security review of authorise_login() requested (or an explanation
Luke Kenneth Casson Leighton
lkcl at samba.org
Tue Feb 8 07:38:43 GMT 2000
On Mon, 7 Feb 100 jeremy at varesearch.com wrote:
> >
> > hi, why is authorise_login() doing a check for a previously registered
> > guest username, and then if this succeeds, setting the guest status to
> > True without reinitialising any other info?
> >
> > i mean, is it _ok_ to reuse user_structs like this?
>
> No, usually it isn't although being remote right now
> I can't take a look at what you're referring to.
oo.
> That's why I don't think you should be rewriting this
> code :-).
no, i agree with you, i shouldn't. i'm really naary about it all, doing
as little as i can to solve some of the more major problems i come across.
e.g if i have no user session key, i'm forced to add NET_USER_INFO_3 to
the damn user_struct, to cache the user login response from the PDC!
More information about the samba-technical
mailing list