Bug 1571 - LANMAN2 protocol (and lower) broken in samba-3.x
Summary: LANMAN2 protocol (and lower) broken in samba-3.x
Status: CLOSED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: libsmbclient (show other bugs)
Version: 3.0.5
Hardware: All All
: P3 critical
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-07-29 20:36 UTC by Guenter Kukkukk
Modified: 2005-08-24 10:18 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Guenter Kukkukk 2004-07-29 20:36:59 UTC
BTW - changed from samba-2.x (SUSE 8.1) to samba-3.0.5 (SUSE 9.1)
    From now on *any* connection to our (ancient) OS/2 Warpserver failed:
    "session setup failed: ERRDOS - ERRnoaccess (Access denied.)"

NOTE:
   It seems, that *all* LANMAN2 depending implementations are *broken*..

To easily reproduce this error on a LINUX-machine - no need for a network
connection - use (add) the following entries in smb.conf:
   interfaces = 127.0.0.1 eth0
   security = user
   protocol = LANMAN2             #!!!!
   max protocol = LANMAN2         #!!!!
   encrypt passwords = yes        #(= no, not evaluated now...)

The following local executed command will fail:
   smbclient //my_linux_machine/my_share -U my_user_id%my_password

This happens due to a *serious* error in
  /libsmb/cliconnect.c
      function cli_session_setup_lanman2()
           ...
           p = smb_buf(cli->outbuf);
           memcpy(p,lm_response.data,lm_response.length; // copy (encrypted) pw
           p += passlen;      !!!!! WHY  !!!
           ...

           Should/Must be replaced with:
           ...
           p += lm_response.length;  !!!!!!!!!!!!
           ...

In the current implementation the stored 24 bytes of (encrypted) data is
partially *overwritten* by the later following data - which leads to an ERROR.

IMPORTANT
I have currently *not* checked "the whole samba-source" for similar problems...

SOLUTION
I have checked-out the latest samba-source - compiled it - the
error *is gone*!!!

If any support/testing of "older smb-protocols" could be done - please let me 
know.

Best wishes.

Guenter Kukkukk

-- 
Entwicklungsbuero fuer Informationstechnologien
Damaschkestr. 24
D-10711 Berlin
Germany
Comment 1 Guenter Kukkukk 2004-07-29 21:12:57 UTC
Sorry - if it was misleading...
The original source has currently not been fixed.
SOLUTION
  Download the latest source
  *Change the source* and compile/install it
Comment 2 Andrew Bartlett 2004-07-30 04:13:43 UTC
Fixed in SVN.
Comment 3 Gerald (Jerry) Carter (dead mail address) 2005-08-24 10:18:34 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.