/*
pull a uint32_t ofs/ uint32_t length/blob triple from a data blob
the ptr points to the start of the offset/length pair
*/
NTSTATUS smb2_pull_o32s32_blob(struct smb2_request_buffer *buf, TALLOC_CTX *mem_ctx, uint8_t *ptr, DATA_BLOB *blob)
{
uint32_t ofs, size;
if (smb2_oob(buf, ptr, 8)) {
return NT_STATUS_INVALID_PARAMETER;
}
ofs = IVAL(ptr, 0);
size = IVAL(ptr, 4);
if (ofs == 0) {
*blob = data_blob(NULL, 0);
return NT_STATUS_OK;
}
if (smb2_oob(buf, buf->hdr + ofs, size)) {
return NT_STATUS_INVALID_PARAMETER;
}
*blob = data_blob_talloc(mem_ctx, buf->hdr + ofs, size);
NT_STATUS_HAVE_NO_MEMORY(blob->data);
return NT_STATUS_OK;
}
/*
Receive a Lease Break Response
*/
NTSTATUS smb2_lease_break_ack_recv(struct smb2_request *req,
struct smb2_lease_break_ack *io)
{
if (!smb2_request_receive(req) ||
!smb2_request_is_ok(req)) {
return smb2_request_destroy(req);
}
SMB2_CHECK_PACKET_RECV(req, 0x24, false);
io->out.reserved = IVAL(req->in.body, 0x02);
io->out.lease.lease_flags = IVAL(req->in.body, 0x04);
memcpy(&io->out.lease.lease_key, req->in.body+0x8,
sizeof(struct smb2_lease_key));
io->out.lease.lease_state = IVAL(req->in.body, 0x18);
io->out.lease.lease_duration = IVAL(req->in.body, 0x1C);
return smb2_request_destroy(req);
}
NTSTATUS smbd_smb2_request_check_tcon(struct smbd_smb2_request *req)
{
const uint8_t *inhdr;
int i = req->current_idx;
uint32_t in_flags;
uint32_t in_tid;
void *p;
struct smbd_smb2_tcon *tcon;
req->tcon = NULL;
inhdr = (const uint8_t *)req->in.vector[i+0].iov_base;
in_flags = IVAL(inhdr, SMB2_HDR_FLAGS);
in_tid = IVAL(inhdr, SMB2_HDR_TID);
if (in_flags & SMB2_HDR_FLAG_CHAINED) {
in_tid = req->last_tid;
}
req->last_tid = UINT32_MAX;
/* lookup an existing session */
p = idr_find(req->session->tcons.idtree, in_tid);
if (p == NULL) {
return NT_STATUS_NETWORK_NAME_DELETED;
}
tcon = talloc_get_type_abort(p, struct smbd_smb2_tcon);
if (!change_to_user(tcon->compat_conn,req->session->vuid)) {
return NT_STATUS_ACCESS_DENIED;
}
/* should we pass FLAG_CASELESS_PATHNAMES here? */
if (!set_current_service(tcon->compat_conn, 0, true)) {
return NT_STATUS_ACCESS_DENIED;
}
req->tcon = tcon;
req->last_tid = in_tid;
return NT_STATUS_OK;
}
/****************************************************************************
create a credential
Input:
8 byte sesssion key
8 byte stored credential
4 byte timestamp
Output:
8 byte credential
****************************************************************************/
void cred_create(uchar session_key[8], DOM_CHAL *stor_cred, UTIME timestamp,
DOM_CHAL *cred)
{
DOM_CHAL time_cred;
SIVAL(time_cred.data, 0, IVAL(stor_cred->data, 0) + timestamp.time);
SIVAL(time_cred.data, 4, IVAL(stor_cred->data, 4));
cred_hash2(cred->data, time_cred.data, session_key);
/* debug output*/
DEBUG(4,("cred_create\n"));
DEBUG(5,(" sess_key : %s\n", credstr(session_key)));
DEBUG(5,(" stor_cred: %s\n", credstr(stor_cred->data)));
DEBUG(5,(" timestamp: %x\n" , timestamp.time));
DEBUG(5,(" timecred : %s\n", credstr(time_cred.data)));
DEBUG(5,(" calc_cred: %s\n", credstr(cred->data)));
}
/************************************************************************
Routine to fetch the plaintext machine account password for a realm
the password is assumed to be a null terminated ascii string
************************************************************************/
char *secrets_fetch_machine_password(const char *domain,
time_t *pass_last_set_time,
uint32 *channel)
{
char *key = NULL;
char *ret;
asprintf(&key, "%s/%s", SECRETS_MACHINE_PASSWORD, domain);
strupper_m(key);
ret = (char *)secrets_fetch(key, NULL);
SAFE_FREE(key);
if (pass_last_set_time) {
size_t size;
uint32 *last_set_time;
asprintf(&key, "%s/%s", SECRETS_MACHINE_LAST_CHANGE_TIME, domain);
strupper_m(key);
last_set_time = secrets_fetch(key, &size);
if (last_set_time) {
*pass_last_set_time = IVAL(last_set_time,0);
SAFE_FREE(last_set_time);
} else {
*pass_last_set_time = 0;
}
SAFE_FREE(key);
}
if (channel) {
size_t size;
uint32 *channel_type;
asprintf(&key, "%s/%s", SECRETS_MACHINE_SEC_CHANNEL_TYPE, domain);
strupper_m(key);
channel_type = secrets_fetch(key, &size);
if (channel_type) {
*channel = IVAL(channel_type,0);
SAFE_FREE(channel_type);
} else {
*channel = get_default_sec_channel();
}
SAFE_FREE(key);
}
return ret;
}
static void uuid_unpack(const GUID in, struct uuid *uu)
{
const uint8 *ptr = in.info;
uu->time_low = IVAL(ptr, 0);
uu->time_mid = SVAL(ptr, 4);
uu->time_hi_and_version = SVAL(ptr, 6);
memcpy(uu->clock_seq, ptr+8, 2);
memcpy(uu->node, ptr+10, 6);
}
/*
trans2 findnext implementation
*/
static NTSTATUS trans2_findnext(struct smbsrv_request *req, struct trans_op *op)
{
struct smb_trans2 *trans = op->trans;
union smb_search_next *search;
uint16_t level;
struct find_state *state;
/* make sure we got all the parameters */
if (trans->in.params.length < 12) {
return NT_STATUS_FOOBAR;
}
search = talloc(op, union smb_search_next);
NT_STATUS_HAVE_NO_MEMORY(search);
search->t2fnext.in.handle = SVAL(trans->in.params.data, 0);
search->t2fnext.in.max_count = SVAL(trans->in.params.data, 2);
level = SVAL(trans->in.params.data, 4);
search->t2fnext.in.resume_key = IVAL(trans->in.params.data, 6);
search->t2fnext.in.flags = SVAL(trans->in.params.data, 10);
smbsrv_blob_pull_string(&req->in.bufinfo, &trans->in.params, 12, &search->t2fnext.in.last_name, 0);
if (search->t2fnext.in.last_name == NULL) {
return NT_STATUS_FOOBAR;
}
search->t2fnext.level = RAW_SEARCH_TRANS2;
search->t2fnext.data_level = (enum smb_search_data_level)level;
if (search->t2fnext.data_level >= RAW_SEARCH_DATA_GENERIC) {
return NT_STATUS_INVALID_LEVEL;
}
if (search->t2fnext.data_level == RAW_SEARCH_DATA_EA_LIST) {
TRANS2_CHECK(ea_pull_name_list(&trans->in.data, req,
&search->t2fnext.in.num_names,
&search->t2fnext.in.ea_names));
}
/* setup the private state structure that the backend will give us in the callback */
state = talloc(op, struct find_state);
NT_STATUS_HAVE_NO_MEMORY(state);
state->op = op;
state->search = search;
state->data_level = search->t2fnext.data_level;
state->last_entry_offset= 0;
state->flags = search->t2fnext.in.flags;
/* setup for just a header in the reply */
TRANS2_CHECK(trans2_setup_reply(trans, 8, 0, 0));
op->op_info = state;
op->send_fn = trans2_findnext_send;
return ntvfs_search_next(req->ntvfs, search, state, find_callback);
}
bool cli_get_fs_volume_info_old(struct cli_state *cli, fstring volume_name, uint32 *pserial_number)
{
bool ret = False;
uint16 setup;
char param[2];
char *rparam=NULL, *rdata=NULL;
unsigned int rparam_count=0, rdata_count=0;
unsigned char nlen;
setup = TRANSACT2_QFSINFO;
SSVAL(param,0,SMB_INFO_VOLUME);
if (!cli_send_trans(cli, SMBtrans2,
NULL,
0, 0,
&setup, 1, 0,
param, 2, 0,
NULL, 0, 560)) {
goto cleanup;
}
if (!cli_receive_trans(cli, SMBtrans2,
&rparam, &rparam_count,
&rdata, &rdata_count)) {
goto cleanup;
}
if (cli_is_error(cli)) {
ret = False;
goto cleanup;
} else {
ret = True;
}
if (rdata_count < 5) {
goto cleanup;
}
if (pserial_number) {
*pserial_number = IVAL(rdata,0);
}
nlen = CVAL(rdata,l2_vol_cch);
clistr_pull(cli, volume_name, rdata + l2_vol_szVolLabel, sizeof(fstring), nlen, STR_NOALIGN);
/* todo: but not yet needed
* return the other stuff
*/
cleanup:
SAFE_FREE(rparam);
SAFE_FREE(rdata);
return ret;
}
char *va_to_string(Value value)
{
switch (value.type) {
case VAL_TYPE_STR:
return strdup(SVAL(value));
case VAL_TYPE_BOOL:
return strdup(IVAL(value) ? "true" : "false");
case VAL_TYPE_INT:
{
char *num_str = malloc(VALUE_STR_CONVERT_SIZE);
if (num_str == NULL) {
return NULL;
}
snprintf(num_str, VALUE_STR_CONVERT_SIZE, "%ld", IVAL(value));
return num_str;
}
case VAL_TYPE_FLOAT:
{
char *num_str = malloc(VALUE_STR_CONVERT_SIZE);
if (num_str == NULL) {
return NULL;
}
snprintf(num_str, VALUE_STR_CONVERT_SIZE, "%f", FVAL(value));
return num_str;
}
case VAL_TYPE_REGEX:
return strdup(RVAL(value).regex_pattern);
case VAL_TYPE_SHELL_COMMAND:
return strdup(CVAL(value));
default:
assert(!"Invalid value type");
break;
}
return NULL;
}
static size_t calc_next_entry_offset(const char *base, const char *pdata_end)
{
size_t next_entry_offset = (size_t)IVAL(base,0);
if (next_entry_offset == 0 ||
base + next_entry_offset < base ||
base + next_entry_offset > pdata_end) {
next_entry_offset = pdata_end - base;
}
return next_entry_offset;
}
static bool tdb_data_read_uint32(TDB_DATA *buf, uint32_t *result)
{
const size_t len = sizeof(uint32_t);
if (buf->dsize >= len) {
*result = IVAL(buf->dptr, 0);
buf->dptr += len;
buf->dsize -= len;
return true;
}
return false;
}
static WERROR dsdb_syntax_OID_drsuapi_to_ldb(struct ldb_context *ldb,
const struct dsdb_schema *schema,
const struct dsdb_attribute *attr,
const struct drsuapi_DsReplicaAttribute *in,
TALLOC_CTX *mem_ctx,
struct ldb_message_element *out)
{
uint32_t i;
switch (attr->attributeID_id) {
case DRSUAPI_ATTRIBUTE_objectClass:
return _dsdb_syntax_OID_obj_drsuapi_to_ldb(ldb, schema, attr, in, mem_ctx, out);
case DRSUAPI_ATTRIBUTE_governsID:
case DRSUAPI_ATTRIBUTE_attributeID:
case DRSUAPI_ATTRIBUTE_attributeSyntax:
return _dsdb_syntax_OID_oid_drsuapi_to_ldb(ldb, schema, attr, in, mem_ctx, out);
}
out->flags = 0;
out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
W_ERROR_HAVE_NO_MEMORY(out->name);
out->num_values = in->value_ctr.num_values;
out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
W_ERROR_HAVE_NO_MEMORY(out->values);
for (i=0; i < out->num_values; i++) {
uint32_t v;
const char *name;
char *str;
if (in->value_ctr.values[i].blob == NULL) {
return WERR_FOOBAR;
}
if (in->value_ctr.values[i].blob->length != 4) {
return WERR_FOOBAR;
}
v = IVAL(in->value_ctr.values[i].blob->data, 0);
name = dsdb_lDAPDisplayName_by_id(schema, v);
if (!name) {
return WERR_FOOBAR;
}
str = talloc_strdup(out->values, name);
W_ERROR_HAVE_NO_MEMORY(str);
out->values[i] = data_blob_string_const(str);
}
return WERR_OK;
}
/**
pull a string from a blob, returning a talloced struct smb_wire_string
the string length is limited by the 3 things:
- the data size in the blob
- length field on the wire
- the end of string (null termination)
if STR_LEN8BIT is set in the flags then assume the length field is
8 bits, instead of 32
on failure zero is returned and dest->s is set to NULL, otherwise the number
of bytes consumed in the blob is returned
*/
size_t smbcli_blob_pull_string(struct smbcli_session *session,
TALLOC_CTX *mem_ctx,
const DATA_BLOB *blob,
struct smb_wire_string *dest,
uint16_t len_offset, uint16_t str_offset,
unsigned int flags)
{
int extra;
dest->s = NULL;
if (!(flags & STR_ASCII)) {
/* this is here to cope with SMB2 calls using the SMB
parsers. SMB2 will pass smbcli_session==NULL, which forces
unicode on (as used by SMB2) */
if (session == NULL) {
flags |= STR_UNICODE;
} else if (session->transport->negotiate.capabilities & CAP_UNICODE) {
flags |= STR_UNICODE;
}
}
if (flags & STR_LEN8BIT) {
if (len_offset > blob->length-1) {
return 0;
}
dest->private_length = CVAL(blob->data, len_offset);
} else {
if (len_offset > blob->length-4) {
return 0;
}
dest->private_length = IVAL(blob->data, len_offset);
}
extra = 0;
dest->s = NULL;
if (!(flags & STR_ASCII) && (flags & STR_UNICODE)) {
int align = 0;
if ((str_offset&1) && !(flags & STR_NOALIGN)) {
align = 1;
}
if (flags & STR_LEN_NOTERM) {
extra = 2;
}
return align + extra + smbcli_blob_pull_ucs2(mem_ctx, blob, &dest->s,
blob->data+str_offset+align,
dest->private_length, flags);
}
if (flags & STR_LEN_NOTERM) {
extra = 1;
}
return extra + smbcli_blob_pull_ascii(mem_ctx, blob, &dest->s,
blob->data+str_offset, dest->private_length, flags);
}
void print_guid(GUID *guid)
{
int i;
d_printf("%08x-%04x-%04x",
IVAL(guid->info, 0), SVAL(guid->info, 4), SVAL(guid->info, 6));
d_printf("-%02x%02x-", guid->info[8], guid->info[9]);
for (i=10;i<GUID_SIZE;i++)
d_printf("%02x", guid->info[i]);
d_printf("\n");
}
static void _print_drsuapi_DsAttributeValue_attid(struct ndr_print *ndr, const char *name,
const struct drsuapi_DsAttributeValue *r)
{
uint32_t v;
ndr_print_struct(ndr, name, "drsuapi_DsAttributeValue");
ndr->depth++;
v = IVAL(r->blob->data, 0);
ndr_print_uint32(ndr, "attid", v);
ndr->depth--;
}
bool srv_check_sign_mac(struct smbd_server_connection *conn,
const char *inbuf, uint32_t *seqnum,
bool trusted_channel)
{
const uint8_t *inhdr;
size_t len;
/* Check if it's a non-session message. */
if(CVAL(inbuf,0)) {
return true;
}
len = smb_len(inbuf);
inhdr = (const uint8_t *)inbuf + NBT_HDR_SIZE;
if (trusted_channel) {
NTSTATUS status;
if (len < (HDR_SS_FIELD + 8)) {
DEBUG(1,("smb_signing_check_pdu: Can't check signature "
"on short packet! smb_len = %u\n",
(unsigned)len));
return false;
}
status = NT_STATUS(IVAL(inhdr, HDR_SS_FIELD + 4));
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1,("smb_signing_check_pdu: trusted channel passed %s\n",
nt_errstr(status)));
return false;
}
*seqnum = IVAL(inhdr, HDR_SS_FIELD);
return true;
}
*seqnum = smb_signing_next_seqnum(conn->smb1.signing_state, false);
return smb_signing_check_pdu(conn->smb1.signing_state,
inhdr, len,
*seqnum);
}
void smb2srv_lock_recv(struct smb2srv_request *req)
{
union smb_lock *io;
SMB2SRV_CHECK_BODY_SIZE(req, 0x30, False);
SMB2SRV_TALLOC_IO_PTR(io, union smb_lock);
SMB2SRV_SETUP_NTVFS_REQUEST(smb2srv_lock_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
io->smb2.level = RAW_LOCK_SMB2;
io->smb2.in.unknown1 = SVAL(req->in.body, 0x02);
io->smb2.in.unknown2 = IVAL(req->in.body, 0x04);
io->smb2.in.file.ntvfs = smb2srv_pull_handle(req, req->in.body, 0x08);
io->smb2.in.offset = BVAL(req->in.body, 0x18);
io->smb2.in.count = BVAL(req->in.body, 0x20);
io->smb2.in.unknown5 = IVAL(req->in.body, 0x24);
io->smb2.in.flags = IVAL(req->in.body, 0x28);
SMB2SRV_CHECK_FILE_HANDLE(io->smb2.in.file.ntvfs);
SMB2SRV_CALL_NTVFS_BACKEND(ntvfs_lock(req->ntvfs, io));
}
void init_netr_CryptPassword(const char *pwd,
unsigned char session_key[16],
struct netr_CryptPassword *pwd_buf)
{
struct samr_CryptPassword password_buf;
encode_pw_buffer(password_buf.data, pwd, STR_UNICODE);
SamOEMhash(password_buf.data, session_key, 516);
memcpy(pwd_buf->data, password_buf.data, 512);
pwd_buf->length = IVAL(password_buf.data, 512);
}
/*
send a message
*/
bool smbcli_request_send(struct smbcli_request *req)
{
if (IVAL(req->out.buffer, 0) == 0) {
_smb_setlen(req->out.buffer, req->out.size - NBT_HDR_SIZE);
}
smbcli_request_calculate_sign_mac(req);
smbcli_transport_send(req);
return true;
}
/*
* Compare aces
* This will compare two ace entries for sorting
* each entry contains: type, perms and id
* Sort by type first, if type is same sort by id.
*/
static int vxfs_ace_cmp(const void *ace1, const void *ace2)
{
int ret = 0;
uint16_t type_a1, type_a2;
uint32_t id_a1, id_a2;
/* Type must be compared first */
type_a1 = SVAL(ace1, 0);
type_a2 = SVAL(ace2, 0);
ret = (type_a1 - type_a2);
if (!ret) {
/* Compare ID under type */
/* skip perm thus take offset as 4*/
id_a1 = IVAL(ace1, 4);
id_a2 = IVAL(ace2, 4);
ret = id_a1 - id_a2;
}
return ret;
}
bool cli_get_fs_attr_info(struct cli_state *cli, uint32 *fs_attr)
{
bool ret = False;
uint16 setup;
char param[2];
char *rparam=NULL, *rdata=NULL;
unsigned int rparam_count=0, rdata_count=0;
if (!cli||!fs_attr)
smb_panic("cli_get_fs_attr_info() called with NULL Pionter!");
setup = TRANSACT2_QFSINFO;
SSVAL(param,0,SMB_QUERY_FS_ATTRIBUTE_INFO);
if (!cli_send_trans(cli, SMBtrans2,
NULL,
0, 0,
&setup, 1, 0,
param, 2, 0,
NULL, 0, 560)) {
goto cleanup;
}
if (!cli_receive_trans(cli, SMBtrans2,
&rparam, &rparam_count,
&rdata, &rdata_count)) {
goto cleanup;
}
if (cli_is_error(cli)) {
ret = False;
goto cleanup;
} else {
ret = True;
}
if (rdata_count < 12) {
goto cleanup;
}
*fs_attr = IVAL(rdata,0);
/* todo: but not yet needed
* return the other stuff
*/
cleanup:
SAFE_FREE(rparam);
SAFE_FREE(rdata);
return ret;
}
static bool ldif_comparision_prefixMap_isString(const struct ldb_val *v)
{
if (v->length < 4) {
return true;
}
if (IVAL(v->data, 0) == PREFIX_MAP_VERSION_DSDB) {
return false;
}
return true;
}
/***********************************************************
Helper function for net_idmap_dump. Dump one entry.
**********************************************************/
static int net_idmap_dump_one_entry(TDB_CONTEXT *tdb,
TDB_DATA key,
TDB_DATA data,
void *unused)
{
if (strcmp(key.dptr, "USER HWM") == 0) {
printf("USER HWM %d\n", IVAL(data.dptr,0));
return 0;
}
if (strcmp(key.dptr, "GROUP HWM") == 0) {
printf("GROUP HWM %d\n", IVAL(data.dptr,0));
return 0;
}
if (strncmp(key.dptr, "S-", 2) != 0)
return 0;
printf("%s %s\n", data.dptr, key.dptr);
return 0;
}
/*
pull a uint32 from a cache entry
*/
static uint32 centry_uint32(struct cache_entry *centry)
{
uint32 ret;
if (centry->len - centry->ofs < 4) {
DEBUG(0,("centry corruption? needed 4 bytes, have %d\n",
centry->len - centry->ofs));
smb_panic("centry_uint32");
}
ret = IVAL(centry->data, centry->ofs);
centry->ofs += 4;
return ret;
}
bool decode_pw_buffer(TALLOC_CTX *ctx,
uint8_t in_buffer[516],
char **pp_new_pwrd,
size_t *new_pw_len,
charset_t string_charset)
{
int byte_len=0;
*pp_new_pwrd = NULL;
*new_pw_len = 0;
/*
Warning !!! : This function is called from some rpc call.
The password IN the buffer may be a UNICODE string.
The password IN new_pwrd is an ASCII string
If you reuse that code somewhere else check first.
*/
/* The length of the new password is in the last 4 bytes of the data buffer. */
byte_len = IVAL(in_buffer, 512);
#ifdef DEBUG_PASSWORD
dump_data(100, in_buffer, 516);
#endif
/* Password cannot be longer than the size of the password buffer */
if ( (byte_len < 0) || (byte_len > 512)) {
DEBUG(0, ("decode_pw_buffer: incorrect password length (%d).\n", byte_len));
DEBUG(0, ("decode_pw_buffer: check that 'encrypt passwords = yes'\n"));
return false;
}
/* decode into the return buffer. */
if (!convert_string_talloc(ctx, string_charset, CH_UNIX,
&in_buffer[512 - byte_len],
byte_len,
(void *)pp_new_pwrd,
new_pw_len)) {
DEBUG(0, ("decode_pw_buffer: failed to convert incoming password\n"));
return false;
}
#ifdef DEBUG_PASSWORD
DEBUG(100,("decode_pw_buffer: new_pwrd: "));
dump_data(100, (uint8_t *)*pp_new_pwrd, *new_pw_len);
DEBUG(100,("multibyte len:%lu\n", (unsigned long int)*new_pw_len));
DEBUG(100,("original char len:%d\n", byte_len/2));
#endif
return true;
}
/**
* format a registry_value into a string.
*
* This is intended to be used for smbconf registry values,
* which are ar stored as REG_SZ values, so the incomplete
* handling should be ok.
*/
static char *smbconf_format_registry_value(TALLOC_CTX *mem_ctx,
struct registry_value *value)
{
char *result = NULL;
/* alternatively, create a new talloc context? */
if (mem_ctx == NULL) {
return result;
}
switch (value->type) {
case REG_DWORD:
if (value->data.length >= 4) {
uint32_t v = IVAL(value->data.data, 0);
result = talloc_asprintf(mem_ctx, "%d", v);
}
break;
case REG_SZ:
case REG_EXPAND_SZ: {
const char *s;
if (!pull_reg_sz(mem_ctx, &value->data, &s)) {
break;
}
result = talloc_strdup(mem_ctx, s);
break;
}
case REG_MULTI_SZ: {
uint32 j;
const char **a = NULL;
if (!pull_reg_multi_sz(mem_ctx, &value->data, &a)) {
break;
}
for (j = 0; a[j] != NULL; j++) {
result = talloc_asprintf(mem_ctx, "%s\"%s\" ",
result ? result : "" ,
a[j]);
if (result == NULL) {
break;
}
}
break;
}
case REG_BINARY:
result = talloc_asprintf(mem_ctx, "binary (%d bytes)",
(int)value->data.length);
break;
default:
result = talloc_asprintf(mem_ctx, "<unprintable>");
break;
}
return result;
}
/*****************************************************************
parse a on-the-wire SID to a DOM_SID
*****************************************************************/
BOOL sid_parse(char *inbuf, size_t len, DOM_SID *sid)
{
int i;
if (len < 8) return False;
sid->sid_rev_num = CVAL(inbuf, 0);
sid->num_auths = CVAL(inbuf, 1);
memcpy(sid->id_auth, inbuf+2, 6);
if (len < 8 + sid->num_auths*4) return False;
for (i=0;i<sid->num_auths;i++) {
sid->sub_auths[i] = IVAL(inbuf, 8+i*4);
}
return True;
}
static void dbwrap_fetch_int32_parser(TDB_DATA key, TDB_DATA data,
void *private_data)
{
struct dbwrap_fetch_int32_state *state =
(struct dbwrap_fetch_int32_state *)private_data;
if (data.dsize != sizeof(state->result)) {
state->status = NT_STATUS_INTERNAL_DB_CORRUPTION;
return;
}
state->result = IVAL(data.dptr, 0);
state->status = NT_STATUS_OK;
}
/****************************************************************************
setup the session key.
Input: 8 byte challenge block
8 byte server challenge block
16 byte md4 encrypted password
Output:
8 byte session key
****************************************************************************/
void cred_session_key(const DOM_CHAL *clnt_chal, const DOM_CHAL *srv_chal, const uchar *pass,
uchar session_key[8])
{
uint32 sum[2];
unsigned char sum2[8];
sum[0] = IVAL(clnt_chal->data, 0) + IVAL(srv_chal->data, 0);
sum[1] = IVAL(clnt_chal->data, 4) + IVAL(srv_chal->data, 4);
SIVAL(sum2,0,sum[0]);
SIVAL(sum2,4,sum[1]);
cred_hash1(session_key, sum2, pass);
/* debug output */
DEBUG(4,("cred_session_key\n"));
DEBUG(5,(" clnt_chal: %s\n", credstr(clnt_chal->data)));
DEBUG(5,(" srv_chal : %s\n", credstr(srv_chal->data)));
DEBUG(5,(" clnt+srv : %s\n", credstr(sum2)));
DEBUG(5,(" sess_key : %s\n", credstr(session_key)));
}
/****************************************************************************
Old style search backend - process output.
****************************************************************************/
static void smb_raw_search_backend(struct smbcli_request *req,
TALLOC_CTX *mem_ctx,
uint16_t count,
void *private_data,
smbcli_search_callback callback)
{
union smb_search_data search_data;
int i;
uint8_t *p;
if (req->in.data_size < 3 + count*43) {
req->status = NT_STATUS_INVALID_PARAMETER;
return;
}
p = req->in.data + 3;
for (i=0; i < count; i++) {
char *name;
search_data.search.id.reserved = CVAL(p, 0);
memcpy(search_data.search.id.name, p+1, 11);
search_data.search.id.handle = CVAL(p, 12);
search_data.search.id.server_cookie = IVAL(p, 13);
search_data.search.id.client_cookie = IVAL(p, 17);
search_data.search.attrib = CVAL(p, 21);
search_data.search.write_time = raw_pull_dos_date(req->transport,
p + 22);
search_data.search.size = IVAL(p, 26);
smbcli_req_pull_ascii(&req->in.bufinfo, mem_ctx, &name, p+30, 13, STR_ASCII);
search_data.search.name = name;
if (!callback(private_data, &search_data)) {
break;
}
p += 43;
}
}
