FIX: NT sending null username effects %U expansion
Jeremy Allison
jallison at cthulhu.engr.sgi.com
Wed Oct 28 17:06:01 GMT 1998
thwartedefforts at wonky.org wrote:
>
>
> I understand that. But this doesn't explain the explict copy of user to
> sesssetup_user because that second if will _always_ succeed. I propose the
> following patch to that second if in smbd/reply.c (against cvs 981026):
>
.... patch cut...
> This change will make sesssetup_user be the same as user _only_ if samba is
> not implictly forcing guest access when the client passes a null
> username/password. I've tested this and am unable to reproduce the effect I
> originally described. This also makes non-null sessions override each other
> thereby changing what %U expands to and reading a different configuration file
> if a different username is used -- I believe this is wanted effect.
>
I wrote the original code to do that test - and I missed the
fact that the second test will always be true.
I think your patch is nearly correct - the actual intent
of the original code is :
if((lp_security() != SEC_SHARE) || (*user && !guest))
pstrcpy(sesssetup_user,user);
[You had :
if(((lp_security() != SEC_SHARE) || *user) && !guest)
pstrcpy(sesssetup_user,user);
]
The intent was only to change sesssetup_user in share level
security when a valid username was given.
In user level security sesssetup_user should *always* be
changed to match the incoming user (even if it's a null
session).
Cheers,
Jeremy.
--
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------
More information about the samba-ntdom
mailing list