REPOST: sesssetup.c, encrypted passwords and unicode
Christopher R. Hertel
crh at ubiqx.mn.org
Mon Apr 7 18:33:28 GMT 2003
Nir,
I am rushing to get my book finished, but I plan on spending some time
with the rest of the Team next week and will show them what I have found
with regard to this issue.
Again, I do not believe that Windows servers offer the plaintext/Unicode
combination. This is something that only Samba servers (as far as I know)
can handle. To make this work, we need to see how Windows clients react
to it and do our best to compensate.
Chris -)-----
On Mon, Apr 07, 2003 at 08:32:49PM +0300, Nir Soffer wrote:
>
> (Sorry for reposting, but this still looks like a bug to me, no one
> acknowledged it or told me I was wrong - and from what I've seen it
> hasn't been really fixed in 3.0 yet..)
>
> Hi there! I've been trying to get Samba 3.0 to use plaintext passwords
> and unicode for a while now.
>
> The first thing I stumbled on was solved, it was a service pack that
> needed to be applied to w2k. (Thanks!)
>
> This is the second thing I stumbled on:
> In line 613 of sesssetup.c (latest CVS) there is the following code snippet:
> } else {
> pstring pass;
> srvstr_pull(inbuf, pass, smb_buf(inbuf),
> sizeof(pass), passlen1, STR_TERMINATE);
> plaintext_password = data_blob(pass, strlen(pass)+1);
> }
>
> From what (limited) understanding I have, passlen1 in this case is the
> non-unicode password, and passlen2 is the unicode password. The code
> pull the wrong passlen, and consequently the wrong password was checked
> against the database. ( a password with a length of 0)
>
> Changing the code to use passlen2 basically allowed me to login, but I'm
> pretty sure this is not the correct fix (I would think that one should
> first check if the connection is unicode or not).
>
> Just FYI,
> Thanks :)
>
> Nir.
>
>
> --
> Nir Soffer -=- Exanet Inc. -=- http://www.evilpuppy.org
> "Father, why are all the children weeping? / They are merely crying son
> O, are they merely crying, father? / Yes, true weeping is yet to come"
> -- Nick Cave and the Bad Seeds, The Weeping Song
>
--
Samba Team -- http://www.samba.org/ -)----- Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/ -)----- ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/ -)----- crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/ -)----- crh at ubiqx.org
More information about the samba-technical
mailing list