returned cli_session_setup to previous behaviour. added a couple of

validation checks and also added capability to send plaintext passwords.
send "ntpasslen" of zero to do this.  sending same plaintext password
for pass and ntpass arguments will result in previous behaviour of
encrypting password if server supports it.
(This used to be commit 17f4c5a785cf20901bcb76510e5ea9b0a6928115)

1 files changed, 22 insertions, 7 deletions

diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index 428f8e237f..a43731ffcc 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -713,25 +713,40 @@ BOOL cli_session_setup(struct cli_state *cli,
 		fstrcpy(ntpword, "");
 		ntpasslen=1;
 	} 
-	else if (((passlen == 0) || (passlen == 1)) && (pass[0] == '\0'))
+	else if ((passlen == 0 || passlen == 1) && (pass[0] == '\0'))
 	{
 		/* Null session connect. */
-		pword[0] = '\0';
+		pword  [0] = '\0';
 		ntpword[0] = '\0';
 	}
 	else if (passlen == 24 && ntpasslen == 24)
 	{
-		/* encrypted password send, implicit from 24-byte lengths */
-		memcpy(pword, pass, 24);
-		memcpy(ntpword, ntpass, 24);
+		if (IS_BITS_SET_ALL(cli->sec_mode, 2))
+		{
+			/* encrypted password, implicit from 24-byte lengths */
+			memcpy(pword  , pass  , 24);
+			memcpy(ntpword, ntpass, 24);
+		}
+		else
+		{
+			DEBUG(0,("cli_session_setup: encrypted passwords not supported by server\n"));
+			return False;
+		}
 	}
-	else
+	else if (ntpasslen == 0 || !IS_BITS_SET_ALL(cli->sec_mode, 2))
 	{
-		/* plain-text password send */
+		/* plain-text password: server doesn't support encrypted. */
 		fstrcpy(pword, pass);
 		fstrcpy(ntpword, "");
 		ntpasslen = 0;
 	}
+	else /* passlen != 0 && ntpasslen != 0 && server supports encryption */
+	{
+		/* plain-text password requesting to be encrypted */
+		uchar *key = (uchar *)cli->cryptkey;
+		SMBencrypt  ((uchar *)pass  , key,(uchar *)pword  );
+		SMBNTencrypt((uchar *)ntpass, key,(uchar *)ntpword);
+	}
 
 	/* send a session setup command */
 	bzero(cli->outbuf,smb_size);