Re: [Samba] Clear text authentication impossible???

2003-10-28 Thread Jeremy Allison 
On Sun, Oct 26, 2003 at 02:20:36PM +1100, Andrew Bartlett wrote:
 
 It looks reasonable to me.  Was there anything particularly wrong with
 'static char zeros[8]'?   (As I've used that elsewhere, and you have now
 got me worried...)

No, I just wanted to remove static's as they are kept permanently
during the program run rather than on the stack or heap.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Clear text authentication impossible???

2003-10-25 Thread Andrew Bartlett 
On Fri, 2003-10-24 at 11:19, Jeremy Allison wrote:
 On Thu, Oct 23, 2003 at 08:51:09AM +1000, Andrew Bartlett wrote:
  On Thu, 2003-10-23 at 05:16, Jeremy Allison wrote:
   On Wed, Oct 22, 2003 at 03:27:31PM +0200, Beschorner Daniel wrote:
We have an Exchange 5.5 server in our Samba 3 domain und want to have POP3
access with clear text authentication from clients.
But no kind of credentials is accepted.

It did a level 10 log on the Samba server and found my clear text password
in the log (in nt_chal_resp and lm_chal_resp fields) during authentication.

Is it possible that Samba can't handle the clear-text pass-through from
POP3-Client per Exchange server and takes it for NTLMv2 challenge
   
   Can you post the debug level 10 log please (obfuscate all passwords of course 
   :-).
  
  I picked this one up at the end of last week.   I never got it into CVS,
  because I didn't have the setup to test it.  (And I wanted to clean it
  up a bit, we should also handle the 'interactive' login in a similar
  way, and possibly 'ascii' passwords against the LM hash).
  
  Thanks to Fabien Chevalier for providing the information that made
  fixing this so easy.
 
 I've committed a varient of this. Andrew can you please check for
 correctness ?

It looks reasonable to me.  Was there anything particularly wrong with
'static char zeros[8]'?   (As I've used that elsewhere, and you have now
got me worried...)

What I proposed was only an early patch, and I intend to clean this up a
bit more, cope with ASCII only passwords, and add a direct deny on the
password fail.  But that can wait, and it's good to see this in and
fixed.

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team  [EMAIL PROTECTED]
Student Network Administrator, Hawker College   [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Clear text authentication impossible???

2003-10-23 Thread Jeremy Allison 
On Thu, Oct 23, 2003 at 08:51:09AM +1000, Andrew Bartlett wrote:
 On Thu, 2003-10-23 at 05:16, Jeremy Allison wrote:
  On Wed, Oct 22, 2003 at 03:27:31PM +0200, Beschorner Daniel wrote:
   We have an Exchange 5.5 server in our Samba 3 domain und want to have POP3
   access with clear text authentication from clients.
   But no kind of credentials is accepted.
   
   It did a level 10 log on the Samba server and found my clear text password
   in the log (in nt_chal_resp and lm_chal_resp fields) during authentication.
   
   Is it possible that Samba can't handle the clear-text pass-through from
   POP3-Client per Exchange server and takes it for NTLMv2 challenge
  
  Can you post the debug level 10 log please (obfuscate all passwords of course :-).
 
 I picked this one up at the end of last week.   I never got it into CVS,
 because I didn't have the setup to test it.  (And I wanted to clean it
 up a bit, we should also handle the 'interactive' login in a similar
 way, and possibly 'ascii' passwords against the LM hash).
 
 Thanks to Fabien Chevalier for providing the information that made
 fixing this so easy.

I've committed a varient of this. Andrew can you please check for
correctness ?

Thanks,

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Clear text authentication impossible???

2003-10-22 Thread Jeremy Allison 
On Wed, Oct 22, 2003 at 03:27:31PM +0200, Beschorner Daniel wrote:
 We have an Exchange 5.5 server in our Samba 3 domain und want to have POP3
 access with clear text authentication from clients.
 But no kind of credentials is accepted.
 
 It did a level 10 log on the Samba server and found my clear text password
 in the log (in nt_chal_resp and lm_chal_resp fields) during authentication.
 
 Is it possible that Samba can't handle the clear-text pass-through from
 POP3-Client per Exchange server and takes it for NTLMv2 challenge

Can you post the debug level 10 log please (obfuscate all passwords of course :-).

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Clear text authentication impossible???

2003-10-22 Thread Andrew Bartlett 
On Thu, 2003-10-23 at 05:16, Jeremy Allison wrote:
 On Wed, Oct 22, 2003 at 03:27:31PM +0200, Beschorner Daniel wrote:
  We have an Exchange 5.5 server in our Samba 3 domain und want to have POP3
  access with clear text authentication from clients.
  But no kind of credentials is accepted.
  
  It did a level 10 log on the Samba server and found my clear text password
  in the log (in nt_chal_resp and lm_chal_resp fields) during authentication.
  
  Is it possible that Samba can't handle the clear-text pass-through from
  POP3-Client per Exchange server and takes it for NTLMv2 challenge
 
 Can you post the debug level 10 log please (obfuscate all passwords of course :-).

I picked this one up at the end of last week.   I never got it into CVS,
because I didn't have the setup to test it.  (And I wanted to clean it
up a bit, we should also handle the 'interactive' login in a similar
way, and possibly 'ascii' passwords against the LM hash).

Thanks to Fabien Chevalier for providing the information that made
fixing this so easy.

Andrew Bartlett

-- 
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team  [EMAIL PROTECTED]
Student Network Administrator, Hawker College   [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Clear text authentication impossible???

2003-10-22 Thread Beschorner Daniel 
Ok, here it comes. Samba PDC is called server, Exchange got the fantastic
name exchange, domain is i-bn.
I changed the password to p.a.s.s.w.o.r.d and PASSWORD at both
occurrences, originally it was lower case, too.

Daniel


-Ursprüngliche Nachricht-
Von: Jeremy Allison [mailto:[EMAIL PROTECTED]
Gesendet: Mittwoch, 22. Oktober 2003 21:16
An: Beschorner Daniel
Cc: '[EMAIL PROTECTED]'
Betreff: Re: [Samba] Clear text authentication impossible???


On Wed, Oct 22, 2003 at 03:27:31PM +0200, Beschorner Daniel wrote:
 We have an Exchange 5.5 server in our Samba 3 domain und want to have POP3
 access with clear text authentication from clients.
 But no kind of credentials is accepted.
 
 It did a level 10 log on the Samba server and found my clear text password
 in the log (in nt_chal_resp and lm_chal_resp fields) during
authentication.
 
 Is it possible that Samba can't handle the clear-text pass-through from
 POP3-Client per Exchange server and takes it for NTLMv2 challenge

Can you post the debug level 10 log please (obfuscate all passwords of
course :-).

Jeremy.

[2003/10/22 14:55:29, 5] lib/debug.c:debug_dump_status(359)
  INFO: Current debug levels:
all: True/10
tdb: False/0
printdrivers: False/0
lanman: False/0
smb: False/0
rpc_parse: False/0
rpc_srv: False/0
rpc_cli: False/0
passdb: False/0
sam: False/0
auth: False/0
winbind: False/0
vfs: False/0
idmap: False/0
[2003/10/22 14:55:41, 10] lib/util_sock.c:read_smb_length_return_keepalive(463)
  got smb length of 400
[2003/10/22 14:55:41, 6] smbd/process.c:process_smb(889)
  got message type 0x0 of len 0x190
[2003/10/22 14:55:41, 3] smbd/process.c:process_smb(890)
  Transaction 78 of length 404
[2003/10/22 14:55:41, 5] lib/util.c:show_msg(456)
[2003/10/22 14:55:41, 5] lib/util.c:show_msg(466)
  size=400
  smb_com=0x2f
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=24
  smb_flg2=51207
  smb_tid=1
  smb_pid=65279
  smb_uid=100
  smb_mid=4992
  smt_wct=14
  smb_vwv[ 0]=  255 (0xFF)
  smb_vwv[ 1]=57054 (0xDEDE)
  smb_vwv[ 2]=29711 (0x740F)
  smb_vwv[ 3]=0 (0x0)
  smb_vwv[ 4]=0 (0x0)
  smb_vwv[ 5]=65535 (0x)
  smb_vwv[ 6]=65535 (0x)
  smb_vwv[ 7]=8 (0x8)
  smb_vwv[ 8]=  336 (0x150)
  smb_vwv[ 9]=0 (0x0)
  smb_vwv[10]=  336 (0x150)
  smb_vwv[11]=   64 (0x40)
  smb_vwv[12]=0 (0x0)
  smb_vwv[13]=0 (0x0)
  smb_bcc=337
[2003/10/22 14:55:41, 10] lib/util.c:dump_data(1825)
  [000] EE 05 00 00 03 10 00 00  00 50 01 20 00 05 00 00  Œ... .P. 
  [010] 00 0E 01 00 00 00 00 02  00 92 0D 4E EE C7 0D 98   ...NŒ€..
  [020] 8A 34 38 32 F5 C7 17 DC  82 B5 58 F0 72 A1 C2 4D  .482õ€.š .æXðr­ÂM
  [030] 09 51 64 72 38 80 38 43  44 2A 1C 63 19 5F 2F 96  .Qdr8.8C D*.c._/.
  [040] C3 62 11 84 4A C2 94 E7  42 E1 DF B7 F1 B1 1F 7F  Ãb..JÂ.‡ B áú¤ñ..
  [050] 08 ED DE C2 A3 8B AF 25  9C E6 C4 45 9D 30 88 8D  .¡Þœ.»% .‘ŽE.0..
  [060] 6D 7D 0C 57 09 90 1B 12  45 73 6A F1 09 DF 74 4D  m}.W Esj¤.átM
  [070] 54 8E 61 A1 77 48 A9 25  23 DA 47 C5 9A E9 41 CC  T.a­wH©% #ÚG.‚AÌ
  [080] AE 86 D6 A4 2B 8C 5A 88  AD 38 1F D0 EA C7 36 3E  ½.™±+.Z. í8.Ј€6
  [090] AB 23 09 0F 54 96 68 5A  FC 58 52 FC AB 55 0D 9D  ®#..T.hZ XR®U..
  [0A0] 02 EC B8 FC 1A B3 0D AB  97 14 48 00 8C 59 49 E6  .¸.³.® ..H..YI‘
  [0B0] 1C E3 99 43 89 1D 2E DB  A0 46 FA 11 6B 82 C4 3F  .ã.C...Û ÿF£.k.Ž?
  [0C0] E0 03 DA E7 04 35 DE 31  A0 FB 1A DA 14 BE 48 D3  ….ڇ.5Þ1 ÿ–.Ú.¾HÓ
  [0D0] 74 E3 AF 92 BB F9 24 0A  D3 47 D4 B6 7F BB D6 BE  tã».¯—$. ÓGÔ.¯™¾
  [0E0] 20 D8 A0 BA 7F 86 E2 2C  1A 8B 0A 19 86 A7 E0 98   Øÿ§..ƒ, .….
  [0F0] B4 C8 25 06 AE 61 B3 3C  C2 26 BB 17 FD EA D8 73  ´È%.½a³ ¯.²ˆØs
  [100] CD B6 F7 9A B1 64 7C CF  CA 00 07 25 05 72 69 C2  Íö.ñd|Ï Ê..%.riÂ
  [110] 06 CF 8D C4 78 88 E8 8C  4C C6 0D 5B 0A 54 49 3A  .Ï.Žx.Š. L’.[.TI:
  [120] F9 A6 4E 96 81 5C 27 60  2F 44 06 02 00 20 74 09  —¼N..\'` /D... t.
  [130] 00 77 00 7A 00 FF FF 00  00 7F 2D FB 2C A7 0F 4B  .w.z.˜˜. ..-–,.K
  [140] BE 1C A8 2B 05 F1 20 D7  B5 9F 17 31 1E 97 0D 3C  ¾.¿+.¤ × æ..1...
  [150] EC 
[2003/10/22 14:55:41, 3] smbd/process.c:switch_message(685)
  switch message SMBwriteX (pid 16801)
[2003/10/22 14:55:41, 4] smbd/uid.c:change_to_user(122)
  change_to_user: Skipping user change - already user
[2003/10/22 14:55:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151)
  search for pipe pnum=740f
[2003/10/22 14:55:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155)
  pipe name NETLOGON pnum=740f (pipes_open=2)
[2003/10/22 14:55:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155)
  pipe name NETLOGON pnum=740d (pipes_open=2)
[2003/10/22 14:55:41, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852)
  write_to_pipe: 740f name: NETLOGON open: Yes len: 336
[2003/10/22 14:55:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874)
  write_to_pipe: data_left = 336
[2003/10/22 14:55:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778)
  process_incoming_data: Start

RE: [Samba] Clear text authentication impossible???

2003-10-22 Thread Beschorner Daniel 
So I'm only the 2nd winner with this bug :-)

Thank you, it works! (got to move the definition of pwhash[16] one line
higher in the patch to compile)

Daniel

-Ursprüngliche Nachricht-
Von: Andrew Bartlett [mailto:[EMAIL PROTECTED]
Gesendet: Donnerstag, 23. Oktober 2003 00:51
An: Jeremy Allison
Cc: Beschorner Daniel; '[EMAIL PROTECTED]'
Betreff: Re: [Samba] Clear text authentication impossible???


On Thu, 2003-10-23 at 05:16, Jeremy Allison wrote:
 On Wed, Oct 22, 2003 at 03:27:31PM +0200, Beschorner Daniel wrote:
  We have an Exchange 5.5 server in our Samba 3 domain und want to have
POP3
  access with clear text authentication from clients.
  But no kind of credentials is accepted.
  
  It did a level 10 log on the Samba server and found my clear text
password
  in the log (in nt_chal_resp and lm_chal_resp fields) during
authentication.
  
  Is it possible that Samba can't handle the clear-text pass-through from
  POP3-Client per Exchange server and takes it for NTLMv2 challenge
 
 Can you post the debug level 10 log please (obfuscate all passwords of
course :-).

I picked this one up at the end of last week.   I never got it into CVS,
because I didn't have the setup to test it.  (And I wanted to clean it
up a bit, we should also handle the 'interactive' login in a similar
way, and possibly 'ascii' passwords against the LM hash).

Thanks to Fabien Chevalier for providing the information that made
fixing this so easy.

Andrew Bartlett

-- 
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team  [EMAIL PROTECTED]
Student Network Administrator, Hawker College   [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba