[SCM] Samba Shared Repository - branch master updated

Wed May 19 11:37:05 MDT 2010

The branch, master has been updated
       via  b0d7a3d... Thanks to Andrew Bartlett's advice, fix the NTLMSSP version problem the correct way.
      from  ac93412... pynet: Raise proper exceptions rather than invoking sys.exit.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit b0d7a3d123cb96049dc782b317554448acdae1a2
Author: Jeremy Allison <jra at samba.org>
Date:   Wed May 19 10:34:44 2010 -0700

    Thanks to Andrew Bartlett's advice, fix the NTLMSSP version problem the correct way.
    
    No more magic blobs :-). Use ndr_push_struct_blob() to
    push a properly formatted VERSION struct.
    
    Jeremy.

-----------------------------------------------------------------------

Summary of changes:
 libcli/auth/msrpc_parse.c |    5 +++-
 librpc/idl/ntlmssp.idl    |    2 +-
 source3/libsmb/ntlmssp.c  |   66 +++++++++++++++++++++++---------------------
 3 files changed, 39 insertions(+), 34 deletions(-)


Changeset truncated at 500 lines:

diff --git a/libcli/auth/msrpc_parse.c b/libcli/auth/msrpc_parse.c
index 336611d..7ac6fb5 100644
--- a/libcli/auth/msrpc_parse.c
+++ b/libcli/auth/msrpc_parse.c
@@ -174,7 +174,10 @@ bool msrpc_gen(TALLOC_CTX *mem_ctx,
 			break;
 		case 'b':
 			n = pointers[i].length;
-			memcpy(blob->data + head_ofs, pointers[i].data, n);
+			if (pointers[i].data && n) {
+				/* don't follow null pointers... */
+				memcpy(blob->data + head_ofs, pointers[i].data, n);
+			}
 			head_ofs += n;
 			break;
 		case 'C':
diff --git a/librpc/idl/ntlmssp.idl b/librpc/idl/ntlmssp.idl
index 1227952..eb9ab29 100644
--- a/librpc/idl/ntlmssp.idl
+++ b/librpc/idl/ntlmssp.idl
@@ -86,7 +86,7 @@ interface ntlmssp
 
 	/* [MS-NLMP] 2.2.2.10 VERSION */
 
-	typedef struct {
+	typedef [public] struct {
 		ntlmssp_WindowsMajorVersion ProductMajorVersion;
 		ntlmssp_WindowsMinorVersion ProductMinorVersion;
 		uint16 ProductBuild;
diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
index 1f6720c..2fc8adf 100644
--- a/source3/libsmb/ntlmssp.c
+++ b/source3/libsmb/ntlmssp.c
@@ -522,45 +522,47 @@ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state,
 	{
 		/* Marshal the packet in the right format, be it unicode or ASCII */
 		const char *gen_string;
-		/* "What Windows returns" as a version number. */
-		const char vers[] = { 0x6, 0x1, 0xb0, 0x1d, 0, 0, 0, 0xf};
+		DATA_BLOB version_blob = data_blob_null;
 
 		if (chal_flags & NTLMSSP_NEGOTIATE_VERSION) {
-			DATA_BLOB version_blob = data_blob_talloc(ntlmssp_state, vers, 8);
-
-			if (ntlmssp_state->unicode) {
-				gen_string = "CdUdbddBb";
-			} else {
-				gen_string = "CdAdbddBb";
+			enum ndr_err_code err;
+			struct VERSION vers;
+
+			/* "What Windows returns" as a version number. */
+			ZERO_STRUCT(vers);
+			vers.ProductMajorVersion = NTLMSSP_WINDOWS_MAJOR_VERSION_6;
+			vers.ProductMinorVersion = NTLMSSP_WINDOWS_MINOR_VERSION_1;
+			vers.ProductBuild = 0;
+			vers.NTLMRevisionCurrent = NTLMSSP_REVISION_W2K3;
+
+			err = ndr_push_struct_blob(&version_blob,
+						ntlmssp_state,
+						&vers,
+						(ndr_push_flags_fn_t)ndr_push_VERSION);
+
+			if (err) {
+				return NT_STATUS_NO_MEMORY;
 			}
+		}
 
-			msrpc_gen(ntlmssp_state, reply, gen_string,
-				"NTLMSSP",
-				NTLMSSP_CHALLENGE,
-				target_name,
-				chal_flags,
-				cryptkey, 8,
-				0, 0,
-				struct_blob.data, struct_blob.length,
-				version_blob.data, version_blob.length);
-			data_blob_free(&version_blob);
+		if (ntlmssp_state->unicode) {
+			gen_string = "CdUdbddBb";
 		} else {
-			if (ntlmssp_state->unicode) {
-				gen_string = "CdUdbddB";
-			} else {
-				gen_string = "CdAdbddB";
-			}
-
-			msrpc_gen(ntlmssp_state, reply, gen_string,
-				"NTLMSSP",
-				NTLMSSP_CHALLENGE,
-				target_name,
-				chal_flags,
-				cryptkey, 8,
-				0, 0,
-				struct_blob.data, struct_blob.length);
+			gen_string = "CdAdbddBb";
 		}
 
+		msrpc_gen(ntlmssp_state, reply, gen_string,
+			"NTLMSSP",
+			NTLMSSP_CHALLENGE,
+			target_name,
+			chal_flags,
+			cryptkey, 8,
+			0, 0,
+			struct_blob.data, struct_blob.length,
+			version_blob.data, version_blob.length);
+
+		data_blob_free(&version_blob);
+
 		if (DEBUGLEVEL >= 10) {
 			if (NT_STATUS_IS_OK(ntlmssp_pull_CHALLENGE_MESSAGE(reply,
 						       ntlmssp_state,


-- 
Samba Shared Repository
