From 9edc1cd4cfd3c02cfb1b867f8450384c446e8b60 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 30 Jul 2002 15:03:14 +0000 Subject: this fixes plaintext passwords with win2000 there were 2 bugs: 1) we were sending a null challenge when we should have sent an empty challenge 2) the password can be in unicode if unicode is negotiated. This means our client code was wrong too :( (This used to be commit 1a6dfddf6788b30fc81794b1bfe749693183b2c1) --- source3/libsmb/cliconnect.c | 5 ++--- source3/smbd/negprot.c | 6 ++++-- source3/smbd/sesssetup.c | 7 ++++--- 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index d29a6115fb..93cf3d95db 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -206,12 +206,11 @@ static BOOL cli_session_setup_plaintext(struct cli_state *cli, char *user, SSVAL(cli->outbuf,smb_vwv3,2); SSVAL(cli->outbuf,smb_vwv4,cli->pid); SIVAL(cli->outbuf,smb_vwv5,cli->sesskey); - SSVAL(cli->outbuf,smb_vwv7,passlen); SSVAL(cli->outbuf,smb_vwv8,0); SIVAL(cli->outbuf,smb_vwv11,capabilities); p = smb_buf(cli->outbuf); - memcpy(p, pword, passlen); - p += passlen; + p += clistr_push(cli, p, pword, -1, STR_TERMINATE); /* password */ + SSVAL(cli->outbuf,smb_vwv7,PTR_DIFF(p, smb_buf(cli->outbuf))); p += clistr_push(cli, p, user, -1, STR_TERMINATE); /* username */ p += clistr_push(cli, p, workgroup, -1, STR_TERMINATE); /* workgroup */ p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE); diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c index abe44aac8c..d8aea624be 100644 --- a/source3/smbd/negprot.c +++ b/source3/smbd/negprot.c @@ -288,10 +288,12 @@ static int reply_nt1(char *inbuf, char *outbuf) if (!negotiate_spnego) { /* Create a token value and add it to the outgoing packet. */ if (global_encrypted_passwords_negotiated) { + /* note that we do not send a challenge at all if + we are using plaintext */ get_challenge(p); + SSVALS(outbuf,smb_vwv16+1,8); + p += 8; } - SSVALS(outbuf,smb_vwv16+1,8); - p += 8; p += srvstr_push(outbuf, p, global_myworkgroup, -1, STR_UNICODE|STR_TERMINATE|STR_NOALIGN); DEBUG(3,("not using SPNEGO\n")); diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 867b00ff5c..9d05e3f98a 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -699,9 +699,10 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf, lm_resp = data_blob(p, passlen1); nt_resp = data_blob(p+passlen1, passlen2); } else { - plaintext_password = data_blob(p, passlen1+1); - /* Ensure null termination */ - plaintext_password.data[passlen1] = 0; + pstring pass; + srvstr_pull_buf(inbuf, pass, smb_buf(inbuf), + sizeof(pass), STR_TERMINATE); + plaintext_password = data_blob(pass, strlen(pass)); } p += passlen1 + passlen2; -- cgit