Correctly handle per-pipe NTLMSSP inside a NULL session. Previously we

would attempt to supply a password to the 'inside' NTLMSSP, which the
remote side naturally rejected.

Andrew Bartlett
(This used to be commit da408e0d5aa29ca1505c2fd96b32deae9ed940c4)

2 files changed, 20 insertions, 7 deletions

diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c
index f45832d7d7..7ba6cfc96f 100644
--- a/source3/libsmb/pwd_cache.c
+++ b/source3/libsmb/pwd_cache.c
@@ -45,8 +45,14 @@ static void pwd_make_lm_nt_16(struct pwd_info *pwd, const char *clr)
 {
 	pwd_init(pwd);
 
-	nt_lm_owf_gen(clr, pwd->smb_nt_pwd, pwd->smb_lm_pwd);
-	pwd->null_pwd  = False;
+	if (!clr) {
+		ZERO_STRUCT(pwd->smb_nt_pwd);
+		ZERO_STRUCT(pwd->smb_lm_pwd);
+		pwd->null_pwd  = True;
+	} else {
+		nt_lm_owf_gen(clr, pwd->smb_nt_pwd, pwd->smb_lm_pwd);
+		pwd->null_pwd  = False;
+	}
 	pwd->crypted = False;
 }
 
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 49abf787ee..3213e955b6 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -1342,11 +1342,18 @@ static BOOL rpc_pipe_bind(struct cli_state *cli, int pipe_idx, const char *my_na
 		if (!NT_STATUS_IS_OK(nt_status))
 			return False;
 
-		pwd_get_cleartext(&cli->pwd, password);
-		nt_status = ntlmssp_set_password(cli->ntlmssp_pipe_state, 
-						 password);
-		if (!NT_STATUS_IS_OK(nt_status))
-			return False;
+		if (cli->pwd.null_pwd) {
+			nt_status = ntlmssp_set_password(cli->ntlmssp_pipe_state, 
+							 NULL);
+			if (!NT_STATUS_IS_OK(nt_status))
+				return False;
+		} else {
+			pwd_get_cleartext(&cli->pwd, password);
+			nt_status = ntlmssp_set_password(cli->ntlmssp_pipe_state, 
+							 password);
+			if (!NT_STATUS_IS_OK(nt_status))
+				return False;
+		}
 
 		if (cli->pipe_auth_flags & AUTH_PIPE_SIGN) {
 			cli->ntlmssp_pipe_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;