returned cli_session_setup to previous behaviour. added a couple of

validation checks and also added capability to send plaintext passwords.
send "ntpasslen" of zero to do this.  sending same plaintext password
for pass and ntpass arguments will result in previous behaviour of
encrypting password if server supports it.

1 files changed, 22 insertions, 7 deletions

diff --git a/source/libsmb/clientgen.c b/source/libsmb/clientgen.c
index 428f8e237fd..a43731ffcc1 100644
--- a/source/libsmb/clientgen.c
+++ b/source/libsmb/clientgen.c
@@ -713,25 +713,40 @@ BOOL cli_session_setup(struct cli_state *cli,
 		fstrcpy(ntpword, "");
 		ntpasslen=1;
 	} 
-	else if (((passlen == 0) || (passlen == 1)) && (pass[0] == '\0'))
+	else if ((passlen == 0 || passlen == 1) && (pass[0] == '\0'))
 	{
 		/* Null session connect. */
-		pword[0] = '\0';
+		pword  [0] = '\0';
 		ntpword[0] = '\0';
 	}
 	else if (passlen == 24 && ntpasslen == 24)
 	{
-		/* encrypted password send, implicit from 24-byte lengths */
-		memcpy(pword, pass, 24);
-		memcpy(ntpword, ntpass, 24);
+		if (IS_BITS_SET_ALL(cli->sec_mode, 2))
+		{
+			/* encrypted password, implicit from 24-byte lengths */
+			memcpy(pword  , pass  , 24);
+			memcpy(ntpword, ntpass, 24);
+		}
+		else
+		{
+			DEBUG(0,("cli_session_setup: encrypted passwords not supported by server\n"));
+			return False;
+		}
 	}
-	else
+	else if (ntpasslen == 0 || !IS_BITS_SET_ALL(cli->sec_mode, 2))
 	{
-		/* plain-text password send */
+		/* plain-text password: server doesn't support encrypted. */
 		fstrcpy(pword, pass);
 		fstrcpy(ntpword, "");
 		ntpasslen = 0;
 	}
+	else /* passlen != 0 && ntpasslen != 0 && server supports encryption */
+	{
+		/* plain-text password requesting to be encrypted */
+		uchar *key = (uchar *)cli->cryptkey;
+		SMBencrypt  ((uchar *)pass  , key,(uchar *)pword  );
+		SMBNTencrypt((uchar *)ntpass, key,(uchar *)ntpword);
+	}
 
 	/* send a session setup command */
 	bzero(cli->outbuf,smb_size);