this fixes plaintext passwords with win2000

there were 2 bugs:

1) we were sending a null challenge when we should have sent an empty
   challenge

2) the password can be in unicode if unicode is negotiated. This means
   our client code was wrong too :(
(This used to be commit 1a6dfddf6788b30fc81794b1bfe749693183b2c1)

2 files changed, 8 insertions, 5 deletions

diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index abe44aac8c..d8aea624be 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -288,10 +288,12 @@ static int reply_nt1(char *inbuf, char *outbuf)
 	if (!negotiate_spnego) {
 		/* Create a token value and add it to the outgoing packet. */
 		if (global_encrypted_passwords_negotiated) {
+			/* note that we do not send a challenge at all if
+			   we are using plaintext */
 			get_challenge(p);
+			SSVALS(outbuf,smb_vwv16+1,8);
+			p += 8;
 		}
-		SSVALS(outbuf,smb_vwv16+1,8);
-		p += 8;
 		p += srvstr_push(outbuf, p, global_myworkgroup, -1, 
 				 STR_UNICODE|STR_TERMINATE|STR_NOALIGN);
 		DEBUG(3,("not using SPNEGO\n"));
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 867b00ff5c..9d05e3f98a 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -699,9 +699,10 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,
 			lm_resp = data_blob(p, passlen1);
 			nt_resp = data_blob(p+passlen1, passlen2);
 		} else {
-			plaintext_password = data_blob(p, passlen1+1);
-			/* Ensure null termination */
-			plaintext_password.data[passlen1] = 0;
+			pstring pass;
+			srvstr_pull_buf(inbuf, pass, smb_buf(inbuf), 
+					sizeof(pass), STR_TERMINATE);
+			plaintext_password = data_blob(pass, strlen(pass));
 		}
 		
 		p += passlen1 + passlen2;