Bug 13301 - libsmbclient tree connect with Username and without password access to Windows server fails in samba-4.7.4
libsmbclient tree connect with Username and without password access to Window...
Status: NEW
Product: Samba 4.1 and newer
Classification: Unclassified
Component: libsmbclient
4.7.4
All All
: P5 normal
: ---
Assigned To: Stefan Metzmacher
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-02-26 13:20 UTC by shivappa
Modified: 2018-09-12 06:53 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description shivappa 2018-02-26 13:20:55 UTC
Accessing Windows without password from libsmbclient fails.
"SPNEGO login failed: The attempted logon is invalid. This is either due to 
a bad username or authentication information."

This happens with libsmbclient but not with smbclient command.
When checked only difference is set_cmdline_auth_info_password(*) function is not called in smbclient command flow.

When empty password is passed it will set to NULL as in below code in case of libsmbclient.
...........................
void set_cmdline_auth_info_password(struct user_auth_info *auth_info,
                    const char *password)
{
    bool ok;

    auth_info->got_pass = true;

**** Is below mandatory. ???? This is not set when smbclient command is used
(smbclient \\ip\share -Uuser% -d5)

    if (password != NULL && strlen(password) == 0) {
        password = NULL;
    }
***
    ok = cli_credentials_set_password(auth_info->creds,
                      password,
                      CRED_SPECIFIED);
    if (!ok) {
        exit(ENOMEM);
 ...................

When SessionSetup Request is filled with credentials: WORKGROUP\username, below values are set to empty in packets.
..................................
NTLM Response: empty
Lan Manager Response: empty
.................................
In what all cases Response is set to empty ????


Before version of samba is fine(samba-4.4.x).

Can anybody help to resolve the issue.
Comment 1 shivappa 2018-02-28 08:56:55 UTC
I have added below patch it is working fine for empty password case too.

When empty password is set then cli_credentials_set_password() is not called. So for empty password, CRED_UNINITIALISED is set instead of CRED_SPECIFIED and inturn NTLM Response and Lan Manager Response were set empty.


--- b/source3/libsmb/cliconnect.c       2018-02-28 14:16:14.367639075 +0530
+++ a/source3/libsmb/cliconnect.c       2018-02-28 14:16:28.033759403 +0530
@@ -184,7 +184,7 @@ struct cli_credentials *cli_session_cred
                }
        }

-       if (password != NULL && strlen(password) > 0) {
+//     if (password != NULL && strlen(password) > 0) {
                if (password_is_nt_hash) {
                        struct samr_Password nt_hash;
                        size_t converted;
@@ -211,7 +211,7 @@ struct cli_credentials *cli_session_cred
                                goto fail;
                        }
                }
-       }
+//     }

        return creds;
 fail:



Is there any reason for not calling cli_credentials_set_password() for empty password???
Comment 2 Andreas Schneider 2018-09-11 13:06:41 UTC
We would like to reproduce this but for that we don't have enough information.

For example:

Which Windows version, how is this box configured that it allows listing of shares etc.
Comment 3 shivappa 2018-09-12 06:53:21 UTC
I have reproduced on Windows 7.

1. Make 'Turn off password protected sharing' in Windows 7 OS under 
'Control Panel\All Control Panel Items\Network and Sharing Center\Advanced sharing settings'

2. create an user without password in Windows 7 OS(above settings allow user without password can be created)

3. access share of Windows 7(\\ip\mytest ) using above created user from libsmbclient API.

4. check for session Setup AndX Request, NTLMSSP_AUTH packet.

can see NTLM and Lan Manager Response having Empty fields.
and session setup response is "STATUS_LOGON_FAILURE"

I can help you if more information is required.