REPOST: sesssetup.c, encrypted passwords and unicode

Nir Soffer nirs at
Mon Apr 7 17:32:49 GMT 2003

(Sorry for reposting, but this still looks like a bug to me, no one acknowledged it or told me I was wrong -  and from what I've seen it hasn't been really fixed in 3.0 yet..)

Hi there! I've been trying to get Samba 3.0 to use plaintext passwords and unicode for a while now.

The first thing I stumbled on was solved, it was a service pack that needed to be applied to w2k. (Thanks!)

This is the second thing I stumbled on:
In line 613 of sesssetup.c (latest CVS) there is the following code snippet:
                } else {
                        pstring pass;
                        srvstr_pull(inbuf, pass, smb_buf(inbuf),
                                    sizeof(pass),  passlen1, STR_TERMINATE);
                        plaintext_password = data_blob(pass, strlen(pass)+1);

>From what (limited) understanding I have, passlen1 in this case is the non-unicode password, and passlen2 is the unicode password. The code pull the wrong passlen, and consequently the wrong password was checked against the database. ( a password with a length of 0)

Changing the code to use passlen2 basically allowed me to login, but I'm pretty sure this is not the correct fix (I would think that one should first check if the connection is unicode or not).

Just FYI,
Thanks :)


Nir Soffer -=- Exanet Inc. -=-
"Father, why are all the children weeping? / They are merely crying son
 O, are they merely crying, father? / Yes, true weeping is yet to come"
        -- Nick Cave and the Bad Seeds, The Weeping Song

More information about the samba-technical mailing list