONLY);
if ((servertype & SV_TYPE_LOCAL_LIST_ONLY) != 0 && (servertype & SV_TYPE_DOMAIN_ENUM) == 0)
servertype = SV_TYPE_ALL & ~(SV_TYPE_DOMAIN_ENUM);
entries = 0;
if ((servertype & SV_TYPE_SERVER) != 0
&& (domain[0] == 0 || cistrcmp(domain, smbglobals.primarydomain) == 0)) {
si[entries++] = &smbglobals.serverinfo;
}
if ((servertype & SV_TYPE_DOMAIN_ENUM) != 0) {
/* there's only one that I know about */
memset(&domainsi, 0, sizeof(domainsi));
domainsi.name = smbglobals.primarydomain;
domainsi.stype = SV_TYPE_DOMAIN_ENUM;
si[entries++] = &domainsi;
}
si[entries] = 0;
pr = thingfill(outparam, outdata, &serverinfo, level, si);
done:
free(domain);
return pr;
}
SmbProcessResult
smbnegotiate(SmbSession *s, SmbHeader *h, uchar *, SmbBuffer *b)
{
ushort index;
int i;
uchar bufferformat;
if (!smbcheckwordcount("negotiate", h, 0))
return SmbProcessResultFormat;
if (s->state != SmbSessionNeedNegotiate) {
/* this acts as a complete session reset */
smblogprint(-1, "smbnegotiate: called when already negotiated\n");
return SmbProcessResultUnimp;
}
i = 0;
index = 0xffff;
while (smbbuffergetb(b, &bufferformat)) {
char *s;
if (bufferformat != 0x02) {
smblogprint(-1, "smbnegotiate: unrecognised buffer format 0x%.2ux\n", bufferformat);
return SmbProcessResultFormat;
}
if (!smbbuffergetstr(b, 0, &s)) {
smblogprint(-1, "smbnegotiate: no null found\n");
return SmbProcessResultFormat;
}
smblogprint(h->command, "smbnegotiate: '%s'\n", s);
if (index == 0xffff && strcmp(s, "NT LM 0.12") == 0)
index = i;
i++;
free(s);
}
if (index != 0xffff) {
Tm *tm;
ulong capabilities;
ulong bytecountfixupoffset;
h->wordcount = 17;
if (!smbbufferputheader(s->response, h, nil)
|| !smbbufferputs(s->response, index)
|| !smbbufferputb(s->response, 3) /* user security, encrypted */
|| !smbbufferputs(s->response, 1) /* max mux */
|| !smbbufferputs(s->response, 1) /* max vc */
|| !smbbufferputl(s->response, smbglobals.maxreceive) /* max buffer size */
|| !smbbufferputl(s->response, 0x10000) /* max raw */
|| !smbbufferputl(s->response, threadid())) /* session key */
goto die;
/* <= Win2k insist upon this being set to ensure that they observe the prototol (!) */
capabilities = CAP_NT_SMBS;
if (smbglobals.unicode)
capabilities |= CAP_UNICODE;
tm = localtime(time(nil));
s->tzoff = tm->tzoff;
if (!smbbufferputl(s->response, capabilities)
|| !smbbufferputv(s->response, nsec() / 100 + (vlong)10000000 * 11644473600LL)
|| !smbbufferputs(s->response, -s->tzoff / 60)
|| !smbbufferputb(s->response, 8)) /* crypt len */
goto die;
bytecountfixupoffset = smbbufferwriteoffset(s->response);
if (!smbbufferputs(s->response, 0))
goto die;
s->cs = auth_challenge("proto=mschap role=server");
if (s->cs == nil) {
smblogprint(h->command, "smbnegotiate: couldn't get mschap challenge\n");
return SmbProcessResultMisc;
}
if (s->cs->nchal != 8) {
smblogprint(h->command, "smbnegotiate: nchal %d\n", s->cs->nchal);
return SmbProcessResultMisc;
}
if (!smbbufferputbytes(s->response, s->cs->chal, s->cs->nchal)
|| !smbbufferputstring(s->response, nil, SMB_STRING_UNICODE, smbglobals.primarydomain)
|| !smbbufferfixuprelatives(s->response, bytecountfixupoffset))
goto die;
}
else {
h->wordcount = 1;
if (!smbbufferputheader(s->response, h, nil)
|| !smbbufferputs(s->response, index)
|| !smbbufferputs(s->response, 0))
goto die;
}
s->state = SmbSessionNeedSetup;
return SmbProcessResultReply;
die:
return SmbProcessResultDie;
}
SmbProcessResult
smbcomtreeconnectandx(SmbSession *s, SmbHeader *h, uint8_t *pdata,
SmbBuffer *b)
{
uint8_t andxcommand;
uint16_t andxoffset;
char *path = nil;
char *service = nil;
uint16_t flags;
uint16_t passwordlength;
// ushort bytecount;
uint8_t errclass;
uint16_t error;
SmbService *serv;
SmbTree *tree;
uint32_t andxfixupoffset, bytecountfixup;
SmbProcessResult pr;
if (!smbcheckwordcount("comtreeconnectandx", h, 4)) {
fmtfail:
pr = SmbProcessResultFormat;
goto done;
}
switch (s->state) {
case SmbSessionNeedNegotiate:
smblogprint(-1, "smbcomtreeconnectandx: called when negotiate expected\n");
return SmbProcessResultUnimp;
case SmbSessionNeedSetup:
smbseterror(s, ERRDOS, ERRbadpw);
return SmbProcessResultError;
}
andxcommand = *pdata++;
switch (andxcommand) {
case SMB_COM_OPEN:
case SMB_COM_CREATE_NEW:
case SMB_COM_DELETE_DIRECTORY:
case SMB_COM_FIND_UNIQUE:
case SMB_COM_CHECK_DIRECTORY:
case SMB_COM_GET_PRINT_QUEUE:
case SMB_COM_TRANSACTION:
case SMB_COM_SET_INFORMATION:
case SMB_COM_OPEN_ANDX:
case SMB_COM_CREATE_DIRECTORY:
case SMB_COM_FIND:
case SMB_COM_RENAME:
case SMB_COM_QUERY_INFORMATION:
case SMB_COM_OPEN_PRINT_FILE:
case SMB_COM_NO_ANDX_COMMAND:
case SMB_COM_NT_RENAME:
case SMB_COM_CREATE:
case SMB_COM_DELETE:
case SMB_COM_COPY:
break;
default:
smblogprint(h->command, "smbcomtreeconnectandx: invalid andxcommand %s (0x%.2ux)\n",
smboptable[andxcommand].name, andxcommand);
goto fmtfail;
}
pdata++;
andxoffset = smbnhgets(pdata);
pdata += 2;
flags = smbnhgets(pdata);
pdata += 2;
passwordlength = smbnhgets(pdata); //pdata += 2;
// bytecount = smbnhgets(pdata); pdata += 2;
smblogprint(h->command, "passwordlength: %ud\n", passwordlength);
smblogprint(h->command, "flags: 0x%.4ux\n", flags);
if (!smbbuffergetbytes(b, nil, passwordlength)) {
smblogprint(h->command, "smbcomtreeconnectandx: not enough bytes for password\n");
goto fmtfail;
}
smblogprint(h->command, "offset %lud limit %lud\n", smbbufferreadoffset(b), smbbufferwriteoffset(b));
if (!smbbuffergetstring(b, h, SMB_STRING_PATH, &path)
|| !smbbuffergetstr(b, 0, &service)) {
smblogprint(h->command, "smbcomtreeconnectandx: not enough bytes for strings\n");
goto fmtfail;
}
smblogprint(h->command, "path: %s\n", path);
smblogprint(h->command, "service: %s\n", service);
if (flags & 1)
smbtreedisconnectbyid(s, h->tid);
serv = smbservicefind(s, path, service, &errclass, &error);
if (serv == nil) {
pr = SmbProcessResultError;
smbseterror(s, errclass, error);
goto done;
}
tree = smbtreeconnect(s, serv);
h->tid = tree->id;
h->wordcount = 3;
if (!smbresponseputandxheader(s, h, andxcommand, &andxfixupoffset)
|| !smbresponseputs(s, 1)) {
misc:
pr = SmbProcessResultMisc;
goto done;
}
bytecountfixup = smbresponseoffset(s);
if (!smbresponseputs(s, 0)
|| !smbresponseputstr(s, serv->type)
|| !smbresponseputstring(s, 1, s9p2000))
goto misc;
if (!smbbufferfixuprelatives(s->response, bytecountfixup))
goto misc;
if (andxcommand != SMB_COM_NO_ANDX_COMMAND) {
pr = smbchaincommand(s, h, andxfixupoffset, andxcommand, andxoffset, b);
}
else
pr = SmbProcessResultReply;
done:
free(path);
free(service);
return pr;
}