REPOST: sesssetup.c, encrypted passwords and unicode

Nir Soffer nirs at exanet.com
Wed Apr 30 18:20:55 GMT 2003 

> On Wed, 30 Apr 2003, Nir Soffer wrote:
> 
> > 
> > Hi again! :)
> > 
> > Long story short - unicode plaintext passwords don't work 
> (not in latest 
> > CVS either). Tracked down to a small piece of code in sesssetup.c 
> > (detailed below) which snarfs the wrong passlen from the 
> incoming packet 
> > and as a result thinks the password is NULL.
> > 
> > I fixed it in my local copy, and windows2k works with it just fine, 
> > however, this unsurprisingly breaks Windows'98 rather unforgivably.
> > 
> > I was wondering how in the context of sesssetup.c in 
> > reply_sesssetup_and_X I can figure out if the connection 
> has unicode 
> > strings or not, as I need to know this to switch between 
> passlen1 and 
> > passlen2. I couldn't find anything in the connection structure...
> 
> Hmmm, the flags or flags2 field of the SMB header contains a 
> bit stating 
> whether or not UNICODE is in use. Can't you use that?

I probably could, had I known how to use them :).

Okay. Now that you pointed me to the flags and I can actually see some in the code, I'm not exactly sure which I should use? The flags2 contains the capability, is that what should be used for determining whether or not the client sends passwords in unicode? Looks like it from the sniffer :). 

Does this code make any sense? It works for me from cursory tests, so it's definitely better than the old code, but it's still not fully correct I think - it looks like it might pull from the wrong offset if both passwords are supplied for some odd reason.             

	if (doencrypt) {
                        lm_resp = data_blob(p, passlen1);
                        nt_resp = data_blob(p+passlen1, passlen2);
                } else {
                        pstring pass;
                        BOOL unic;
                        unic=SVAL(inbuf, smb_flg2) & FLAGS2_UNICODE_STRINGS;
                        srvstr_pull(inbuf, pass, smb_buf(inbuf),
                                    sizeof(pass),  unic ? passlen2 : passlen1, 
                                    STR_TERMINATE);
                        plaintext_password = data_blob(pass, strlen(pass)+1);
                }

(diff against latest-CVS):

--- sesssetup.c Wed Apr 30 21:18:05 2003
+++ /users4/nirs/tmp/samba-cvs/old-samba/source/smbd/sesssetup.c        Tue Apr 29 16:28:48 2003
@@ -615,11 +615,8 @@
                        nt_resp = data_blob(p+passlen1, passlen2);
                } else {
                        pstring pass;
-                       BOOL unic;
-                       unic=SVAL(inbuf, smb_flg2) & FLAGS2_UNICODE_STRINGS;
                        srvstr_pull(inbuf, pass, smb_buf(inbuf), 
-                                   sizeof(pass),  unic ? passlen2 : passlen1, 
-                                   STR_TERMINATE);
+                                   sizeof(pass),  passlen1, STR_TERMINATE);
                        plaintext_password = data_blob(pass, strlen(pass)+1);
                }


Thanks,
Nir.

--
Nir Soffer -=- Exanet Inc. -=- http://www.evilpuppy.org
"Father, why are all the children weeping? / They are merely crying son
 O, are they merely crying, father? / Yes, true weeping is yet to come"
        -- Nick Cave and the Bad Seeds, The Weeping Song

More information about the samba-technical mailing list