fix for sec=server

Jeremy Allison jra at samba.org
Wed May 16 22:46:40 GMT 2007


On Wed, May 16, 2007 at 09:51:23PM +0200, Volker Lendecke wrote:
> Hi!
> 
> What do you think? With being ROLE_STANDALONE this is
> consistent.
> 
> Volker

> Index: auth/auth.c
> ===================================================================
> --- auth/auth.c	(Revision 22952)
> +++ auth/auth.c	(Arbeitskopie)
> @@ -475,7 +475,7 @@
>  			break;
>  		case SEC_SERVER:
>  			DEBUG(5,("Making default auth method list for security=server\n"));
> -			auth_method_list = str_list_make("guest sam smbserver", NULL);
> +			auth_method_list = str_list_make("guest smbserver", NULL);
>  			break;
>  		case SEC_USER:
>  			if (lp_encrypted_passwords()) {	
> Index: auth/auth_server.c
> ===================================================================
> --- auth/auth_server.c	(Revision 22952)
> +++ auth/auth_server.c	(Arbeitskopie)
> @@ -236,11 +236,6 @@
>  	 * password file.
>  	 */
>  
> -	if(is_myname(user_info->domain)) {
> -		DEBUG(3,("check_smbserver_security: Requested domain was for this machine.\n"));
> -		return nt_status;
> -	}
> -
>  	cli = (struct cli_state *)my_private_data;
>  	
>  	if (cli) {

Actually, I've been running some tests and the only part
of this patch that we need is the auth/auth_server.c part.
The fallback actually works correctly - so we don't need to
remove the "sam" part. If the password is bad for "sam"
it'll fall back to the smbserver code.

This is the minimal patch - great work !

Jeremy.
-------------- next part --------------
Index: auth/auth_server.c
===================================================================
--- auth/auth_server.c	(revision 22955)
+++ auth/auth_server.c	(working copy)
@@ -230,17 +230,6 @@
 	NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED;
 	BOOL locally_made_cli = False;
 
-	/* 
-	 * Check that the requested domain is not our own machine name.
-	 * If it is, we should never check the PDC here, we use our own local
-	 * password file.
-	 */
-
-	if(is_myname(user_info->domain)) {
-		DEBUG(3,("check_smbserver_security: Requested domain was for this machine.\n"));
-		return nt_status;
-	}
-
 	cli = (struct cli_state *)my_private_data;
 	
 	if (cli) {


More information about the samba-technical mailing list