Correctly handle per-pipe NTLMSSP inside a NULL session. Previously we
authorAndrew Bartlett <abartlet@samba.org>
Mon, 5 Jan 2004 04:12:40 +0000 (04:12 +0000)
committerAndrew Bartlett <abartlet@samba.org>
Mon, 5 Jan 2004 04:12:40 +0000 (04:12 +0000)
would attempt to supply a password to the 'inside' NTLMSSP, which the
remote side naturally rejected.

Andrew Bartlett
(This used to be commit da408e0d5aa29ca1505c2fd96b32deae9ed940c4)

source3/libsmb/pwd_cache.c
source3/rpc_client/cli_pipe.c

index f45832d7d75a16a4f7d3b8e29070d852cca8d114..7ba6cfc96f0a86ec58fde26a2870e22290403644 100644 (file)
@@ -45,8 +45,14 @@ static void pwd_make_lm_nt_16(struct pwd_info *pwd, const char *clr)
 {
        pwd_init(pwd);
 
-       nt_lm_owf_gen(clr, pwd->smb_nt_pwd, pwd->smb_lm_pwd);
-       pwd->null_pwd  = False;
+       if (!clr) {
+               ZERO_STRUCT(pwd->smb_nt_pwd);
+               ZERO_STRUCT(pwd->smb_lm_pwd);
+               pwd->null_pwd  = True;
+       } else {
+               nt_lm_owf_gen(clr, pwd->smb_nt_pwd, pwd->smb_lm_pwd);
+               pwd->null_pwd  = False;
+       }
        pwd->crypted = False;
 }
 
index 49abf787eed590562fb7c150f49cc645d219401e..3213e955b682bfbca1ac3525c022628339aba7bc 100644 (file)
@@ -1342,11 +1342,18 @@ static BOOL rpc_pipe_bind(struct cli_state *cli, int pipe_idx, const char *my_na
                if (!NT_STATUS_IS_OK(nt_status))
                        return False;
 
-               pwd_get_cleartext(&cli->pwd, password);
-               nt_status = ntlmssp_set_password(cli->ntlmssp_pipe_state, 
-                                                password);
-               if (!NT_STATUS_IS_OK(nt_status))
-                       return False;
+               if (cli->pwd.null_pwd) {
+                       nt_status = ntlmssp_set_password(cli->ntlmssp_pipe_state, 
+                                                        NULL);
+                       if (!NT_STATUS_IS_OK(nt_status))
+                               return False;
+               } else {
+                       pwd_get_cleartext(&cli->pwd, password);
+                       nt_status = ntlmssp_set_password(cli->ntlmssp_pipe_state, 
+                                                        password);
+                       if (!NT_STATUS_IS_OK(nt_status))
+                               return False;
+               }
 
                if (cli->pipe_auth_flags & AUTH_PIPE_SIGN) {
                        cli->ntlmssp_pipe_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;