summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLuke Leighton <lkcl@samba.org>1999-01-27 00:08:33 +0000
committerLuke Leighton <lkcl@samba.org>1999-01-27 00:08:33 +0000
commit4af8d7aa2925569d55f33b2844882089c5569691 (patch)
treeb29825b3baa8353e7ecd94e988628731e62089ca
parent0637d46d6083fb2969fadf3211e0d91298b7ca28 (diff)
downloadsamba-4af8d7aa2925569d55f33b2844882089c5569691.tar.gz
samba-4af8d7aa2925569d55f33b2844882089c5569691.tar.bz2
samba-4af8d7aa2925569d55f33b2844882089c5569691.zip
- got client code cleartext passwords working again in cli_session_setup.
needed this for some tests. - removed code that said "if lm password is not encrypted then encrypt both lm and nt passwords". actually it said "if lm password length is not 24 bytes and we're in security=user mode..." it didn't bother to check whether the nt password was NULL or not, and doing the encryption inside cli_session_setup is the wrong place. - checked all instances where cli_session_setup is called with cleartext passwords that are expected to then be encrypted (see above) with the test "if pwlen != 24...". there was only one: all the others either provide encrypted passwords, do null sessions or use cli_establish_connection. * recommendation: use cli_establish_connection() in smbwrapper/smbw.c (This used to be commit 2a509e9606f8aefbefa6e7b49878726464dbed44)
-rw-r--r--source3/libsmb/clientgen.c46
-rw-r--r--source3/rpcclient/rpcclient.c3
-rw-r--r--source3/smbwrapper/smbw.c8
3 files changed, 34 insertions, 23 deletions
diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index a1a5bbf0a9..428f8e237f 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -696,36 +696,42 @@ BOOL cli_session_setup(struct cli_state *cli,
fstring pword, ntpword;
if (cli->protocol < PROTOCOL_LANMAN1)
+ {
return True;
+ }
- if (passlen > sizeof(pword)-1 || ntpasslen > sizeof(ntpword)-1) {
+ if (passlen > sizeof(pword)-1 || ntpasslen > sizeof(ntpword)-1)
+ {
return False;
}
- if (((passlen == 0) || (passlen == 1)) && (pass[0] == '\0')) {
- /* Null session connect. */
- pword[0] = '\0';
- ntpword[0] = '\0';
- } else {
- if ((cli->sec_mode & 2) && passlen != 24) {
- passlen = 24;
- ntpasslen = 24;
- SMBencrypt((uchar *)pass,(uchar *)cli->cryptkey,(uchar *)pword);
- SMBNTencrypt((uchar *)ntpass,(uchar *)cli->cryptkey,(uchar *)ntpword);
- } else {
- fstrcpy(pword, pass);
- fstrcpy(ntpword, "");
- ntpasslen = 0;
- }
- }
-
- /* if in share level security then don't send a password now */
- if (!(cli->sec_mode & 1)) {
+ if (!IS_BITS_SET_ALL(cli->sec_mode, 1))
+ {
+ /* if in share level security then don't send a password now */
fstrcpy(pword, "");
passlen=1;
fstrcpy(ntpword, "");
ntpasslen=1;
}
+ else if (((passlen == 0) || (passlen == 1)) && (pass[0] == '\0'))
+ {
+ /* Null session connect. */
+ pword[0] = '\0';
+ ntpword[0] = '\0';
+ }
+ else if (passlen == 24 && ntpasslen == 24)
+ {
+ /* encrypted password send, implicit from 24-byte lengths */
+ memcpy(pword, pass, 24);
+ memcpy(ntpword, ntpass, 24);
+ }
+ else
+ {
+ /* plain-text password send */
+ fstrcpy(pword, pass);
+ fstrcpy(ntpword, "");
+ ntpasslen = 0;
+ }
/* send a session setup command */
bzero(cli->outbuf,smb_size);
diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index ceaefb98bc..f2926276bc 100644
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -739,7 +739,8 @@ enum client_action
}
else
{
- pwd_make_lm_nt_16(&(smb_cli->pwd), password); /* generate 16 byte hashes */
+ /* generate 16 byte hashes */
+ pwd_make_lm_nt_16(&(smb_cli->pwd), password);
}
}
else
diff --git a/source3/smbwrapper/smbw.c b/source3/smbwrapper/smbw.c
index faaa9f047b..dfe99a7ed1 100644
--- a/source3/smbwrapper/smbw.c
+++ b/source3/smbwrapper/smbw.c
@@ -403,6 +403,7 @@ struct smbw_server *smbw_server(char *server, char *share)
pstring ipenv;
struct in_addr ip;
extern struct in_addr ipzero;
+ char lm_24[24], nt_24[24];
ip = ipzero;
ZERO_STRUCT(c);
@@ -488,9 +489,12 @@ struct smbw_server *smbw_server(char *server, char *share)
return NULL;
}
+ SMBencrypt ((uchar *)password,(uchar *)c.cryptkey,(uchar *)lm_24);
+ SMBNTencrypt((uchar *)password,(uchar *)c.cryptkey,(uchar *)nt_24);
+
if (!cli_session_setup(&c, username,
- password, strlen(password),
- password, strlen(password),
+ lm_24, 24,
+ nt_24, 24,
workgroup) &&
/* try an anonymous login if it failed */
!cli_session_setup(&c, "", "", 1,"", 0, workgroup)) {