Re: mount_smbfs gives error when stored crypted pw is used
El día martes, junio 06, 2017 a las 12:00:34p. m. +0200, Matthias Apitz
escribió:
>
> Hello,
>
> At work I have to run FreeBSD (12-CURRENT, amd64) in vbox on Win7 host
> and used successful mount_smbfs to mount the hosts disk to FreeBSD. This
> worked fine until the last password change of the domain pw we have todo
> every 12 weeks or so.
>
> Now the new crypted and stored pw from /etc/nsmb.conf is not accepted
> anymore. In detail, when I do:
>
> ...
I looked into the sources in src/contrib/smbfs/lib/smb to understand how
the hashed pw is translated to clear text and wrote a small test pgm
which uses the same function of the /usr/lib/libsmb.so
$ cc -o smbpw smbpw.c -l smb
I now crypt a dummy pw with the following chars '1234567890-1-1234567':
$ smbutil crypt 1234567890-1-1234567
$$12a1a06767a6a5e4ebaa0b09b9af5e3eddfcd1312
the resulting hash gives retranslated by smb_simpledecrypt():
$ ./smbpw
smb_simpledecrypt(): hash: [$$12a1a06767a6a5e4ebaa0b09b9af5e3eddfcd1312] gives
clear [1234567890-1-12345]
i.e. the last two chars are missing.
$ cat smbpw.c
#include
int
smb_simpledecrypt(char *dst, const char *src);
int main()
{
char *hash = "$$12a1a06767a6a5e4ebaa0b09b9af5e3eddfcd1312";
char clear[256];
clear[0] = '\0';
smb_simpledecrypt(clear, hash);
printf("smb_simpledecrypt(): hash: [%s] gives clear [%s]\n", hash, clear);
}
This seems to be an issue in the libsmb...
matthias
--
Matthias Apitz, ✉ g...@unixarea.de, ⌂ http://www.unixarea.de/ ☎
+49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
8. Mai 1945: Wer nicht feiert hat den Krieg verloren.
8 de mayo de 1945: Quien no festeja perdió la Guerra.
May 8, 1945: Who does not celebrate lost the War.
signature.asc
Description: PGP signature
Re: mount_smbfs gives error when stored crypted pw is used
I have located the bug in /usr/src/contrib/smbfs/lib/smb/subr.c
The printf(3C) calls have been added for debugging; the bug is the
addition of 13 after crypting every char which let the mask used in ^ operation
exceeding 256, i.e. more than one byte, if the string to be crypted is long
enough. The two lines added:
if (pos > 256)
pos = pos-256;
fixes this issue and the crypting/decypting works fine; see below;
I'll later file a PR and propose the patch;
matthias
char *
smb_simplecrypt(char *dst, const char *src)
{
int ch, pos;
char *dp;
printf("smb_simplecrypt(): pw: [%s]\n", src);
if (dst == NULL) {
dst = malloc(4 + 2 * strlen(src));
if (dst == NULL)
return NULL;
}
dp = dst;
*dst++ = '$';
*dst++ = '$';
*dst++ = '1';
pos = 27;
while (*src) {
ch = *src++;
printf("ch [%c] --> ", ch);
if (isascii(ch))
ch = (isupper(ch) ? ('A' + (ch - 'A' + 13) % 26) :
islower(ch) ? ('a' + (ch - 'a' + 13) % 26) : ch);
ch ^= pos;
pos += 13;
if (pos > 256)
pos = pos-256;
sprintf(dst, "%02x", ch);
printf("0x%02x next ^mask (pos): 0x%02x\n", ch, pos);
dst += 2;
}
*dst = 0;
return dp;
}
$ ./smbpw
smb_simplecrypt(): pw: [1234567890-1-1234567]
ch [1] --> 0x2a next ^mask (pos): 0x28
ch [2] --> 0x1a next ^mask (pos): 0x35
ch [3] --> 0x06 next ^mask (pos): 0x42
ch [4] --> 0x76 next ^mask (pos): 0x4f
ch [5] --> 0x7a next ^mask (pos): 0x5c
ch [6] --> 0x6a next ^mask (pos): 0x69
ch [7] --> 0x5e next ^mask (pos): 0x76
ch [8] --> 0x4e next ^mask (pos): 0x83
ch [9] --> 0xba next ^mask (pos): 0x90
ch [0] --> 0xa0 next ^mask (pos): 0x9d
ch [-] --> 0xb0 next ^mask (pos): 0xaa
ch [1] --> 0x9b next ^mask (pos): 0xb7
ch [-] --> 0x9a next ^mask (pos): 0xc4
ch [1] --> 0xf5 next ^mask (pos): 0xd1
ch [2] --> 0xe3 next ^mask (pos): 0xde
ch [3] --> 0xed next ^mask (pos): 0xeb
ch [4] --> 0xdf next ^mask (pos): 0xf8
ch [5] --> 0xcd next ^mask (pos): 0x05
ch [6] --> 0x33 next ^mask (pos): 0x12
ch [7] --> 0x25 next ^mask (pos): 0x1f
cp: [$$12a1a06767a6a5e4ebaa0b09b9af5e3eddfcd3325]
smb_simpledecrypt(): hash: [$$12a1a06767a6a5e4ebaa0b09b9af5e3eddfcd3325] gives
clear [1234567890-1-1234567]
--
Matthias Apitz, ✉ g...@unixarea.de, ⌂ http://www.unixarea.de/ ☎
+49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
8. Mai 1945: Wer nicht feiert hat den Krieg verloren.
8 de mayo de 1945: Quien no festeja perdió la Guerra.
May 8, 1945: Who does not celebrate lost the War.
signature.asc
Description: PGP signature
Re: mount_smbfs gives error when stored crypted pw is used
El día miércoles, junio 07, 2017 a las 02:35:31p. m. +0200, Matthias Apitz escribió: > I have located the bug in /usr/src/contrib/smbfs/lib/smb/subr.c > > The printf(3C) calls have been added for debugging; the bug is the > addition of 13 after crypting every char which let the mask used in ^ > operation > exceeding 256, i.e. more than one byte, if the string to be crypted is long > enough. The two lines added: > > if (pos > 256) > pos = pos-256; > > fixes this issue and the crypting/decypting works fine; see below; > > I'll later file a PR and propose the patch; The PR was already made in 2009: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=132302 has a patch attached (nearly the same solution as I have found), but was never ci'ed :-( matthias -- Matthias Apitz, ✉ g...@unixarea.de, ⌂ http://www.unixarea.de/ ☎ +49-176-38902045 Public GnuPG key: http://www.unixarea.de/key.pub 8. Mai 1945: Wer nicht feiert hat den Krieg verloren. 8 de mayo de 1945: Quien no festeja perdió la Guerra. May 8, 1945: Who does not celebrate lost the War. signature.asc Description: PGP signature
Re: mount_smbfs gives error when stored crypted pw is used
Am Wed, 7 Jun 2017 19:22:34 +0200 Matthias Apitz schrieb: > El día miércoles, junio 07, 2017 a las 02:35:31p. m. +0200, Matthias Apitz > escribió: > > > I have located the bug in /usr/src/contrib/smbfs/lib/smb/subr.c > > > > The printf(3C) calls have been added for debugging; the bug is the > > addition of 13 after crypting every char which let the mask used in ^ > > operation > > exceeding 256, i.e. more than one byte, if the string to be crypted is long > > enough. The two lines added: > > > > if (pos > 256) > > pos = pos-256; > > > > fixes this issue and the crypting/decypting works fine; see below; > > > > I'll later file a PR and propose the patch; > > The PR was already made in 2009: > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=132302 has a patch attached > (nearly > the same solution as I have found), but was never ci'ed :-( > > matthias > > Wow ... that is, simply ... not very good! :-( High quality! -- O. Hartmann Ich widerspreche der Nutzung oder Übermittlung meiner Daten für Werbezwecke oder für die Markt- oder Meinungsforschung (§ 28 Abs. 4 BDSG). pgp5KuTHm8nso.pgp Description: OpenPGP digital signature
Re: mount_smbfs gives error when stored crypted pw is used
On Wed, Jun 7, 2017, at 12:29 PM, O. Hartmann wrote: > Am Wed, 7 Jun 2017 19:22:34 +0200 > Matthias Apitz schrieb: > > > El día miércoles, junio 07, 2017 a las 02:35:31p. m. +0200, Matthias Apitz > > escribió: > > > > > I have located the bug in /usr/src/contrib/smbfs/lib/smb/subr.c > > > > > > The printf(3C) calls have been added for debugging; the bug is the > > > addition of 13 after crypting every char which let the mask used in ^ > > > operation > > > exceeding 256, i.e. more than one byte, if the string to be crypted is > > > long > > > enough. The two lines added: > > > > > > if (pos > 256) > > > pos = pos-256; > > > > > > fixes this issue and the crypting/decypting works fine; see below; > > > > > > I'll later file a PR and propose the patch; > > > > The PR was already made in 2009: > > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=132302 has a patch > > attached (nearly > > the same solution as I have found), but was never ci'ed :-( > > > > matthias > > > > > > Wow ... that is, simply ... not very good! :-( > > High quality! > > -- > O. Hartmann > > Ich widerspreche der Nutzung oder Übermittlung meiner Daten für > Werbezwecke oder für die Markt- oder Meinungsforschung (§ 28 Abs. 4 > BDSG). > Email had 1 attachment: > + Attachment2 > 1k (application/pgp-signature) I've taken the bug and am testing it now. Should have it committed by this evening. With some luck we can get it in to 11.1 -- Thanks, Josh Paetzel ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
