rpcclient fix

Benjamin Kuit bj at mcs.uts.edu.au
Sat Mar 6 04:46:47 GMT 1999


Small bug in rpcclient.

A user successfully authenticates if uses the format
-U <user>%<pass>
But not if just uses
-U <user>
and subsequently gets prompted for the password.

This is because the password is prompted with pwd_read(.,.,False),
the false is the 'do encrypt' flag.

with do_encrypt being false, the password is set using
pwd_set_cleartext instead of pwd_make_lm_nt_16.

Fix 1: Change the flag
--- rpcclient.c.orig    Sat Mar  6 14:54:04 1999
+++ rpcclient.c Sat Mar  6 14:54:20 1999
@@ -747,7 +747,7 @@
        }
        else 
        {
-               pwd_read(&(smb_cli->pwd), "Enter Password:", False);
+               pwd_read(&(smb_cli->pwd), "Enter Password:", True);
        }
 
        /* paranoia: destroy the local copy of the password */

Fix 2: Have password asked for beforehand, eg
--- rpcclient.c.orig    Sat Mar  6 14:54:04 1999
+++ rpcclient.c Sat Mar  6 15:06:55 1999
@@ -732,6 +732,10 @@
 	strupper(cli_info.mach_acct);
 	fstrcat(cli_info.mach_acct, "$");

+	if (!got_pass) {
+		pstrcpy(password,(char*)getpass("Enter Password:"));
+	}
+
 	/* set the password cache info */
 	if (got_pass)
 	{

The block of code afterwards then can be re-written with the assumption
that the password has been retrieved, ie

        if (!got_pass) {
                pstrcpy(password,(char*)getpass("Enter Password:"));
        }

        /* set the password cache info */
        if (password[0] == 0)
        {
                pwd_set_nullpwd(&(smb_cli->pwd));
        }
        else
        {
                /* generate 16 byte hashes */
                pwd_make_lm_nt_16(&(smb_cli->pwd), password);
        }

        /* paranoia: destroy the local copy of the password */
        bzero(password, sizeof(password));

I supplied the second fix cuz I like the idea of crypting the password
through the same paths no-matter where it came from.

ciao

Bj



+-------------------------------+--------------------------------------+
|      Benjamin (Bj) Kuit       |  Faculty Of Mathematical             |
|      Systems Programmer       |          and Computing Sciences.     |
|      Phone: 02 9514 1841      |  University of Technology, Sydney    |
|      Mobile: 0412 182 972     |  bj at mcs.uts.edu.au                   |
+-------------------------------+--------------------------------------+


More information about the samba-technical mailing list