REPOST: sesssetup.c, encrypted passwords and unicode
Nir Soffer
nirs at exanet.com
Wed Apr 30 17:59:13 GMT 2003
Hi again! :)
Long story short - unicode plaintext passwords don't work (not in latest CVS either). Tracked down to a small piece of code in sesssetup.c (detailed below) which snarfs the wrong passlen from the incoming packet and as a result thinks the password is NULL.
I fixed it in my local copy, and windows2k works with it just fine, however, this unsurprisingly breaks Windows'98 rather unforgivably.
I was wondering how in the context of sesssetup.c in reply_sesssetup_and_X I can figure out if the connection has unicode strings or not, as I need to know this to switch between passlen1 and passlen2. I couldn't find anything in the connection structure...
Or is there a better solution? Perhaps take the one which isn't 0?
Thanks!
Nir.
--
Nir Soffer -=- Exanet Inc. -=- http://www.evilpuppy.org
"Father, why are all the children weeping? / They are merely crying son
O, are they merely crying, father? / Yes, true weeping is yet to come"
-- Nick Cave and the Bad Seeds, The Weeping Song
> --
> Nir Soffer -=- Exanet Inc. -=- http://www.evilpuppy.org
> "Father, why are all the children weeping? / They are merely
> crying son
> O, are they merely crying, father? / Yes, true weeping is
> yet to come"
> -- Nick Cave and the Bad Seeds, The Weeping Song
>
>
> > Chris -)-----
> >
> > On Mon, Apr 07, 2003 at 08:32:49PM +0300, Nir Soffer wrote:
> > >
> >
> > > (Sorry for reposting, but this still looks like a bug to
> me, no one
> > > acknowledged it or told me I was wrong - and from what
> I've seen it
> > > hasn't been really fixed in 3.0 yet..)
> > >
> > > Hi there! I've been trying to get Samba 3.0 to use
> > plaintext passwords
> > > and unicode for a while now.
> > >
> > > The first thing I stumbled on was solved, it was a
> service pack that
> > > needed to be applied to w2k. (Thanks!)
> > >
> > > This is the second thing I stumbled on:
> > > In line 613 of sesssetup.c (latest CVS) there is the
> > following code snippet:
> > > } else {
> > > pstring pass;
> > > srvstr_pull(inbuf, pass, smb_buf(inbuf),
> > > sizeof(pass),
> > passlen1, STR_TERMINATE);
> > > plaintext_password =
> > data_blob(pass, strlen(pass)+1);
> > > }
> > >
> >
> > > From what (limited) understanding I have, passlen1 in this
> > case is the
> > > non-unicode password, and passlen2 is the unicode password.
> > The code
> > > pull the wrong passlen, and consequently the wrong password
> > was checked
> > > against the database. ( a password with a length of 0)
> > >
> > > Changing the code to use passlen2 basically allowed me to
> > login, but I'm
> > > pretty sure this is not the correct fix (I would think that
> > one should
> > > first check if the connection is unicode or not).
> > >
> > > Just FYI,
> > > Thanks :)
> > >
> > > Nir.
> > >
> > >
> > > --
> > > Nir Soffer -=- Exanet Inc. -=- http://www.evilpuppy.org
> > > "Father, why are all the children weeping? / They are
> > merely crying son
> > > O, are they merely crying, father? / Yes, true weeping is
> > yet to come"
> > > -- Nick Cave and the Bad Seeds, The Weeping Song
> > >
> >
> > --
> > Samba Team -- http://www.samba.org/ -)----- Christopher
> > R. Hertel
> > jCIFS Team -- http://jcifs.samba.org/ -)----- ubiqx
> > development, uninq.
> > ubiqx Team -- http://www.ubiqx.org/ -)----- crh at ubiqx.mn.org
> > OnLineBook -- http://ubiqx.org/cifs/ -)----- crh at ubiqx.org
> >
>
More information about the samba-technical
mailing list