returned cli_session_setup to previous behaviour. added a couple of

validation checks and also added capability to send plaintext passwords.
send "ntpasslen" of zero to do this.  sending same plaintext password
for pass and ntpass arguments will result in previous behaviour of
encrypting password if server supports it.
(This used to be commit 17f4c5a785cf20901bcb76510e5ea9b0a6928115)

diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index 428f8e237fd4f518954dd4a2258c9318656c72ed..a43731ffcc17bd086f619c68660bd9c2c48ef8ba 100644 (file)
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -713,25 +713,40 @@ BOOL cli_session_setup(struct cli_state *cli,
                fstrcpy(ntpword, "");
                ntpasslen=1;
        } 
-       else if (((passlen == 0) || (passlen == 1)) && (pass[0] == '\0'))
+       else if ((passlen == 0 || passlen == 1) && (pass[0] == '\0'))
        {
                /* Null session connect. */
-               pword[0] = '\0';
+               pword  [0] = '\0';
                ntpword[0] = '\0';
        }
        else if (passlen == 24 && ntpasslen == 24)
        {
-               /* encrypted password send, implicit from 24-byte lengths */
-               memcpy(pword, pass, 24);
-               memcpy(ntpword, ntpass, 24);
+               if (IS_BITS_SET_ALL(cli->sec_mode, 2))
+               {
+                       /* encrypted password, implicit from 24-byte lengths */
+                       memcpy(pword  , pass  , 24);
+                       memcpy(ntpword, ntpass, 24);
+               }
+               else
+               {
+                       DEBUG(0,("cli_session_setup: encrypted passwords not supported by server\n"));
+                       return False;
+               }
        }
-       else
+       else if (ntpasslen == 0 || !IS_BITS_SET_ALL(cli->sec_mode, 2))
        {
-               /* plain-text password send */
+               /* plain-text password: server doesn't support encrypted. */
                fstrcpy(pword, pass);
                fstrcpy(ntpword, "");
                ntpasslen = 0;
        }
+       else /* passlen != 0 && ntpasslen != 0 && server supports encryption */
+       {
+               /* plain-text password requesting to be encrypted */
+               uchar *key = (uchar *)cli->cryptkey;
+               SMBencrypt  ((uchar *)pass  , key,(uchar *)pword  );
+               SMBNTencrypt((uchar *)ntpass, key,(uchar *)ntpword);
+       }
 
        /* send a session setup command */
        bzero(cli->outbuf,smb_size);