From 7532b05221caf2c382d9e8c9ca5af4a284566920 Mon Sep 17 00:00:00 2001 From: Jeffrey Altman Date: Thu, 23 Jun 2011 23:49:32 -0400 Subject: [PATCH] Windows: Fix SMB_COM_NEGOTIATE for MS11-043 MS11-043 adds response validation for SMB_COM_NEGOTIATE messages received by the SMB Redirector. OpenAFS failed to properly specify a Challenge and DomainName in the response when the security mode is SMB_AUTH_NONE (or share with password). This patchset corrects smb_ReceiveNegotiate() so that it adheres to the protocol specification. FIXES 130033 Change-Id: I3dc6e571326c7259a39d30bd80b5986ff35c743c Reviewed-on: http://gerrit.openafs.org/4886 Tested-by: BuildBot Reviewed-by: Jeffrey Altman Tested-by: Jeffrey Altman --- src/WINNT/afsd/smb.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/src/WINNT/afsd/smb.c b/src/WINNT/afsd/smb.c index 79a926101..15476c962 100644 --- a/src/WINNT/afsd/smb.c +++ b/src/WINNT/afsd/smb.c @@ -3923,8 +3923,7 @@ long smb_ReceiveNegotiate(smb_vc_t *vcp, smb_packet_t *inp, smb_packet_t *outp) * the same value for all sessions. We should generate a random value * and store it into the vcp */ - smb_SetSMBParm(outp, 7, 1); /* next 2: session key */ - smb_SetSMBParm(outp, 8, 1); + smb_SetSMBParmLong(outp, 7, 0x1a2b3c4d); /* session key */ /* * Tried changing the capabilities to support for W2K - defect 117695 * Maybe something else needs to be changed here? @@ -3998,8 +3997,13 @@ long smb_ReceiveNegotiate(smb_vc_t *vcp, smb_packet_t *inp, smb_packet_t *outp) free(secBlob); } } else { - smb_SetSMBParmByte(outp, 16, 0); /* Encryption key length */ - smb_SetSMBDataLength(outp, 0); /* Perhaps we should specify 8 bytes anyway */ + smb_SetSMBParmByte(outp, 16, 0);/* Challenge length */ + smb_SetSMBDataLength(outp, smb_ServerDomainNameLength); + datap = smb_GetSMBData(outp, NULL); + /* the faux domain name */ + cm_ClientStringToUtf8(smb_ServerDomainName, -1, + datap, + (int)(sizeof(outp->data)/sizeof(char) - (datap - outp->data))); } } else if (v3ProtoIndex != -1) { -- 2.39.5