- got client code cleartext passwords working again in cli_session_setup.

  needed this for some tests.

- removed code that said "if lm password is not encrypted then encrypt both
  lm and nt passwords".  actually it said "if lm password length is not 24
  bytes and we're in security=user mode..."

  it didn't bother to check whether the nt password was NULL or not, and
  doing the encryption inside cli_session_setup is the wrong place.

- checked all instances where cli_session_setup is called with cleartext
  passwords that are expected to then be encrypted (see above) with the
  test "if pwlen != 24...".  there was only one: all the others either
  provide encrypted passwords, do null sessions or use
  cli_establish_connection.

* recommendation: use cli_establish_connection() in smbwrapper/smbw.c

diff --git a/source/libsmb/clientgen.c b/source/libsmb/clientgen.c
index a1a5bbf0a9e98636b7a9d7e7c1e5410c2cf6560d..428f8e237fd4f518954dd4a2258c9318656c72ed 100644 (file)
--- a/source/libsmb/clientgen.c
+++ b/source/libsmb/clientgen.c
@@ -696,36 +696,42 @@ BOOL cli_session_setup(struct cli_state *cli,
        fstring pword, ntpword;
 
        if (cli->protocol < PROTOCOL_LANMAN1)
+       {
                return True;
+       }
 
-       if (passlen > sizeof(pword)-1 || ntpasslen > sizeof(ntpword)-1) {
+       if (passlen > sizeof(pword)-1 || ntpasslen > sizeof(ntpword)-1)
+       {
                return False;
        }
 
-        if (((passlen == 0) || (passlen == 1)) && (pass[0] == '\0')) {
-          /* Null session connect. */
-          pword[0] = '\0';
-          ntpword[0] = '\0';
-        } else {
-          if ((cli->sec_mode & 2) && passlen != 24) {
-            passlen = 24;
-            ntpasslen = 24;
-            SMBencrypt((uchar *)pass,(uchar *)cli->cryptkey,(uchar *)pword);
-            SMBNTencrypt((uchar *)ntpass,(uchar *)cli->cryptkey,(uchar *)ntpword);
-          } else {
-                 fstrcpy(pword, pass);
-                 fstrcpy(ntpword, "");
-                 ntpasslen = 0;
-          }
-        }
-
-       /* if in share level security then don't send a password now */
-       if (!(cli->sec_mode & 1)) {
+       if (!IS_BITS_SET_ALL(cli->sec_mode, 1))
+       {
+               /* if in share level security then don't send a password now */
                fstrcpy(pword, "");
                passlen=1;
                fstrcpy(ntpword, "");
                ntpasslen=1;
        } 
+       else if (((passlen == 0) || (passlen == 1)) && (pass[0] == '\0'))
+       {
+               /* Null session connect. */
+               pword[0] = '\0';
+               ntpword[0] = '\0';
+       }
+       else if (passlen == 24 && ntpasslen == 24)
+       {
+               /* encrypted password send, implicit from 24-byte lengths */
+               memcpy(pword, pass, 24);
+               memcpy(ntpword, ntpass, 24);
+       }
+       else
+       {
+               /* plain-text password send */
+               fstrcpy(pword, pass);
+               fstrcpy(ntpword, "");
+               ntpasslen = 0;
+       }
 
        /* send a session setup command */
        bzero(cli->outbuf,smb_size);

diff --git a/source/rpcclient/rpcclient.c b/source/rpcclient/rpcclient.c
index ceaefb98bc43b3e65539225bd0915b57bb4b2b2e..f2926276bc72346eb03c55ac8728339369570e3b 100644 (file)
--- a/source/rpcclient/rpcclient.c
+++ b/source/rpcclient/rpcclient.c
@@ -739,7 +739,8 @@ enum client_action
                }
                else
                {
-                       pwd_make_lm_nt_16(&(smb_cli->pwd), password); /* generate 16 byte hashes */
+                       /* generate 16 byte hashes */
+                       pwd_make_lm_nt_16(&(smb_cli->pwd), password);
                }
        }
        else 

diff --git a/source/smbwrapper/smbw.c b/source/smbwrapper/smbw.c
index faaa9f047b0537b9aa552f97d010361215a4c1ba..dfe99a7ed1afa7cd75e80ba05535cebe8af66d9b 100644 (file)
--- a/source/smbwrapper/smbw.c
+++ b/source/smbwrapper/smbw.c
@@ -403,6 +403,7 @@ struct smbw_server *smbw_server(char *server, char *share)
        pstring ipenv;
        struct in_addr ip;
        extern struct in_addr ipzero;
+       char lm_24[24], nt_24[24];
 
        ip = ipzero;
        ZERO_STRUCT(c);
@@ -488,9 +489,12 @@ struct smbw_server *smbw_server(char *server, char *share)
                return NULL;
        }
 
+       SMBencrypt  ((uchar *)password,(uchar *)c.cryptkey,(uchar *)lm_24);
+       SMBNTencrypt((uchar *)password,(uchar *)c.cryptkey,(uchar *)nt_24);
+
        if (!cli_session_setup(&c, username, 
-                              password, strlen(password),
-                              password, strlen(password),
+                              lm_24, 24,
+                              nt_24, 24,
                               workgroup) &&
            /* try an anonymous login if it failed */
            !cli_session_setup(&c, "", "", 1,"", 0, workgroup)) {