Bug 59 - Plaintext passwords don't work properly with w2k and unicode
Summary: Plaintext passwords don't work properly with w2k and unicode
Status: CLOSED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: File Services (show other bugs)
Version: 3.0.0preX
Hardware: All Windows 2000
: P2 critical
Target Milestone: none
Assignee: Gerald (Jerry) Carter (dead mail address)
QA Contact:
URL: http://lists.samba.org/pipermail/samb...
Keywords:
Depends on:
Blocks:
 
Reported: 2003-05-01 04:38 UTC by Nir Soffer
Modified: 2009-10-15 10:09 UTC (History)
0 users

See Also:


Attachments
Check if unicode was negotiated and use respective passlen (533 bytes, patch)
2003-05-01 04:41 UTC, Nir Soffer
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Nir Soffer 2003-05-01 04:38:58 UTC
Plaintext passwords simply don't work when security=user and windows 2k is the 
client. I marked this as critical since this WILL break installations that 
simply want to use their NIS database as a password repository without bothering 
with smbpasswd. I'm sure many installations do that.




And a great many thanks to CRH for helping me out here.




the first problem is thus:




W2K clients don't handle unicode passwords very well in plaintext - see:


http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B257292




After applying the service pack, the second problem is thus - in smbd/sesssetup.
c:




 if (doencrypt) {


                        lm_resp = data_blob(p, passlen1);


                        nt_resp = data_blob(p+passlen1, passlen2);


                } else {


                        pstring pass;


                        srvstr_pull(inbuf, pass, smb_buf(inbuf),


                                    sizeof(pass),  passlen1, STR_TERMINATE);


                        plaintext_password = data_blob(pass, strlen(pass)+1);


                }




As you can see, the code snarfs passlen1 regardless of unicode or ascii 
negotiations.




My new code works - and it looks like so:


if (doencrypt) {


                        lm_resp = data_blob(p, passlen1);


                        nt_resp = data_blob(p+passlen1, passlen2);


                } else {


                        pstring pass;


                        BOOL unic;


                        unic=SVAL(inbuf, smb_flg2) & FLAGS2_UNICODE_STRINGS;


                        srvstr_pull(inbuf, pass, smb_buf(inbuf),


                                    sizeof(pass),  unic ? passlen2 : passlen1,


                                    STR_TERMINATE);


                        plaintext_password = data_blob(pass, strlen(pass)+1);


                }




Only problem with that is if both ASCII and unicode passwords are sent.




Feel free to contact me at any time. For reference, this is bug #2129 in our 
database.
Comment 1 Nir Soffer 2003-05-01 04:41:23 UTC
Created attachment 5 [details]
Check if unicode was negotiated and use respective passlen
Comment 2 Gerald (Jerry) Carter (dead mail address) 2003-05-21 09:10:57 UTC
patch looks ok.  Had to fix cli_session_setup_plaintext() 
to send the unicode password if CAP_UNICODE was included
in the capabilities.
Comment 3 Gerald (Jerry) Carter (dead mail address) 2005-02-07 07:54:42 UTC
originally reported against 3.0alpha23.  Bugzilla spring cleaning.
Comment 4 Gerald (Jerry) Carter (dead mail address) 2005-08-24 10:24:38 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.
Comment 5 Gerald (Jerry) Carter (dead mail address) 2005-11-14 09:28:33 UTC
database cleanup