clientgen.c: Fixed null session setup bug.

password.c: Stopped cli_nt_logout call (we don't have it correct yet).
            Added Luke object-orientation fix :-).
smb.h: Added clnt_name_slash to cli_state.
lib/rpc/client/cli_login.c: Changed global_myname to clnt_name_slash where needed.
lib/rpc/client/cli_netlogon.c: Fixed debug messages, don't check creds on error.
lib/rpc/client/cli_pipe.c: Fixed debug messages, Added Luke object-orientation fix.
lib/rpc/parse/parse_misc.c: Fixed STRING2 linearization bug that was adding 1.
Jeremy.
(This used to be commit c6c22df20196cb7f0ae84b1a1dd202a87adb8d4e)

source3/include/proto.h

@@ -259,7 +259,7 @@ BOOL rpc_pipe_set_hnd_state(struct cli_state *cli, char *pipe_name, uint16 devic
 BOOL rpc_pipe_bind(struct cli_state *cli, char *pipe_name,
                    RPC_IFACE *abstract, RPC_IFACE *transfer, BOOL ntlmssp_auth);
 BOOL cli_nt_session_open(struct cli_state *cli, char *pipe_name, BOOL encrypted);
-void nt_session_close(struct cli_state *cli);
+void cli_nt_session_close(struct cli_state *cli);
 
 /*The following definitions come from  lib/rpc/parse/parse_lsa.c  */
 

source3/include/smb.h

@@ -337,6 +337,7 @@ struct cli_state {
   DOM_CRED clnt_cred;                /* Client credential. */
   fstring mach_acct;                 /* MYNAME$. */
   fstring srv_name_slash;            /* \\remote server. */
+  fstring clnt_name_slash;            /* \\local client. */
 };
 
 

source3/libsmb/clientgen.c

@@ -593,12 +593,17 @@ BOOL cli_session_setup(struct cli_state *cli,
 		return False;
 	}
 
-	if ((cli->sec_mode & 2) && passlen != 24) {
-		passlen = 24;
-		SMBencrypt((uchar *)pass,(uchar *)cli->cryptkey,(uchar *)pword);
-	} else {
-		memcpy(pword, pass, passlen);
-	}
+        if(((passlen == 0) || (passlen == 1)) && (pass[0] == '\0')) {
+          /* Null session connect. */
+          pword[0] = '\0';
+        } else {
+          if ((cli->sec_mode & 2) && passlen != 24) {
+            passlen = 24;
+            SMBencrypt((uchar *)pass,(uchar *)cli->cryptkey,(uchar *)pword);
+          } else {
+            memcpy(pword, pass, passlen);
+          }
+        }
 
 	/* if in share level security then don't send a password now */
 	if (!(cli->sec_mode & 1)) {fstrcpy(pword, "");passlen=1;} 

source3/rpc_client/cli_login.c

@@ -127,13 +127,13 @@ BOOL cli_nt_login_interactive(struct cli_state *cli, char *domain, char *usernam
 
   DEBUG(5,("cli_nt_login_network: %d\n", __LINE__));
 
-  /* indicate a "network" login */
+  /* indicate an "interactive" login */
   ctr->switch_value = INTERACTIVE_LOGON_TYPE;
 
   /* Create the structure needed for SAM logon. */
   make_id_info1(&ctr->auth.id1, domain, 0, 
                 smb_userid_low, 0,
-                username, global_myname,
+                username, cli->clnt_name_slash,
                 cli->sess_key, lm_owf_user_pwd, nt_owf_user_pwd);
 
   /* Ensure we overwrite all the plaintext password
@@ -169,7 +169,7 @@ BOOL cli_nt_login_network(struct cli_state *cli, char *domain, char *username,
   /* Create the structure needed for SAM logon. */
   make_id_info2(&ctr->auth.id2, domain, 0, 
                 smb_userid_low, 0,
-                username, global_myname,
+                username, cli->clnt_name_slash,
                 lm_chal, lm_chal_resp, nt_chal_resp);
 
   /* Send client sam-logon request - update credentials on success. */

source3/rpc_client/cli_netlogon.c

@@ -50,6 +50,7 @@ static void gen_next_creds( struct cli_state *cli, DOM_CRED *new_clnt_cred)
   /* Calculate the new credentials. */
   cred_create(cli->sess_key, &(cli->clnt_cred.challenge),
               new_clnt_cred->timestamp, &(new_clnt_cred->challenge));
+
 }
 
 /****************************************************************************
@@ -285,13 +286,13 @@ BOOL cli_net_srv_pwset(struct cli_state *cli, uint8 hashed_mach_pwd[16])
     if (ok && r_s.status != 0)
     {
       /* report error code */
-      DEBUG(0,("NET_R_SRV_PWSET: %s\n", get_nt_error_msg(r_s.status)));
+      DEBUG(0,("cli_net_srv_pwset: %s\n", get_nt_error_msg(r_s.status)));
       cli->nt_error = r_s.status;
       ok = False;
     }
 
     /* Update the credentials. */
-    if (clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred), &(r_s.srv_cred)) == 0)
+    if (ok && !clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred), &(r_s.srv_cred)))
     {
       /*
        * Server replied with bad credential. Fail.
@@ -316,6 +317,7 @@ BOOL cli_net_sam_logon(struct cli_state *cli, NET_ID_INFO_CTR *ctr,
                        NET_USER_INFO_3 *user_info3)
 {
   DOM_CRED new_clnt_cred;
+  DOM_CRED dummy_rtn_creds;
   prs_struct rbuf;
   prs_struct buf; 
   uint16 validation_level = 3;
@@ -334,9 +336,11 @@ BOOL cli_net_sam_logon(struct cli_state *cli, NET_ID_INFO_CTR *ctr,
              credstr(new_clnt_cred.challenge.data), cli->clnt_cred.timestamp.time,
              ctr->switch_value));
 
+  memset(&dummy_rtn_creds, '\0', sizeof(dummy_rtn_creds));
+
   /* store the parameters */
   make_sam_info(&(q_s.sam_id), cli->srv_name_slash, global_myname,
-         &new_clnt_cred, NULL, ctr->switch_value, ctr, validation_level);
+         &new_clnt_cred, &dummy_rtn_creds, ctr->switch_value, ctr, validation_level);
 
   /* turn parameters into data stream */
   net_io_q_sam_logon("", &q_s,  &buf, 0);
@@ -360,7 +364,7 @@ BOOL cli_net_sam_logon(struct cli_state *cli, NET_ID_INFO_CTR *ctr,
     }
 
     /* Update the credentials. */
-    if (clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred), &(r_s.srv_creds)) == 0)
+    if (ok && !clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred), &(r_s.srv_creds)))
     {
       /*
        * Server replied with bad credential. Fail.
@@ -387,11 +391,18 @@ password ?).\n", cli->desthost ));
 
 /***************************************************************************
 LSA SAM Logoff.
+
+This currently doesnt work correctly as the domain controller 
+returns NT_STATUS_INVALID_INFO_CLASS - we obviously need to
+send a different info level. Right now though, I'm not sure
+what that needs to be (I need to see one on the wire before
+I can be sure). JRA.
 ****************************************************************************/
 
 BOOL cli_net_sam_logoff(struct cli_state *cli, NET_ID_INFO_CTR *ctr)
 {
   DOM_CRED new_clnt_cred;
+  DOM_CRED dummy_rtn_creds;
   prs_struct rbuf;
   prs_struct buf; 
   NET_Q_SAM_LOGOFF q_s;
@@ -410,9 +421,11 @@ BOOL cli_net_sam_logoff(struct cli_state *cli, NET_ID_INFO_CTR *ctr)
             credstr(new_clnt_cred.challenge.data), new_clnt_cred.timestamp.time,
             ctr->switch_value));
 
+  memset(&dummy_rtn_creds, '\0', sizeof(dummy_rtn_creds));
+
   /* store the parameters */
   make_sam_info(&(q_s.sam_id), cli->srv_name_slash, global_myname,
-                &new_clnt_cred, NULL, ctr->switch_value, ctr, validation_level);
+                &new_clnt_cred, &dummy_rtn_creds, ctr->switch_value, ctr, validation_level);
 
   /* turn parameters into data stream */
   net_io_q_sam_logoff("", &q_s,  &buf, 0);
@@ -434,7 +447,7 @@ BOOL cli_net_sam_logoff(struct cli_state *cli, NET_ID_INFO_CTR *ctr)
     }
 
     /* Update the credentials. */
-    if (clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred), &(r_s.srv_creds)) == 0)
+    if (ok && !clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred), &(r_s.srv_creds)))
     {
       /*
        * Server replied with bad credential. Fail.

source3/rpc_client/cli_pipe.c

@@ -124,7 +124,7 @@ static BOOL rpc_check_hdr(prs_struct *rdata, uint8 *pkt_type,
 
   if (!rdata->offset || rdata->offset != 0x10)
   {
-    DEBUG(5,("cli_pipe: error in rpc header\n"));
+    DEBUG(0,("cli_pipe: error in rpc header\n"));
     return False;
   }
 
@@ -199,7 +199,7 @@ BOOL rpc_api_pipe(struct cli_state *cli, uint16 cmd,
                     pp_ret_params, p_ret_params_len, /* return params, len */
                     pp_ret_data, p_ret_data_len))    /* return data, len */
   {
-    DEBUG(5, ("cli_pipe: return critical error\n"));
+    DEBUG(0, ("cli_pipe: return critical error. Error was %s\n", cli_errstr(cli)));
     return False;
   }
 
@@ -273,7 +273,7 @@ BOOL rpc_api_pipe(struct cli_state *cli, uint16 cmd,
 
     if (first)
     {
-      DEBUG(4,("rpc_api_pipe: wierd rpc header received\n"));
+      DEBUG(0,("rpc_api_pipe: wierd rpc header received\n"));
       return False;
     }
 
@@ -558,7 +558,7 @@ static BOOL check_bind_response(RPC_HDR_BA *hdr_ba, char *pipe_name, RPC_IFACE *
        (memcmp(hdr_ba->transfer.data, transfer->data,
                sizeof(transfer->version)) ==0)))
   {
-    DEBUG(2,("bind_rpc_pipe: transfer syntax differs\n"));
+    DEBUG(0,("bind_rpc_pipe: transfer syntax differs\n"));
     return False;
   }
 	
@@ -647,8 +647,8 @@ BOOL cli_nt_session_open(struct cli_state *cli, char *pipe_name, BOOL encrypted)
   /******************* open the pipe *****************/
   if ((fnum = cli_open(cli, pipe_name, O_CREAT|O_RDWR, DENY_NONE)) == -1)
   {
-    DEBUG(1,("do_session_open: cli_open failed on pipe %s to machine %s. \
-Error was %s.\n", pipe_name, cli->desthost, cli_errstr(cli)));
+    DEBUG(0,("cli_nt_session_open: cli_open failed on pipe %s to machine %s. \
+Error was %s\n", pipe_name, cli->desthost, cli_errstr(cli)));
     return False;
   }
 
@@ -657,14 +657,17 @@ Error was %s.\n", pipe_name, cli->desthost, cli_errstr(cli)));
   /**************** Set Named Pipe State ***************/
   if (!rpc_pipe_set_hnd_state(cli, pipe_name, 0x4300))
   {
-    DEBUG(1,("do_session_open: pipe hnd state failed.\n"));
+    DEBUG(0,("cli_nt_session_open: pipe hnd state failed. Error was %s\n",
+             cli_errstr(cli)));
+    cli_close(cli, cli->nt_pipe_fnum);
     return False;
   }
 
   /******************* bind request on pipe *****************/
   if (!rpc_pipe_bind(cli, pipe_name, &abstract, &transfer, encrypted))
   {
-    DEBUG(1,("do_session_open: rpc bind failed.\n"));
+    DEBUG(0,("cli_nt_session_open: rpc bind failed. Error was %s\n", cli_errstr(cli)));
+    cli_close(cli, cli->nt_pipe_fnum);
     return False;
   }
 
@@ -675,6 +678,9 @@ Error was %s.\n", pipe_name, cli->desthost, cli_errstr(cli)));
   sprintf(cli->srv_name_slash, "\\\\%s", cli->desthost);
   strupper(cli->srv_name_slash);
 
+  sprintf(cli->clnt_name_slash, "\\\\%s", global_myname);
+  strupper(cli->clnt_name_slash);
+
   sprintf(cli->mach_acct, "%s$", global_myname);
   strupper(cli->mach_acct);
 
@@ -685,7 +691,7 @@ Error was %s.\n", pipe_name, cli->desthost, cli_errstr(cli)));
 close the session
 ****************************************************************************/
 
-void nt_session_close(struct cli_state *cli)
+void cli_nt_session_close(struct cli_state *cli)
 {
   cli_close(cli, cli->nt_pipe_fnum);
 }

source3/rpc_parse/parse_misc.c

@@ -424,10 +424,10 @@ creates a STRING2 structure.
 ********************************************************************/
 void make_string2(STRING2 *str, char *buf, int len)
 {
-	/* set up string lengths. add one if string is not null-terminated */
-	str->str_max_len = len+1;
+	/* set up string lengths. */
+	str->str_max_len = len;
 	str->undoc       = 0;
-	str->str_str_len = len+1;
+	str->str_str_len = len;
 
 	/* store the string */
 	memcpy(str->buffer, buf, len);

source3/smbd/password.c

@@ -2069,7 +2069,7 @@ Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
   if(cli_nt_session_open(&cli, PIPE_NETLOGON, False) == False) {
     DEBUG(0,("domain_client_validate: unable to open the domain client session to \
 machine %s. Error was : %s.\n", remote_machine, cli_errstr(&cli)));
-    cli_close(&cli, cli.nt_pipe_fnum);
+    cli_nt_session_close(&cli);
     cli_ulogoff(&cli);
     cli_shutdown(&cli);
     return False; 
@@ -2078,7 +2078,7 @@ machine %s. Error was : %s.\n", remote_machine, cli_errstr(&cli)));
   if(cli_nt_setup_creds(&cli, machine_passwd) == False) {
     DEBUG(0,("domain_client_validate: unable to setup the PDC credentials to machine \
 %s. Error was : %s.\n", remote_machine, cli_errstr(&cli)));
-    cli_close(&cli, cli.nt_pipe_fnum);
+    cli_nt_session_close(&cli);
     cli_ulogoff(&cli);
     cli_shutdown(&cli);
     return False;
@@ -2091,7 +2091,7 @@ machine %s. Error was : %s.\n", remote_machine, cli_errstr(&cli)));
                           smb_apasswd, smb_ntpasswd, &ctr, &info3) == False) {
     DEBUG(0,("domain_client_validate: unable to validate password for user %s in domain \
 %s to Domain controller %s. Error was %s.\n", user, domain, remote_machine, cli_errstr(&cli)));
-    cli_close(&cli, cli.nt_pipe_fnum);
+    cli_nt_session_close(&cli);
     cli_ulogoff(&cli);
     cli_shutdown(&cli);
     return False;
@@ -2101,16 +2101,24 @@ machine %s. Error was : %s.\n", remote_machine, cli_errstr(&cli)));
    * Here, if we really want it, we have lots of info about the user in info3.
    */
 
+#if 0
+  /* 
+   * We don't actually need to do this - plus it fails currently with
+   * NT_STATUS_INVALID_INFO_CLASS - we need to know *exactly* what to
+   * send here. JRA.
+   */
+
   if(cli_nt_logoff(&cli, &ctr) == False) {
     DEBUG(0,("domain_client_validate: unable to log off user %s in domain \
 %s to Domain controller %s. Error was %s.\n", user, domain, remote_machine, cli_errstr(&cli)));        
-    cli_close(&cli, cli.nt_pipe_fnum);
+    cli_nt_session_close(&cli);
     cli_ulogoff(&cli);
     cli_shutdown(&cli);
     return False;
   }
+#endif /* 0 */
 
-  cli_close(&cli, cli.nt_pipe_fnum);
+  cli_nt_session_close(&cli);
   cli_ulogoff(&cli);
   cli_shutdown(&cli);
   return True;