From ded3b45fb00a636fbf5bc8292fa6ed29b27bca4f Mon Sep 17 00:00:00 2001
From: Jeffrey Altman <jaltman@your-file-system.com>
Date: Thu, 23 Jun 2011 23:49:32 -0400
Subject: [PATCH] Windows: Fix SMB_COM_NEGOTIATE for MS11-043

MS11-043 adds response validation for SMB_COM_NEGOTIATE messages
received by the SMB Redirector.  OpenAFS failed to properly specify
a Challenge and DomainName in the response when the security mode
is SMB_AUTH_NONE (or share with password).  This patchset corrects
smb_ReceiveNegotiate() so that it adheres to the protocol specification.

FIXES 130033

Reviewed-on: http://gerrit.openafs.org/4886
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
Tested-by: Jeffrey Altman <jaltman@openafs.org>
(cherry-picked from 7532b05221caf2c382d9e8c9ca5af4a284566920)

Change-Id: I67eb2b293228cacb4df20ac072beaf03f2111c55
Reviewed-on: http://gerrit.openafs.org/4893
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
Tested-by: Jeffrey Altman <jaltman@openafs.org>
---
 src/WINNT/afsd/smb.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/WINNT/afsd/smb.c b/src/WINNT/afsd/smb.c
index 7948045d2..2980ce156 100644
--- a/src/WINNT/afsd/smb.c
+++ b/src/WINNT/afsd/smb.c
@@ -3920,8 +3920,7 @@ long smb_ReceiveNegotiate(smb_vc_t *vcp, smb_packet_t *inp, smb_packet_t *outp)
          * the same value for all sessions.  We should generate a random value
          * and store it into the vcp
          */
-        smb_SetSMBParm(outp, 7, 1);	/* next 2: session key */
-        smb_SetSMBParm(outp, 8, 1);
+        smb_SetSMBParmLong(outp, 7, 0x1a2b3c4d);	/* session key */
         /*
          * Tried changing the capabilities to support for W2K - defect 117695
          * Maybe something else needs to be changed here?
@@ -3995,8 +3994,13 @@ long smb_ReceiveNegotiate(smb_vc_t *vcp, smb_packet_t *inp, smb_packet_t *outp)
                 free(secBlob);
             }
         } else {
-            smb_SetSMBParmByte(outp, 16, 0); /* Encryption key length */
-            smb_SetSMBDataLength(outp, 0);   /* Perhaps we should specify 8 bytes anyway */
+            smb_SetSMBParmByte(outp, 16, 0);/* Challenge length */
+            smb_SetSMBDataLength(outp, smb_ServerDomainNameLength);
+            datap = smb_GetSMBData(outp, NULL);
+            /* the faux domain name */
+            cm_ClientStringToUtf8(smb_ServerDomainName, -1,
+                                  datap,
+                                  (int)(sizeof(outp->data)/sizeof(char) - (datap - outp->data)));
         }
     }
     else if (v3ProtoIndex != -1) {
-- 
2.39.5