From owner-freebsd-current@freebsd.org Wed Jun 7 12:35:42 2017 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 684F8C27BDB for ; Wed, 7 Jun 2017 12:35:42 +0000 (UTC) (envelope-from guru@unixarea.de) Received: from ms-10.1blu.de (ms-10.1blu.de [178.254.4.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 28C6372AB0 for ; Wed, 7 Jun 2017 12:35:41 +0000 (UTC) (envelope-from guru@unixarea.de) Received: from [2.247.254.247] (helo=localhost.unixarea.de) by ms-10.1blu.de with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.86_2) (envelope-from ) id 1dIaBQ-0003Ov-HF for freebsd-current@freebsd.org; Wed, 07 Jun 2017 14:35:32 +0200 Received: from localhost.my.domain (localhost [127.0.0.1]) by localhost.unixarea.de (8.15.2/8.14.9) with ESMTPS id v57CZV20004950 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Wed, 7 Jun 2017 14:35:31 +0200 (CEST) (envelope-from guru@unixarea.de) Received: (from guru@localhost) by localhost.my.domain (8.15.2/8.14.9/Submit) id v57CZVn3004949 for freebsd-current@freebsd.org; Wed, 7 Jun 2017 14:35:31 +0200 (CEST) (envelope-from guru@unixarea.de) X-Authentication-Warning: localhost.my.domain: guru set sender to guru@unixarea.de using -f Date: Wed, 7 Jun 2017 14:35:31 +0200 From: Matthias Apitz To: freebsd-current@freebsd.org Subject: Re: mount_smbfs gives error when stored crypted pw is used Message-ID: <20170607123531.GA4867@c720-r314251> Reply-To: Matthias Apitz Mail-Followup-To: Matthias Apitz , freebsd-current@freebsd.org References: <20170606100034.GA4245@c720-r314251> <20170606123738.GA5213@c720-r314251> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="M9NhX3UHpAaciwkO" Content-Disposition: inline In-Reply-To: <20170606123738.GA5213@c720-r314251> X-Operating-System: FreeBSD 12.0-CURRENT r314251 (amd64) User-Agent: Mutt/1.8.0 (2017-02-23) X-Con-Id: 51246 X-Con-U: 0-guru X-Originating-IP: 2.247.254.247 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Jun 2017 12:35:42 -0000 --M9NhX3UHpAaciwkO Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable I have located the bug in /usr/src/contrib/smbfs/lib/smb/subr.c=20 The printf(3C) calls have been added for debugging; the bug is the addition of 13 after crypting every char which let the mask used in ^ opera= tion exceeding 256, i.e. more than one byte, if the string to be crypted is long enough. The two lines added: if (pos > 256) pos =3D pos-256; fixes this issue and the crypting/decypting works fine; see below; I'll later file a PR and propose the patch; matthias char * smb_simplecrypt(char *dst, const char *src) { int ch, pos; char *dp; printf("smb_simplecrypt(): pw: [%s]\n", src); if (dst =3D=3D NULL) { dst =3D malloc(4 + 2 * strlen(src)); if (dst =3D=3D NULL) return NULL; } dp =3D dst; *dst++ =3D '$'; *dst++ =3D '$'; *dst++ =3D '1'; pos =3D 27; while (*src) { ch =3D *src++; printf("ch [%c] --> ", ch); if (isascii(ch)) ch =3D (isupper(ch) ? ('A' + (ch - 'A' + 13) % 26) : islower(ch) ? ('a' + (ch - 'a' + 13) % 26) : ch); ch ^=3D pos; pos +=3D 13; if (pos > 256) pos =3D pos-256; sprintf(dst, "%02x", ch); printf("0x%02x next ^mask (pos): 0x%02x\n", ch, pos); dst +=3D 2; } *dst =3D 0; return dp; } $ ./smbpw smb_simplecrypt(): pw: [1234567890-1-1234567] ch [1] --> 0x2a next ^mask (pos): 0x28 ch [2] --> 0x1a next ^mask (pos): 0x35 ch [3] --> 0x06 next ^mask (pos): 0x42 ch [4] --> 0x76 next ^mask (pos): 0x4f ch [5] --> 0x7a next ^mask (pos): 0x5c ch [6] --> 0x6a next ^mask (pos): 0x69 ch [7] --> 0x5e next ^mask (pos): 0x76 ch [8] --> 0x4e next ^mask (pos): 0x83 ch [9] --> 0xba next ^mask (pos): 0x90 ch [0] --> 0xa0 next ^mask (pos): 0x9d ch [-] --> 0xb0 next ^mask (pos): 0xaa ch [1] --> 0x9b next ^mask (pos): 0xb7 ch [-] --> 0x9a next ^mask (pos): 0xc4 ch [1] --> 0xf5 next ^mask (pos): 0xd1 ch [2] --> 0xe3 next ^mask (pos): 0xde ch [3] --> 0xed next ^mask (pos): 0xeb ch [4] --> 0xdf next ^mask (pos): 0xf8 ch [5] --> 0xcd next ^mask (pos): 0x05 ch [6] --> 0x33 next ^mask (pos): 0x12 ch [7] --> 0x25 next ^mask (pos): 0x1f cp: [$$12a1a06767a6a5e4ebaa0b09b9af5e3eddfcd3325] smb_simpledecrypt(): hash: [$$12a1a06767a6a5e4ebaa0b09b9af5e3eddfcd3325] gi= ves clear [1234567890-1-1234567] --=20 Matthias Apitz, =E2=9C=89 guru@unixarea.de, =E2=8C=82 http://www.unixarea.d= e/ =E2=98=8E +49-176-38902045 Public GnuPG key: http://www.unixarea.de/key.pub 8. Mai 1945: Wer nicht feiert hat den Krieg verloren. 8 de mayo de 1945: Quien no festeja perdi=C3=B3 la Guerra. May 8, 1945: Who does not celebrate lost the War. --M9NhX3UHpAaciwkO Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEXmn7rBYYViyzy/vBR8z35Hb+nREFAlk38w0ACgkQR8z35Hb+ nRFD6xAAkIq+YFQlROewnDBY60FHeGuriuPByPsBXytwhIbUYWDcrwACe/GxmcEI +VxID5Lo9wuyQfYOeIxed+iyhnScWDgDyrV6G8bAP4ODz6SgsirPRy/HE8uIkNuo e5YHrMB5ZhVoK/3kmKI2eLK656VaXbV17CSsBWC8G57fpUJNyEigyUrCmGvFHdpq 0/GL0kNTGDV/WLM6TpQgVddCiIGMhXjxD7A3p2CbCLMBE4v87yRZU9eSMhgnBiCx O44yFLTePXt1JYBamwBKe3Z2HGb6HAnfe4S1g83CXezcgl57eA8JxH89oyusFoCZ p7orBIbs4n2+KHVbRPy2j0aFuBSRbzqYKlo/WtkkGmo6QaYWb5aL0z7yQGXlZ7tI NgRWuItcElTvg0faPeiSITjUymn66afdZqnPbH+z4LtQ7jSFR2nLkgjmtOG1cvxS EQH56PpkRHrUQVaPrMWNo+7TuTZBSf2b72n14Ps5mCCwKHqBfXrERZyVUx+PTGrS 6UVithD82jJe19x0Y40mb/6XFkKcN9JQNR97kaoBv4EudEBR6CNdfjbmrqTr9/ep fo1zAssQz7ClhuoLjD1XXLLNoxwtM8nygmz2znDNiW832WvdhTaotkBoyg5QzXBs 1YlbtttilmGbXmRtiPu1Jqh+jJGjMDsfBI8gCfn1gL5Nj/FXVK8= =SkAS -----END PGP SIGNATURE----- --M9NhX3UHpAaciwkO--