svn commit: samba r11401 - in
branches/SAMBA_4_0/source/auth/credentials: .
Andrew Bartlett
abartlet at samba.org
Mon Oct 31 10:18:12 GMT 2005
On Mon, 2005-10-31 at 11:05 +0100, Stefan Metzmacher wrote:
> On Mon, Oct 31, 2005 at 12:23:39AM +0000, abartlet at samba.org wrote:
> > cli_credentials_get_ntlm_username_domain(cred, mem_ctx, &user, &domain);
> >
> > + /* If we are sending a username at realm login (see function
> > + * above), then we will not send LM, it will not be
> > + * accepted */
> > + if (cred->principal_obtained > cred->username_obtained) {
> > + *flags = *flags & ~CLI_CRED_LANMAN_AUTH;
> > + }
> > +
> > + /* Likewise if we are a machine account (avoid protocol downgrade attacks) */
> > + if (cred->principal_obtained > cred->username_obtained) {
>
> should this be if (cred->machine_account) ?
>
> > + *flags = *flags & ~CLI_CRED_LANMAN_AUTH;
> > + }
> > +
Well spotted,
Thanks,
--
Andrew Bartlett http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc. http://suse.de
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20051031/65ae30b7/attachment.bin
More information about the samba-technical
mailing list