[SCM] Samba Shared Repository - branch v4-0-test updated
- release-4-0-0alpha5-238-gb345c9c
Andrew Bartlett
abartlet at samba.org
Sat Aug 9 00:38:23 GMT 2008
On Fri, 2008-08-08 at 09:28 +0200, Stefan (metze) Metzmacher wrote:
> Andrew Bartlett schrieb:
> > The branch, v4-0-test has been updated
> > via b345c9cf535af35c83da040ac965d9690dc802fe (commit)
> > via 580cce9de38ddd9d59b272b58caadce528321d09 (commit)
> > from d0a128f35b259d4891edc68fc24aa04a6da7aab7 (commit)
> >
>
> Is it correct
> >
> > - Log -----------------------------------------------------------------
> > commit b345c9cf535af35c83da040ac965d9690dc802fe
> > Author: Andrew Bartlett <abartlet at samba.org>
> > Date: Fri Aug 8 14:05:16 2008 +1000
> >
> > Always set a session key, even for the 'no password' case.
> >
> > This is for bug 5664 reported by Tom <hto at arcor.de>.
> >
> > Andrew Bartlett
> >
> > commit 580cce9de38ddd9d59b272b58caadce528321d09
> > Author: Andrew Bartlett <abartlet at samba.org>
> > Date: Fri Aug 8 14:04:08 2008 +1000
> >
> > Clarify comment
> >
> > -----------------------------------------------------------------------
> >
> > Summary of changes:
> > source/auth/ntlm/auth_sam.c | 2 ++
> > source/auth/session.c | 4 ++--
> > 2 files changed, 4 insertions(+), 2 deletions(-)
> >
> >
> > Changeset truncated at 500 lines:
> >
> > diff --git a/source/auth/ntlm/auth_sam.c b/source/auth/ntlm/auth_sam.c
> > index 2c13cd9..1b8233b 100644
> > --- a/source/auth/ntlm/auth_sam.c
> > +++ b/source/auth/ntlm/auth_sam.c
> > @@ -156,6 +156,8 @@ static NTSTATUS authsam_password_ok(struct auth_context *auth_context,
> > if (lp_null_passwords(auth_context->lp_ctx)) {
> > DEBUG(3,("Account for user '%s' has no password and null passwords are allowed.\n",
> > user_info->mapped.account_name));
> > + *lm_sess_key = data_blob(NULL, 0);
> > + *user_sess_key = data_blob(NULL, 0);
>
> Is this correct? It should not be data_blob(NULL, 16)?
>
> (But 0 zeros and 16 zeros might be the same for the crypto...
> as the 8 byte des key is the same as a 8byte key padded with 8 zeros)
In this case, we have not checked the password - so there is no valid
session key, because we don't know what password they used.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20080809/fa5b6858/attachment.bin
More information about the samba-technical
mailing list