1 files changed, 22 insertions, 7 deletions

diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index 428f8e237f..a43731ffcc 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -713,25 +713,40 @@ BOOL cli_session_setup(struct cli_state *cli,
 		fstrcpy(ntpword, "");
 		ntpasslen=1;
 	} 
-	else if (((passlen == 0) || (passlen == 1)) && (pass[0] == '\0'))
+	else if ((passlen == 0 || passlen == 1) && (pass[0] == '\0'))
 	{
 		/* Null session connect. */
-		pword[0] = '\0';
+		pword  [0] = '\0';
 		ntpword[0] = '\0';
 	}
 	else if (passlen == 24 && ntpasslen == 24)
 	{
-		/* encrypted password send, implicit from 24-byte lengths */
-		memcpy(pword, pass, 24);
-		memcpy(ntpword, ntpass, 24);
+		if (IS_BITS_SET_ALL(cli->sec_mode, 2))
+		{
+			/* encrypted password, implicit from 24-byte lengths */
+			memcpy(pword  , pass  , 24);
+			memcpy(ntpword, ntpass, 24);
+		}
+		else
+		{
+			DEBUG(0,("cli_session_setup: encrypted passwords not supported by server\n"));
+			return False;
+		}
 	}
-	else
+	else if (ntpasslen == 0 || !IS_BITS_SET_ALL(cli->sec_mode, 2))
 	{
-		/* plain-text password send */
+		/* plain-text password: server doesn't support encrypted. */
 		fstrcpy(pword, pass);
 		fstrcpy(ntpword, "");
 		ntpasslen = 0;
 	}
+	else /* passlen != 0 && ntpasslen != 0 && server supports encryption */
+	{
+		/* plain-text password requesting to be encrypted */
+		uchar *key = (uchar *)cli->cryptkey;
+		SMBencrypt  ((uchar *)pass  , key,(uchar *)pword  );
+		SMBNTencrypt((uchar *)ntpass, key,(uchar *)ntpword);
+	}
 
 	/* send a session setup command */
 	bzero(cli->outbuf,smb_size);