Issues with cli_session_setup() calling conventions

Andrew Bartlett abartlet at samba.org
Mon Jan 17 11:46:01 GMT 2005


Jerry,

It has been pointed out to me that there are a number of problems with
the current code for cli_session_setup().  Now, the problems are not
new, but it has recently come up that certain security=server setups
break it, where the client doesn't supply an LM response.  (This came up
via the cifs-vfs lists).

The problems revolve around the fact that the value of passlen is a very
poor indicator for everything.  It is currently length of pass, as
expecting it to be either an LM response (==24), strlen(pass) or strlen
(pass)+1:

The bug is that in cli_session_setup_nt1():

	if (passlen == 0) {
		/* do nothing - guest login */
	} else if (passlen != 24) {

is bogus - the guest login case is already handled in cli_session_setup
(), and a plaintext password (that we should encrypt at this point) of
length 24 is mishandled.  If the LM password is not supplied, then
passlen==0, and bad things happen.

There should only be one place in Samba3 that needs to specify the pre-
encrypted NT and LM responses, and that is the security=server code. 

But the rest of the code now 'handles' the bloated interface, as a grep
on cli_session_setup() shows.  This all leaves me a little uneasy going
out to 'fix' it.

In any case, this is only an issue in security=server, which probably
explains why nobody noticed in the past.

Andrew Bartlett
-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20050117/0ed693f9/attachment.bin


More information about the samba-technical mailing list