null session %U expansion (patch)

Luke Kenneth Casson Leighton lkcl at
Mon Nov 2 20:06:17 GMT 1998

it should be done in reply_sessetup_X: if "username" is NULL, password is
NULL  then report "Access dewnied".

On Tue, 3 Nov 1998 thwartedefforts at wrote:

> On Fri, 30 October 1998, Luke Kenneth Casson Leighton wrote:
> > therefore, if we refuse anonymous connections, then clients will
> > "revalidate" with a non-anonymous connection (usr, pass, domain)
> > immediately, and _then_ do a netwkstagetinfo call, and we will be in a
> > position to respond correctly.
> > 
> > can we add a "restrict anonymous" option to refuse all null session
> > connections, which i believe will fix this problem once and for all: we've
> > been over and over this for approximately eighteen months, it keeps coming
> > up.
> That sounds like exactly what is needed, assuming that the Windows clients will do the revalidate when the anonymous connection is denied.  I think I can whip this up (should it be done higher up in the call stack than in reply_sesssetup_and_X?).
> Andy.

<a href="mailto:lkcl at" > Luke Kenneth Casson Leighton  </a>
<a href=""> Samba and Network Development </a>
<a href=""       > Samba and Network Consultancy </a>

More information about the samba-ntdom mailing list