> Nir Soffer wrote: > > > > Something our QA department stumbled on: > > > > I try to log on to my Samba 3.0a22 installation (make, make > install, the > > usual shebang). The client name is CACOMISTLE (not the > NativeOS), the > > user name is nirs, (not the domain). > > Any ideas or thoughts, or are we doing something incredibly stupid? > > At a guess, you are using plaintext passwords with Unicode. > If my guess is > correct (a simple capture of the SMB SESSION SETUP ANDX > exchange would prove > it) then read on... > > I do not know how to convince a Windows *server* to request plaintext > passwords. As you are probably aware, it is easy to get > Samba to request > plaintext if that's really what you want to do. > > What that means is that the combination of Unicode and > plaintext passwords > is unusual. I have seen that W2K and W/XP clients will send Unicode > plaintext passwords if Samba requests it. Unfortunately, > they get the field > values wrong--in different ways--and it breaks the existing parsing in > Samba. > [ snip wonderful explanation ] > The Windows systems that I've been able to check do not send Plaintext > Unicode passwords correctly. My *guess* is that Microsoft > never tested this > because their servers don't set up the situation that would > require testing. > > I believe that Samba can compensate, but I have not had time > to look at the > code (let alone fix it). It should be an easy fix. Eg.: > > if( Unicode Password begins with 0x00 ) > skip a byte > if( Unicode Password does not end in 0x0000 ) > Add two to the password length before processing > > Someone care to look into providing a patch?
It seems to me that a more correct fix would be, in the case of encrypt passwords = no, to request a normal password and not a UNICODE one. Is this even possible in the protocol? (e.g - request non-unicode passwords, but still support non-unicode filenames?) This is definitely broken now if this the case, regardless where the bug is... Nir. -- Nir Soffer -=- Software Engineer, Exanet Inc. -=- "The poor little kittens; They lost their mittens; And now you all must die. Mew, Mew, Mew, Mew, And now you all must die." www.sluggy.com, 24/10/02