Samba TNG string overruns (TNG 2.4, 2.5)
Max Maischein
maischein at navicon.de
Thu Apr 27 13:42:37 GMT 2000
Hello !
I'm desperately trying to get Samba TNG running as a PDC (in its own
isolated network for stability reasons), but for reasons that I don't know,
Samba fails on me with different stuff :
(Tested with TNG 2.5, I just now installed TNG 2.4 and the stuff applies
there too)
Environment :
1 NT 4 SP 6a machine, member of domain DOMAIN (this domain is not connected
to the machine anymore, I just wasn't able yet to move the machine over to
the TEST domain, see below).
1 Linux (SuSE) Samba TNG 2.5 server, member and to-be PDC of domain TEST
Samba TNG 2.4/2.5 compiled with no options given to configure.
The NT box can neither browse nor connect to any share (NT responds "Share
not found") and smbclient provokes some string overrun errors with the
password. I suspect that (among other bad setup stuff) there is some error
in the string handling for passwords (on which side of the connection I
don't know). I've included what I hope can help you about this.
--- smb.conf ---
# Samba config file created using SWAT
# from vinci.navicon.de (192.168.10.40)
# Date: 2000/04/17 14:55:04
# Global parameters
[global]
workgroup = TEST
netbios name = SAMBA
server string = Samba Server
interfaces = 192.168.10.12
# security = USER
security = SHARE
encrypt passwords = Yes
max log size = 50
time server = Yes
dns proxy = No
# wins server = arno
invalid users = bin daemon adm sync shutdown halt mail news uucp
operator gopher
hosts allow = 192.168.10. 192.168.20. 192.168.30.
domain group map = /usr/local/samba/lib/domaingroup.map
domain user map = /usr/local/samba/lib/domainuser.map
smb passwd file = /etc/smbpasswd
# logon script = login.bat
# logon drive = h:
# domain logons = Yes
# domain master = Yes
os level = 33
preferred master = Yes
Wins support = Yes
socket options = TCP_NODELAY
[cdrom]
comment = CD-Laufwerk
path = /cdrom
[tmp]
comment = Testshare
path = /tmp
read only = No
---
And running
smbclient '\samba\cdrom' -U maischein-root -d 200
gives the following results (together with the request failing)
added interface ip=192.168.10.12 bcast=192.168.10.255 nmask=255.255.255.0
Client started (version TNG-alpha).
copy_nt_creds: null creds
cli_init_creds: ntlmssp_flgs: 0
cli_establish_connection: SAMBA<00> connecting to SAMBA<20> (0.0.0.0) -
maischein-root [TEST] with NTLMv1, nopw: No
resolve_lmhosts: Attempting lmhosts lookup for name samba<0x20>
startlmhosts: Can't open lmhosts file /usr/local/samba/lib/lmhosts. Error
was No such file or directory
resolve_hosts: Attempting host lookup for name samba<0x20>
Connecting to 192.168.10.12 at port 139
[000] 81 00 00 48 20 46 44 45 42 45 4E 45 43 45 42 43 ...H FDE BENECEBC
[010] 41 43 41 43 41 43 41 43 41 43 41 43 41 43 41 43 ACACACAC ACACACAC
[020] 41 43 41 43 41 00 20 46 44 45 42 45 4E 45 43 45 ACACA. F DEBENECE
[030] 42 43 41 43 41 43 41 43 41 43 41 43 41 43 41 43 BCACACAC ACACACAC
[040] 41 43 41 43 41 41 41 00 00 00 00 00 ACACAAA. ....
write_socket(3,76)
write_socket(3,76) wrote 76
Sent session request
got smb length of 0
size=0
smb_com=0x0
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=0
smb_flg2=0
smb_tid=0
smb_pid=0
smb_uid=0
smb_mid=0
smt_wct=0
smb_bcc=0
size=164
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=18433
smb_tid=0
smb_pid=10891
smb_uid=0
smb_mid=1
smt_wct=0
smb_bcc=129
[000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG
[010] 52 41 4D 20 31 2E 30 00 02 4D 49 43 52 4F 53 4F RAM 1.0. .MICROSO
[020] 46 54 20 4E 45 54 57 4F 52 4B 53 20 31 2E 30 33 FT NETWO RKS 1.03
[030] 00 02 4D 49 43 52 4F 53 4F 46 54 20 4E 45 54 57 ..MICROS OFT NETW
[040] 4F 52 4B 53 20 33 2E 30 00 02 4C 41 4E 4D 41 4E ORKS 3.0 ..LANMAN
[050] 31 2E 30 00 02 4C 4D 31 2E 32 58 30 30 32 00 02 1.0..LM1 .2X002..
[060] 53 61 6D 62 61 00 02 4E 54 20 4C 41 4E 4D 41 4E Samba..N T LANMAN
[070] 20 31 2E 30 00 02 4E 54 20 4C 4D 20 30 2E 31 32 1.0..NT LM 0.12
[080] 00 .
write_socket(3,168)
write_socket(3,168) wrote 168
got smb length of 89
size=89
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=1
smb_tid=0
smb_pid=10891
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[0]=6 (0x6)
smb_vwv[1]=12802 (0x3202)
smb_vwv[2]=256 (0x100)
smb_vwv[3]=65280 (0xFF00)
smb_vwv[4]=255 (0xFF)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=256 (0x100)
smb_vwv[7]=35840 (0x8C00)
smb_vwv[8]=42 (0x2A)
smb_vwv[9]=12544 (0x3100)
smb_vwv[10]=3 (0x3)
smb_vwv[11]=0 (0x0)
smb_vwv[12]=6633 (0x19E9)
smb_vwv[13]=19709 (0x4CFD)
smb_vwv[14]=49072 (0xBFB0)
smb_vwv[15]=34817 (0x8801)
smb_vwv[16]=2303 (0x8FF)
smb_bcc=20
[000] E5 EE CF 18 54 50 7D D1 53 00 41 00 4D 00 42 00 ....TP}. S.A.M.B.
[010] 41 00 00 00 A...
server's domain: SAMBA bcc: 20
cli_establish_connection: NTLMv1
cli_session_setup. extended security: No
size=141
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=18433
smb_tid=0
smb_pid=10891
smb_uid=0
smb_mid=1
smt_wct=13
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=0 (0x0)
smb_vwv[2]=17408 (0x4400)
smb_vwv[3]=2 (0x2)
smb_vwv[4]=10891 (0x2A8B)
smb_vwv[5]=10892 (0x2A8C)
smb_vwv[6]=0 (0x0)
smb_vwv[7]=24 (0x18)
smb_vwv[8]=24 (0x18)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=0 (0x0)
smb_vwv[11]=0 (0x0)
smb_vwv[12]=0 (0x0)
smb_bcc=80
[000] 69 34 14 B5 0B D7 59 DB F2 8D CE 31 EE 77 58 5A i4....Y. ...1.wXZ
[010] 24 5D B8 B1 5F 23 20 C0 D1 0F C5 FC F1 CA 3A E8 $].._# . ......:.
[020] B1 4C 25 8C 7F 66 90 0B C5 44 EB 6F D6 24 81 EF .L%..f.. .D.o.$..
[030] 4D 41 49 53 43 48 45 49 4E 2D 52 4F 4F 54 00 54 MAISCHEI N-ROOT.T
[040] 45 53 54 00 55 6E 69 78 00 00 53 61 6D 62 61 00 EST.Unix ..Samba.
write_socket(3,145)
write_socket(3,145) wrote 145
got smb length of 67
size=67
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=1
smb_tid=0
smb_pid=10891
smb_uid=0
smb_mid=1
smt_wct=3
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=0 (0x0)
smb_vwv[2]=1 (0x1)
smb_bcc=26
[000] 55 6E 69 78 00 53 61 6D 62 61 20 54 4E 47 2D 61 Unix.Sam ba TNG-a
[010] 6C 70 68 61 00 54 45 53 54 00 lpha.TES T.
session setup ok
Domain=[TEST] OS=[Unix] Server=[Samba TNG-alpha]
ERROR: string overflow by 10 in safe_strcpy [N�AunE:e?L%?f?
ADeoO$?i]
size=87
smb_com=0x75
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=18433
smb_tid=0
smb_pid=10891
smb_uid=0
smb_mid=1
smt_wct=4
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=0 (0x0)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=24 (0x18)
smb_bcc=44
[000] 7F 8E EB 86 79 5C 15 7E 5F 3D ED 3F 5E FE 2D 9E ....y\.~ _=.?^.-.
[010] D9 49 C6 7A 66 9E 5A 3B 5C 5C 53 41 4D 42 41 5C .I.zf.Z; \\SAMBA\
[020] 43 44 52 4F 4D 00 3F 3F 3F 3F 3F 00 CDROM.?? ???.
write_socket(3,91)
write_socket(3,91) wrote 91
got smb length of 35
size=35
smb_com=0x75
smb_rcls=2
smb_reh=0
smb_err=2
smb_flg=136
smb_flg2=1
smb_tid=0
smb_pid=10891
smb_uid=0
smb_mid=1
smt_wct=0
smb_bcc=0
failed tcon_X
cli_establish_connection: SAMBA<00> connecting to *SMBSERVER<20>
(192.168.10.12) - MAISCHEIN-ROOT [TEST] with NTLMv1, nopw: No
[000] 81 00 00 48 20 43 4B 46 44 45 4E 45 43 46 44 45 ...H CKF DENECFDE
[010] 46 46 43 46 47 45 46 46 43 43 41 43 41 43 41 43 FFCFGEFF CCACACAC
[020] 41 43 41 43 41 00 20 46 44 45 42 45 4E 45 43 45 ACACA. F DEBENECE
[030] 42 43 41 43 41 43 41 43 41 43 41 43 41 43 41 43 BCACACAC ACACACAC
[040] 41 43 41 43 41 41 41 00 5C 53 41 4D ACACAAA. \SAM
write_socket(3,76)
write_socket(3,76) wrote 76
Sent session request
got smb length of 0
size=0
smb_com=0x0
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=0
smb_flg2=0
smb_tid=0
smb_pid=0
smb_uid=0
smb_mid=0
smt_wct=0
smb_bcc=0
size=164
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=18433
smb_tid=0
smb_pid=10891
smb_uid=0
smb_mid=1
smt_wct=0
smb_bcc=129
[000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG
[010] 52 41 4D 20 31 2E 30 00 02 4D 49 43 52 4F 53 4F RAM 1.0. .MICROSO
[020] 46 54 20 4E 45 54 57 4F 52 4B 53 20 31 2E 30 33 FT NETWO RKS 1.03
[030] 00 02 4D 49 43 52 4F 53 4F 46 54 20 4E 45 54 57 ..MICROS OFT NETW
[040] 4F 52 4B 53 20 33 2E 30 00 02 4C 41 4E 4D 41 4E ORKS 3.0 ..LANMAN
[050] 31 2E 30 00 02 4C 4D 31 2E 32 58 30 30 32 00 02 1.0..LM1 .2X002..
[060] 53 61 6D 62 61 00 02 4E 54 20 4C 41 4E 4D 41 4E Samba..N T LANMAN
[070] 20 31 2E 30 00 02 4E 54 20 4C 4D 20 30 2E 31 32 1.0..NT LM 0.12
[080] 00 .
write_socket(3,168)
write_socket(3,168) wrote 168
got smb length of 89
size=89
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=1
smb_tid=0
smb_pid=10891
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[0]=6 (0x6)
smb_vwv[1]=12802 (0x3202)
smb_vwv[2]=256 (0x100)
smb_vwv[3]=65280 (0xFF00)
smb_vwv[4]=255 (0xFF)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=256 (0x100)
smb_vwv[7]=35840 (0x8C00)
smb_vwv[8]=42 (0x2A)
smb_vwv[9]=12544 (0x3100)
smb_vwv[10]=3 (0x3)
smb_vwv[11]=0 (0x0)
smb_vwv[12]=6633 (0x19E9)
smb_vwv[13]=19709 (0x4CFD)
smb_vwv[14]=49072 (0xBFB0)
smb_vwv[15]=34817 (0x8801)
smb_vwv[16]=2303 (0x8FF)
smb_bcc=20
[000] 86 D0 08 87 3E 1F 2C E5 53 00 41 00 4D 00 42 00 ....>.,. S.A.M.B.
[010] 41 00 00 00 A...
server's domain: SAMBA bcc: 20
cli_establish_connection: NTLMv1
cli_session_setup. extended security: No
size=141
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=18433
smb_tid=0
smb_pid=10891
smb_uid=0
smb_mid=1
smt_wct=13
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=0 (0x0)
smb_vwv[2]=17408 (0x4400)
smb_vwv[3]=2 (0x2)
smb_vwv[4]=10891 (0x2A8B)
smb_vwv[5]=10892 (0x2A8C)
smb_vwv[6]=0 (0x0)
smb_vwv[7]=24 (0x18)
smb_vwv[8]=24 (0x18)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=0 (0x0)
smb_vwv[11]=0 (0x0)
smb_vwv[12]=0 (0x0)
smb_bcc=80
[000] AE 67 F6 68 0F 3B 01 2D EA 6B 45 E6 BD C8 B2 85 .g.h.;.- .kE.....
[010] 69 84 D2 5B DB ED 68 DF 43 4C A7 A8 72 DF 03 8A i..[..h. CL..r...
[020] 0B 93 05 D2 95 00 86 CC 4D AD 5B 96 EC 90 A9 C7 ........ M.[.....
[030] 4D 41 49 53 43 48 45 49 4E 2D 52 4F 4F 54 00 54 MAISCHEI N-ROOT.T
[040] 45 53 54 00 55 6E 69 78 00 00 53 61 6D 62 61 00 EST.Unix ..Samba.
write_socket(3,145)
write_socket(3,145) wrote 145
got smb length of 67
size=67
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=1
smb_tid=0
smb_pid=10891
smb_uid=0
smb_mid=1
smt_wct=3
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=0 (0x0)
smb_vwv[2]=1 (0x1)
smb_bcc=26
[000] 55 6E 69 78 00 53 61 6D 62 61 20 54 4E 47 2D 61 Unix.Sam ba TNG-a
[010] 6C 70 68 61 00 54 45 53 54 00 lpha.TES T.
session setup ok
Domain=[TEST] OS=[Unix] Server=[Samba TNG-alpha]
size=87
smb_com=0x75
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=18433
smb_tid=0
smb_pid=10891
smb_uid=0
smb_mid=1
smt_wct=4
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=0 (0x0)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=24 (0x18)
smb_bcc=44
[000] EA D0 04 F0 6E 00 B2 7B BC 4E 0A 97 29 85 7A 68 ....n..{ .N..).zh
[010] 5D 8C 8E 1C D1 58 97 33 5C 5C 53 41 4D 42 41 5C ]....X.3 \\SAMBA\
[020] 43 44 52 4F 4D 00 3F 3F 3F 3F 3F 00 CDROM.?? ???.
write_socket(3,91)
write_socket(3,91) wrote 91
got smb length of 35
size=35
smb_com=0x75
smb_rcls=2
smb_reh=0
smb_err=2
smb_flg=136
smb_flg2=1
smb_tid=0
smb_pid=10891
smb_uid=0
smb_mid=1
smt_wct=0
smb_bcc=0
failed tcon_X
added interface ip=192.168.10.12 bcast=192.168.10.255 nmask=255.255.255.0
Client started (version TNG-alpha).
copy_nt_creds: null creds
cli_init_creds: ntlmssp_flgs: 0
cli_establish_connection: SAMBA<00> connecting to SAMBA<20> (0.0.0.0) -
maischein-root [TEST] with NTLMv1, nopw: No
resolve_lmhosts: Attempting lmhosts lookup for name samba<0x20>
startlmhosts: Can't open lmhosts file /usr/local/samba/lib/lmhosts. Error
was No such file or directory
resolve_hosts: Attempting host lookup for name samba<0x20>
Connecting to 192.168.10.12 at port 139
[000] 81 00 00 48 20 46 44 45 42 45 4E 45 43 45 42 43 ...H FDE BENECEBC
[010] 41 43 41 43 41 43 41 43 41 43 41 43 41 43 41 43 ACACACAC ACACACAC
[020] 41 43 41 43 41 00 20 46 44 45 42 45 4E 45 43 45 ACACA. F DEBENECE
[030] 42 43 41 43 41 43 41 43 41 43 41 43 41 43 41 43 BCACACAC ACACACAC
[040] 41 43 41 43 41 41 41 00 00 00 00 00 ACACAAA. ....
write_socket(3,76)
write_socket(3,76) wrote 76
Sent session request
got smb length of 0
size=0
smb_com=0x0
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=0
smb_flg2=0
smb_tid=0
smb_pid=0
smb_uid=0
smb_mid=0
smt_wct=0
smb_bcc=0
size=164
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=18433
smb_tid=0
smb_pid=10893
smb_uid=0
smb_mid=1
smt_wct=0
smb_bcc=129
[000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG
[010] 52 41 4D 20 31 2E 30 00 02 4D 49 43 52 4F 53 4F RAM 1.0. .MICROSO
[020] 46 54 20 4E 45 54 57 4F 52 4B 53 20 31 2E 30 33 FT NETWO RKS 1.03
[030] 00 02 4D 49 43 52 4F 53 4F 46 54 20 4E 45 54 57 ..MICROS OFT NETW
[040] 4F 52 4B 53 20 33 2E 30 00 02 4C 41 4E 4D 41 4E ORKS 3.0 ..LANMAN
[050] 31 2E 30 00 02 4C 4D 31 2E 32 58 30 30 32 00 02 1.0..LM1 .2X002..
[060] 53 61 6D 62 61 00 02 4E 54 20 4C 41 4E 4D 41 4E Samba..N T LANMAN
[070] 20 31 2E 30 00 02 4E 54 20 4C 4D 20 30 2E 31 32 1.0..NT LM 0.12
[080] 00 .
write_socket(3,168)
write_socket(3,168) wrote 168
got smb length of 89
size=89
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=1
smb_tid=0
smb_pid=10893
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[0]=6 (0x6)
smb_vwv[1]=12802 (0x3202)
smb_vwv[2]=256 (0x100)
smb_vwv[3]=65280 (0xFF00)
smb_vwv[4]=255 (0xFF)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=256 (0x100)
smb_vwv[7]=36352 (0x8E00)
smb_vwv[8]=42 (0x2A)
smb_vwv[9]=12544 (0x3100)
smb_vwv[10]=3 (0x3)
smb_vwv[11]=0 (0x0)
smb_vwv[12]=56989 (0xDE9D)
smb_vwv[13]=19713 (0x4D01)
smb_vwv[14]=49072 (0xBFB0)
smb_vwv[15]=34817 (0x8801)
smb_vwv[16]=2303 (0x8FF)
smb_bcc=20
[000] 53 34 18 96 9D 18 93 FD 53 00 41 00 4D 00 42 00 S4...... S.A.M.B.
[010] 41 00 00 00 A...
server's domain: SAMBA bcc: 20
cli_establish_connection: NTLMv1
cli_session_setup. extended security: No
size=141
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=18433
smb_tid=0
smb_pid=10893
smb_uid=0
smb_mid=1
smt_wct=13
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=0 (0x0)
smb_vwv[2]=17408 (0x4400)
smb_vwv[3]=2 (0x2)
smb_vwv[4]=10893 (0x2A8D)
smb_vwv[5]=10894 (0x2A8E)
smb_vwv[6]=0 (0x0)
smb_vwv[7]=24 (0x18)
smb_vwv[8]=24 (0x18)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=0 (0x0)
smb_vwv[11]=0 (0x0)
smb_vwv[12]=0 (0x0)
smb_bcc=80
[000] 1D 7A BA F0 65 9C 03 7A 7B 14 ED 29 8C 49 BA EB .z..e..z {..).I..
[010] C7 43 DB DD 99 60 3A A3 8D 73 95 E8 9E 35 92 2E .C...`:. .s...5..
[020] 5B 82 A0 92 E8 EE F5 E3 85 27 2F E2 01 C2 88 FB [....... .'/.....
[030] 4D 41 49 53 43 48 45 49 4E 2D 52 4F 4F 54 00 54 MAISCHEI N-ROOT.T
[040] 45 53 54 00 55 6E 69 78 00 00 53 61 6D 62 61 00 EST.Unix ..Samba.
write_socket(3,145)
write_socket(3,145) wrote 145
got smb length of 67
size=67
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=1
smb_tid=0
smb_pid=10893
smb_uid=0
smb_mid=1
smt_wct=3
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=0 (0x0)
smb_vwv[2]=1 (0x1)
smb_bcc=26
[000] 55 6E 69 78 00 53 61 6D 62 61 20 54 4E 47 2D 61 Unix.Sam ba TNG-a
[010] 6C 70 68 61 00 54 45 53 54 00 lpha.TES T.
session setup ok
Domain=[TEST] OS=[Unix] Server=[Samba TNG-alpha]
ERROR: string overflow by 10 in safe_strcpy [?s.e?5'.[, 'eioa?'/a�A^u]
size=87
smb_com=0x75
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=18433
smb_tid=0
smb_pid=10893
smb_uid=0
smb_mid=1
smt_wct=4
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=0 (0x0)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=24 (0x18)
smb_bcc=44
[000] FF E9 07 85 C0 7A 6E D6 E9 D6 1C 34 B6 7C F4 9D .....zn. ...4.|..
[010] 07 C6 4F 01 E7 50 B7 C6 5C 5C 53 41 4D 42 41 5C ..O..P.. \\SAMBA\
[020] 43 44 52 4F 4D 00 3F 3F 3F 3F 3F 00 CDROM.?? ???.
write_socket(3,91)
write_socket(3,91) wrote 91
got smb length of 35
size=35
smb_com=0x75
smb_rcls=2
smb_reh=0
smb_err=2
smb_flg=136
smb_flg2=1
smb_tid=0
smb_pid=10893
smb_uid=0
smb_mid=1
smt_wct=0
smb_bcc=0
failed tcon_X
cli_establish_connection: SAMBA<00> connecting to *SMBSERVER<20>
(192.168.10.12) - MAISCHEIN-ROOT [TEST] with NTLMv1, nopw: No
[000] 81 00 00 48 20 43 4B 46 44 45 4E 45 43 46 44 45 ...H CKF DENECFDE
[010] 46 46 43 46 47 45 46 46 43 43 41 43 41 43 41 43 FFCFGEFF CCACACAC
[020] 41 43 41 43 41 00 20 46 44 45 42 45 4E 45 43 45 ACACA. F DEBENECE
[030] 42 43 41 43 41 43 41 43 41 43 41 43 41 43 41 43 BCACACAC ACACACAC
[040] 41 43 41 43 41 41 41 00 5C 53 41 4D ACACAAA. \SAM
write_socket(3,76)
write_socket(3,76) wrote 76
Sent session request
got smb length of 0
size=0
smb_com=0x0
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=0
smb_flg2=0
smb_tid=0
smb_pid=0
smb_uid=0
smb_mid=0
smt_wct=0
smb_bcc=0
size=164
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=18433
smb_tid=0
smb_pid=10893
smb_uid=0
smb_mid=1
smt_wct=0
smb_bcc=129
[000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG
[010] 52 41 4D 20 31 2E 30 00 02 4D 49 43 52 4F 53 4F RAM 1.0. .MICROSO
[020] 46 54 20 4E 45 54 57 4F 52 4B 53 20 31 2E 30 33 FT NETWO RKS 1.03
[030] 00 02 4D 49 43 52 4F 53 4F 46 54 20 4E 45 54 57 ..MICROS OFT NETW
[040] 4F 52 4B 53 20 33 2E 30 00 02 4C 41 4E 4D 41 4E ORKS 3.0 ..LANMAN
[050] 31 2E 30 00 02 4C 4D 31 2E 32 58 30 30 32 00 02 1.0..LM1 .2X002..
[060] 53 61 6D 62 61 00 02 4E 54 20 4C 41 4E 4D 41 4E Samba..N T LANMAN
[070] 20 31 2E 30 00 02 4E 54 20 4C 4D 20 30 2E 31 32 1.0..NT LM 0.12
[080] 00 .
write_socket(3,168)
write_socket(3,168) wrote 168
got smb length of 89
size=89
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=1
smb_tid=0
smb_pid=10893
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[0]=6 (0x6)
smb_vwv[1]=12802 (0x3202)
smb_vwv[2]=256 (0x100)
smb_vwv[3]=65280 (0xFF00)
smb_vwv[4]=255 (0xFF)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=256 (0x100)
smb_vwv[7]=36352 (0x8E00)
smb_vwv[8]=42 (0x2A)
smb_vwv[9]=12544 (0x3100)
smb_vwv[10]=3 (0x3)
smb_vwv[11]=0 (0x0)
smb_vwv[12]=56989 (0xDE9D)
smb_vwv[13]=19713 (0x4D01)
smb_vwv[14]=49072 (0xBFB0)
smb_vwv[15]=34817 (0x8801)
smb_vwv[16]=2303 (0x8FF)
smb_bcc=20
[000] 29 0E D5 D4 B9 36 9B F8 53 00 41 00 4D 00 42 00 )....6.. S.A.M.B.
[010] 41 00 00 00 A...
server's domain: SAMBA bcc: 20
cli_establish_connection: NTLMv1
cli_session_setup. extended security: No
size=141
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=18433
smb_tid=0
smb_pid=10893
smb_uid=0
smb_mid=1
smt_wct=13
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=0 (0x0)
smb_vwv[2]=17408 (0x4400)
smb_vwv[3]=2 (0x2)
smb_vwv[4]=10893 (0x2A8D)
smb_vwv[5]=10894 (0x2A8E)
smb_vwv[6]=0 (0x0)
smb_vwv[7]=24 (0x18)
smb_vwv[8]=24 (0x18)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=0 (0x0)
smb_vwv[11]=0 (0x0)
smb_vwv[12]=0 (0x0)
smb_bcc=80
[000] 6F 85 B4 2A AC D4 61 36 9D B0 38 59 C3 DC 92 F7 o..*..a6 ..8Y....
[010] E4 90 60 D4 53 3F 20 1F 7B 6F 76 B2 40 6F D7 52 ..`.S? . {ov. at o.R
[020] 4A EA B7 1F DE A7 90 E4 E9 D1 D7 32 D3 FF 9A B7 J....... ...2....
[030] 4D 41 49 53 43 48 45 49 4E 2D 52 4F 4F 54 00 54 MAISCHEI N-ROOT.T
[040] 45 53 54 00 55 6E 69 78 00 00 53 61 6D 62 61 00 EST.Unix ..Samba.
write_socket(3,145)
write_socket(3,145) wrote 145
got smb length of 67
size=67
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=1
smb_tid=0
smb_pid=10893
smb_uid=0
smb_mid=1
smt_wct=3
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=0 (0x0)
smb_vwv[2]=1 (0x1)
smb_bcc=26
[000] 55 6E 69 78 00 53 61 6D 62 61 20 54 4E 47 2D 61 Unix.Sam ba TNG-a
[010] 6C 70 68 61 00 54 45 53 54 00 lpha.TES T.
session setup ok
Domain=[TEST] OS=[Unix] Server=[Samba TNG-alpha]
ERROR: string overflow by 10 in safe_strcpy [{ov?@o?RJe.�???aeN?2Oy?.]
size=87
smb_com=0x75
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=18433
smb_tid=0
smb_pid=10893
smb_uid=0
smb_mid=1
smt_wct=4
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=0 (0x0)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=24 (0x18)
smb_bcc=44
[000] 34 E4 C3 1E 98 24 DF E2 3F 9D 5F 82 A8 00 22 FD 4....$.. ?._...".
[010] E7 2B 97 2D 44 68 D0 60 5C 5C 53 41 4D 42 41 5C .+.-Dh.` \\SAMBA\
[020] 43 44 52 4F 4D 00 3F 3F 3F 3F 3F 00 CDROM.?? ???.
write_socket(3,91)
write_socket(3,91) wrote 91
got smb length of 35
size=35
smb_com=0x75
smb_rcls=2
smb_reh=0
smb_err=2
smb_flg=136
smb_flg2=1
smb_tid=0
smb_pid=10893
smb_uid=0
smb_mid=1
smt_wct=0
smb_bcc=0
failed tcon_X
added interface ip=192.168.10.12 bcast=192.168.10.255 nmask=255.255.255.0
Client started (version TNG-alpha).
copy_nt_creds: null creds
cli_init_creds: ntlmssp_flgs: 0
cli_establish_connection: SAMBA<00> connecting to SAMBA<20> (0.0.0.0) -
maischein-root [TEST] with NTLMv1, nopw: Yes
resolve_lmhosts: Attempting lmhosts lookup for name samba<0x20>
startlmhosts: Can't open lmhosts file /usr/local/samba/lib/lmhosts. Error
was No such file or directory
resolve_hosts: Attempting host lookup for name samba<0x20>
Connecting to 192.168.10.12 at port 139
[000] 81 00 00 48 20 46 44 45 42 45 4E 45 43 45 42 43 ...H FDE BENECEBC
[010] 41 43 41 43 41 43 41 43 41 43 41 43 41 43 41 43 ACACACAC ACACACAC
[020] 41 43 41 43 41 00 20 46 44 45 42 45 4E 45 43 45 ACACA. F DEBENECE
[030] 42 43 41 43 41 43 41 43 41 43 41 43 41 43 41 43 BCACACAC ACACACAC
[040] 41 43 41 43 41 41 41 00 00 00 00 00 ACACAAA. ....
write_socket(3,76)
write_socket(3,76) wrote 76
Sent session request
got smb length of 0
size=0
smb_com=0x0
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=0
smb_flg2=0
smb_tid=0
smb_pid=0
smb_uid=0
smb_mid=0
smt_wct=0
smb_bcc=0
size=164
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=18433
smb_tid=0
smb_pid=10895
smb_uid=0
smb_mid=1
smt_wct=0
smb_bcc=129
[000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG
[010] 52 41 4D 20 31 2E 30 00 02 4D 49 43 52 4F 53 4F RAM 1.0. .MICROSO
[020] 46 54 20 4E 45 54 57 4F 52 4B 53 20 31 2E 30 33 FT NETWO RKS 1.03
[030] 00 02 4D 49 43 52 4F 53 4F 46 54 20 4E 45 54 57 ..MICROS OFT NETW
[040] 4F 52 4B 53 20 33 2E 30 00 02 4C 41 4E 4D 41 4E ORKS 3.0 ..LANMAN
[050] 31 2E 30 00 02 4C 4D 31 2E 32 58 30 30 32 00 02 1.0..LM1 .2X002..
[060] 53 61 6D 62 61 00 02 4E 54 20 4C 41 4E 4D 41 4E Samba..N T LANMAN
[070] 20 31 2E 30 00 02 4E 54 20 4C 4D 20 30 2E 31 32 1.0..NT LM 0.12
[080] 00 .
write_socket(3,168)
write_socket(3,168) wrote 168
got smb length of 89
size=89
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=1
smb_tid=0
smb_pid=10895
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[0]=6 (0x6)
smb_vwv[1]=12802 (0x3202)
smb_vwv[2]=256 (0x100)
smb_vwv[3]=65280 (0xFF00)
smb_vwv[4]=255 (0xFF)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=256 (0x100)
smb_vwv[7]=36864 (0x9000)
smb_vwv[8]=42 (0x2A)
smb_vwv[9]=12544 (0x3100)
smb_vwv[10]=3 (0x3)
smb_vwv[11]=32768 (0x8000)
smb_vwv[12]=27924 (0x6D14)
smb_vwv[13]=19720 (0x4D08)
smb_vwv[14]=49072 (0xBFB0)
smb_vwv[15]=34817 (0x8801)
smb_vwv[16]=2303 (0x8FF)
smb_bcc=20
[000] 3F 17 D7 96 EE 61 B8 3A 53 00 41 00 4D 00 42 00 ?....a.: S.A.M.B.
[010] 41 00 00 00 A...
server's domain: SAMBA bcc: 20
cli_session_setup. extended security: No
size=95
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=18433
smb_tid=0
smb_pid=10895
smb_uid=0
smb_mid=1
smt_wct=13
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=0 (0x0)
smb_vwv[2]=17408 (0x4400)
smb_vwv[3]=2 (0x2)
smb_vwv[4]=10895 (0x2A8F)
smb_vwv[5]=10896 (0x2A90)
smb_vwv[6]=0 (0x0)
smb_vwv[7]=1 (0x1)
smb_vwv[8]=1 (0x1)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=0 (0x0)
smb_vwv[11]=0 (0x0)
smb_vwv[12]=0 (0x0)
smb_bcc=34
[000] 00 00 4D 41 49 53 43 48 45 49 4E 2D 52 4F 4F 54 ..MAISCH EIN-ROOT
[010] 00 54 45 53 54 00 55 6E 69 78 00 00 53 61 6D 62 .TEST.Un ix..Samb
[020] 61 00 a.
write_socket(3,99)
write_socket(3,99) wrote 99
got smb length of 67
size=67
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=1
smb_tid=0
smb_pid=10895
smb_uid=0
smb_mid=1
smt_wct=3
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=0 (0x0)
smb_vwv[2]=1 (0x1)
smb_bcc=26
[000] 55 6E 69 78 00 53 61 6D 62 61 20 54 4E 47 2D 61 Unix.Sam ba TNG-a
[010] 6C 70 68 61 00 54 45 53 54 00 lpha.TES T.
size=63
smb_com=0x75
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=18433
smb_tid=0
smb_pid=10895
smb_uid=0
smb_mid=1
smt_wct=4
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=0 (0x0)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_bcc=20
[000] 5C 5C 53 41 4D 42 41 5C 43 44 52 4F 4D 00 3F 3F \\SAMBA\ CDROM.??
[010] 3F 3F 3F 00 ???.
write_socket(3,67)
write_socket(3,67) wrote 67
got smb length of 35
size=35
smb_com=0x75
smb_rcls=2
smb_reh=0
smb_err=2
smb_flg=136
smb_flg2=1
smb_tid=0
smb_pid=10895
smb_uid=0
smb_mid=1
smt_wct=0
smb_bcc=0
failed tcon_X
cli_establish_connection: SAMBA<00> connecting to *SMBSERVER<20>
(192.168.10.12) - MAISCHEIN-ROOT [TEST] with NTLMv1, nopw: Yes
[000] 81 00 00 48 20 43 4B 46 44 45 4E 45 43 46 44 45 ...H CKF DENECFDE
[010] 46 46 43 46 47 45 46 46 43 43 41 43 41 43 41 43 FFCFGEFF CCACACAC
[020] 41 43 41 43 41 00 20 46 44 45 42 45 4E 45 43 45 ACACA. F DEBENECE
[030] 42 43 41 43 41 43 41 43 41 43 41 43 41 43 41 43 BCACACAC ACACACAC
[040] 41 43 41 43 41 41 41 00 48 45 49 4E ACACAAA. HEIN
write_socket(3,76)
write_socket(3,76) wrote 76
Sent session request
got smb length of 0
size=0
smb_com=0x0
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=0
smb_flg2=0
smb_tid=0
smb_pid=0
smb_uid=0
smb_mid=0
smt_wct=0
smb_bcc=0
size=164
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=18433
smb_tid=0
smb_pid=10895
smb_uid=0
smb_mid=1
smt_wct=0
smb_bcc=129
[000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG
[010] 52 41 4D 20 31 2E 30 00 02 4D 49 43 52 4F 53 4F RAM 1.0. .MICROSO
[020] 46 54 20 4E 45 54 57 4F 52 4B 53 20 31 2E 30 33 FT NETWO RKS 1.03
[030] 00 02 4D 49 43 52 4F 53 4F 46 54 20 4E 45 54 57 ..MICROS OFT NETW
[040] 4F 52 4B 53 20 33 2E 30 00 02 4C 41 4E 4D 41 4E ORKS 3.0 ..LANMAN
[050] 31 2E 30 00 02 4C 4D 31 2E 32 58 30 30 32 00 02 1.0..LM1 .2X002..
[060] 53 61 6D 62 61 00 02 4E 54 20 4C 41 4E 4D 41 4E Samba..N T LANMAN
[070] 20 31 2E 30 00 02 4E 54 20 4C 4D 20 30 2E 31 32 1.0..NT LM 0.12
[080] 00 .
write_socket(3,168)
write_socket(3,168) wrote 168
got smb length of 89
size=89
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=1
smb_tid=0
smb_pid=10895
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[0]=6 (0x6)
smb_vwv[1]=12802 (0x3202)
smb_vwv[2]=256 (0x100)
smb_vwv[3]=65280 (0xFF00)
smb_vwv[4]=255 (0xFF)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=256 (0x100)
smb_vwv[7]=36864 (0x9000)
smb_vwv[8]=42 (0x2A)
smb_vwv[9]=12544 (0x3100)
smb_vwv[10]=3 (0x3)
smb_vwv[11]=32768 (0x8000)
smb_vwv[12]=27924 (0x6D14)
smb_vwv[13]=19720 (0x4D08)
smb_vwv[14]=49072 (0xBFB0)
smb_vwv[15]=34817 (0x8801)
smb_vwv[16]=2303 (0x8FF)
smb_bcc=20
[000] 42 E9 A8 95 B9 AE EA C6 53 00 41 00 4D 00 42 00 B....... S.A.M.B.
[010] 41 00 00 00 A...
server's domain: SAMBA bcc: 20
cli_session_setup. extended security: No
size=95
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=18433
smb_tid=0
smb_pid=10895
smb_uid=0
smb_mid=1
smt_wct=13
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=0 (0x0)
smb_vwv[2]=17408 (0x4400)
smb_vwv[3]=2 (0x2)
smb_vwv[4]=10895 (0x2A8F)
smb_vwv[5]=10896 (0x2A90)
smb_vwv[6]=0 (0x0)
smb_vwv[7]=1 (0x1)
smb_vwv[8]=1 (0x1)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=0 (0x0)
smb_vwv[11]=0 (0x0)
smb_vwv[12]=0 (0x0)
smb_bcc=34
[000] 00 00 4D 41 49 53 43 48 45 49 4E 2D 52 4F 4F 54 ..MAISCH EIN-ROOT
[010] 00 54 45 53 54 00 55 6E 69 78 00 00 53 61 6D 62 .TEST.Un ix..Samb
[020] 61 00 a.
write_socket(3,99)
write_socket(3,99) wrote 99
got smb length of 67
size=67
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=1
smb_tid=0
smb_pid=10895
smb_uid=0
smb_mid=1
smt_wct=3
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=0 (0x0)
smb_vwv[2]=1 (0x1)
smb_bcc=26
[000] 55 6E 69 78 00 53 61 6D 62 61 20 54 4E 47 2D 61 Unix.Sam ba TNG-a
[010] 6C 70 68 61 00 54 45 53 54 00 lpha.TES T.
size=63
smb_com=0x75
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=18433
smb_tid=0
smb_pid=10895
smb_uid=0
smb_mid=1
smt_wct=4
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=0 (0x0)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_bcc=20
[000] 5C 5C 53 41 4D 42 41 5C 43 44 52 4F 4D 00 3F 3F \\SAMBA\ CDROM.??
[010] 3F 3F 3F 00 ???.
write_socket(3,67)
write_socket(3,67) wrote 67
got smb length of 35
size=35
smb_com=0x75
smb_rcls=2
smb_reh=0
smb_err=2
smb_flg=136
smb_flg2=1
smb_tid=0
smb_pid=10895
smb_uid=0
smb_mid=1
smt_wct=0
smb_bcc=0
failed tcon_X
-max
More information about the samba-technical
mailing list