Correctly handle per-pipe NTLMSSP inside a NULL session. Previously we

would attempt to supply a password to the 'inside' NTLMSSP, which the
remote side naturally rejected.

Andrew Bartlett
(This used to be commit da408e0d5aa29ca1505c2fd96b32deae9ed940c4)

1 files changed, 12 insertions, 5 deletions

diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 49abf787ee..3213e955b6 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -1342,11 +1342,18 @@ static BOOL rpc_pipe_bind(struct cli_state *cli, int pipe_idx, const char *my_na
 		if (!NT_STATUS_IS_OK(nt_status))
 			return False;
 
-		pwd_get_cleartext(&cli->pwd, password);
-		nt_status = ntlmssp_set_password(cli->ntlmssp_pipe_state, 
-						 password);
-		if (!NT_STATUS_IS_OK(nt_status))
-			return False;
+		if (cli->pwd.null_pwd) {
+			nt_status = ntlmssp_set_password(cli->ntlmssp_pipe_state, 
+							 NULL);
+			if (!NT_STATUS_IS_OK(nt_status))
+				return False;
+		} else {
+			pwd_get_cleartext(&cli->pwd, password);
+			nt_status = ntlmssp_set_password(cli->ntlmssp_pipe_state, 
+							 password);
+			if (!NT_STATUS_IS_OK(nt_status))
+				return False;
+		}
 
 		if (cli->pipe_auth_flags & AUTH_PIPE_SIGN) {
 			cli->ntlmssp_pipe_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;