REPOST: sesssetup.c, encrypted passwords and unicode

Nir Soffer nirs at exanet.com
Wed Apr 30 17:59:13 GMT 2003


Hi again! :)

Long story short - unicode plaintext passwords don't work (not in latest CVS either). Tracked down to a small piece of code in sesssetup.c (detailed below) which snarfs the wrong passlen from the incoming packet and as a result thinks the password is NULL.

I fixed it in my local copy, and windows2k works with it just fine, however, this unsurprisingly breaks Windows'98 rather unforgivably.

I was wondering how in the context of sesssetup.c in reply_sesssetup_and_X I can figure out if the connection has unicode strings or not, as I need to know this to switch between passlen1 and passlen2. I couldn't find anything in the connection structure...

Or is there a better solution? Perhaps take the one which isn't 0?

Thanks!
Nir.

--
Nir Soffer -=- Exanet Inc. -=- http://www.evilpuppy.org
"Father, why are all the children weeping? / They are merely crying son
 O, are they merely crying, father? / Yes, true weeping is yet to come"
        -- Nick Cave and the Bad Seeds, The Weeping Song
 > --
> Nir Soffer -=- Exanet Inc. -=- http://www.evilpuppy.org
> "Father, why are all the children weeping? / They are merely 
> crying son
>  O, are they merely crying, father? / Yes, true weeping is 
> yet to come"
>         -- Nick Cave and the Bad Seeds, The Weeping Song
>  
>  
> > Chris -)-----
> > 
> > On Mon, Apr 07, 2003 at 08:32:49PM +0300, Nir Soffer wrote:
> > > 
> > 
> > > (Sorry for reposting, but this still looks like a bug to 
> me, no one
> > > acknowledged it or told me I was wrong - and from what 
> I've seen it 
> > > hasn't been really fixed in 3.0 yet..)
> > > 
> > > Hi there! I've been trying to get Samba 3.0 to use 
> > plaintext passwords
> > > and unicode for a while now.
> > > 
> > > The first thing I stumbled on was solved, it was a 
> service pack that
> > > needed to be applied to w2k. (Thanks!)
> > > 
> > > This is the second thing I stumbled on:
> > > In line 613 of sesssetup.c (latest CVS) there is the 
> > following code snippet:
> > >                 } else {
> > >                         pstring pass;
> > >                         srvstr_pull(inbuf, pass, smb_buf(inbuf),
> > >                                     sizeof(pass),  
> > passlen1, STR_TERMINATE);
> > >                         plaintext_password = 
> > data_blob(pass, strlen(pass)+1);
> > >                 }
> > > 
> > 
> > > From what (limited) understanding I have, passlen1 in this 
> > case is the 
> > > non-unicode password, and passlen2 is the unicode password. 
> > The code 
> > > pull the wrong passlen, and consequently the wrong password 
> > was checked
> > > against the database. ( a password with a length of 0)
> > > 
> > > Changing the code to use passlen2 basically allowed me to 
> > login, but I'm
> > > pretty sure this is not the correct fix (I would think that 
> > one should
> > > first check if the connection is unicode or not).
> > > 
> > > Just FYI,
> > > Thanks :)
> > > 
> > > Nir.
> > > 
> > > 
> > > --
> > > Nir Soffer -=- Exanet Inc. -=- http://www.evilpuppy.org
> > > "Father, why are all the children weeping? / They are 
> > merely crying son
> > >  O, are they merely crying, father? / Yes, true weeping is 
> > yet to come"
> > >         -- Nick Cave and the Bad Seeds, The Weeping Song
> > >  
> > 
> > -- 
> > Samba Team -- http://www.samba.org/     -)-----   Christopher 
> > R. Hertel
> > jCIFS Team -- http://jcifs.samba.org/   -)-----   ubiqx 
> > development, uninq.
> > ubiqx Team -- http://www.ubiqx.org/     -)-----   crh at ubiqx.mn.org
> > OnLineBook -- http://ubiqx.org/cifs/    -)-----   crh at ubiqx.org
> > 
> 


More information about the samba-technical mailing list