Exemplo n.º 1
0
/*
  pull a uint32_t ofs/ uint32_t length/blob triple from a data blob
  the ptr points to the start of the offset/length pair
*/
NTSTATUS smb2_pull_o32s32_blob(struct smb2_request_buffer *buf, TALLOC_CTX *mem_ctx, uint8_t *ptr, DATA_BLOB *blob)
{
	uint32_t ofs, size;
	if (smb2_oob(buf, ptr, 8)) {
		return NT_STATUS_INVALID_PARAMETER;
	}
	ofs  = IVAL(ptr, 0);
	size = IVAL(ptr, 4);
	if (ofs == 0) {
		*blob = data_blob(NULL, 0);
		return NT_STATUS_OK;
	}
	if (smb2_oob(buf, buf->hdr + ofs, size)) {
		return NT_STATUS_INVALID_PARAMETER;
	}
	*blob = data_blob_talloc(mem_ctx, buf->hdr + ofs, size);
	NT_STATUS_HAVE_NO_MEMORY(blob->data);
	return NT_STATUS_OK;
}
Exemplo n.º 2
0
/*
  Receive a Lease Break Response
*/
NTSTATUS smb2_lease_break_ack_recv(struct smb2_request *req,
                                   struct smb2_lease_break_ack *io)
{
	if (!smb2_request_receive(req) ||
	    !smb2_request_is_ok(req)) {
		return smb2_request_destroy(req);
	}

	SMB2_CHECK_PACKET_RECV(req, 0x24, false);

	io->out.reserved		= IVAL(req->in.body, 0x02);
	io->out.lease.lease_flags	= IVAL(req->in.body, 0x04);
	memcpy(&io->out.lease.lease_key, req->in.body+0x8,
	    sizeof(struct smb2_lease_key));
	io->out.lease.lease_state	= IVAL(req->in.body, 0x18);
	io->out.lease.lease_duration	= IVAL(req->in.body, 0x1C);

	return smb2_request_destroy(req);
}
Exemplo n.º 3
0
NTSTATUS smbd_smb2_request_check_tcon(struct smbd_smb2_request *req)
{
	const uint8_t *inhdr;
	int i = req->current_idx;
	uint32_t in_flags;
	uint32_t in_tid;
	void *p;
	struct smbd_smb2_tcon *tcon;

	req->tcon = NULL;

	inhdr = (const uint8_t *)req->in.vector[i+0].iov_base;

	in_flags = IVAL(inhdr, SMB2_HDR_FLAGS);
	in_tid = IVAL(inhdr, SMB2_HDR_TID);

	if (in_flags & SMB2_HDR_FLAG_CHAINED) {
		in_tid = req->last_tid;
	}

	req->last_tid = UINT32_MAX;

	/* lookup an existing session */
	p = idr_find(req->session->tcons.idtree, in_tid);
	if (p == NULL) {
		return NT_STATUS_NETWORK_NAME_DELETED;
	}
	tcon = talloc_get_type_abort(p, struct smbd_smb2_tcon);

	if (!change_to_user(tcon->compat_conn,req->session->vuid)) {
		return NT_STATUS_ACCESS_DENIED;
	}

	/* should we pass FLAG_CASELESS_PATHNAMES here? */
	if (!set_current_service(tcon->compat_conn, 0, true)) {
		return NT_STATUS_ACCESS_DENIED;
	}

	req->tcon = tcon;
	req->last_tid = in_tid;

	return NT_STATUS_OK;
}
Exemplo n.º 4
0
/****************************************************************************
create a credential

Input:
      8 byte sesssion key
      8 byte stored credential
      4 byte timestamp

Output:
      8 byte credential
****************************************************************************/
void cred_create(uchar session_key[8], DOM_CHAL *stor_cred, UTIME timestamp, 
		 DOM_CHAL *cred)
{
	DOM_CHAL time_cred;

	SIVAL(time_cred.data, 0, IVAL(stor_cred->data, 0) + timestamp.time);
	SIVAL(time_cred.data, 4, IVAL(stor_cred->data, 4));

	cred_hash2(cred->data, time_cred.data, session_key);

	/* debug output*/
	DEBUG(4,("cred_create\n"));

	DEBUG(5,("	sess_key : %s\n", credstr(session_key)));
	DEBUG(5,("	stor_cred: %s\n", credstr(stor_cred->data)));
	DEBUG(5,("	timestamp: %x\n"    , timestamp.time));
	DEBUG(5,("	timecred : %s\n", credstr(time_cred.data)));
	DEBUG(5,("	calc_cred: %s\n", credstr(cred->data)));
}
Exemplo n.º 5
0
/************************************************************************
 Routine to fetch the plaintext machine account password for a realm
the password is assumed to be a null terminated ascii string
************************************************************************/
char *secrets_fetch_machine_password(const char *domain, 
				     time_t *pass_last_set_time,
				     uint32 *channel)
{
	char *key = NULL;
	char *ret;
	asprintf(&key, "%s/%s", SECRETS_MACHINE_PASSWORD, domain);
	strupper_m(key);
	ret = (char *)secrets_fetch(key, NULL);
	SAFE_FREE(key);
	
	if (pass_last_set_time) {
		size_t size;
		uint32 *last_set_time;
		asprintf(&key, "%s/%s", SECRETS_MACHINE_LAST_CHANGE_TIME, domain);
		strupper_m(key);
		last_set_time = secrets_fetch(key, &size);
		if (last_set_time) {
			*pass_last_set_time = IVAL(last_set_time,0);
			SAFE_FREE(last_set_time);
		} else {
			*pass_last_set_time = 0;
		}
		SAFE_FREE(key);
	}
	
	if (channel) {
		size_t size;
		uint32 *channel_type;
		asprintf(&key, "%s/%s", SECRETS_MACHINE_SEC_CHANNEL_TYPE, domain);
		strupper_m(key);
		channel_type = secrets_fetch(key, &size);
		if (channel_type) {
			*channel = IVAL(channel_type,0);
			SAFE_FREE(channel_type);
		} else {
			*channel = get_default_sec_channel();
		}
		SAFE_FREE(key);
	}
	
	return ret;
}
Exemplo n.º 6
0
static void uuid_unpack(const GUID in, struct uuid *uu)
{
	const uint8 *ptr = in.info;

	uu->time_low = IVAL(ptr, 0);
	uu->time_mid = SVAL(ptr, 4);
	uu->time_hi_and_version = SVAL(ptr, 6);
	memcpy(uu->clock_seq, ptr+8, 2);
	memcpy(uu->node, ptr+10, 6);
}
Exemplo n.º 7
0
/*
  trans2 findnext implementation
*/
static NTSTATUS trans2_findnext(struct smbsrv_request *req, struct trans_op *op)
{
	struct smb_trans2 *trans = op->trans;
	union smb_search_next *search;
	uint16_t level;
	struct find_state *state;

	/* make sure we got all the parameters */
	if (trans->in.params.length < 12) {
		return NT_STATUS_FOOBAR;
	}

	search = talloc(op, union smb_search_next);
	NT_STATUS_HAVE_NO_MEMORY(search);

	search->t2fnext.in.handle        = SVAL(trans->in.params.data, 0);
	search->t2fnext.in.max_count     = SVAL(trans->in.params.data, 2);
	level                            = SVAL(trans->in.params.data, 4);
	search->t2fnext.in.resume_key    = IVAL(trans->in.params.data, 6);
	search->t2fnext.in.flags         = SVAL(trans->in.params.data, 10);

	smbsrv_blob_pull_string(&req->in.bufinfo, &trans->in.params, 12, &search->t2fnext.in.last_name, 0);
	if (search->t2fnext.in.last_name == NULL) {
		return NT_STATUS_FOOBAR;
	}

	search->t2fnext.level = RAW_SEARCH_TRANS2;
	search->t2fnext.data_level = (enum smb_search_data_level)level;
	if (search->t2fnext.data_level >= RAW_SEARCH_DATA_GENERIC) {
		return NT_STATUS_INVALID_LEVEL;
	}

	if (search->t2fnext.data_level == RAW_SEARCH_DATA_EA_LIST) {
		TRANS2_CHECK(ea_pull_name_list(&trans->in.data, req,
					       &search->t2fnext.in.num_names, 
					       &search->t2fnext.in.ea_names));
	}

	/* setup the private state structure that the backend will give us in the callback */
	state = talloc(op, struct find_state);
	NT_STATUS_HAVE_NO_MEMORY(state);
	state->op		= op;
	state->search		= search;
	state->data_level	= search->t2fnext.data_level;
	state->last_entry_offset= 0;
	state->flags		= search->t2fnext.in.flags;

	/* setup for just a header in the reply */
	TRANS2_CHECK(trans2_setup_reply(trans, 8, 0, 0));

	op->op_info = state;
	op->send_fn = trans2_findnext_send;

	return ntvfs_search_next(req->ntvfs, search, state, find_callback);
}
Exemplo n.º 8
0
bool cli_get_fs_volume_info_old(struct cli_state *cli, fstring volume_name, uint32 *pserial_number)
{
	bool ret = False;
	uint16 setup;
	char param[2];
	char *rparam=NULL, *rdata=NULL;
	unsigned int rparam_count=0, rdata_count=0;
	unsigned char nlen;

	setup = TRANSACT2_QFSINFO;

	SSVAL(param,0,SMB_INFO_VOLUME);

	if (!cli_send_trans(cli, SMBtrans2,
		    NULL,
		    0, 0,
		    &setup, 1, 0,
		    param, 2, 0,
		    NULL, 0, 560)) {
		goto cleanup;
	}

	if (!cli_receive_trans(cli, SMBtrans2,
                              &rparam, &rparam_count,
                              &rdata, &rdata_count)) {
		goto cleanup;
	}

	if (cli_is_error(cli)) {
		ret = False;
		goto cleanup;
	} else {
		ret = True;
	}

	if (rdata_count < 5) {
		goto cleanup;
	}

	if (pserial_number) {
		*pserial_number = IVAL(rdata,0);
	}
	nlen = CVAL(rdata,l2_vol_cch);
	clistr_pull(cli, volume_name, rdata + l2_vol_szVolLabel, sizeof(fstring), nlen, STR_NOALIGN);

	/* todo: but not yet needed
	 *       return the other stuff
	 */

cleanup:
	SAFE_FREE(rparam);
	SAFE_FREE(rdata);

	return ret;
}
Exemplo n.º 9
0
Arquivo: value.c Projeto: rgburke/wed
char *va_to_string(Value value)
{
    switch (value.type) {
        case VAL_TYPE_STR:
            return strdup(SVAL(value));
        case VAL_TYPE_BOOL:
            return strdup(IVAL(value) ? "true" : "false");
        case VAL_TYPE_INT:
            {
                char *num_str = malloc(VALUE_STR_CONVERT_SIZE);

                if (num_str == NULL) {
                    return NULL;
                }

                snprintf(num_str, VALUE_STR_CONVERT_SIZE, "%ld", IVAL(value));

                return num_str;
            }
        case VAL_TYPE_FLOAT:
            {
                char *num_str = malloc(VALUE_STR_CONVERT_SIZE);

                if (num_str == NULL) {
                    return NULL;
                }

                snprintf(num_str, VALUE_STR_CONVERT_SIZE, "%f", FVAL(value));

                return num_str;
            }
        case VAL_TYPE_REGEX:
            return strdup(RVAL(value).regex_pattern);
        case VAL_TYPE_SHELL_COMMAND:
            return strdup(CVAL(value));
        default:
            assert(!"Invalid value type");
            break;
    }

    return NULL;
}
Exemplo n.º 10
0
static size_t calc_next_entry_offset(const char *base, const char *pdata_end)
{
	size_t next_entry_offset = (size_t)IVAL(base,0);

	if (next_entry_offset == 0 ||
			base + next_entry_offset < base ||
			base + next_entry_offset > pdata_end) {
		next_entry_offset = pdata_end - base;
	}
	return next_entry_offset;
}
Exemplo n.º 11
0
static bool tdb_data_read_uint32(TDB_DATA *buf, uint32_t *result)
{
	const size_t len = sizeof(uint32_t);
	if (buf->dsize >= len) {
		*result = IVAL(buf->dptr, 0);
		buf->dptr += len;
		buf->dsize -= len;
		return true;
	}
	return false;
}
Exemplo n.º 12
0
static WERROR dsdb_syntax_OID_drsuapi_to_ldb(struct ldb_context *ldb, 
					     const struct dsdb_schema *schema,
					     const struct dsdb_attribute *attr,
					     const struct drsuapi_DsReplicaAttribute *in,
					     TALLOC_CTX *mem_ctx,
					     struct ldb_message_element *out)
{
	uint32_t i;

	switch (attr->attributeID_id) {
	case DRSUAPI_ATTRIBUTE_objectClass:
		return _dsdb_syntax_OID_obj_drsuapi_to_ldb(ldb, schema, attr, in, mem_ctx, out);
	case DRSUAPI_ATTRIBUTE_governsID:
	case DRSUAPI_ATTRIBUTE_attributeID:
	case DRSUAPI_ATTRIBUTE_attributeSyntax:
		return _dsdb_syntax_OID_oid_drsuapi_to_ldb(ldb, schema, attr, in, mem_ctx, out);
	}

	out->flags	= 0;
	out->name	= talloc_strdup(mem_ctx, attr->lDAPDisplayName);
	W_ERROR_HAVE_NO_MEMORY(out->name);

	out->num_values	= in->value_ctr.num_values;
	out->values	= talloc_array(mem_ctx, struct ldb_val, out->num_values);
	W_ERROR_HAVE_NO_MEMORY(out->values);

	for (i=0; i < out->num_values; i++) {
		uint32_t v;
		const char *name;
		char *str;

		if (in->value_ctr.values[i].blob == NULL) {
			return WERR_FOOBAR;
		}

		if (in->value_ctr.values[i].blob->length != 4) {
			return WERR_FOOBAR;
		}

		v = IVAL(in->value_ctr.values[i].blob->data, 0);

		name = dsdb_lDAPDisplayName_by_id(schema, v);
		if (!name) {
			return WERR_FOOBAR;
		}

		str = talloc_strdup(out->values, name);
		W_ERROR_HAVE_NO_MEMORY(str);

		out->values[i] = data_blob_string_const(str);
	}

	return WERR_OK;
}
Exemplo n.º 13
0
/**
  pull a string from a blob, returning a talloced struct smb_wire_string

  the string length is limited by the 3 things:
   - the data size in the blob
   - length field on the wire
   - the end of string (null termination)

   if STR_LEN8BIT is set in the flags then assume the length field is
   8 bits, instead of 32

  on failure zero is returned and dest->s is set to NULL, otherwise the number
  of bytes consumed in the blob is returned
*/
size_t smbcli_blob_pull_string(struct smbcli_session *session,
			       TALLOC_CTX *mem_ctx,
			       const DATA_BLOB *blob, 
			       struct smb_wire_string *dest, 
			       uint16_t len_offset, uint16_t str_offset, 
			       unsigned int flags)
{
	int extra;
	dest->s = NULL;

	if (!(flags & STR_ASCII)) {
		/* this is here to cope with SMB2 calls using the SMB
		   parsers. SMB2 will pass smbcli_session==NULL, which forces
		   unicode on (as used by SMB2) */
		if (session == NULL) {
			flags |= STR_UNICODE;
		} else if (session->transport->negotiate.capabilities & CAP_UNICODE) {
			flags |= STR_UNICODE;
		}
	}

	if (flags & STR_LEN8BIT) {
		if (len_offset > blob->length-1) {
			return 0;
		}
		dest->private_length = CVAL(blob->data, len_offset);
	} else {
		if (len_offset > blob->length-4) {
			return 0;
		}
		dest->private_length = IVAL(blob->data, len_offset);
	}
	extra = 0;
	dest->s = NULL;
	if (!(flags & STR_ASCII) && (flags & STR_UNICODE)) {
		int align = 0;
		if ((str_offset&1) && !(flags & STR_NOALIGN)) {
			align = 1;
		}
		if (flags & STR_LEN_NOTERM) {
			extra = 2;
		}
		return align + extra + smbcli_blob_pull_ucs2(mem_ctx, blob, &dest->s, 
							  blob->data+str_offset+align, 
							  dest->private_length, flags);
	}

	if (flags & STR_LEN_NOTERM) {
		extra = 1;
	}

	return extra + smbcli_blob_pull_ascii(mem_ctx, blob, &dest->s, 
					   blob->data+str_offset, dest->private_length, flags);
}
Exemplo n.º 14
0
void print_guid(GUID *guid)
{
	int i;

	d_printf("%08x-%04x-%04x", 
		 IVAL(guid->info, 0), SVAL(guid->info, 4), SVAL(guid->info, 6));
	d_printf("-%02x%02x-", guid->info[8], guid->info[9]);
	for (i=10;i<GUID_SIZE;i++)
		d_printf("%02x", guid->info[i]);
	d_printf("\n");
}
Exemplo n.º 15
0
static void _print_drsuapi_DsAttributeValue_attid(struct ndr_print *ndr, const char *name,
						  const struct drsuapi_DsAttributeValue *r)
{
	uint32_t v;

	ndr_print_struct(ndr, name, "drsuapi_DsAttributeValue");
	ndr->depth++;
	v = IVAL(r->blob->data, 0);
	ndr_print_uint32(ndr, "attid", v);
	ndr->depth--;
}
Exemplo n.º 16
0
bool srv_check_sign_mac(struct smbd_server_connection *conn,
                        const char *inbuf, uint32_t *seqnum,
                        bool trusted_channel)
{
    const uint8_t *inhdr;
    size_t len;

    /* Check if it's a non-session message. */
    if(CVAL(inbuf,0)) {
        return true;
    }

    len = smb_len(inbuf);
    inhdr = (const uint8_t *)inbuf + NBT_HDR_SIZE;

    if (trusted_channel) {
        NTSTATUS status;

        if (len < (HDR_SS_FIELD + 8)) {
            DEBUG(1,("smb_signing_check_pdu: Can't check signature "
                     "on short packet! smb_len = %u\n",
                     (unsigned)len));
            return false;
        }

        status = NT_STATUS(IVAL(inhdr, HDR_SS_FIELD + 4));
        if (!NT_STATUS_IS_OK(status)) {
            DEBUG(1,("smb_signing_check_pdu: trusted channel passed %s\n",
                     nt_errstr(status)));
            return false;
        }

        *seqnum = IVAL(inhdr, HDR_SS_FIELD);
        return true;
    }

    *seqnum = smb_signing_next_seqnum(conn->smb1.signing_state, false);
    return smb_signing_check_pdu(conn->smb1.signing_state,
                                 inhdr, len,
                                 *seqnum);
}
Exemplo n.º 17
0
void smb2srv_lock_recv(struct smb2srv_request *req)
{
	union smb_lock *io;

	SMB2SRV_CHECK_BODY_SIZE(req, 0x30, False);
	SMB2SRV_TALLOC_IO_PTR(io, union smb_lock);
	SMB2SRV_SETUP_NTVFS_REQUEST(smb2srv_lock_send, NTVFS_ASYNC_STATE_MAY_ASYNC);

	io->smb2.level			= RAW_LOCK_SMB2;

	io->smb2.in.unknown1		= SVAL(req->in.body, 0x02);
	io->smb2.in.unknown2		= IVAL(req->in.body, 0x04);
	io->smb2.in.file.ntvfs		= smb2srv_pull_handle(req, req->in.body, 0x08);
	io->smb2.in.offset		= BVAL(req->in.body, 0x18);
	io->smb2.in.count		= BVAL(req->in.body, 0x20);
	io->smb2.in.unknown5		= IVAL(req->in.body, 0x24);
	io->smb2.in.flags		= IVAL(req->in.body, 0x28);

	SMB2SRV_CHECK_FILE_HANDLE(io->smb2.in.file.ntvfs);
	SMB2SRV_CALL_NTVFS_BACKEND(ntvfs_lock(req->ntvfs, io));
}
void init_netr_CryptPassword(const char *pwd,
			     unsigned char session_key[16],
			     struct netr_CryptPassword *pwd_buf)
{
	struct samr_CryptPassword password_buf;

	encode_pw_buffer(password_buf.data, pwd, STR_UNICODE);

	SamOEMhash(password_buf.data, session_key, 516);
	memcpy(pwd_buf->data, password_buf.data, 512);
	pwd_buf->length = IVAL(password_buf.data, 512);
}
Exemplo n.º 19
0
/*
  send a message
*/
bool smbcli_request_send(struct smbcli_request *req)
{
	if (IVAL(req->out.buffer, 0) == 0) {
		_smb_setlen(req->out.buffer, req->out.size - NBT_HDR_SIZE);
	}

	smbcli_request_calculate_sign_mac(req);

	smbcli_transport_send(req);

	return true;
}
Exemplo n.º 20
0
/*
 * Compare aces
 * This will compare two ace entries for sorting
 * each entry contains: type, perms and id
 * Sort by type first, if type is same sort by id.
 */
static int vxfs_ace_cmp(const void *ace1, const void *ace2)
{
	int ret = 0;
	uint16_t type_a1, type_a2;
	uint32_t id_a1, id_a2;

	/* Type must be compared first */
	type_a1 = SVAL(ace1, 0);
	type_a2 = SVAL(ace2, 0);

	ret = (type_a1 - type_a2);
	if (!ret) {
		/* Compare ID under type */
		/* skip perm thus take offset as 4*/
		id_a1 = IVAL(ace1, 4);
		id_a2 = IVAL(ace2, 4);
		ret = id_a1 - id_a2;
	}

	return ret;
}
Exemplo n.º 21
0
bool cli_get_fs_attr_info(struct cli_state *cli, uint32 *fs_attr)
{
	bool ret = False;
	uint16 setup;
	char param[2];
	char *rparam=NULL, *rdata=NULL;
	unsigned int rparam_count=0, rdata_count=0;

	if (!cli||!fs_attr)
		smb_panic("cli_get_fs_attr_info() called with NULL Pionter!");

	setup = TRANSACT2_QFSINFO;

	SSVAL(param,0,SMB_QUERY_FS_ATTRIBUTE_INFO);

	if (!cli_send_trans(cli, SMBtrans2,
		    NULL,
		    0, 0,
		    &setup, 1, 0,
		    param, 2, 0,
		    NULL, 0, 560)) {
		goto cleanup;
	}

	if (!cli_receive_trans(cli, SMBtrans2,
                              &rparam, &rparam_count,
                              &rdata, &rdata_count)) {
		goto cleanup;
	}

	if (cli_is_error(cli)) {
		ret = False;
		goto cleanup;
	} else {
		ret = True;
	}

	if (rdata_count < 12) {
		goto cleanup;
	}

	*fs_attr = IVAL(rdata,0);

	/* todo: but not yet needed
	 *       return the other stuff
	 */

cleanup:
	SAFE_FREE(rparam);
	SAFE_FREE(rdata);

	return ret;
}
Exemplo n.º 22
0
static bool ldif_comparision_prefixMap_isString(const struct ldb_val *v)
{
	if (v->length < 4) {
		return true;
	}

	if (IVAL(v->data, 0) == PREFIX_MAP_VERSION_DSDB) {
		return false;
	}
	
	return true;
}
Exemplo n.º 23
0
/***********************************************************
 Helper function for net_idmap_dump. Dump one entry.
 **********************************************************/
static int net_idmap_dump_one_entry(TDB_CONTEXT *tdb,
				    TDB_DATA key,
				    TDB_DATA data,
				    void *unused)
{
	if (strcmp(key.dptr, "USER HWM") == 0) {
		printf("USER HWM %d\n", IVAL(data.dptr,0));
		return 0;
	}

	if (strcmp(key.dptr, "GROUP HWM") == 0) {
		printf("GROUP HWM %d\n", IVAL(data.dptr,0));
		return 0;
	}

	if (strncmp(key.dptr, "S-", 2) != 0)
		return 0;

	printf("%s %s\n", data.dptr, key.dptr);
	return 0;
}
Exemplo n.º 24
0
/*
  pull a uint32 from a cache entry 
*/
static uint32 centry_uint32(struct cache_entry *centry)
{
	uint32 ret;
	if (centry->len - centry->ofs < 4) {
		DEBUG(0,("centry corruption? needed 4 bytes, have %d\n", 
			 centry->len - centry->ofs));
		smb_panic("centry_uint32");
	}
	ret = IVAL(centry->data, centry->ofs);
	centry->ofs += 4;
	return ret;
}
Exemplo n.º 25
0
bool decode_pw_buffer(TALLOC_CTX *ctx,
		      uint8_t in_buffer[516],
		      char **pp_new_pwrd,
		      size_t *new_pw_len,
		      charset_t string_charset)
{
	int byte_len=0;

	*pp_new_pwrd = NULL;
	*new_pw_len = 0;

	/*
	  Warning !!! : This function is called from some rpc call.
	  The password IN the buffer may be a UNICODE string.
	  The password IN new_pwrd is an ASCII string
	  If you reuse that code somewhere else check first.
	*/

	/* The length of the new password is in the last 4 bytes of the data buffer. */

	byte_len = IVAL(in_buffer, 512);

#ifdef DEBUG_PASSWORD
	dump_data(100, in_buffer, 516);
#endif

	/* Password cannot be longer than the size of the password buffer */
	if ( (byte_len < 0) || (byte_len > 512)) {
		DEBUG(0, ("decode_pw_buffer: incorrect password length (%d).\n", byte_len));
		DEBUG(0, ("decode_pw_buffer: check that 'encrypt passwords = yes'\n"));
		return false;
	}

	/* decode into the return buffer. */
	if (!convert_string_talloc(ctx, string_charset, CH_UNIX,
				   &in_buffer[512 - byte_len],
				   byte_len,
				   (void *)pp_new_pwrd,
				   new_pw_len)) {
		DEBUG(0, ("decode_pw_buffer: failed to convert incoming password\n"));
		return false;
	}

#ifdef DEBUG_PASSWORD
	DEBUG(100,("decode_pw_buffer: new_pwrd: "));
	dump_data(100, (uint8_t *)*pp_new_pwrd, *new_pw_len);
	DEBUG(100,("multibyte len:%lu\n", (unsigned long int)*new_pw_len));
	DEBUG(100,("original char len:%d\n", byte_len/2));
#endif

	return true;
}
Exemplo n.º 26
0
/**
 * format a registry_value into a string.
 *
 * This is intended to be used for smbconf registry values,
 * which are ar stored as REG_SZ values, so the incomplete
 * handling should be ok.
 */
static char *smbconf_format_registry_value(TALLOC_CTX *mem_ctx,
					   struct registry_value *value)
{
	char *result = NULL;

	/* alternatively, create a new talloc context? */
	if (mem_ctx == NULL) {
		return result;
	}

	switch (value->type) {
	case REG_DWORD:
		if (value->data.length >= 4) {
			uint32_t v = IVAL(value->data.data, 0);
			result = talloc_asprintf(mem_ctx, "%d", v);
		}
		break;
	case REG_SZ:
	case REG_EXPAND_SZ: {
		const char *s;
		if (!pull_reg_sz(mem_ctx, &value->data, &s)) {
			break;
		}
		result = talloc_strdup(mem_ctx, s);
		break;
	}
	case REG_MULTI_SZ: {
		uint32 j;
		const char **a = NULL;
		if (!pull_reg_multi_sz(mem_ctx, &value->data, &a)) {
			break;
		}
		for (j = 0; a[j] != NULL; j++) {
			result = talloc_asprintf(mem_ctx, "%s\"%s\" ",
						 result ? result : "" ,
						 a[j]);
			if (result == NULL) {
				break;
			}
		}
		break;
	}
	case REG_BINARY:
		result = talloc_asprintf(mem_ctx, "binary (%d bytes)",
					 (int)value->data.length);
		break;
	default:
		result = talloc_asprintf(mem_ctx, "<unprintable>");
		break;
	}
	return result;
}
Exemplo n.º 27
0
/*****************************************************************
 parse a on-the-wire SID to a DOM_SID
*****************************************************************/  
BOOL sid_parse(char *inbuf, size_t len, DOM_SID *sid)
{
	int i;
	if (len < 8) return False;
	sid->sid_rev_num = CVAL(inbuf, 0);
	sid->num_auths = CVAL(inbuf, 1);
	memcpy(sid->id_auth, inbuf+2, 6);
	if (len < 8 + sid->num_auths*4) return False;
	for (i=0;i<sid->num_auths;i++) {
		sid->sub_auths[i] = IVAL(inbuf, 8+i*4);
	}
	return True;
}
Exemplo n.º 28
0
static void dbwrap_fetch_int32_parser(TDB_DATA key, TDB_DATA data,
				      void *private_data)
{
	struct dbwrap_fetch_int32_state *state =
		(struct dbwrap_fetch_int32_state *)private_data;

	if (data.dsize != sizeof(state->result)) {
		state->status = NT_STATUS_INTERNAL_DB_CORRUPTION;
		return;
	}
	state->result = IVAL(data.dptr, 0);
	state->status = NT_STATUS_OK;
}
Exemplo n.º 29
0
/****************************************************************************
  setup the session key. 
Input: 8 byte challenge block
       8 byte server challenge block
      16 byte md4 encrypted password
Output:
      8 byte session key
****************************************************************************/
void cred_session_key(const DOM_CHAL *clnt_chal, const DOM_CHAL *srv_chal, const uchar *pass, 
		      uchar session_key[8])
{
	uint32 sum[2];
	unsigned char sum2[8];

	sum[0] = IVAL(clnt_chal->data, 0) + IVAL(srv_chal->data, 0);
	sum[1] = IVAL(clnt_chal->data, 4) + IVAL(srv_chal->data, 4);

	SIVAL(sum2,0,sum[0]);
	SIVAL(sum2,4,sum[1]);

	cred_hash1(session_key, sum2, pass);

	/* debug output */
	DEBUG(4,("cred_session_key\n"));

	DEBUG(5,("	clnt_chal: %s\n", credstr(clnt_chal->data)));
	DEBUG(5,("	srv_chal : %s\n", credstr(srv_chal->data)));
	DEBUG(5,("	clnt+srv : %s\n", credstr(sum2)));
	DEBUG(5,("	sess_key : %s\n", credstr(session_key)));
}
Exemplo n.º 30
0
/****************************************************************************
 Old style search backend - process output.
****************************************************************************/
static void smb_raw_search_backend(struct smbcli_request *req,
				   TALLOC_CTX *mem_ctx,
				   uint16_t count, 
				   void *private_data,
				   smbcli_search_callback callback)

{
	union smb_search_data search_data;
	int i;
	uint8_t *p;

	if (req->in.data_size < 3 + count*43) {
		req->status = NT_STATUS_INVALID_PARAMETER;
		return;
	}
	
	p = req->in.data + 3;

	for (i=0; i < count; i++) {
		char *name;

		search_data.search.id.reserved      = CVAL(p, 0);
		memcpy(search_data.search.id.name,    p+1, 11);
		search_data.search.id.handle        = CVAL(p, 12);
		search_data.search.id.server_cookie = IVAL(p, 13);
		search_data.search.id.client_cookie = IVAL(p, 17);
		search_data.search.attrib           = CVAL(p, 21);
		search_data.search.write_time       = raw_pull_dos_date(req->transport,
									p + 22);
		search_data.search.size             = IVAL(p, 26);
		smbcli_req_pull_ascii(&req->in.bufinfo, mem_ctx, &name, p+30, 13, STR_ASCII);
		search_data.search.name = name;
		if (!callback(private_data, &search_data)) {
			break;
		}
		p += 43;
	}
}