null session %U expansion (patch)
Luke Kenneth Casson Leighton
lkcl at switchboard.net
Mon Nov 2 20:06:17 GMT 1998
it should be done in reply_sessetup_X: if "username" is NULL, password is
NULL then report "Access dewnied".
On Tue, 3 Nov 1998 thwartedefforts at wonky.org wrote:
> On Fri, 30 October 1998, Luke Kenneth Casson Leighton wrote:
> > therefore, if we refuse anonymous connections, then clients will
> > "revalidate" with a non-anonymous connection (usr, pass, domain)
> > immediately, and _then_ do a netwkstagetinfo call, and we will be in a
> > position to respond correctly.
> >
> > can we add a "restrict anonymous" option to refuse all null session
> > connections, which i believe will fix this problem once and for all: we've
> > been over and over this for approximately eighteen months, it keeps coming
> > up.
>
> That sounds like exactly what is needed, assuming that the Windows clients will do the revalidate when the anonymous connection is denied. I think I can whip this up (should it be done higher up in the call stack than in reply_sesssetup_and_X?).
>
> Andy.
>
>
>
<a href="mailto:lkcl at samba.anu.edu.au" > Luke Kenneth Casson Leighton </a>
<a href="http://mailhost.cb1.com/~lkcl"> Samba and Network Development </a>
<a href="http://www.samba.co.uk" > Samba and Network Consultancy </a>
More information about the samba-ntdom
mailing list