REPOST: sesssetup.c, encrypted passwords and unicode
Nir Soffer
nirs at exanet.com
Wed Apr 30 18:20:55 GMT 2003
> On Wed, 30 Apr 2003, Nir Soffer wrote:
>
> >
> > Hi again! :)
> >
> > Long story short - unicode plaintext passwords don't work
> (not in latest
> > CVS either). Tracked down to a small piece of code in sesssetup.c
> > (detailed below) which snarfs the wrong passlen from the
> incoming packet
> > and as a result thinks the password is NULL.
> >
> > I fixed it in my local copy, and windows2k works with it just fine,
> > however, this unsurprisingly breaks Windows'98 rather unforgivably.
> >
> > I was wondering how in the context of sesssetup.c in
> > reply_sesssetup_and_X I can figure out if the connection
> has unicode
> > strings or not, as I need to know this to switch between
> passlen1 and
> > passlen2. I couldn't find anything in the connection structure...
>
> Hmmm, the flags or flags2 field of the SMB header contains a
> bit stating
> whether or not UNICODE is in use. Can't you use that?
I probably could, had I known how to use them :).
Okay. Now that you pointed me to the flags and I can actually see some in the code, I'm not exactly sure which I should use? The flags2 contains the capability, is that what should be used for determining whether or not the client sends passwords in unicode? Looks like it from the sniffer :).
Does this code make any sense? It works for me from cursory tests, so it's definitely better than the old code, but it's still not fully correct I think - it looks like it might pull from the wrong offset if both passwords are supplied for some odd reason.
if (doencrypt) {
lm_resp = data_blob(p, passlen1);
nt_resp = data_blob(p+passlen1, passlen2);
} else {
pstring pass;
BOOL unic;
unic=SVAL(inbuf, smb_flg2) & FLAGS2_UNICODE_STRINGS;
srvstr_pull(inbuf, pass, smb_buf(inbuf),
sizeof(pass), unic ? passlen2 : passlen1,
STR_TERMINATE);
plaintext_password = data_blob(pass, strlen(pass)+1);
}
(diff against latest-CVS):
--- sesssetup.c Wed Apr 30 21:18:05 2003
+++ /users4/nirs/tmp/samba-cvs/old-samba/source/smbd/sesssetup.c Tue Apr 29 16:28:48 2003
@@ -615,11 +615,8 @@
nt_resp = data_blob(p+passlen1, passlen2);
} else {
pstring pass;
- BOOL unic;
- unic=SVAL(inbuf, smb_flg2) & FLAGS2_UNICODE_STRINGS;
srvstr_pull(inbuf, pass, smb_buf(inbuf),
- sizeof(pass), unic ? passlen2 : passlen1,
- STR_TERMINATE);
+ sizeof(pass), passlen1, STR_TERMINATE);
plaintext_password = data_blob(pass, strlen(pass)+1);
}
Thanks,
Nir.
--
Nir Soffer -=- Exanet Inc. -=- http://www.evilpuppy.org
"Father, why are all the children weeping? / They are merely crying son
O, are they merely crying, father? / Yes, true weeping is yet to come"
-- Nick Cave and the Bad Seeds, The Weeping Song
More information about the samba-technical
mailing list