sesssetup.c, encrypted passwords and unicode

Nir Soffer nirs at exanet.com
Sun Mar 30 09:28:13 GMT 2003 


> -----Original Message-----
> From: Christopher R. Hertel [mailto:crh at ubiqx.mn.org]
> Sent: Thursday, March 27, 2003 10:09 PM
> To: samba-technical at samba.org
> Subject: Re: sesssetup.c, encrypted passwords and unicode
> 
> 
> I posted some further analysis of this problem to the list a 
> while back.  
> I've got some captures.  Basically, different Windows clients 
> that can 
> provide plaintext upper-case don't quite get it right.  At 
> least, they are 
> not all formatting things the same way.
> 
> I don't have time just now to look more deeply into this.  If 
> anyone else 
> does, let me know and I'll forward my info.


Actually, in this specific case, the Windows client got it just right, it was after applying the relevant service pack. Ethereal showed everything was fine and dandy.

The problem was that sesssetup.c used the wrong password length to snarf the password. This _was_ a unicode transaction, and Samba looked at the wrong field when parsing the packet.

Nir.

--
Nir Soffer -=- Exanet Inc. -=- http://www.evilpuppy.org
"Father, why are all the children weeping? / They are merely crying son
 O, are they merely crying, father? / Yes, true weeping is yet to come"
        -- Nick Cave and the Bad Seeds, The Weeping Song
 
 
> Chris -)-----
> 
> On Thu, Mar 27, 2003 at 09:36:48PM +0200, Nir Soffer wrote:
> > 
> > Hi there! I've been trying to get Samba 3.0 to use 
> plaintext passwords and unicode for a while now.
> > 
> > The first thing I stumbled on was solved, it was a service 
> pack that needed to be applied to w2k. (Thanks!)
> > 
> > This is the second thing I stumbled on:
> > In line 613 of sesssetup.c (latest CVS) there is the 
> following code snippet:
> >                 } else {
> >                         pstring pass;
> >                         srvstr_pull(inbuf, pass, smb_buf(inbuf),
> >                                     sizeof(pass),  
> passlen1, STR_TERMINATE);
> >                         plaintext_password = 
> data_blob(pass, strlen(pass)+1);
> >                 }
> > 
> > >From what (limited) understanding I have, passlen1 in this 
> case is the non-unicode password, and passlen2 is the unicode 
> password. The code pull the wrong passlen, and consequently 
> the wrong password was checked against the database. ( a 
> password with a length of 0)
> > 
> > Changing the code to use passlen2 basically allowed me to 
> login, but I'm pretty sure this is not the correct fix (I 
> would think that one should first check if the connection is 
> unicode or not).
> > 
> > Just FYI,
> > Thanks :)
> > 
> > Nir.
> > 
> > 
> > --
> > Nir Soffer -=- Exanet Inc. -=- http://www.evilpuppy.org
> > "Father, why are all the children weeping? / They are 
> merely crying son
> >  O, are they merely crying, father? / Yes, true weeping is 
> yet to come"
> >         -- Nick Cave and the Bad Seeds, The Weeping Song
> >  
> 
> -- 
> Samba Team -- http://www.samba.org/     -)-----   Christopher 
> R. Hertel
> jCIFS Team -- http://jcifs.samba.org/   -)-----   ubiqx 
> development, uninq.
> ubiqx Team -- http://www.ubiqx.org/     -)-----   crh at ubiqx.mn.org
> OnLineBook -- http://ubiqx.org/cifs/    -)-----   crh at ubiqx.org
>

More information about the samba-technical mailing list