sesssetup.c, encrypted passwords and unicode

Christopher R. Hertel crh at ubiqx.mn.org
Thu Mar 27 20:09:02 GMT 2003 

I posted some further analysis of this problem to the list a while back.  
I've got some captures.  Basically, different Windows clients that can 
provide plaintext upper-case don't quite get it right.  At least, they are 
not all formatting things the same way.

I don't have time just now to look more deeply into this.  If anyone else 
does, let me know and I'll forward my info.

Chris -)-----

On Thu, Mar 27, 2003 at 09:36:48PM +0200, Nir Soffer wrote:
> 
> Hi there! I've been trying to get Samba 3.0 to use plaintext passwords and unicode for a while now.
> 
> The first thing I stumbled on was solved, it was a service pack that needed to be applied to w2k. (Thanks!)
> 
> This is the second thing I stumbled on:
> In line 613 of sesssetup.c (latest CVS) there is the following code snippet:
>                 } else {
>                         pstring pass;
>                         srvstr_pull(inbuf, pass, smb_buf(inbuf),
>                                     sizeof(pass),  passlen1, STR_TERMINATE);
>                         plaintext_password = data_blob(pass, strlen(pass)+1);
>                 }
> 
> >From what (limited) understanding I have, passlen1 in this case is the non-unicode password, and passlen2 is the unicode password. The code pull the wrong passlen, and consequently the wrong password was checked against the database. ( a password with a length of 0)
> 
> Changing the code to use passlen2 basically allowed me to login, but I'm pretty sure this is not the correct fix (I would think that one should first check if the connection is unicode or not).
> 
> Just FYI,
> Thanks :)
> 
> Nir.
> 
> 
> --
> Nir Soffer -=- Exanet Inc. -=- http://www.evilpuppy.org
> "Father, why are all the children weeping? / They are merely crying son
>  O, are they merely crying, father? / Yes, true weeping is yet to come"
>         -- Nick Cave and the Bad Seeds, The Weeping Song
>  

-- 
Samba Team -- http://www.samba.org/     -)-----   Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/   -)-----   ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/     -)-----   crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/    -)-----   crh at ubiqx.org

More information about the samba-technical mailing list