Passthough security fix.
Jeremy Allison
jallison at whistle.com
Tue Apr 21 02:33:58 GMT 1998
Andrew Tridgell wrote:
>
> I imagine:
>
> 1). session_setup_and_X with the bad password. (making sure random
> password != real password). If this succeeds then it is guest no
> matter what the guest bit is.
>
Well - here you need to check that the guest bit *is*
set and continue if it is - this means the NT server
is not broken.
> 2). session_setup_and_X with the good password. Look at the guest bit
> in the result as we currently do.
>
> The first check is solely to test for broken NT servers. The 2nd test
> is exactly what we do now.
>
Hmmm. ok - fair enough. I will code this up for the
head branch. It does mean that the NetWkstaUserLogon
call is redundent though. Oh well.
Do you think this is safe enough to put in 1.9.18p5 ?
(Probably going to ship within a week or so if John
gives the ok).
Cheers,
Jeremy.
--
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------
More information about the samba-technical
mailing list