Bug 6761 - access smbd with paintext password using WindowsNT4 fails
access smbd with paintext password using WindowsNT4 fails
Status: NEW
Product: Samba 3.4
Classification: Unclassified
Component: File services
3.4.1
x64 Linux
: P3 normal
: ---
Assigned To: Volker Lendecke
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-09-25 05:21 UTC by Lutz Mark
Modified: 2016-10-25 20:27 UTC (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Lutz Mark 2009-09-25 05:21:52 UTC
Accessing smbd using WinNT4 client and plain text passwords
fails. The log.smbd file says:
unix authentication for user [.] FAILED with error NT_STATUS_WRONG_PASSWORD

Server: CentOS 5.3, Samba 3.4.1 (also samba 3.3.5 (bug#6492) and 3.0.33)
  smb.conf: encrypt passwords = no; passdb backend = smbpasswd

Client: WinNT4.0 (Servicepack 4)
  Registry adapted with EnablePlainTextPasswords=1 (NT4_PlainPassword.reg)

I had run smbd in a debugger and discovered that my NT-client
sends the password as Unicode-String, but the smbd-server
decodes the string as Ascii.

I'm going to add a patch for ./source3/smbd/sesssetup.c that 
solves the problem in my environment.
Comment 1 Lutz Mark 2009-09-25 05:40:10 UTC
Here comes the patch for ./source3/smbd/sesssetup.c of samba 3.4.1
Now the plaintext password of the NT4 client is decoded as unicode string.

# diff -U2  sesssetup.c.org  sesssetup.c 
--- sesssetup.c.org     2009-09-09 14:40:43.000000000 +0200
+++ sesssetup.c 2009-09-25 11:42:00.000000000 +0200
@@ -1543,4 +1543,13 @@
 
                        if (unic && (passlen2 == 0) && passlen1) {
+                               /* Only a unicode plaintext password was sent. */
+                               (void)srvstr_pull_talloc(talloc_tos(),
+                                                       req->inbuf,
+                                                       req->flags2,
+                                                       &pass,
+                                                       req->buf,
+                                                       passlen1,
+                                                       STR_TERMINATE|STR_UNICODE);
+                       } else if ((passlen2 == 0) && passlen1) {
                                /* Only a ascii plaintext password was sent. */
                                (void)srvstr_pull_talloc(talloc_tos(),