CVS update: samba/source/smbd

Luke Leighton lkcl at samba.anu.edu.au
Thu Jan 20 11:41:42 EST 2000


Date:	Thursday January 20, 2000 @ 11:41
Author:	lkcl

Update of /data/cvs/samba/source/smbd
In directory samba:/tmp/cvs-serv16805/smbd

Modified Files:
      Tag: SAMBA_TNG
	server.c 
Log Message:
this commit is NOT as large as it looks.  sed is a wonderful thing.

1) got fed up of calling init_policy_hnd(MAX_HANDLES), so tried to put
policy handles behind bars.  i failed, so went for an interim fix:
all policy handle functions now take the return result from
get_global_policy_hnd() as the first argument.

2) this is horrible.  i can't believe microsoft would do this.  they
cache the NETLOGON credentials.  you can tear down the SMB connection
and reopen it and still validate a user.

this is horrible for two reasons.  a) it opens up the possibility of DOS
attacks against the NETLOGON service  b) old versions of samba (2.0.x)
now have a problem, as they store the credential chain, which will
disappear if the SMB connection is torn down.

<a href="mailto:lkcl at samba.org"   > Luke Kenneth Casson Leighton    </a>
<a href="http://www.cb1.com/~lkcl"> Samba and Network Development   </a>
<a href="http://samba.org"        > Samba Web site                  </a>
<a href="http://www.iss.net"      > Internet Security Systems, Inc. </a>
<a href="http://mcp.com"          > Macmillan Technical Publishing  </a>

 ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals


More information about the samba-cvs mailing list