Bug 9705 - cannot connect with plaintext password
cannot connect with plaintext password
Status: NEW
Product: Samba 4.0
Classification: Unclassified
Component: File services
4.0.3
All All
: P5 minor
: ---
Assigned To: Samba QA Contact
Samba QA Contact
:
: 12391 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-03-08 16:54 UTC by TAKAHASHI Motonobu
Modified: 2016-10-25 20:20 UTC (History)
6 users (show)

See Also:


Attachments
Level 10 log (4.73 KB, application/x-gzip)
2013-03-08 16:54 UTC, TAKAHASHI Motonobu
no flags Details
patch to source3/auth/auth_ntlmssp.c to restore plain text password feature (625 bytes, patch)
2014-10-06 14:33 UTC, g.gomez.sena
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description TAKAHASHI Motonobu 2013-03-08 16:54:21 UTC
Created attachment 8622 [details]
Level 10 log

Cannot connect plain text password.

My smb.conf: 

-----
[global]
  encrypt passwords = no
  lanman auth = yes
  max protocol = nt1
  ntlm auth = yes

[tmp]
  path = /tmp
  writeable = yes
-----

Client Windows 8 Pro (LMCompatibilityLevel = 0, EnablePlainTextPassword: 1)
Comment 1 g.gomez.sena 2014-10-06 14:27:23 UTC
Samba plain password auth is broken since this change in source3/auth/auth_ntlmssp.c:

-       nt_status = gensec_ntlmssp->auth_context->check_ntlm_password(gensec_ntlmssp->auth_context,
-                                                                         user_info, &server_info);
+       mapped_user_info->flags = user_info->flags;
 
-       username_was_mapped = user_info->was_mapped;
+       nt_status = auth_context->check_ntlm_password(auth_context,
+                                                     mapped_user_info, &server_info);

because password.plaintext is missin in mapped_user_info

I managed to solve it with this simple patch:

--- samba-4.1.6+dfsg/source3/auth/auth_ntlmssp.c	2012-02-17 00:00:00.449156964 -0300
+++ samba-4.1.6+dfsg-new/source3/auth/auth_ntlmssp.c	2014-10-03 18:06:23.795911129 -0300
@@ -123,7 +123,7 @@
 				       user_info->remote_host,
 	                               user_info->password.response.lanman.data ? &user_info->password.response.lanman : NULL,
 	                               user_info->password.response.nt.data ? &user_info->password.response.nt : NULL,
-				       NULL, NULL, NULL,
+				       NULL, NULL, user_info->password.plaintext,
 				       AUTH_PASSWORD_RESPONSE);
 
 	if (!NT_STATUS_IS_OK(nt_status)) {


best regards
Gabriel
Comment 2 g.gomez.sena 2014-10-06 14:33:42 UTC
Created attachment 10327 [details]
patch to source3/auth/auth_ntlmssp.c to restore plain text password feature
Comment 3 Andrew Bartlett 2015-01-02 21:56:12 UTC
The biggest issue here isn't applying the patch, but that as we quite clearly have no test for this (otherwise we would have noticed it), we need an automated test in the testsuite, otherwise it will just break again.
Comment 4 Stefan Metzmacher 2016-10-25 20:20:05 UTC
*** Bug 12391 has been marked as a duplicate of this bug. ***