Issues with cli_session_setup() calling conventions
Andrew Bartlett
abartlet at samba.org
Mon Jan 17 11:46:01 GMT 2005
Jerry,
It has been pointed out to me that there are a number of problems with
the current code for cli_session_setup(). Now, the problems are not
new, but it has recently come up that certain security=server setups
break it, where the client doesn't supply an LM response. (This came up
via the cifs-vfs lists).
The problems revolve around the fact that the value of passlen is a very
poor indicator for everything. It is currently length of pass, as
expecting it to be either an LM response (==24), strlen(pass) or strlen
(pass)+1:
The bug is that in cli_session_setup_nt1():
if (passlen == 0) {
/* do nothing - guest login */
} else if (passlen != 24) {
is bogus - the guest login case is already handled in cli_session_setup
(), and a plaintext password (that we should encrypt at this point) of
length 24 is mishandled. If the LM password is not supplied, then
passlen==0, and bad things happen.
There should only be one place in Samba3 that needs to specify the pre-
encrypted NT and LM responses, and that is the security=server code.
But the rest of the code now 'handles' the bloated interface, as a grep
on cli_session_setup() shows. This all leaves me a little uneasy going
out to 'fix' it.
In any case, this is only an issue in security=server, which probably
explains why nobody noticed in the past.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20050117/0ed693f9/attachment.bin
More information about the samba-technical
mailing list