/* pull a uint32_t ofs/ uint32_t length/blob triple from a data blob the ptr points to the start of the offset/length pair */ NTSTATUS smb2_pull_o32s32_blob(struct smb2_request_buffer *buf, TALLOC_CTX *mem_ctx, uint8_t *ptr, DATA_BLOB *blob) { uint32_t ofs, size; if (smb2_oob(buf, ptr, 8)) { return NT_STATUS_INVALID_PARAMETER; } ofs = IVAL(ptr, 0); size = IVAL(ptr, 4); if (ofs == 0) { *blob = data_blob(NULL, 0); return NT_STATUS_OK; } if (smb2_oob(buf, buf->hdr + ofs, size)) { return NT_STATUS_INVALID_PARAMETER; } *blob = data_blob_talloc(mem_ctx, buf->hdr + ofs, size); NT_STATUS_HAVE_NO_MEMORY(blob->data); return NT_STATUS_OK; }
/* Receive a Lease Break Response */ NTSTATUS smb2_lease_break_ack_recv(struct smb2_request *req, struct smb2_lease_break_ack *io) { if (!smb2_request_receive(req) || !smb2_request_is_ok(req)) { return smb2_request_destroy(req); } SMB2_CHECK_PACKET_RECV(req, 0x24, false); io->out.reserved = IVAL(req->in.body, 0x02); io->out.lease.lease_flags = IVAL(req->in.body, 0x04); memcpy(&io->out.lease.lease_key, req->in.body+0x8, sizeof(struct smb2_lease_key)); io->out.lease.lease_state = IVAL(req->in.body, 0x18); io->out.lease.lease_duration = IVAL(req->in.body, 0x1C); return smb2_request_destroy(req); }
NTSTATUS smbd_smb2_request_check_tcon(struct smbd_smb2_request *req) { const uint8_t *inhdr; int i = req->current_idx; uint32_t in_flags; uint32_t in_tid; void *p; struct smbd_smb2_tcon *tcon; req->tcon = NULL; inhdr = (const uint8_t *)req->in.vector[i+0].iov_base; in_flags = IVAL(inhdr, SMB2_HDR_FLAGS); in_tid = IVAL(inhdr, SMB2_HDR_TID); if (in_flags & SMB2_HDR_FLAG_CHAINED) { in_tid = req->last_tid; } req->last_tid = UINT32_MAX; /* lookup an existing session */ p = idr_find(req->session->tcons.idtree, in_tid); if (p == NULL) { return NT_STATUS_NETWORK_NAME_DELETED; } tcon = talloc_get_type_abort(p, struct smbd_smb2_tcon); if (!change_to_user(tcon->compat_conn,req->session->vuid)) { return NT_STATUS_ACCESS_DENIED; } /* should we pass FLAG_CASELESS_PATHNAMES here? */ if (!set_current_service(tcon->compat_conn, 0, true)) { return NT_STATUS_ACCESS_DENIED; } req->tcon = tcon; req->last_tid = in_tid; return NT_STATUS_OK; }
/**************************************************************************** create a credential Input: 8 byte sesssion key 8 byte stored credential 4 byte timestamp Output: 8 byte credential ****************************************************************************/ void cred_create(uchar session_key[8], DOM_CHAL *stor_cred, UTIME timestamp, DOM_CHAL *cred) { DOM_CHAL time_cred; SIVAL(time_cred.data, 0, IVAL(stor_cred->data, 0) + timestamp.time); SIVAL(time_cred.data, 4, IVAL(stor_cred->data, 4)); cred_hash2(cred->data, time_cred.data, session_key); /* debug output*/ DEBUG(4,("cred_create\n")); DEBUG(5,(" sess_key : %s\n", credstr(session_key))); DEBUG(5,(" stor_cred: %s\n", credstr(stor_cred->data))); DEBUG(5,(" timestamp: %x\n" , timestamp.time)); DEBUG(5,(" timecred : %s\n", credstr(time_cred.data))); DEBUG(5,(" calc_cred: %s\n", credstr(cred->data))); }
/************************************************************************ Routine to fetch the plaintext machine account password for a realm the password is assumed to be a null terminated ascii string ************************************************************************/ char *secrets_fetch_machine_password(const char *domain, time_t *pass_last_set_time, uint32 *channel) { char *key = NULL; char *ret; asprintf(&key, "%s/%s", SECRETS_MACHINE_PASSWORD, domain); strupper_m(key); ret = (char *)secrets_fetch(key, NULL); SAFE_FREE(key); if (pass_last_set_time) { size_t size; uint32 *last_set_time; asprintf(&key, "%s/%s", SECRETS_MACHINE_LAST_CHANGE_TIME, domain); strupper_m(key); last_set_time = secrets_fetch(key, &size); if (last_set_time) { *pass_last_set_time = IVAL(last_set_time,0); SAFE_FREE(last_set_time); } else { *pass_last_set_time = 0; } SAFE_FREE(key); } if (channel) { size_t size; uint32 *channel_type; asprintf(&key, "%s/%s", SECRETS_MACHINE_SEC_CHANNEL_TYPE, domain); strupper_m(key); channel_type = secrets_fetch(key, &size); if (channel_type) { *channel = IVAL(channel_type,0); SAFE_FREE(channel_type); } else { *channel = get_default_sec_channel(); } SAFE_FREE(key); } return ret; }
static void uuid_unpack(const GUID in, struct uuid *uu) { const uint8 *ptr = in.info; uu->time_low = IVAL(ptr, 0); uu->time_mid = SVAL(ptr, 4); uu->time_hi_and_version = SVAL(ptr, 6); memcpy(uu->clock_seq, ptr+8, 2); memcpy(uu->node, ptr+10, 6); }
/* trans2 findnext implementation */ static NTSTATUS trans2_findnext(struct smbsrv_request *req, struct trans_op *op) { struct smb_trans2 *trans = op->trans; union smb_search_next *search; uint16_t level; struct find_state *state; /* make sure we got all the parameters */ if (trans->in.params.length < 12) { return NT_STATUS_FOOBAR; } search = talloc(op, union smb_search_next); NT_STATUS_HAVE_NO_MEMORY(search); search->t2fnext.in.handle = SVAL(trans->in.params.data, 0); search->t2fnext.in.max_count = SVAL(trans->in.params.data, 2); level = SVAL(trans->in.params.data, 4); search->t2fnext.in.resume_key = IVAL(trans->in.params.data, 6); search->t2fnext.in.flags = SVAL(trans->in.params.data, 10); smbsrv_blob_pull_string(&req->in.bufinfo, &trans->in.params, 12, &search->t2fnext.in.last_name, 0); if (search->t2fnext.in.last_name == NULL) { return NT_STATUS_FOOBAR; } search->t2fnext.level = RAW_SEARCH_TRANS2; search->t2fnext.data_level = (enum smb_search_data_level)level; if (search->t2fnext.data_level >= RAW_SEARCH_DATA_GENERIC) { return NT_STATUS_INVALID_LEVEL; } if (search->t2fnext.data_level == RAW_SEARCH_DATA_EA_LIST) { TRANS2_CHECK(ea_pull_name_list(&trans->in.data, req, &search->t2fnext.in.num_names, &search->t2fnext.in.ea_names)); } /* setup the private state structure that the backend will give us in the callback */ state = talloc(op, struct find_state); NT_STATUS_HAVE_NO_MEMORY(state); state->op = op; state->search = search; state->data_level = search->t2fnext.data_level; state->last_entry_offset= 0; state->flags = search->t2fnext.in.flags; /* setup for just a header in the reply */ TRANS2_CHECK(trans2_setup_reply(trans, 8, 0, 0)); op->op_info = state; op->send_fn = trans2_findnext_send; return ntvfs_search_next(req->ntvfs, search, state, find_callback); }
bool cli_get_fs_volume_info_old(struct cli_state *cli, fstring volume_name, uint32 *pserial_number) { bool ret = False; uint16 setup; char param[2]; char *rparam=NULL, *rdata=NULL; unsigned int rparam_count=0, rdata_count=0; unsigned char nlen; setup = TRANSACT2_QFSINFO; SSVAL(param,0,SMB_INFO_VOLUME); if (!cli_send_trans(cli, SMBtrans2, NULL, 0, 0, &setup, 1, 0, param, 2, 0, NULL, 0, 560)) { goto cleanup; } if (!cli_receive_trans(cli, SMBtrans2, &rparam, &rparam_count, &rdata, &rdata_count)) { goto cleanup; } if (cli_is_error(cli)) { ret = False; goto cleanup; } else { ret = True; } if (rdata_count < 5) { goto cleanup; } if (pserial_number) { *pserial_number = IVAL(rdata,0); } nlen = CVAL(rdata,l2_vol_cch); clistr_pull(cli, volume_name, rdata + l2_vol_szVolLabel, sizeof(fstring), nlen, STR_NOALIGN); /* todo: but not yet needed * return the other stuff */ cleanup: SAFE_FREE(rparam); SAFE_FREE(rdata); return ret; }
char *va_to_string(Value value) { switch (value.type) { case VAL_TYPE_STR: return strdup(SVAL(value)); case VAL_TYPE_BOOL: return strdup(IVAL(value) ? "true" : "false"); case VAL_TYPE_INT: { char *num_str = malloc(VALUE_STR_CONVERT_SIZE); if (num_str == NULL) { return NULL; } snprintf(num_str, VALUE_STR_CONVERT_SIZE, "%ld", IVAL(value)); return num_str; } case VAL_TYPE_FLOAT: { char *num_str = malloc(VALUE_STR_CONVERT_SIZE); if (num_str == NULL) { return NULL; } snprintf(num_str, VALUE_STR_CONVERT_SIZE, "%f", FVAL(value)); return num_str; } case VAL_TYPE_REGEX: return strdup(RVAL(value).regex_pattern); case VAL_TYPE_SHELL_COMMAND: return strdup(CVAL(value)); default: assert(!"Invalid value type"); break; } return NULL; }
static size_t calc_next_entry_offset(const char *base, const char *pdata_end) { size_t next_entry_offset = (size_t)IVAL(base,0); if (next_entry_offset == 0 || base + next_entry_offset < base || base + next_entry_offset > pdata_end) { next_entry_offset = pdata_end - base; } return next_entry_offset; }
static bool tdb_data_read_uint32(TDB_DATA *buf, uint32_t *result) { const size_t len = sizeof(uint32_t); if (buf->dsize >= len) { *result = IVAL(buf->dptr, 0); buf->dptr += len; buf->dsize -= len; return true; } return false; }
static WERROR dsdb_syntax_OID_drsuapi_to_ldb(struct ldb_context *ldb, const struct dsdb_schema *schema, const struct dsdb_attribute *attr, const struct drsuapi_DsReplicaAttribute *in, TALLOC_CTX *mem_ctx, struct ldb_message_element *out) { uint32_t i; switch (attr->attributeID_id) { case DRSUAPI_ATTRIBUTE_objectClass: return _dsdb_syntax_OID_obj_drsuapi_to_ldb(ldb, schema, attr, in, mem_ctx, out); case DRSUAPI_ATTRIBUTE_governsID: case DRSUAPI_ATTRIBUTE_attributeID: case DRSUAPI_ATTRIBUTE_attributeSyntax: return _dsdb_syntax_OID_oid_drsuapi_to_ldb(ldb, schema, attr, in, mem_ctx, out); } out->flags = 0; out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName); W_ERROR_HAVE_NO_MEMORY(out->name); out->num_values = in->value_ctr.num_values; out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values); W_ERROR_HAVE_NO_MEMORY(out->values); for (i=0; i < out->num_values; i++) { uint32_t v; const char *name; char *str; if (in->value_ctr.values[i].blob == NULL) { return WERR_FOOBAR; } if (in->value_ctr.values[i].blob->length != 4) { return WERR_FOOBAR; } v = IVAL(in->value_ctr.values[i].blob->data, 0); name = dsdb_lDAPDisplayName_by_id(schema, v); if (!name) { return WERR_FOOBAR; } str = talloc_strdup(out->values, name); W_ERROR_HAVE_NO_MEMORY(str); out->values[i] = data_blob_string_const(str); } return WERR_OK; }
/** pull a string from a blob, returning a talloced struct smb_wire_string the string length is limited by the 3 things: - the data size in the blob - length field on the wire - the end of string (null termination) if STR_LEN8BIT is set in the flags then assume the length field is 8 bits, instead of 32 on failure zero is returned and dest->s is set to NULL, otherwise the number of bytes consumed in the blob is returned */ size_t smbcli_blob_pull_string(struct smbcli_session *session, TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, struct smb_wire_string *dest, uint16_t len_offset, uint16_t str_offset, unsigned int flags) { int extra; dest->s = NULL; if (!(flags & STR_ASCII)) { /* this is here to cope with SMB2 calls using the SMB parsers. SMB2 will pass smbcli_session==NULL, which forces unicode on (as used by SMB2) */ if (session == NULL) { flags |= STR_UNICODE; } else if (session->transport->negotiate.capabilities & CAP_UNICODE) { flags |= STR_UNICODE; } } if (flags & STR_LEN8BIT) { if (len_offset > blob->length-1) { return 0; } dest->private_length = CVAL(blob->data, len_offset); } else { if (len_offset > blob->length-4) { return 0; } dest->private_length = IVAL(blob->data, len_offset); } extra = 0; dest->s = NULL; if (!(flags & STR_ASCII) && (flags & STR_UNICODE)) { int align = 0; if ((str_offset&1) && !(flags & STR_NOALIGN)) { align = 1; } if (flags & STR_LEN_NOTERM) { extra = 2; } return align + extra + smbcli_blob_pull_ucs2(mem_ctx, blob, &dest->s, blob->data+str_offset+align, dest->private_length, flags); } if (flags & STR_LEN_NOTERM) { extra = 1; } return extra + smbcli_blob_pull_ascii(mem_ctx, blob, &dest->s, blob->data+str_offset, dest->private_length, flags); }
void print_guid(GUID *guid) { int i; d_printf("%08x-%04x-%04x", IVAL(guid->info, 0), SVAL(guid->info, 4), SVAL(guid->info, 6)); d_printf("-%02x%02x-", guid->info[8], guid->info[9]); for (i=10;i<GUID_SIZE;i++) d_printf("%02x", guid->info[i]); d_printf("\n"); }
static void _print_drsuapi_DsAttributeValue_attid(struct ndr_print *ndr, const char *name, const struct drsuapi_DsAttributeValue *r) { uint32_t v; ndr_print_struct(ndr, name, "drsuapi_DsAttributeValue"); ndr->depth++; v = IVAL(r->blob->data, 0); ndr_print_uint32(ndr, "attid", v); ndr->depth--; }
bool srv_check_sign_mac(struct smbd_server_connection *conn, const char *inbuf, uint32_t *seqnum, bool trusted_channel) { const uint8_t *inhdr; size_t len; /* Check if it's a non-session message. */ if(CVAL(inbuf,0)) { return true; } len = smb_len(inbuf); inhdr = (const uint8_t *)inbuf + NBT_HDR_SIZE; if (trusted_channel) { NTSTATUS status; if (len < (HDR_SS_FIELD + 8)) { DEBUG(1,("smb_signing_check_pdu: Can't check signature " "on short packet! smb_len = %u\n", (unsigned)len)); return false; } status = NT_STATUS(IVAL(inhdr, HDR_SS_FIELD + 4)); if (!NT_STATUS_IS_OK(status)) { DEBUG(1,("smb_signing_check_pdu: trusted channel passed %s\n", nt_errstr(status))); return false; } *seqnum = IVAL(inhdr, HDR_SS_FIELD); return true; } *seqnum = smb_signing_next_seqnum(conn->smb1.signing_state, false); return smb_signing_check_pdu(conn->smb1.signing_state, inhdr, len, *seqnum); }
void smb2srv_lock_recv(struct smb2srv_request *req) { union smb_lock *io; SMB2SRV_CHECK_BODY_SIZE(req, 0x30, False); SMB2SRV_TALLOC_IO_PTR(io, union smb_lock); SMB2SRV_SETUP_NTVFS_REQUEST(smb2srv_lock_send, NTVFS_ASYNC_STATE_MAY_ASYNC); io->smb2.level = RAW_LOCK_SMB2; io->smb2.in.unknown1 = SVAL(req->in.body, 0x02); io->smb2.in.unknown2 = IVAL(req->in.body, 0x04); io->smb2.in.file.ntvfs = smb2srv_pull_handle(req, req->in.body, 0x08); io->smb2.in.offset = BVAL(req->in.body, 0x18); io->smb2.in.count = BVAL(req->in.body, 0x20); io->smb2.in.unknown5 = IVAL(req->in.body, 0x24); io->smb2.in.flags = IVAL(req->in.body, 0x28); SMB2SRV_CHECK_FILE_HANDLE(io->smb2.in.file.ntvfs); SMB2SRV_CALL_NTVFS_BACKEND(ntvfs_lock(req->ntvfs, io)); }
void init_netr_CryptPassword(const char *pwd, unsigned char session_key[16], struct netr_CryptPassword *pwd_buf) { struct samr_CryptPassword password_buf; encode_pw_buffer(password_buf.data, pwd, STR_UNICODE); SamOEMhash(password_buf.data, session_key, 516); memcpy(pwd_buf->data, password_buf.data, 512); pwd_buf->length = IVAL(password_buf.data, 512); }
/* send a message */ bool smbcli_request_send(struct smbcli_request *req) { if (IVAL(req->out.buffer, 0) == 0) { _smb_setlen(req->out.buffer, req->out.size - NBT_HDR_SIZE); } smbcli_request_calculate_sign_mac(req); smbcli_transport_send(req); return true; }
/* * Compare aces * This will compare two ace entries for sorting * each entry contains: type, perms and id * Sort by type first, if type is same sort by id. */ static int vxfs_ace_cmp(const void *ace1, const void *ace2) { int ret = 0; uint16_t type_a1, type_a2; uint32_t id_a1, id_a2; /* Type must be compared first */ type_a1 = SVAL(ace1, 0); type_a2 = SVAL(ace2, 0); ret = (type_a1 - type_a2); if (!ret) { /* Compare ID under type */ /* skip perm thus take offset as 4*/ id_a1 = IVAL(ace1, 4); id_a2 = IVAL(ace2, 4); ret = id_a1 - id_a2; } return ret; }
bool cli_get_fs_attr_info(struct cli_state *cli, uint32 *fs_attr) { bool ret = False; uint16 setup; char param[2]; char *rparam=NULL, *rdata=NULL; unsigned int rparam_count=0, rdata_count=0; if (!cli||!fs_attr) smb_panic("cli_get_fs_attr_info() called with NULL Pionter!"); setup = TRANSACT2_QFSINFO; SSVAL(param,0,SMB_QUERY_FS_ATTRIBUTE_INFO); if (!cli_send_trans(cli, SMBtrans2, NULL, 0, 0, &setup, 1, 0, param, 2, 0, NULL, 0, 560)) { goto cleanup; } if (!cli_receive_trans(cli, SMBtrans2, &rparam, &rparam_count, &rdata, &rdata_count)) { goto cleanup; } if (cli_is_error(cli)) { ret = False; goto cleanup; } else { ret = True; } if (rdata_count < 12) { goto cleanup; } *fs_attr = IVAL(rdata,0); /* todo: but not yet needed * return the other stuff */ cleanup: SAFE_FREE(rparam); SAFE_FREE(rdata); return ret; }
static bool ldif_comparision_prefixMap_isString(const struct ldb_val *v) { if (v->length < 4) { return true; } if (IVAL(v->data, 0) == PREFIX_MAP_VERSION_DSDB) { return false; } return true; }
/*********************************************************** Helper function for net_idmap_dump. Dump one entry. **********************************************************/ static int net_idmap_dump_one_entry(TDB_CONTEXT *tdb, TDB_DATA key, TDB_DATA data, void *unused) { if (strcmp(key.dptr, "USER HWM") == 0) { printf("USER HWM %d\n", IVAL(data.dptr,0)); return 0; } if (strcmp(key.dptr, "GROUP HWM") == 0) { printf("GROUP HWM %d\n", IVAL(data.dptr,0)); return 0; } if (strncmp(key.dptr, "S-", 2) != 0) return 0; printf("%s %s\n", data.dptr, key.dptr); return 0; }
/* pull a uint32 from a cache entry */ static uint32 centry_uint32(struct cache_entry *centry) { uint32 ret; if (centry->len - centry->ofs < 4) { DEBUG(0,("centry corruption? needed 4 bytes, have %d\n", centry->len - centry->ofs)); smb_panic("centry_uint32"); } ret = IVAL(centry->data, centry->ofs); centry->ofs += 4; return ret; }
bool decode_pw_buffer(TALLOC_CTX *ctx, uint8_t in_buffer[516], char **pp_new_pwrd, size_t *new_pw_len, charset_t string_charset) { int byte_len=0; *pp_new_pwrd = NULL; *new_pw_len = 0; /* Warning !!! : This function is called from some rpc call. The password IN the buffer may be a UNICODE string. The password IN new_pwrd is an ASCII string If you reuse that code somewhere else check first. */ /* The length of the new password is in the last 4 bytes of the data buffer. */ byte_len = IVAL(in_buffer, 512); #ifdef DEBUG_PASSWORD dump_data(100, in_buffer, 516); #endif /* Password cannot be longer than the size of the password buffer */ if ( (byte_len < 0) || (byte_len > 512)) { DEBUG(0, ("decode_pw_buffer: incorrect password length (%d).\n", byte_len)); DEBUG(0, ("decode_pw_buffer: check that 'encrypt passwords = yes'\n")); return false; } /* decode into the return buffer. */ if (!convert_string_talloc(ctx, string_charset, CH_UNIX, &in_buffer[512 - byte_len], byte_len, (void *)pp_new_pwrd, new_pw_len)) { DEBUG(0, ("decode_pw_buffer: failed to convert incoming password\n")); return false; } #ifdef DEBUG_PASSWORD DEBUG(100,("decode_pw_buffer: new_pwrd: ")); dump_data(100, (uint8_t *)*pp_new_pwrd, *new_pw_len); DEBUG(100,("multibyte len:%lu\n", (unsigned long int)*new_pw_len)); DEBUG(100,("original char len:%d\n", byte_len/2)); #endif return true; }
/** * format a registry_value into a string. * * This is intended to be used for smbconf registry values, * which are ar stored as REG_SZ values, so the incomplete * handling should be ok. */ static char *smbconf_format_registry_value(TALLOC_CTX *mem_ctx, struct registry_value *value) { char *result = NULL; /* alternatively, create a new talloc context? */ if (mem_ctx == NULL) { return result; } switch (value->type) { case REG_DWORD: if (value->data.length >= 4) { uint32_t v = IVAL(value->data.data, 0); result = talloc_asprintf(mem_ctx, "%d", v); } break; case REG_SZ: case REG_EXPAND_SZ: { const char *s; if (!pull_reg_sz(mem_ctx, &value->data, &s)) { break; } result = talloc_strdup(mem_ctx, s); break; } case REG_MULTI_SZ: { uint32 j; const char **a = NULL; if (!pull_reg_multi_sz(mem_ctx, &value->data, &a)) { break; } for (j = 0; a[j] != NULL; j++) { result = talloc_asprintf(mem_ctx, "%s\"%s\" ", result ? result : "" , a[j]); if (result == NULL) { break; } } break; } case REG_BINARY: result = talloc_asprintf(mem_ctx, "binary (%d bytes)", (int)value->data.length); break; default: result = talloc_asprintf(mem_ctx, "<unprintable>"); break; } return result; }
/***************************************************************** parse a on-the-wire SID to a DOM_SID *****************************************************************/ BOOL sid_parse(char *inbuf, size_t len, DOM_SID *sid) { int i; if (len < 8) return False; sid->sid_rev_num = CVAL(inbuf, 0); sid->num_auths = CVAL(inbuf, 1); memcpy(sid->id_auth, inbuf+2, 6); if (len < 8 + sid->num_auths*4) return False; for (i=0;i<sid->num_auths;i++) { sid->sub_auths[i] = IVAL(inbuf, 8+i*4); } return True; }
static void dbwrap_fetch_int32_parser(TDB_DATA key, TDB_DATA data, void *private_data) { struct dbwrap_fetch_int32_state *state = (struct dbwrap_fetch_int32_state *)private_data; if (data.dsize != sizeof(state->result)) { state->status = NT_STATUS_INTERNAL_DB_CORRUPTION; return; } state->result = IVAL(data.dptr, 0); state->status = NT_STATUS_OK; }
/**************************************************************************** setup the session key. Input: 8 byte challenge block 8 byte server challenge block 16 byte md4 encrypted password Output: 8 byte session key ****************************************************************************/ void cred_session_key(const DOM_CHAL *clnt_chal, const DOM_CHAL *srv_chal, const uchar *pass, uchar session_key[8]) { uint32 sum[2]; unsigned char sum2[8]; sum[0] = IVAL(clnt_chal->data, 0) + IVAL(srv_chal->data, 0); sum[1] = IVAL(clnt_chal->data, 4) + IVAL(srv_chal->data, 4); SIVAL(sum2,0,sum[0]); SIVAL(sum2,4,sum[1]); cred_hash1(session_key, sum2, pass); /* debug output */ DEBUG(4,("cred_session_key\n")); DEBUG(5,(" clnt_chal: %s\n", credstr(clnt_chal->data))); DEBUG(5,(" srv_chal : %s\n", credstr(srv_chal->data))); DEBUG(5,(" clnt+srv : %s\n", credstr(sum2))); DEBUG(5,(" sess_key : %s\n", credstr(session_key))); }
/**************************************************************************** Old style search backend - process output. ****************************************************************************/ static void smb_raw_search_backend(struct smbcli_request *req, TALLOC_CTX *mem_ctx, uint16_t count, void *private_data, smbcli_search_callback callback) { union smb_search_data search_data; int i; uint8_t *p; if (req->in.data_size < 3 + count*43) { req->status = NT_STATUS_INVALID_PARAMETER; return; } p = req->in.data + 3; for (i=0; i < count; i++) { char *name; search_data.search.id.reserved = CVAL(p, 0); memcpy(search_data.search.id.name, p+1, 11); search_data.search.id.handle = CVAL(p, 12); search_data.search.id.server_cookie = IVAL(p, 13); search_data.search.id.client_cookie = IVAL(p, 17); search_data.search.attrib = CVAL(p, 21); search_data.search.write_time = raw_pull_dos_date(req->transport, p + 22); search_data.search.size = IVAL(p, 26); smbcli_req_pull_ascii(&req->in.bufinfo, mem_ctx, &name, p+30, 13, STR_ASCII); search_data.search.name = name; if (!callback(private_data, &search_data)) { break; } p += 43; } }