Re: 2.2.5 crashes in cli_errstr
Volker Lendecke schrieb: On Fri, Aug 23, 2002 at 01:19:18PM +0200, Martin Bahlinger wrote: I discovered that when the network reports No route to host (tested with route add DC_IP reject) everything works fine. But when I get the error Operation already in progress (tested with route add DC_IP lo) smbd crashes. I just tried to reproduce this. I had to set an iptables rule to drop outgoing 139 traffic, as the get_dc had to get through. I did not get a crash. Can you give more details? Maybe a debug level 10 log? BTW, I tried with latest 2_2 CVS, which is about to become 2.2.6 soon. I will be able to submit you some 2.2.4 logs in the next days. bye Martin
Re: Win2K: Primary Domain Fld of Ssn Setup Not Properly Zero Term'd
On Sun, Aug 25, 2002 at 10:02:49PM -0400, Allen, Michael B (RSCH) wrote: Clients should not check for *two* zero bytes after the Primary Domain field Unicode string in SMB_COM_SESSION_SETUP_ANDX. You may only get *one* 0x00 byte. I'm almost glad this is a bug in Win2K, I thought this was a bug in jCIFS. At least I have two articles of evidence suggesting the bug is with Win2K. One is inlined here and the other is a PNG of a pcap. Aug 21 06:58:52.472 - bad string 0: FF 53 4D 42 73 00 00 00 00 98 01 80 00 00 00 00 |?SMBs...| 00010: 00 00 00 00 00 00 00 00 05 88 56 34 01 F8 04 00 |..V4.?..| 00020: 03 75 00 81 00 00 00 58 00 7C|.u.X.| len1 = 0x58; len2=0x7c^ ^ 57 00 69 00 6E 00 W.i.n.| 00030: 64 00 6F 00 77 00 73 00 20 00 35 00 2E 00 30 00 |d.o.w.s. .5...0.| 00040: 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 |..W.i.n.d.o.w.s.| 00050: 20 00 32 00 30 00 30 00 30 00 20 00 4C 00 41 00 | .2.0.0.0. .L.A.| 00060: 4E 00 20 00 4D 00 61 00 6E 00 61 00 67 00 65 00 |N. .M.a.n.a.g.e.| 00070: 72 00 00 00 44 00 49 00 56 00 49 00 4E 00 45 00 |r...D.I.V.I.N.E.| 00080: 00 30|.0 0x58 length ends here. well, whoopidedoo, that happens to be absolutely spot-on. don't know what the 0x7c is about: it's either an incorrectly-specified max length of the Unicode UCS16 string, or it's something else. more examples would help isolate that. now. who do i send the bill to for my time? 2D 4E 00 57 65 73 74 20 63 6F 70 79 20 73 -N.West copy s| 00090: 70 6F 74 00 43 75 62 65 20 31 30 31 30 20 43 6F |pot.Cube 1010 Co| 000A0: 6C 6F 72 00 43 75 62 65 20 32 30 30 32 00 4F 66 |lor.Cube 2002.Of| 000B0: 66 69 63 65 20 32 30 33 2D 53 00 4C 6F 67 6F 6E |fice 203-S.Logon| 000C0: 20 73 65 72 76 65 72 20 73 68 61 72 65 20 00 4F | server share .O| 000D0: 66 66 69 63 65 20 31 30 30 34 00 4F 66 66 69 63 |ffice 1004.Offic| 000E0: 65 20 53 2D 32 30 36 00 4F 66 66 69 63 65 20 32 |e S-206.Office 2| 000F0: 30 35 2D 53 00 22 45 76 65 6E 74 20 6C 6F 67 67 |05-S.Event logg|
Re: Samba Head seems to send two identical copies of the NTLMSSP blob
I'll send it to the list this time.. Samba Head seems to send two identical copies of the NTLMSSP blob in a session setup response when more processing is required. Does Win2K do this? Yep, that's why we do it. Take a look at Craig Russ' presentation from CIFS 2000: http://www.snia.org/data/resources/presentations/cifs_2000/Craig_Russ.ppt About 25-30 pages in he talks about this... Jim McDonough IBM Linux Technology Center Samba Team 6 Minuteman Drive Scarborough, ME 04074 USA [EMAIL PROTECTED] [EMAIL PROTECTED] Phone: (207) 885-5565 IBM tie-line: 776-9984
Possible bug?
Hello all, I'm using the smbclient program to connect to a share on a local/member win2k pro system of a win2k domain. I've done the following: Create user:test pass:testtest login: works Create user:123456 Pass:123456 login: fails I've tried this on three different systems so far and it appears that a username that is all numeric will not be able to login? Can anyone else confirm this? I've tripple checked all domain policies and see nothing there. The event log just shows the failed login attempt with a event id 529 and login type 3. I've double checked that access this computer from the network is set correctly. I can't think of anything else. Like I said the same steps with a alpha username work. Also if I use the NET USE command from a Win2k box it works even with the numeric username. - Craig __ Do You Yahoo!? Yahoo! Finance - Get real-time stock quotes http://finance.yahoo.com
[PATCH] Patches to Samba 2.2.5 for Stratus VOS
I read that you are planning a 2.2.6 release of Samba. Would it be possible for you to apply the following short patches to samba/source/profile/profile.c and samba/source/utils/status.c in the 2.2 branch ?? These are precisely the same patches that you just applied at my request in Samba 3.0-alpha19. They enable Samba to build on VOS when --with-profile is not used, by avoiding references to System V-style shared memory functions. The other issues that I ran into while building 3.0 are already resolved in the 2.2 branch. I have tested building Samba with these patches on both VOS and Solaris; no issues. The patches are after my sig. Oh, and I am making excellent progress getting rsync ported to VOS. A few more days, and I think I'll have it up and running. Then I will try to get us into the build farm. Thanks very much PG -- Paul Green | Mail: [EMAIL PROTECTED] Senior Technical Consultant | Voice: +1 978-461-7557 FAX: +1 978-461-3610 Stratus Technologies| Video: PictureTel/ATT by request. Maynard, MA 01754 | Disclaimer: I speak for myself, not Stratus. ### START OF PATCHES ### diff -urp --new-file oldsamba/source/profile/profile.c newsamba/source/profile/profile.c --- oldsamba/source/profile/profile.c Mon Aug 26 11:01:03 2002 +++ newsamba/source/profile/profile.c Mon Aug 26 11:01:13 2002 @@ -22,7 +22,9 @@ #include includes.h +#ifdef WITH_PROFILE #define IPC_PERMS ((SHM_R | SHM_W) | (SHM_R3) | (SHM_R6)) +#endif /* WITH_PROFILE */ static int shm_id; static BOOL read_only; @@ -46,6 +48,7 @@ void profile_message(int msg_type, pid_t int level; memcpy(level, buf, sizeof(int)); +#ifdef WITH_PROFILE switch (level) { case 0: /* turn off profiling */ do_profile_flag = False; @@ -67,6 +70,9 @@ void profile_message(int msg_type, pid_t DEBUG(1,(INFO: Profiling values cleared from pid %d\n, (int)src)); break; } +#else /* ndef WITH_PROFILE */ + DEBUG(1,(INFO: Profiling support unavailable in this build.\n)); +#endif /* WITH_PROFILE */ } / @@ -88,6 +94,7 @@ void reqprofile_message(int msg_type, pi /*** open the profiling shared memory area **/ +#ifdef WITH_PROFILE BOOL profile_setup(BOOL rdonly) { struct shmid_ds shm_ds; @@ -157,4 +164,4 @@ BOOL profile_setup(BOOL rdonly) message_register(MSG_REQ_PROFILELEVEL, reqprofile_message); return True; } - +#endif /* WITH_PROFILE */ diff -urp --new-file oldsamba/source/utils/status.c newsamba/source/utils/status.c --- oldsamba/source/utils/status.c Mon Aug 26 11:01:38 2002 +++ newsamba/source/utils/status.c Mon Aug 26 11:01:31 2002 @@ -165,6 +165,7 @@ static void print_brl(SMB_DEV_T dev, SMB **/ static int profile_dump(void) { +#ifdef WITH_PROFILE if (!profile_setup(True)) { fprintf(stderr,Failed to initialise profile memory\n); return -1; @@ -501,6 +502,9 @@ static int profile_dump(void) printf(run_elections_time: %u\n, profile_p-run_elections_time); printf(election_count: %u\n, profile_p-election_count); printf(election_time: %u\n, profile_p-election_time); +#else /* ndef WITH_PROFILE */ + fprintf(stderr,Profile data unavailable\n); +#endif /* WITH_PROFILE */ return 0; } ### END OF PATCHES ###
Re: Must touch the smb.conf to make addprinter command work
On Sun, 25 Aug 2002, Richard Sharpe wrote: OK, guys, what is the significance of port name? It gets displayed on the client :-) cheers, jerry - Hewlett-Packard http://www.hp.com SAMBA Team http://www.samba.org --http://www.plainjoe.org Sam's Teach Yourself Samba in 24 Hours 2ed. ISBN 0-672-32269-2 --I never saved anything for the swim back. Ethan Hawk in Gattaca--
Re: Must touch the smb.conf to make addprinter command work
On Mon, 26 Aug 2002, Gerald Carter wrote: On Sun, 25 Aug 2002, Richard Sharpe wrote: OK, guys, what is the significance of port name? It gets displayed on the client :-) Well, I exited with a value of Done, but that did not get displayed on the client? Regards - Richard Sharpe, [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
Re: Queries regarding User logon and tree con Andx
On Sat, 24 Aug 2002, A Kulu wrote: Hi , I have the following queries. 1. I was looking at w2K - w2k traces. The tree connect And X always happens only for a validated user. This implies that a user should have done a SSX before t con X. Does samba follow the same philosophy or is it an implementation feature( ? :) ) of the w2k redirector ? Can I have a connected tree and no user logged on ? The negprot/SMBsesssetup/tcon are steps in user mode security as described in all of the current CIFS documentation. CIFS always includes a user/connection based model. Share mode security is a little different but still includes authentication during the tcon step. 2. I have also observed that a tree disconnect always happens before a logoff . What happens to any other trees that have been mounted by that user ? Once a session is disconnected, the vuid is invalid and all tid's a invalid as well. Is it that all the trees that have been mounted by the user will be unmounted before the client actually sends a user logoff ? Not explicitly. Or can other users continue to use the mounted trees even after a user has logged off ? See above comment. cheers, jerry - Hewlett-Packard http://www.hp.com SAMBA Team http://www.samba.org --http://www.plainjoe.org Sam's Teach Yourself Samba in 24 Hours 2ed. ISBN 0-672-32269-2 --I never saved anything for the swim back. Ethan Hawk in Gattaca--
Re: Win2K: Primary Domain Fld of Ssn Setup Not Properly Zero Term'd
On Mon, 26 Aug 2002 10:24:09 + Luke Kenneth Casson Leighton [EMAIL PROTECTED] wrote: On Sun, Aug 25, 2002 at 10:02:49PM -0400, Allen, Michael B (RSCH) wrote: Clients should not check for *two* zero bytes after the Primary Domain field Unicode string in SMB_COM_SESSION_SETUP_ANDX. You may only get *one* 0x00 byte. I'm almost glad this is a bug in Win2K, I thought this was a bug in jCIFS. At least I have two articles of evidence suggesting the bug is with Win2K. One is inlined here and the other is a PNG of a pcap. Aug 21 06:58:52.472 - bad string 0: FF 53 4D 42 73 00 00 00 00 98 01 80 00 00 00 00 |?SMBs...| 00010: 00 00 00 00 00 00 00 00 05 88 56 34 01 F8 04 00 |..V4.?..| 00020: 03 75 00 81 00 00 00 58 00 7C|.u.X.| len1 = 0x58; len2=0x7c^ ^ 57 00 69 00 6E 00 W.i.n.| 00030: 64 00 6F 00 77 00 73 00 20 00 35 00 2E 00 30 00 |d.o.w.s. .5...0.| 00040: 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 |..W.i.n.d.o.w.s.| 00050: 20 00 32 00 30 00 30 00 30 00 20 00 4C 00 41 00 | .2.0.0.0. .L.A.| 00060: 4E 00 20 00 4D 00 61 00 6E 00 61 00 67 00 65 00 |N. .M.a.n.a.g.e.| 00070: 72 00 00 00 44 00 49 00 56 00 49 00 4E 00 45 00 |r...D.I.V.I.N.E.| 00080: 00 30|.0 0x58 length ends here. well, whoopidedoo, that happens to be absolutely spot-on. don't know what the 0x7c is about: it's either an incorrectly-specified max length of the Unicode UCS16 string, or it's something else. more examples would help isolate that. now. who do i send the bill to for my time? Microsoft Corp. PO Box 9876542-1 Redmond, WA 87654-321 -- A program should be written to model the concepts of the task it performs rather than the physical world or a process because this maximizes the potential for it to be applied to tasks that are conceptually similar and more importantly to tasks that have not yet been conceived.
Re: Win2K: Primary Domain Fld of Ssn Setup Not Properly Zero Term'd
On Mon, 26 Aug 2002, Michael B. Allen wrote: On Mon, 26 Aug 2002 10:24:09 + Luke Kenneth Casson Leighton [EMAIL PROTECTED] wrote: On Sun, Aug 25, 2002 at 10:02:49PM -0400, Allen, Michael B (RSCH) wrote: Clients should not check for *two* zero bytes after the Primary Domain field Unicode string in SMB_COM_SESSION_SETUP_ANDX. You may only get *one* 0x00 byte. I'm almost glad this is a bug in Win2K, I thought this was a bug in jCIFS. At least I have two articles of evidence suggesting the bug is with Win2K. One is inlined here and the other is a PNG of a pcap. Aug 21 06:58:52.472 - bad string 0: FF 53 4D 42 73 00 00 00 00 98 01 80 00 00 00 00 |?SMBs...| 00010: 00 00 00 00 00 00 00 00 05 88 56 34 01 F8 04 00 |..V4.?..| 00020: 03 75 00 81 00 00 00 58 00 7C|.u.X.| len1 = 0x58; len2=0x7c^ ^ 57 00 69 00 6E 00 W.i.n.| 00030: 64 00 6F 00 77 00 73 00 20 00 35 00 2E 00 30 00 |d.o.w.s. .5...0.| 00040: 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 |..W.i.n.d.o.w.s.| 00050: 20 00 32 00 30 00 30 00 30 00 20 00 4C 00 41 00 | .2.0.0.0. .L.A.| 00060: 4E 00 20 00 4D 00 61 00 6E 00 61 00 67 00 65 00 |N. .M.a.n.a.g.e.| 00070: 72 00 00 00 44 00 49 00 56 00 49 00 4E 00 45 00 |r...D.I.V.I.N.E.| 00080: 00 30|.0 0x58 length ends here. well, whoopidedoo, that happens to be absolutely spot-on. Ummm, since SMBs are little endian, 00 58 is a large BCC. Much larger that 0x58. As well, ISTM, 00 7C is the first part of the Native OS: It looks like |. Perhaps I am egregiously wrong. don't know what the 0x7c is about: it's either an incorrectly-specified max length of the Unicode UCS16 string, or it's something else. more examples would help isolate that. now. who do i send the bill to for my time? Hmmm, no comment. Microsoft Corp. PO Box 9876542-1 Redmond, WA 87654-321 -- Regards - Richard Sharpe, [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
Re: [PATCH] Patches to Samba 2.2.5 for Stratus VOS
On Mon, Aug 26, 2002 at 11:20:00AM -0400, [EMAIL PROTECTED] wrote: I read that you are planning a 2.2.6 release of Samba. Would it be possible for you to apply the following short patches to samba/source/profile/profile.c and samba/source/utils/status.c in the 2.2 branch ?? Ok - will do - watch for checkin message. Thanks ! Jeremy.
Re: [PATCH] Patches to Samba 2.2.5 for Stratus VOS
On Tue, 27 Aug 2002, Andrew Bartlett wrote: [EMAIL PROTECTED] wrote: On Mon, Aug 26, 2002 at 11:20:00AM -0400, [EMAIL PROTECTED] wrote: I read that you are planning a 2.2.6 release of Samba. Would it be possible for you to apply the following short patches to samba/source/profile/profile.c and samba/source/utils/status.c in the 2.2 branch ?? Ok - will do - watch for checkin message. The only problem I have with this patch is that it makes smbstatus depend on --with-profile again. The idea was that you should not have to recompile smbstatus to attach to a --with-profile smbd. Hmmm, shouldn't smbstatus be able to do a runtime check to see if it has the appropriate bits, and only list the profiling stuff if smbd has been built with profiling? I actually do a lot with profiling, and wouldn't mind trying to code this up. I had asked jelmer to look into a HAVE_SHMEM test, but I'm not sure how far he got (he did a heck of a lot during that plugfest...). Also, I think this patch picks up Solaris sys/syslog.h, but not Linux's syslog.h. (Broken in HEAD too). Andrew Bartlett -- Regards - Richard Sharpe, [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
Re: [PATCH] Patches to Samba 2.2.5 for Stratus VOS
[EMAIL PROTECTED] wrote: On Tue, Aug 27, 2002 at 06:49:27AM +1000, Andrew Bartlett wrote: [EMAIL PROTECTED] wrote: On Mon, Aug 26, 2002 at 11:20:00AM -0400, [EMAIL PROTECTED] wrote: I read that you are planning a 2.2.6 release of Samba. Would it be possible for you to apply the following short patches to samba/source/profile/profile.c and samba/source/utils/status.c in the 2.2 branch ?? Ok - will do - watch for checkin message. The only problem I have with this patch is that it makes smbstatus depend on --with-profile again. The idea was that you should not have to recompile smbstatus to attach to a --with-profile smbd. I had asked jelmer to look into a HAVE_SHMEM test, but I'm not sure how far he got (he did a heck of a lot during that plugfest...). Also, I think this patch picks up Solaris sys/syslog.h, but not Linux's syslog.h. (Broken in HEAD too). For the 2.2.6 release I'm happy with it as it increases the portability of the code. And making the assumption that smbstatus was compiled with smbd is not too onerous (IMHO). Jeremy. I currently ship one smbstatus and 2 versions of smbd (with and without profiling). If I understand it, this would now require 2 versions of smbstatus. -- == Herb Lewis Silicon Graphics Networking Engineer 1600 Amphitheatre Pkwy MS-510 Strategic Software Organization Mountain View, CA 94043-1351 [EMAIL PROTECTED] Tel: 650-933-2177 http://www.sgi.com Fax: 650-932-2177 ==
[PATCH] Restore detection of syslog.h
OK, I think this is the fix to restore the desired behavior with respect to syslog.h. configure (both 2.2.5 and 3.0) is already looking for a header named syslog.h, so it is a simple matter to base the decision upon the right macro. Sorry for the mixup. Will be harmless here; we don't have this header (yet). (untested) Thanks PG ### START OF PATCH ### diff -urp --new-file oldsamba/source/include/includes.h newsamba/source/include/includes.h --- oldsamba/source/include/includes.h Mon Aug 26 17:12:21 2002 +++ newsamba/source/include/includes.h Mon Aug 26 17:12:28 2002 -217,7 +217,7 #include arpa/inet.h #include netdb.h -#ifdef WITH_SYSLOG +#ifdef HAVE_SYSLOG_H #include syslog.h #endif ### END OF PATCH ###
Re: Win2K: Primary Domain Fld of Ssn Setup Not Properly Zero Term'd
On Mon, Aug 26, 2002 at 02:51:52PM -0400, Michael B. Allen wrote: who do i send the bill to for my time? Microsoft Corp. PO Box 9876542-1 Redmond, WA 87654-321 teehee. that'll do nicely :)
Re: Win2K: Primary Domain Fld of Ssn Setup Not Properly Zero Term'd
On Tue, Aug 27, 2002 at 05:58:19AM +0930, Richard Sharpe wrote: Ummm, since SMBs are little endian, 00 58 is a large BCC. Much larger that 0x58. 1) rubbish. encapsulated packets - and SMB is used as a transport for many different things (other transports; at least two different totally separate RPC mechanisms; unlimited numbers of services; encapsulated authentication services which have nothing to do with SMB, the whole lot) all of these things have their own rules, none of which have anything to do with SMB. 2) ms has got it wrong _so_ many times that just doesn't hold true enough for you to make a blanket statement, smbs are little-endian 3) do your statistics. on a sample of one, the statistical probability of 0x00 0x58 just _happening_ to be _exactly and coincidentally_ the same as the length of the UCS16 string is 1.5e-5 (1 in 65536). on a sample of one, assuming instead that it's a single-byte length field and that the 0x00 is something else, then that probability is 0.004 (1 in 256). on a sample of two, the probabilities go up to 1e-10 and 1e-5 respectively. on a sample of three, it goes up to 1e-15 and 1e-7orso. so, my advice to you [no charge]: change the length of the string, diff the packets. _nuts_ to whether ms got it right or not: this is reverse-engineering. you're only looking for good enough to be convincing. who do i send the bill to for my time? Hmmm, no comment. *cackle* :)
RE: [jcifs] Re: Win2K: Primary Domain Fld of Ssn Setup NotProper ly Zero Term'd
-Original Message- From: Richard Sharpe [SMTP:[EMAIL PROTECTED]] Sent: Monday, August 26, 2002 4:28 PM To: Michael B. Allen Cc: Luke Kenneth Casson Leighton; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [jcifs] Re: Win2K: Primary Domain Fld of Ssn Setup Not Properly Zero Term'd On Mon, 26 Aug 2002, Michael B. Allen wrote: On Mon, 26 Aug 2002 10:24:09 + Luke Kenneth Casson Leighton [EMAIL PROTECTED] wrote: On Sun, Aug 25, 2002 at 10:02:49PM -0400, Allen, Michael B (RSCH) wrote: Clients should not check for *two* zero bytes after the Primary Domain field Unicode string in SMB_COM_SESSION_SETUP_ANDX. You may only get *one* 0x00 byte. I'm almost glad this is a bug in Win2K, I thought this was a bug in jCIFS. At least I have two articles of evidence suggesting the bug is with Win2K. One is inlined here and the other is a PNG of a pcap. Aug 21 06:58:52.472 - bad string 0: FF 53 4D 42 73 00 00 00 00 98 01 80 00 00 00 00 |?SMBs...| 00010: 00 00 00 00 00 00 00 00 05 88 56 34 01 F8 04 00 |..V4.?..| 00020: 03 75 00 81 00 00 00 58 00 7C|.u.X.| len1 = 0x58; len2=0x7c^ ^ 57 00 69 00 6E 00 W.i.n.| 00030: 64 00 6F 00 77 00 73 00 20 00 35 00 2E 00 30 00 |d.o.w.s. .5...0.| 00040: 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 |..W.i.n.d.o.w.s.| 00050: 20 00 32 00 30 00 30 00 30 00 20 00 4C 00 41 00 | .2.0.0.0. .L.A.| 00060: 4E 00 20 00 4D 00 61 00 6E 00 61 00 67 00 65 00 |N. .M.a.n.a.g.e.| 00070: 72 00 00 00 44 00 49 00 56 00 49 00 4E 00 45 00 |r...D.I.V.I.N.E.| 00080: 00 30|.0 0x58 length ends here. well, whoopidedoo, that happens to be absolutely spot-on. Ummm, since SMBs are little endian, 00 58 is a large BCC. Much larger that 0x58. As well, ISTM, 00 7C is the first part of the Native OS: It looks like |. His little pointers were just wrong. It's really 58 00 and 7C although I'm not sure what len2 means. He's right in that the byte count cuts off the pd field. Still a stepchild of a packet if I ever saw one. Perhaps I am egregiously wrong. don't know what the 0x7c is about: it's either an incorrectly-specified max length of the Unicode UCS16 string, or it's something else. more examples would help isolate that. now. who do i send the bill to for my time? Hmmm, no comment. Microsoft Corp. PO Box 9876542-1 Redmond, WA 87654-321 -- Regards - Richard Sharpe, [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
RE: [jcifs] Re: Win2K: Primary Domain Fld of Ssn Setup Not Properly Zero Term'd
On Mon, 26 Aug 2002, Allen, Michael B (RSCH) wrote: -Original Message- From: Richard Sharpe [SMTP:[EMAIL PROTECTED]] Sent: Monday, August 26, 2002 4:28 PM To: Michael B. Allen Cc: Luke Kenneth Casson Leighton; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject:[jcifs] Re: Win2K: Primary Domain Fld of Ssn Setup Not Properly Zero Term'd On Mon, 26 Aug 2002, Michael B. Allen wrote: On Mon, 26 Aug 2002 10:24:09 + Luke Kenneth Casson Leighton [EMAIL PROTECTED] wrote: On Sun, Aug 25, 2002 at 10:02:49PM -0400, Allen, Michael B (RSCH) wrote: Clients should not check for *two* zero bytes after the Primary Domain field Unicode string in SMB_COM_SESSION_SETUP_ANDX. You may only get *one* 0x00 byte. I'm almost glad this is a bug in Win2K, I thought this was a bug in jCIFS. At least I have two articles of evidence suggesting the bug is with Win2K. One is inlined here and the other is a PNG of a pcap. Aug 21 06:58:52.472 - bad string 0: FF 53 4D 42 73 00 00 00 00 98 01 80 00 00 00 00 |?SMBs...| 00010: 00 00 00 00 00 00 00 00 05 88 56 34 01 F8 04 00 |..V4.?..| 00020: 03 75 00 81 00 00 00 58 00 7C|.u.X.| len1 = 0x58; len2=0x7c^ ^ 57 00 69 00 6E 00 W.i.n.| 00030: 64 00 6F 00 77 00 73 00 20 00 35 00 2E 00 30 00 |d.o.w.s. .5...0.| 00040: 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 |..W.i.n.d.o.w.s.| 00050: 20 00 32 00 30 00 30 00 30 00 20 00 4C 00 41 00 | .2.0.0.0. .L.A.| 00060: 4E 00 20 00 4D 00 61 00 6E 00 61 00 67 00 65 00 |N. .M.a.n.a.g.e.| 00070: 72 00 00 00 44 00 49 00 56 00 49 00 4E 00 45 00 |r...D.I.V.I.N.E.| 00080: 00 30|.0 0x58 length ends here. well, whoopidedoo, that happens to be absolutely spot-on. Ummm, since SMBs are little endian, 00 58 is a large BCC. Much larger that 0x58. As well, ISTM, 00 7C is the first part of the Native OS: It looks like |. His little pointers were just wrong. It's really 58 00 and 7C although I'm not sure what len2 means. He's right in that the byte count cuts off the pd field. Still a stepchild of a packet if I ever saw one. At the risk of getting into a pissing contest, the SMB shown looks like a session setup and X response with a chained command. The 00 57 are in the correct place for the BCC, they just look like they are in big endian format. The next two bytes actually look like padding. At least that is what it looks like when comparing it to NT4 and W2K traces I have. Of course, I could be wrong. Where did the packet come from? Regards - Richard Sharpe, [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
RE: [jcifs] Re: Win2K: Primary Domain Fld of Ssn Setup NotProper ly Zero Term'd
-Original Message- From: Richard Sharpe [SMTP:[EMAIL PROTECTED]] Sent: Monday, August 26, 2002 8:25 PM To: Allen, Michael B (RSCH) Cc: Luke Kenneth Casson Leighton; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [jcifs] Re: Win2K: Primary Domain Fld of Ssn Setup Not Proper ly Zero Term'd On Mon, 26 Aug 2002, Allen, Michael B (RSCH) wrote: -Original Message- From: Richard Sharpe [SMTP:[EMAIL PROTECTED]] Sent: Monday, August 26, 2002 4:28 PM To: Michael B. Allen Cc: Luke Kenneth Casson Leighton; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [jcifs] Re: Win2K: Primary Domain Fld of Ssn Setup Not Properly Zero Term'd On Mon, 26 Aug 2002, Michael B. Allen wrote: On Mon, 26 Aug 2002 10:24:09 + Luke Kenneth Casson Leighton [EMAIL PROTECTED] wrote: On Sun, Aug 25, 2002 at 10:02:49PM -0400, Allen, Michael B (RSCH) wrote: Clients should not check for *two* zero bytes after the Primary Domain field Unicode string in SMB_COM_SESSION_SETUP_ANDX. You may only get *one* 0x00 byte. I'm almost glad this is a bug in Win2K, I thought this was a bug in jCIFS. At least I have two articles of evidence suggesting the bug is with Win2K. One is inlined here and the other is a PNG of a pcap. Aug 21 06:58:52.472 - bad string 0: FF 53 4D 42 73 00 00 00 00 98 01 80 00 00 00 00 |?SMBs...| 00010: 00 00 00 00 00 00 00 00 05 88 56 34 01 F8 04 00 |..V4.?..| 00020: 03 75 00 81 00 00 00 58 00 7C|.u.X.| len1 = 0x58; len2=0x7c^ ^ 57 00 69 00 6E 00 W.i.n.| 00030: 64 00 6F 00 77 00 73 00 20 00 35 00 2E 00 30 00 |d.o.w.s. .5...0.| 00040: 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 |..W.i.n.d.o.w.s.| 00050: 20 00 32 00 30 00 30 00 30 00 20 00 4C 00 41 00 | .2.0.0.0. .L.A.| 00060: 4E 00 20 00 4D 00 61 00 6E 00 61 00 67 00 65 00 |N. .M.a.n.a.g.e.| 00070: 72 00 00 00 44 00 49 00 56 00 49 00 4E 00 45 00 |r...D.I.V.I.N.E.| 00080: 00 30|.0 0x58 length ends here. well, whoopidedoo, that happens to be absolutely spot-on. Ummm, since SMBs are little endian, 00 58 is a large BCC. Much larger that 0x58. As well, ISTM, 00 7C is the first part of the Native OS: It looks like |. His little pointers were just wrong. It's really 58 00 and 7C although I'm not sure what len2 means. He's right in that the byte count cuts off the pd field. Still a stepchild of a packet if I ever saw one. At the risk of getting into a pissing contest, the SMB shown looks like a session setup and X response with a chained command. Yes, read the note below the hexdump in my original message. The 00 57 are in the correct place for the BCC, they just look like they are in big endian format. Nope. Look at the PNG of Ethereal in my OP. The packet may be messed up but it's definately not suffering from endian-inversion. The next two bytes actually look like padding. At least that is what it looks like when comparing it to NT4 and W2K traces I have. Of course, I could be wrong. Where did the packet come from? I captured jCIFS doing a NetServerEnum. I'll send you the pcap. Please don't crack my password :~) Regards - Richard Sharpe, [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
NTLMSSP and NTLMv2
It looks like the recent changes to 'correct' NTLMSSP have broken NTLMv2 in some way - Probably in much the same way that we suddenly got LM based session keys once we got the rest correct. In particular, it seems that the feilds in the NTLMSSP challange packet may have been re-ordered (Netbios name, domain name etc). Can you give this a look, and try out NTLMv2 to a Samba PDC? Thanks, Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
RE: [jcifs] Re: Win2K: Primary Domain Fld of Ssn Setup Not Properly Zero Term'd
On Mon, 26 Aug 2002, Allen, Michael B (RSCH) wrote: -Original Message- From: Richard Sharpe [SMTP:[EMAIL PROTECTED]] Sent: Monday, August 26, 2002 8:25 PM To: Allen, Michael B (RSCH) Cc: Luke Kenneth Casson Leighton; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject:RE: [jcifs] Re: Win2K: Primary Domain Fld of Ssn Setup Not Proper ly Zero Term'd On Mon, 26 Aug 2002, Allen, Michael B (RSCH) wrote: Nope. Look at the PNG of Ethereal in my OP. The packet may be messed up but it's definately not suffering from endian-inversion. OK, I have looked at the trace you sent. The Primary domain is only terminated with a single \0, but so is the primary domain in another trace I have. OK, so I looked further. Win2K seems to get it wrong, NT seems to get it right. I suspect it works because Windows only looks for the first \0 However, that trace you included seems pretty messed up. Regards - Richard Sharpe, [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
Re: SPNEGO and multiple authentication types ...
Am I right in thinking that SPNEGO allows for multiple authentication types by including multiple OIDs, for example KRB5, NTLMSSP, NTLM, etc? Yes, for example the following OIDs are included in a DCE RPC SPNEGO authentication: 24 069: OBJECT IDENTIFIER '1 2 840 48018 1 2 2' 35 069: OBJECT IDENTIFIER '1 2 840 113554 1 2 2' 46 06 10: OBJECT IDENTIFIER '1 2 840 113554 1 2 2 3' 58 06 10: OBJECT IDENTIFIER '1 3 6 1 4 1 311 2 2 10' The first is Microsoft's bodged Kerberos OID, which appears to be used in the SPNEGO negotiation only. The next is the real Kerberos OID. Not sure about the one afther that. The final one is NTLMSSP. -- Luke -- Luke Howard | lukehoward.com PADL Software | www.padl.com