From 425699fce728a3d302a3e5288d0c59ec7b16aee2 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 5 Jan 2004 04:12:40 +0000 Subject: Correctly handle per-pipe NTLMSSP inside a NULL session. Previously we would attempt to supply a password to the 'inside' NTLMSSP, which the remote side naturally rejected. Andrew Bartlett (This used to be commit da408e0d5aa29ca1505c2fd96b32deae9ed940c4) --- source3/libsmb/pwd_cache.c | 10 ++++++++-- source3/rpc_client/cli_pipe.c | 17 ++++++++++++----- 2 files changed, 20 insertions(+), 7 deletions(-) diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c index f45832d7d7..7ba6cfc96f 100644 --- a/source3/libsmb/pwd_cache.c +++ b/source3/libsmb/pwd_cache.c @@ -45,8 +45,14 @@ static void pwd_make_lm_nt_16(struct pwd_info *pwd, const char *clr) { pwd_init(pwd); - nt_lm_owf_gen(clr, pwd->smb_nt_pwd, pwd->smb_lm_pwd); - pwd->null_pwd = False; + if (!clr) { + ZERO_STRUCT(pwd->smb_nt_pwd); + ZERO_STRUCT(pwd->smb_lm_pwd); + pwd->null_pwd = True; + } else { + nt_lm_owf_gen(clr, pwd->smb_nt_pwd, pwd->smb_lm_pwd); + pwd->null_pwd = False; + } pwd->crypted = False; } diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index 49abf787ee..3213e955b6 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -1342,11 +1342,18 @@ static BOOL rpc_pipe_bind(struct cli_state *cli, int pipe_idx, const char *my_na if (!NT_STATUS_IS_OK(nt_status)) return False; - pwd_get_cleartext(&cli->pwd, password); - nt_status = ntlmssp_set_password(cli->ntlmssp_pipe_state, - password); - if (!NT_STATUS_IS_OK(nt_status)) - return False; + if (cli->pwd.null_pwd) { + nt_status = ntlmssp_set_password(cli->ntlmssp_pipe_state, + NULL); + if (!NT_STATUS_IS_OK(nt_status)) + return False; + } else { + pwd_get_cleartext(&cli->pwd, password); + nt_status = ntlmssp_set_password(cli->ntlmssp_pipe_state, + password); + if (!NT_STATUS_IS_OK(nt_status)) + return False; + } if (cli->pipe_auth_flags & AUTH_PIPE_SIGN) { cli->ntlmssp_pipe_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN; -- cgit