diff options
Diffstat (limited to 'src')
-rwxr-xr-x | src/nu_header.h | 12 | ||||
-rwxr-xr-x | src/nu_server.c | 86 |
2 files changed, 38 insertions, 60 deletions
diff --git a/src/nu_header.h b/src/nu_header.h index de43a08..378268c 100755 --- a/src/nu_header.h +++ b/src/nu_header.h | |||
@@ -7,7 +7,7 @@ typedef struct { | |||
7 | BYTE netbios_command; | 7 | BYTE netbios_command; |
8 | BYTE netbios_flags; | 8 | BYTE netbios_flags; |
9 | WORD netbios_size; | 9 | WORD netbios_size; |
10 | BYTE Protocol[4]; /* Protocol identifier 0xFF,"SMB" */ | 10 | DWORD Protocol; /* Protocol identifier 0xFF,"SMB" */ |
11 | BYTE Command; /* Command Code, look below */ | 11 | BYTE Command; /* Command Code, look below */ |
12 | BYTE Status[4]; | 12 | BYTE Status[4]; |
13 | BYTE Flags; | 13 | BYTE Flags; |
@@ -17,15 +17,17 @@ typedef struct { | |||
17 | WORD ProcessID; | 17 | WORD ProcessID; |
18 | WORD UserID; | 18 | WORD UserID; |
19 | WORD MultiplexID; | 19 | WORD MultiplexID; |
20 | BYTE WordCount; | ||
21 | } SMB_HEADER; | 20 | } SMB_HEADER; |
22 | 21 | ||
23 | #define SIZEOF_SMB_HEADER 37 | 22 | typedef struct { |
23 | BYTE WordCount; | ||
24 | WORD Buffer[0]; | ||
25 | } SMB_PARAMS; | ||
24 | 26 | ||
25 | typedef struct { | 27 | typedef struct { |
26 | WORD ByteCount; | 28 | WORD ByteCount; |
27 | BYTE Buffer[0]; | 29 | BYTE Buffer[0]; |
28 | } SMB_HEADER2; | 30 | } SMB_BYTES; |
29 | 31 | ||
30 | /* This is the protocol identifier, each smb | 32 | /* This is the protocol identifier, each smb |
31 | request must begin with this double word | 33 | request must begin with this double word |
@@ -40,7 +42,7 @@ typedef struct { | |||
40 | a read-only subset of this. | 42 | a read-only subset of this. |
41 | */ | 43 | */ |
42 | 44 | ||
43 | enum { | 45 | typedef enum { |
44 | SMB_COM_CREATE_DIRECTORY = 0x00, | 46 | SMB_COM_CREATE_DIRECTORY = 0x00, |
45 | SMB_COM_DELETE_DIRECTORY = 0x01, | 47 | SMB_COM_DELETE_DIRECTORY = 0x01, |
46 | SMB_COM_OPEN = 0x02, | 48 | SMB_COM_OPEN = 0x02, |
diff --git a/src/nu_server.c b/src/nu_server.c index 29819ee..64eecfe 100755 --- a/src/nu_server.c +++ b/src/nu_server.c | |||
@@ -11,7 +11,6 @@ | |||
11 | 11 | ||
12 | static void bailout( char *reason ); | 12 | static void bailout( char *reason ); |
13 | static void sigint( int reason ) { bailout( "User interrupt." ); } | 13 | static void sigint( int reason ) { bailout( "User interrupt." ); } |
14 | static void packet_dump( SMB_HEADER *buf ); | ||
15 | static mainsock = -1; | 14 | static mainsock = -1; |
16 | static childsock = -1; | 15 | static childsock = -1; |
17 | 16 | ||
@@ -20,56 +19,48 @@ static QWORD getnttime( struct timeval *t ) { | |||
20 | } | 19 | } |
21 | 20 | ||
22 | static void netbios_read( SMB_HEADER **buf) { | 21 | static void netbios_read( SMB_HEADER **buf) { |
23 | BYTE bytes[4]; | 22 | DWORD bytes; |
24 | ssize_t bytestoread; | 23 | ssize_t bytestoread; |
25 | 24 | ||
26 | if( read( childsock, bytes, 4) < 4 ) | 25 | if( read( childsock, bytes, 4) < 4 ) |
27 | bailout( "Short read." ); | 26 | bailout( "Short read." ); |
28 | bytestoread = htons(*(WORD*)(bytes+2)); | 27 | bytestoread = htons(((WORD*)bytes)[1]); |
29 | if( (*buf = (SMB_HEADER*)realloc( *buf, 4 + bytestoread )) == NULL) | 28 | if( (*buf = (SMB_HEADER*)realloc( *buf, 4 + bytestoread )) == NULL) |
30 | bailout( "Out of memory."); | 29 | bailout( "Out of memory."); |
31 | *(DWORD*)*buf = *(DWORD*)bytes; | 30 | *(DWORD*)*buf = bytes; |
32 | if( read( childsock, ((BYTE*)*buf) + 4, bytestoread) != bytestoread ) | 31 | if( read( childsock, ((BYTE*)*buf) + 4, bytestoread) != bytestoread ) |
33 | bailout( "Short read." ); | 32 | bailout( "Short read." ); |
34 | } | 33 | } |
35 | 34 | ||
36 | static void netbios_write( BYTE cmd, SMB_HEADER *buf, SMB_HEADER2 *buf2 ) { | 35 | static void netbios_write( SMB_COMMAND cmd, |
37 | const BYTE buf2_[2] = { 0, 0 }; | 36 | SMB_HEADER *buf, |
38 | if(!buf2 ) buf2 = (SMB_HEADER2*)buf2_; | 37 | SMB_PARAMS *buf2, |
38 | SMB_BYTES *buf3 ) { | ||
39 | BYTE buf_[4] = { 0, 0, 0, 0 }; | ||
40 | if(!buf2 ) buf2 = (SMB_PARAMS*)buf_; | ||
41 | if(!buf3 ) buf3 = (SMB_BYTES*)buf_; | ||
39 | if( buf ) { | 42 | if( buf ) { |
40 | struct iovec iov[2] = { {buf, SIZEOF_SMB_HEADER + 2*buf->WordCount}, | 43 | struct iovec iov[3] = { {buf , sizeof(SMB_HEADER) }, |
41 | {buf2, 2 + buf2->ByteCount} }; | 44 | {buf2, 1 + buf2->WordCount * 2}, |
45 | {buf3, 2 + buf3->ByteCount } }; | ||
42 | 46 | ||
43 | buf->netbios_command = cmd; | 47 | buf->netbios_command = cmd; |
44 | buf->netbios_flags = 0; | 48 | buf->netbios_flags = 0; |
45 | buf->netbios_size = htons( SIZEOF_SMB_HEADER - 4 + | 49 | buf->netbios_size = htons( sizeof(SMB_HEADER) - 4 + |
46 | 2 * buf->WordCount + | 50 | 1 + buf2->WordCount * 2 + |
47 | 2 + buf2->ByteCount ); | 51 | 2 + buf3->ByteCount ); |
48 | buf->Flags = 0x88; | 52 | buf->Flags = 0x88; |
49 | buf->Flags2 = 0x4001; | 53 | buf->Flags2 = 0x4001; |
50 | 54 | ||
51 | if( writev( childsock, iov, 2 ) < htons( buf->netbios_size ) + 4 ) | 55 | if( writev( childsock, iov, 3 ) < htons( buf->netbios_size ) + 4 ) |
52 | bailout( "Write failed." ); | 56 | bailout( "Write failed." ); |
53 | } else { | 57 | } else { |
54 | const BYTE buf_[4] = { cmd, 0, 0, 0 }; | 58 | *buf_ = cmd; |
55 | if( write( childsock, buf_, 4 ) < 4) | 59 | if( write( childsock, buf_, 4 ) < 4) |
56 | bailout( "Write failed." ); | 60 | bailout( "Write failed." ); |
57 | } | 61 | } |
58 | } | 62 | } |
59 | 63 | ||
60 | static void packet_dump( SMB_HEADER *buf ) { | ||
61 | fprintf( stderr, "netbios_cmd, flag, size = %02X, %02X, %04X\n", buf->netbios_command, buf->netbios_flags, buf->netbios_size ); | ||
62 | fprintf( stderr, "Protocol = %08X\n", *(DWORD*)&buf->Protocol); | ||
63 | fprintf( stderr, "Command = %02X\n", buf->Command); | ||
64 | fprintf( stderr, "Status = %08X\n", *(DWORD*)&buf->Status); | ||
65 | fprintf( stderr, "Flags, Flags2 = %02X, %04X\n", buf->Flags, buf->Flags2); | ||
66 | fprintf( stderr, "Pad = %04X %04X %04X %04X %04X %04X\n", | ||
67 | buf->Pad[0], buf->Pad[1], buf->Pad[2], | ||
68 | buf->Pad[3], buf->Pad[4], buf->Pad[5] ); | ||
69 | fprintf( stderr, "TreeID,ProcessID,UserID = %04X, %04X, %04X\n", buf->TreeID, buf->ProcessID, buf->UserID); | ||
70 | fprintf( stderr, "MultiplexID, WordCount = %04X, %02X\n", buf->MultiplexID, buf->WordCount); | ||
71 | } | ||
72 | |||
73 | static void child( ) { | 64 | static void child( ) { |
74 | SMB_HEADER *inpacket = NULL; | 65 | SMB_HEADER *inpacket = NULL; |
75 | DWORD bytesread; | 66 | DWORD bytesread; |
@@ -81,53 +72,38 @@ static void child( ) { | |||
81 | netbios_read( &inpacket ); | 72 | netbios_read( &inpacket ); |
82 | if( inpacket->netbios_command != 0x81 ) | 73 | if( inpacket->netbios_command != 0x81 ) |
83 | bailout( "No session request"); | 74 | bailout( "No session request"); |
84 | netbios_write( 0x82, NULL, NULL ); | 75 | netbios_write( 0x82, NULL, NULL, NULL ); |
85 | 76 | ||
86 | while( 1 ) { | 77 | while( 1 ) { |
87 | WORD *ParameterWords; | ||
88 | netbios_read( &inpacket ); | 78 | netbios_read( &inpacket ); |
89 | packet_dump( inpacket ); | ||
90 | ParameterWords = (WORD*)(((BYTE*)inpacket)+SIZEOF_SMB_HEADER); | ||
91 | 79 | ||
92 | if( inpacket->netbios_command != 0 ) | 80 | if( inpacket->netbios_command != 0 ) |
93 | bailout( "Unhandled netbios command" ); | 81 | bailout( "Unhandled netbios command" ); |
94 | if( *(DWORD*)&inpacket->Protocol != SMB_HEADER_PROTOCOL_MAGIC ) | 82 | if( inpacket->Protocol != SMB_HEADER_PROTOCOL_MAGIC ) |
95 | bailout( "Protocol identifier mismatch"); | 83 | bailout( "Protocol identifier mismatch"); |
96 | 84 | ||
97 | switch( inpacket->Command ) { | 85 | switch( inpacket->Command ) { |
98 | case SMB_COM_NEGOTIATE: | 86 | case SMB_COM_NEGOTIATE: |
99 | { | 87 | { |
100 | BYTE myself[] = { 8,0,0x67,0x61,0x74,0x6c,0x69,0x6e,0x67,0x00 }; | 88 | const BYTE bytes[] = { 8,0,0x67,0x61,0x74,0x6c,0x69,0x6e,0x67,0 }; |
89 | WORD params[] = { 0x0511, 0x0000, 0x0001, 0x0001, | ||
90 | 0x0000, 0x0100, 0x0000, 0x0100, | ||
91 | 0x0000, 0x0000, 0x0000, 0x0000, | ||
92 | 0x0000, 0x0000, 0x0000, 0x0000, | ||
93 | 0x0000, 0x0000 }; | ||
101 | struct timeval t; gettimeofday( &t, NULL ); | 94 | struct timeval t; gettimeofday( &t, NULL ); |
102 | 95 | ||
103 | inpacket = (SMB_HEADER*)realloc( inpacket, SIZEOF_SMB_HEADER + 17 * 2 ); | ||
104 | *(DWORD*)&inpacket->Status = STATUS_SUCCESS; | 96 | *(DWORD*)&inpacket->Status = STATUS_SUCCESS; |
105 | 97 | params[8] = getpid(); params[9] = getppid(); | |
106 | ParameterWords = (WORD*)(((BYTE*)inpacket)+SIZEOF_SMB_HEADER-1); | 98 | *(QWORD*)¶ms[12] = getnttime( &t ); |
107 | ParameterWords[0] = 0x0511; /* Protocol Version 5, 17 bytes */ | 99 | netbios_write( 0, inpacket, (SMB_PARAMS*)params ,(SMB_BYTES*)bytes); |
108 | ParameterWords[1] = 0; /* security mode: share, no c/r */ | ||
109 | ParameterWords[2] = 1; /* Max pending */ | ||
110 | ParameterWords[3] = 1; /* Only one VC */ | ||
111 | ParameterWords[4] = 0; /* Max Buffer Size */ | ||
112 | ParameterWords[5] = 0x100; /* Max Buffer Size #2 */ | ||
113 | ParameterWords[6] = 0; /* Max Raw Size */ | ||
114 | ParameterWords[7] = 0x100; /* Max Raw Size #2 */ | ||
115 | ParameterWords[8] = getpid(); /* unique id */ | ||
116 | ParameterWords[9] = getppid(); /* unique id #2 */ | ||
117 | ParameterWords[10] = 0; /* Capabilities */ | ||
118 | ParameterWords[11] = 0; /* Capabilities #2 */ | ||
119 | *(QWORD*)&ParameterWords[12] = getnttime( &t ); | ||
120 | ParameterWords[16] = 0; | ||
121 | *(BYTE *)&ParameterWords[17] = 0; | ||
122 | netbios_write( 0, inpacket, (SMB_HEADER2*)myself); | ||
123 | break; | 100 | break; |
124 | } | 101 | } |
125 | default: | 102 | default: |
126 | { | 103 | { |
127 | fprintf( stderr, "Got message: %02X\n", inpacket->Command ); | 104 | fprintf( stderr, "Got message: %02X\n", inpacket->Command ); |
128 | inpacket->WordCount = 0; | 105 | *(DWORD*)&inpacket->Status = 0x00400002; |
129 | *(DWORD*)&inpacket->Status = 0x00400002; | 106 | netbios_write( 0, inpacket, NULL, NULL ); |
130 | netbios_write( 0, inpacket, NULL ); | ||
131 | break; | 107 | break; |
132 | } | 108 | } |
133 | } | 109 | } |