Browse list transfer between a DMB and a LMB, with plain text password
Samuel Degrande
Samuel.Degrande at lifl.fr
Thu Sep 30 04:05:57 MDT 2010
On 09/30/2010 08:10 AM, Volker Lendecke wrote:
> On Wed, Sep 29, 2010 at 06:58:29PM +0200, Samuel Degrande wrote:
>> I have 2 samba servers, one DMB on one subnet, and one LMB on an
>> other subnet.
>>
>> We use plain text passwords.
>>
>> Browse list transfer was working fine with version 3.0.23. It does
>> no more work.
>>
>> I looked at the difference between old and new versions.
>>
>> The change is in reply_sesssetup_and_X(). Now, with plaintext password,
>> a password is mandatory, or a NT_STATUS_INVALID_PARAMETER is returned.
>>
>> However, as far as I can understand, a client asking for a browse list
>> will connect with a guest account, and no password is sent...
>>
>> Is it a known bug ? a feature change (and if so, how to continue to use
>> plaintext passwords) ?
>
> Please send a sniff and a debug level 10 log of the smbd.
>
I will do, but, as far as I can see in the code:
(I guess that you know all the details :-), it's just to explain how I
'traced' things, confirmed by adding some debug printf, to find where
my issue seems to be)
(Sorry if I do not use the rights terms in my explanation)
1) on the LMB, there is an anonymous access to IPC$ to retrieve the
browse list:
nmbd_synclists.c:sync_child() calls
cli_session_setup(&cli, "", "", 1, "", 0, workgroup)
no "user" is defined, so cli_session_setup_guest() is called,
so a 'SMBsesssetupX" msg is forged with an empty user and an
empty passwd.
2) on the DMB, reply_sesssetup_and_X() is called.
I'm using plaintext password, so doencrypt is FALSE
No SPNEGO session, and protocol >= PROTOCOL_NT1
srvstr_pull_talloc() is called to decode the password, which
is empty. And it gets to:
if (!pass) {
reply_nterror(req, nt_status_squash(NT_STATUS_INVALID_PARAMETER));
END_PROFILE(SMBsesssetupX);
return;
}
Later in this function's code, there are some checks against 'user'
value, so that if 'user' is empty a guest session is validated.
My guess is that the "empty password test" should be done later, only on
non-guest session... Doing it fixes my issue: the session is validated,
the connection to IPC$ is done, and the LMB gets the DMB's browse list.
--
Samuel Degrande LIFL - UMR8022 CNRS - INRIA LNE - Bat M3
Phone: (33)3.28.77.85.30 USTL - Universite de Lille 1
(33)3.62.53.15.70 59655 VILLENEUVE D'ASCQ CEDEX - FRANCE
[CA certs: http://igc.services.cnrs.fr/CNRS-Standard/recherche.html ]
More information about the samba-technical
mailing list