NT4 clear text password
yaberger at ca.ibm.com
yaberger at ca.ibm.com
Wed Feb 25 13:32:05 MST 2009
Hi Jeremy, Michael,
In the last years, I've been in touch with you two concerning
smbd/sesssetup.c and clear text password.
Another migration, another problem: our NT4 workstations aren't able to
authenticate with clear-text password.
I've tracked the problem and would like to submit this modification. I
can submit it in git format in the upcoming days
I'm also including the dump_data that show the problem
==> diff -c ../../../samba-3.3.0-vanilla/source/smbd/sesssetup.c
sesssetup.c
*** ../../../samba-3.3.0-vanilla/source/smbd/sesssetup.c Mon Jan 26
08:56:34 2009
--- sesssetup.c Wed Feb 25 14:31:15 2009
***************
*** 1553,1565 ****
if (unic && (passlen2 == 0) && passlen1) {
/* Only a ascii plaintext password was
sent. */
! (void)srvstr_pull_talloc(talloc_tos(),
! req->inbuf,
! req->flags2,
! &pass,
! smb_buf(req->inbuf),
! passlen1,
! STR_TERMINATE|STR_ASCII);
} else {
(void)srvstr_pull_talloc(talloc_tos(),
req->inbuf,
--- 1553,1579 ----
if (unic && (passlen2 == 0) && passlen1) {
/* Only a ascii plaintext password was
sent. */
!
! /* NT4.0 stuffs up plaintext unicode
password
! * lengths... */
! if (ra_type == RA_WINNT) {
! (void)srvstr_pull_talloc(talloc_tos(),
! req->inbuf,
! req->flags2,
! &pass,
! smb_buf(req->inbuf) + 1,
! passlen1,
! STR_TERMINATE);
! }
! else {
! (void)srvstr_pull_talloc(talloc_tos(),
! req->inbuf,
! req->flags2,
! &pass,
! smb_buf(req->inbuf),
! passlen1,
! STR_TERMINATE|STR_ASCII);
! }
} else {
(void)srvstr_pull_talloc(talloc_tos(),
req->inbuf,
and here is a dummy example of the dump_data received from my windows XP
workstation
[2009/02/25 13:55:43, 10] lib/util.c:dump_data(2233)
[000] 00 70 00 61 00 73 00 73 00 77 00 6F 00 72 00 64 .p.a.s.s
.w.o.r.d
[010] 00 00 00 75 00 73 00 65 00 72 00 61 00 61 00 00 ...u.s.e
.r.a.a..
[020] 00 61 00 69 00 78 00 36 00 31 00 74 00 73 00 74 .a.i.x.6
.1.t.s.t
[030] 00 2E 00 62 00 72 00 6F 00 6D 00 6F 00 6E 00 74 ...b.r.o
.m.o.n.t
[040] 00 2E 00 69 00 62 00 6D 00 2E 00 63 00 6F 00 6D ...i.b.m
...c.o.m
[050] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n
.d.o.w.s
[060] 00 20 00 32 00 30 00 30 00 32 00 20 00 53 00 65 . .2.0.0 .2.
.S.e
[070] 00 72 00 76 00 69 00 63 00 65 00 20 00 50 00 61 .r.v.i.c .e.
.P.a
[080] 00 63 00 6B 00 20 00 32 00 20 00 32 00 36 00 30 .c.k. .2 .
.2.6.0
[090] 00 30 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 .0...W.i
.n.d.o.w
[0A0] 00 73 00 20 00 32 00 30 00 30 00 32 00 20 00 35 .s. .2.0 .0.2.
.5
[0B0] 00 2E 00 31 00 00 00 00 00 ...1.... .
and this one from the problematic NT4 workstation. see the first character
"E" which is not 00 and this is why the need to pull the password
differently
[2009/02/25 09:34:44, 10] lib/util.c:dump_data(2233)
[000] 45 70 00 61 00 73 00 73 00 77 00 6F 00 72 00 64 Ep.a.s.s
.w.o.r.d
[010] 00 00 00 75 00 73 00 65 00 72 00 61 00 61 00 00 ...u.s.e
.r.a.a..
[020] 00 57 00 4F 00 52 00 4B 00 47 00 52 00 4F 00 55 .W.O.R.K
.G.R.O.U
[030] 00 50 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 .P...W.i
.n.d.o.w
[040] 00 73 00 20 00 4E 00 54 00 20 00 31 00 33 00 38 .s. .N.T .
.1.3.8
[050] 00 31 00 00 00 00 00 57 00 69 00 6E 00 64 00 6F .1.....W
.i.n.d.o
[060] 00 77 00 73 00 20 00 4E 00 54 00 20 00 34 00 2E .w.s. .N .T.
.4..
[070] 00 30 00 00 00 00 00 .0.....
Yannick Bergeron
yaberger at ca.ibm.com
IT Specialist
AIX / Samba / Load Balancer / DCE/DFS / SCM / Apache / Security / Perl
scripting / etc.
More information about the samba-technical
mailing list