TNG: making %U work again for logon path et. al.
Luke Kenneth Casson Leighton
lkcl at samba.org
Tue Feb 22 02:46:07 GMT 2000
On 21 Feb 2000, Patrick J. LoPresti wrote:
> Luke Kenneth Casson Leighton <lkcl at samba.org> writes:
>
> > patrick, i added your patch in already.
>
> Look again. This is a different patch.
oo. then can you do a cvs update, _then_ do a diff?
>
> > and the correct fix is to make get_sec_ctx() read the right
> > vuser_key so that standard_sub_vuser() can "grab" the right info.
> >
> > which means a bit of a catch-22 situation, as it's confusing to
> > create the right info at the right point.
>
> Right, we kind of want this information before the user has
> authenticated...
urr, the problem is that the \PIPE\NETLOGON conncetion is done
anonymously.
therefore , the standard_subxxx() substitutions will substitute
anonymous-user for %U etc.
i described this in great detail on samba tech, last month. see archives
for details.
> > for preference, the %U etc should be substituted in srv_netlogon.c
> > in the netr_sam_logon function, but THAT means we need a Unicode
> > version of standard_sub_vuser() and standard_sub_basic()!!!
>
> Yuck. Couldn't the Unicode conversion be the final step? So the
> sequence would be 1) authenticate, 2) perform substitutions, 3)
> convert to Unicode...
nope. 1) there isn't any "authentication", not in the SMB-sense of the
word. _this_ is the authentication that SMB-session-authentication
*uses*!
2) the NETLOGON API is unicode (because NT is unicode). therefore it's
not OK to convert to ascii, perform substs, then convert to unicode,
either.
More information about the samba-technical
mailing list