[Samba] smbpasswd has password length problem with the 2.2.7 security patch

Chere Zhou qzhou at isilon.com
Fri Dec 6 00:24:00 GMT 2002

I am using samba 2.2.5, and the following patch Jerry outlined in his 2.2.7 
release notes.  I tested it against a W2k server (in mixed mode) which had a 
simple one char admin password, worked fine.   Recently I found that if the 
password is longer than 1 char, using "smbpasswd -j dom -r svr -U admin", and 
then input password,  I get NT_STATUS_LOGON_FAILURE.  If I remove the patch, 
or keep the password as just 1 char, smbpasswd works fine.

I know the patch was originally for 2.2.6.  But since Jerry outlined a simple 
one for older versions and 2.2.6, I only applied the simple patch as below.  
Can somebody tell me what other changes I need to make for 2.2.5?  Anybody 
has a similar problem?

The following is a snippet of Jerry's 2.2.7 release email:

Patch for Samba versions 2.2.2 to 2.2.6
- ---------------------------------------

The following patch applies cleanly to the above Samba versions
and will fix the vulnerability for sites that do not wish to upgrade
to 2.2.7 at this time.

--------------------------------cut here---------------------------------
---- libsmb/smbencrypt.c.orig    Tue Nov 19 17:21:57 2002
+++ libsmb/smbencrypt.c Tue Nov 19 17:22:12 2002
@@ -63,7 +63,7 @@
        if(len > 128)
                len = 128;
        /* Password must be converted to NT unicode - null terminated. */
-       dos_struni2((char *)wpwd, (const char *)passwd, 256);
+       dos_struni2((char *)wpwd, (const char *)passwd, len);
        /* Calculate length in bytes */
        len = strlen_w((const smb_ucs2_t *)wpwd) * sizeof(int16);
- -------------------------------cut here---------------------------------

More information about the samba mailing list