[Samba] NT_STATUS_WRONG_PASSWORD with multiple concurrent connects from same IP Address.

Jeremy Allison jra at samba.org
Wed Apr 13 00:20:16 GMT 2005

On Wed, Apr 13, 2005 at 10:18:19AM +1000, Andrew Bartlett wrote:
> We should not need that - the NTLMSSP and SPNEGO code does not use piles
> of static variables, it's just the one context that is the problem.
> All you need to do is change 'global_ntlmssp_state' into something keyed
> off that VUID.  See it's use in reply_spnego_negotiate() and
> reply_spnego_auth().  

Ok, thanks for the hints.

> Just make sure you don't treat this new vuid as 'real' - I added a
> 'finished_sesssetup' flag on the VUID in Samba4, and use two different
> lookup functions, one for the rest of samba, and one for just the
> session setup.  

Don't worry, I *write* the original VUID code in Samba :-). I do
know how it's used :-) :-).

> The next issue I need to tackle in Samba4 is that of resource
> consumption - too many half-completed NTLMSSP logins.  But as we allow
> guest logins anyway, it's not much worse than can already be done.

Yeah, I was thinking about DOS attacks there, but the worst that can
happen in 65534 half-open connections. Not too bad.


More information about the samba-technical mailing list