Passthough security fix.
Luke Kenneth Casson Leighton
lkcl at regent.push.net
Tue Apr 21 02:03:46 GMT 1998
hi jeremy,
this reminds me of having seen an anon IPC$ connection, if rejected by the
server, be followed up with a non-anonymous, proper user/password/domain
validated IPC$ connection.
On Tue, 21 Apr 1998, Jeremy Allison wrote:
> Hi all,
>
> I was chatting with Roger Binns (author of
> VisionFS, he's out in Santa Cruz at the moment so
> we got to exchange CIFS gossip :-), and he came
> out with a wonderful solution to the NT bug that
> means NT Server doesn't set the guest bit when
> logging on a user in pass-though security.
>
> They send the sessionsetup request *twice* - once
> with the correct password, and once with a password
> of random garbage. If both are accepted then the
> user was guest, if the first was accepted and
> the second rejected then the user was non-guest.
>
> Simple, elegant and works with all broken versions
> of NT. Can anyone see any disadvanages ?
>
> Cheers,
>
> Jeremy.
>
> --
> --------------------------------------------------------
> Buying an operating system without source is like buying
> a self-assembly Space Shuttle with no instructions.
> --------------------------------------------------------
>
More information about the samba-technical
mailing list