From 78011b55064b08b0628914e5d32972e23c94b5af Mon Sep 17 00:00:00 2001 From: erdgeist <> Date: Thu, 26 Feb 2004 04:58:45 +0000 Subject: LANMAN still not working, but we're on our way --- Makefile | 4 ++-- src/nu_defines.h | 5 +++++ src/nu_server.c | 41 +++++++++++++++++++++++++++-------------- src/nu_server.h | 47 ++++++++++++++++++++++++++++++++++++++++++++++- 4 files changed, 80 insertions(+), 17 deletions(-) diff --git a/Makefile b/Makefile index 3037d9f..270b1f4 100755 --- a/Makefile +++ b/Makefile @@ -1,11 +1,11 @@ all: nudossi nudossi: - gcc -O -o bin/nudossi src/nu_server.c + gcc -O -o bin/nudossi src/nu_server.c src/nu_lanman.c strip bin/nudossi debug: - gcc -g -o bin/nudossi src/nu_server.c + gcc -g -o bin/nudossi src/nu_server.c src/nu_lanman.c clean: rm -f bin/nudossi nudossi.core diff --git a/src/nu_defines.h b/src/nu_defines.h index a3d6f29..75c3f2b 100755 --- a/src/nu_defines.h +++ b/src/nu_defines.h @@ -1,3 +1,6 @@ +#ifndef _NU_DEFINES_H_ +#define _NU_DEFINES_H_ + #define SMB_HEADER_PROTOCOL_MAGIC 0x424d53ff typedef enum { @@ -716,3 +719,5 @@ typedef enum { STATUS_WX86_FLOAT_STACK_CHECK = 0xC0000270, STATUS_WOW_ASSERTION = 0xC0009898 } SMB_STATUS; + +#endif diff --git a/src/nu_server.c b/src/nu_server.c index d1bb46a..186c2d7 100755 --- a/src/nu_server.c +++ b/src/nu_server.c @@ -1,13 +1,5 @@ -#include -#include -#include -#include -#include -#include -#include -#include - #include "nu_server.h" +#include "nu_lanman.h" static void bailout( char *reason ); static void sigint( int reason ) { bailout( "User interrupt." ); } @@ -89,7 +81,7 @@ static SMB_STATUS handle_SMB_COM_SESSION_SETUP_ANDX( SMB_HEADER *header, SMB_DAT return STATUS_SUCCESS; } -static const BYTE SMB_COM_TREE_CONNECT_ANDX_bytes[] = { 8, 0, 'I', 'P', 'C', 0, 'I', 'P', 'C', 0 }; +static const BYTE SMB_COM_TREE_CONNECT_ANDX_bytes[] = { 9, 0, 'A', ':', 0, 'F', 'A', 'T', '3', '2', 0 }; static BYTE SMB_COM_TREE_CONNECT_ANDX_params[] = { 3, 255, 0, 0, 0, 0, 0 }; static SMB_STATUS handle_SMB_COM_TREE_CONNECT_ANDX( SMB_HEADER *header, SMB_DATA *data ){ @@ -99,11 +91,30 @@ static SMB_STATUS handle_SMB_COM_TREE_CONNECT_ANDX( SMB_HEADER *header, SMB_DATA return STATUS_SUCCESS; } +static SMB_STATUS handle_SMB_COM_TRANSACTION( SMB_HEADER *header, SMB_DATA *data ) { + if( !strcmp( (char*)&data->bytes[1], "\\PIPE\\LANMAN")) + { + /* TODO: Sanity Check on DataCount vs. ByteCount */ + SMB_PARAMS_TRANSACTION *params = (SMB_PARAMS_TRANSACTION *)data->params; + SMB_TRANSACTION_BYTES bytes; + + bytes.params = ((BYTE*)&header->Protocol) + GETNWORD( params->ParameterOffset ); + bytes.paramc = GETNWORD( params->ParameterCount ); + bytes.data = ((BYTE*)&header->Protocol) + GETNWORD( params->DataOffset ); + bytes.datac = GETNWORD( params->DataCount ); + + return handle_LANMAN( header, data, &bytes ); + } + else + return 0x00400002; +} + static int command_handler_match(const void *a, const void *b ) { return *(BYTE*)a - *(BYTE*)b; } /* If you add command handlers, please insert them in the right position, this list is sorted by command, for later bsearch*/ static SMB_COMMAND_HANDLER command_handler[] = { + { SMB_COM_TRANSACTION, 0x00, handle_SMB_COM_TRANSACTION }, { SMB_COM_NEGOTIATE, 0x00, handle_SMB_COM_NEGOTIATE }, { SMB_COM_SESSION_SETUP_ANDX, 0x01, handle_SMB_COM_SESSION_SETUP_ANDX }, { SMB_COM_TREE_CONNECT_ANDX, 0x01, handle_SMB_COM_TREE_CONNECT_ANDX } @@ -126,6 +137,7 @@ static void child( ) { SMB_COMMAND cmd; SMB_DATA requests[ 1 + SMB_MAXREQUESTS ]; SMB_STATUS status = STATUS_SUCCESS; + DWORD null = 0; WORD sizeout = sizeof( SMB_HEADER ) - 4; int num_requests = 0; @@ -144,7 +156,7 @@ static void child( ) { sizeof(command_handler)/sizeof(*command_handler), sizeof(*command_handler), command_handler_match); requests[ num_requests ].bytes = - (SMB_BYTES*)(((BYTE*)requests[ num_requests ].params) + *((BYTE*)(requests[ num_requests ].params)) + 2); + (SMB_BYTES*)(((BYTE*)requests[ num_requests ].params) + 2 * *((BYTE*)(requests[ num_requests ].params)) + 1); if( handler ) { if( handler->flags & SMB_COMMAND_FLAG_ANDX ) { @@ -163,13 +175,14 @@ static void child( ) { ((BYTE*)requests[ num_requests ].params)[4] = sizeout >> 8; } else cmd = 0xff; - - num_requests++; - } else { + } else { /* no handler - return STATUS_UKCOMMAND*/ if( num_requests ) ((BYTE*)requests[ num_requests-1 ].params)[1] = 0xff; + requests[ num_requests ].params = (SMB_PARAMS*)&null; + requests[ num_requests ].bytes = (SMB_BYTES*) &null; status = 0x00400002; } + num_requests++; } memcpy( inpacket->Status, &status, 4 ); /* not aligned, maybe we might do a store DWORD on x86 */ diff --git a/src/nu_server.h b/src/nu_server.h index 4d6abaa..89fe2e9 100755 --- a/src/nu_server.h +++ b/src/nu_server.h @@ -1,8 +1,23 @@ +#ifndef _NU_SERVER_H_ +#define _NU_SERVER_H_ + +#include +#include +#include +#include +#include +#include +#include +#include + typedef unsigned char BYTE; typedef unsigned short WORD; typedef unsigned long DWORD; typedef int64_t QWORD; +#define SKIPSTRING( str ) ((BYTE*)(str)) + 1 + strlen( (str) ) +#define GETNWORD(addr) (*((BYTE*)(addr)) | 256 * ((BYTE*)(addr))[1] ) + #include "nu_defines.h" #define SMB_MAXREQUESTS 16 @@ -34,11 +49,41 @@ typedef struct { typedef struct { SMB_PARAMS *params; - SMB_BYTES *bytes; + SMB_BYTES *bytes; } SMB_DATA; +typedef struct { + BYTE WordCount; /* 19 + SetupCount */ + BYTE TotalParameterCount [2]; + BYTE TotalDataCount [2]; + BYTE MaxParameterCount [2]; /* For now we only support packets */ + BYTE MaxDataCount [2]; /* with TotalXXCount == MaxXXCount */ + BYTE MaxSetupCount; + BYTE Reserved; + BYTE Flags [2]; + BYTE Timeout [4]; + BYTE Reserved2 [2]; + + BYTE ParameterCount [2]; + BYTE ParameterOffset [2]; + BYTE DataCount [2]; + BYTE DataOffset [2]; + BYTE SetupCount; + BYTE Reserved3; + BYTE Setup[0]; +} SMB_PARAMS_TRANSACTION; + +typedef struct { + BYTE *params; + DWORD paramc; + BYTE *data; + DWORD datac; +} SMB_TRANSACTION_BYTES; + typedef struct { BYTE cmd; SMB_COMMAND_FLAG flags; SMB_STATUS (*handler)(SMB_HEADER *header, SMB_DATA *data); } SMB_COMMAND_HANDLER; + +#endif -- cgit v1.2.3