12 files changed, 40 insertions, 26 deletions

diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
index bc03528985..ee3793a6c1 100644
--- a/source3/auth/auth_domain.c
+++ b/source3/auth/auth_domain.c
@@ -503,7 +503,7 @@ static NTSTATUS check_trustdomain_security(const struct auth_context *auth_conte
 #ifdef DEBUG_PASSWORD
 	DEBUG(100, ("Trust password for domain %s is %s\n", user_info->domain.str, trust_password));
 #endif
-	E_md4hash((uchar *)trust_password, trust_md4_password);
+	E_md4hash(trust_password, trust_md4_password);
 	SAFE_FREE(trust_password);
 
 #if 0
diff --git a/source3/libsmb/cli_srvsvc.c b/source3/libsmb/cli_srvsvc.c
index 2dc12d726c..b92b356241 100644
--- a/source3/libsmb/cli_srvsvc.c
+++ b/source3/libsmb/cli_srvsvc.c
@@ -317,7 +317,7 @@ WERROR cli_srvsvc_net_remote_tod(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 }
 
 WERROR cli_srvsvc_net_file_enum(struct cli_state *cli, TALLOC_CTX *mem_ctx,
-				uint32 file_level, char *user_name,
+				uint32 file_level, const char *user_name,
 				SRV_FILE_INFO_CTR *ctr,	int preferred_len,
 				ENUM_HND *hnd)
 {
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 3cec5d743d..1cf85875b6 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -254,11 +254,12 @@ static BOOL cli_session_setup_nt1(struct cli_state *cli, char *user,
 				  char *workgroup)
 {
 	uint32 capabilities = cli_session_setup_capabilities(cli);
-	fstring pword, ntpword;
+	uchar pword[24];
+	uchar ntpword[24];
 	char *p;
 	BOOL tried_signing = False;
 
-	if (passlen > sizeof(pword)-1 || ntpasslen > sizeof(ntpword)-1) {
+	if (passlen > sizeof(pword) || ntpasslen > sizeof(ntpword)) {
 		return False;
 	}
 
@@ -266,15 +267,21 @@ static BOOL cli_session_setup_nt1(struct cli_state *cli, char *user,
 		/* non encrypted password supplied. Ignore ntpass. */
 		passlen = 24;
 		ntpasslen = 24;
-		SMBencrypt(pass,cli->secblob.data,(uchar *)pword);
-		SMBNTencrypt(pass,cli->secblob.data,(uchar *)ntpword);
+		SMBencrypt(pass,cli->secblob.data,pword);
+		SMBNTencrypt(pass,cli->secblob.data,ntpword);
 		if (!cli->sign_info.use_smb_signing && cli->sign_info.negotiated_smb_signing) {
-			cli_calculate_mac_key(cli, pass, (uchar *)ntpword);
+			cli_calculate_mac_key(cli, pass, ntpword);
 			tried_signing = True;
 		}
 	} else {
-		memcpy(pword, pass, passlen);
-		memcpy(ntpword, ntpass, ntpasslen);
+		/* pre-encrypted password supplied.  Only used for security=server, can't do
+		   signing becouse we don't have oringial key */
+		memcpy(pword, pass, 24);
+		if (ntpasslen == 24) {
+			memcpy(ntpword, ntpass, 24);
+		} else {
+			ZERO_STRUCT(ntpword);
+		}
 	}
 
 	/* send a session setup command */
@@ -302,8 +309,13 @@ static BOOL cli_session_setup_nt1(struct cli_state *cli, char *user,
 	cli_setup_bcc(cli, p);
 
 	cli_send_smb(cli);
-	if (!cli_receive_smb(cli))
+	if (!cli_receive_smb(cli)) {
+		if (tried_signing) {
+			/* We only use it if we have a successful non-guest connect */
+			cli->sign_info.use_smb_signing = False;
+		}
 		return False;
+	}
 
 	show_msg(cli->inbuf);
 
diff --git a/source3/libsmb/namequery.c b/source3/libsmb/namequery.c
index 18564bccf4..e2ddfd8280 100644
--- a/source3/libsmb/namequery.c
+++ b/source3/libsmb/namequery.c
@@ -930,7 +930,7 @@ BOOL resolve_name(const char *name, struct in_addr *return_ip, int name_type)
  Find the IP address of the master browser or DMB for a workgroup.
 *********************************************************/
 
-BOOL find_master_ip(char *group, struct in_addr *master_ip)
+BOOL find_master_ip(const char *group, struct in_addr *master_ip)
 {
 	struct in_addr *ip_list = NULL;
 	int count = 0;
diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c
index 1ed83042d3..dfa355a7ec 100644
--- a/source3/libsmb/smbencrypt.c
+++ b/source3/libsmb/smbencrypt.c
@@ -28,7 +28,7 @@
    This implements the X/Open SMB password encryption
    It takes a password ('unix' string), a 8 byte "crypt key" 
    and puts 24 bytes of encrypted password into p24 */
-void SMBencrypt(const char *passwd, const uchar *c8, uchar *p24)
+void SMBencrypt(const char *passwd, const uchar *c8, uchar p24[24])
 {
 	uchar p21[21];
 
@@ -337,7 +337,7 @@ BOOL decode_pw_buffer(char in_buffer[516], char *new_pwrd,
  SMB signing - setup the MAC key.
 ************************************************************/
 
-void cli_calculate_mac_key(struct cli_state *cli, const unsigned char *ntpasswd, const uchar resp[24])
+void cli_calculate_mac_key(struct cli_state *cli, const char *ntpasswd, const uchar resp[24])
 {
 	/* Get first 16 bytes. */
 	E_md4hash(ntpasswd,&cli->sign_info.mac_key[0]);
diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c
index d0af10a0e6..4a23e3abe2 100644
--- a/source3/nsswitch/wbinfo.c
+++ b/source3/nsswitch/wbinfo.c
@@ -490,9 +490,9 @@ static BOOL wbinfo_auth_crap(char *username)
 
 	generate_random_buffer(request.data.auth_crap.chal, 8, False);
         
-        SMBencrypt((uchar *)pass, request.data.auth_crap.chal, 
+        SMBencrypt(pass, request.data.auth_crap.chal, 
                    (uchar *)request.data.auth_crap.lm_resp);
-        SMBNTencrypt((uchar *)pass, request.data.auth_crap.chal,
+        SMBNTencrypt(pass, request.data.auth_crap.chal,
                      (uchar *)request.data.auth_crap.nt_resp);
 
         request.data.auth_crap.lm_resp_len = 24;
diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c
index e608f826c9..a73b2ccd29 100644
--- a/source3/nsswitch/winbindd_pam.c
+++ b/source3/nsswitch/winbindd_pam.c
@@ -71,9 +71,9 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
 		unsigned char local_nt_response[24];
 		
 		generate_random_buffer(chal, 8, False);
-		SMBencrypt( (const uchar *)state->request.data.auth.pass, chal, local_lm_response);
+		SMBencrypt(state->request.data.auth.pass, chal, local_lm_response);
 		
-		SMBNTencrypt((const uchar *)state->request.data.auth.pass, chal, local_nt_response);
+		SMBNTencrypt(state->request.data.auth.pass, chal, local_nt_response);
 
 		lm_resp = data_blob_talloc(mem_ctx, local_lm_response, sizeof(local_lm_response));
 		nt_resp = data_blob_talloc(mem_ctx, local_nt_response, sizeof(local_nt_response));
diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c
index d5668a2bb6..b927380af8 100644
--- a/source3/nsswitch/winbindd_util.c
+++ b/source3/nsswitch/winbindd_util.c
@@ -123,7 +123,7 @@ BOOL init_domain_list(void)
 	struct winbindd_domain *domain;
 	DOM_SID *dom_sids;
 	char **names;
-	int num_domains = 0;
+	uint32 num_domains = 0;
 
 	if (!(mem_ctx = talloc_init_named("init_domain_list")))
 		return False;
diff --git a/source3/rpc_parse/parse_srv.c b/source3/rpc_parse/parse_srv.c
index 3dc054d2b1..7f1915edc7 100644
--- a/source3/rpc_parse/parse_srv.c
+++ b/source3/rpc_parse/parse_srv.c
@@ -2004,7 +2004,8 @@ static BOOL srv_io_srv_file_ctr(char *desc, SRV_FILE_INFO_CTR *ctr, prs_struct *
 ********************************************************************/
 
 void init_srv_q_net_file_enum(SRV_Q_NET_FILE_ENUM *q_n, 
-			      char *srv_name, char *qual_name, char *user_name,
+			      const char *srv_name, const char *qual_name, 
+			      const char *user_name,
 			      uint32 file_level, SRV_FILE_INFO_CTR *ctr,
 			      uint32 preferred_len,
 			      ENUM_HND *hnd)
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index 4ab9c470d0..1f684bd929 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -280,7 +280,7 @@ NTSTATUS _net_auth(pipes_struct *p, NET_Q_AUTH *q_u, NET_R_AUTH *r_u)
 
 		/* from client / server challenges and md4 password, generate sess key */
 		cred_session_key(&p->dc.clnt_chal, &p->dc.srv_chal,
-				 (char *)p->dc.md4pw, p->dc.sess_key);
+				 p->dc.md4pw, p->dc.sess_key);
 		
 		/* check that the client credentials are valid */
 		if (cred_assert(&q_u->clnt_chal, p->dc.sess_key, &p->dc.clnt_cred.challenge, srv_time)) {
@@ -342,7 +342,7 @@ NTSTATUS _net_auth_2(pipes_struct *p, NET_Q_AUTH_2 *q_u, NET_R_AUTH_2 *r_u)
 		
 		/* from client / server challenges and md4 password, generate sess key */
 		cred_session_key(&p->dc.clnt_chal, &p->dc.srv_chal,
-				 (char *)p->dc.md4pw, p->dc.sess_key);
+				 p->dc.md4pw, p->dc.sess_key);
 		
 		/* check that the client credentials are valid */
 		if (cred_assert(&q_u->clnt_chal, p->dc.sess_key, &p->dc.clnt_cred.challenge, srv_time)) {
diff --git a/source3/utils/net_lookup.c b/source3/utils/net_lookup.c
index a324f594a1..a9aa080054 100644
--- a/source3/utils/net_lookup.c
+++ b/source3/utils/net_lookup.c
@@ -77,7 +77,8 @@ static void print_ldap_srvlist(char *srvlist)
 static int net_lookup_ldap(int argc, const char **argv)
 {
 #ifdef HAVE_LDAP
-	char *srvlist, *domain;
+	char *srvlist;
+	const char *domain;
 	int rc, count;
 	struct in_addr *addr;
 	struct hostent *hostent;
@@ -125,7 +126,7 @@ static int net_lookup_dc(int argc, const char **argv)
 {
 	struct in_addr *ip_list;
 	char *pdc_str = NULL;
-	char *domain=opt_target_workgroup;
+	const char *domain=opt_target_workgroup;
 	int count, i;
 
 	if (argc > 0)
@@ -154,7 +155,7 @@ static int net_lookup_dc(int argc, const char **argv)
 static int net_lookup_master(int argc, const char **argv)
 {
 	struct in_addr master_ip;
-	char *domain=opt_target_workgroup;
+	const char *domain=opt_target_workgroup;
 
 	if (argc > 0)
 		domain=argv[0];
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index dc50c438d4..dceb5ffd50 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -244,7 +244,7 @@ static NTSTATUS rpc_join_oldstyle_internals(const DOM_SID *domain_sid, struct cl
 
 	trust_passwd[14] = '\0';
 
-	E_md4hash( (uchar *)trust_passwd, orig_trust_passwd_hash);
+	E_md4hash(trust_passwd, orig_trust_passwd_hash);
 
 	return trust_pw_change_and_store_it(cli, mem_ctx, orig_trust_passwd_hash);
 }
@@ -1221,7 +1221,7 @@ rpc_file_list_internals(const DOM_SID *domain_sid, struct cli_state *cli,
 	WERROR result;
 	ENUM_HND hnd;
 	uint32 preferred_len = 0xffffffff, i;
-	char *username=NULL;
+	const char *username=NULL;
 
 	init_enum_hnd(&hnd, 0);