9705 – cannot connect with plaintext password

Bug 9705 - cannot connect with plaintext password

Summary: cannot connect with plaintext password

Status:	REOPENED

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	File services (show other bugs)
Version:	4.12.2
Hardware:	All All

Importance:	P5 minor (vote)
Target Milestone:	---
Assignee:	Samba QA Contact
QA Contact:	Samba QA Contact

URL:
Keywords:

Duplicates (3):	6492 6761 12391 (view as bug list)
Depends on:
Blocks:

Reported:	2013-03-08 16:54 UTC by TAKAHASHI Motonobu
Modified:	2024-07-23 13:54 UTC (History)
CC List:	8 users (show)

See Also:	https://gitlab.com/samba-team/samba/-/merge_requests/3726

Attachments
Level 10 log (4.73 KB, application/x-gzip) 2013-03-08 16:54 UTC, TAKAHASHI Motonobu	no flags	Details
patch to source3/auth/auth_ntlmssp.c to restore plain text password feature (625 bytes, patch) 2014-10-06 14:33 UTC, Gabriel Gomez	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description TAKAHASHI Motonobu 2013-03-08 16:54:21 UTC

Created attachment 8622 [details]
Level 10 log

Cannot connect plain text password.

My smb.conf: 

-----
[global]
  encrypt passwords = no
  lanman auth = yes
  max protocol = nt1
  ntlm auth = yes

[tmp]
  path = /tmp
  writeable = yes
-----

Client Windows 8 Pro (LMCompatibilityLevel = 0, EnablePlainTextPassword: 1)

Comment 1 Gabriel Gomez 2014-10-06 14:27:23 UTC

Samba plain password auth is broken since this change in source3/auth/auth_ntlmssp.c:

-       nt_status = gensec_ntlmssp->auth_context->check_ntlm_password(gensec_ntlmssp->auth_context,
-                                                                         user_info, &server_info);
+       mapped_user_info->flags = user_info->flags;
 
-       username_was_mapped = user_info->was_mapped;
+       nt_status = auth_context->check_ntlm_password(auth_context,
+                                                     mapped_user_info, &server_info);

because password.plaintext is missin in mapped_user_info

I managed to solve it with this simple patch:

--- samba-4.1.6+dfsg/source3/auth/auth_ntlmssp.c	2012-02-17 00:00:00.449156964 -0300
+++ samba-4.1.6+dfsg-new/source3/auth/auth_ntlmssp.c	2014-10-03 18:06:23.795911129 -0300
@@ -123,7 +123,7 @@
 				       user_info->remote_host,
 	                               user_info->password.response.lanman.data ? &user_info->password.response.lanman : NULL,
 	                               user_info->password.response.nt.data ? &user_info->password.response.nt : NULL,
-				       NULL, NULL, NULL,
+				       NULL, NULL, user_info->password.plaintext,
 				       AUTH_PASSWORD_RESPONSE);
 
 	if (!NT_STATUS_IS_OK(nt_status)) {


best regards
Gabriel

Comment 2 Gabriel Gomez 2014-10-06 14:33:42 UTC

Created attachment 10327 [details]
patch to source3/auth/auth_ntlmssp.c to restore plain text password feature

Comment 3 Andrew Bartlett 2015-01-02 21:56:12 UTC

The biggest issue here isn't applying the patch, but that as we quite clearly have no test for this (otherwise we would have noticed it), we need an automated test in the testsuite, otherwise it will just break again.

Comment 4 Stefan Metzmacher 2016-10-25 20:20:05 UTC

*** Bug 12391 has been marked as a duplicate of this bug. ***

Comment 5 Andrew Bartlett 2017-01-03 00:35:12 UTC

*** Bug 6492 has been marked as a duplicate of this bug. ***

Comment 6 Andrew Bartlett 2017-01-03 00:35:45 UTC

*** Bug 6761 has been marked as a duplicate of this bug. ***

Comment 7 Rowland Penny 2020-12-23 19:22:07 UTC

'encrypt passwords' has been set to 'yes' for years, and the parameter is now marked as deprecated, so it is highly unlikely we will ever fix this, so closing this bug report.

Comment 8 Björn Jacke 2020-12-24 00:35:19 UTC

People are using Samba with DOS client and will still do so in many years. This Bug report has a valid patch attached which just doesn't go upstream because of a missing patch, do not close such bug reports please.

Comment 9 Gabriel Gomez 2021-04-09 13:25:21 UTC

I really do want to contribute with a test to allow the patch to be merged, but I do not really know where it should be added.
Perhaps if some of you provide me a pointer to a similar test to modify or improve, I will manage to develop a test for this particular scenario.
I am tired of patching samba every time I update my OSs :-(

Comment 10 Samba QA Contact 2024-07-17 11:18:04 UTC

This bug was referenced in samba master:

1e21b99b643c4d2177c382a296c2edfc2b7e7f91
f7574a59226ed65c6048af64507c0be0d044eb8c
8e35933ceb5bcede2b45d8223766bd8b2ebd7ef1
9afe7b7a0f248d2d31dfc2a13bd61906d113c932
97f0408f776ecbde4bec6d3001d0bdc82f9d86eb
108724ac34663a234ab0a506a1e5d5e0a106af9c
66e9d3fe01f80f19264aaf8250d92c82a707162a
687139144a2f6210aae570accedafca9250753e1

Comment 11 Samba QA Contact 2024-07-23 13:54:03 UTC

This bug was referenced in samba master:

6481fab912bb5d14e39a0140cb882f99fe330081
92ea6b00e712e3d2c1fa6c465cf39f6fe83d5095