[SCM] Samba Shared Repository - branch v4-0-test updated
- release-4-0-0alpha5-238-gb345c9c
Stefan (metze) Metzmacher
metze at samba.org
Fri Aug 8 07:28:33 GMT 2008
Andrew Bartlett schrieb:
> The branch, v4-0-test has been updated
> via b345c9cf535af35c83da040ac965d9690dc802fe (commit)
> via 580cce9de38ddd9d59b272b58caadce528321d09 (commit)
> from d0a128f35b259d4891edc68fc24aa04a6da7aab7 (commit)
>
Is it correct
>
> - Log -----------------------------------------------------------------
> commit b345c9cf535af35c83da040ac965d9690dc802fe
> Author: Andrew Bartlett <abartlet at samba.org>
> Date: Fri Aug 8 14:05:16 2008 +1000
>
> Always set a session key, even for the 'no password' case.
>
> This is for bug 5664 reported by Tom <hto at arcor.de>.
>
> Andrew Bartlett
>
> commit 580cce9de38ddd9d59b272b58caadce528321d09
> Author: Andrew Bartlett <abartlet at samba.org>
> Date: Fri Aug 8 14:04:08 2008 +1000
>
> Clarify comment
>
> -----------------------------------------------------------------------
>
> Summary of changes:
> source/auth/ntlm/auth_sam.c | 2 ++
> source/auth/session.c | 4 ++--
> 2 files changed, 4 insertions(+), 2 deletions(-)
>
>
> Changeset truncated at 500 lines:
>
> diff --git a/source/auth/ntlm/auth_sam.c b/source/auth/ntlm/auth_sam.c
> index 2c13cd9..1b8233b 100644
> --- a/source/auth/ntlm/auth_sam.c
> +++ b/source/auth/ntlm/auth_sam.c
> @@ -156,6 +156,8 @@ static NTSTATUS authsam_password_ok(struct auth_context *auth_context,
> if (lp_null_passwords(auth_context->lp_ctx)) {
> DEBUG(3,("Account for user '%s' has no password and null passwords are allowed.\n",
> user_info->mapped.account_name));
> + *lm_sess_key = data_blob(NULL, 0);
> + *user_sess_key = data_blob(NULL, 0);
Is this correct? It should not be data_blob(NULL, 16)?
(But 0 zeros and 16 zeros might be the same for the crypto...
as the 8 byte des key is the same as a 8byte key padded with 8 zeros)
metze
> return NT_STATUS_OK;
> } else {
> DEBUG(3,("Account for user '%s' has no password and null passwords are NOT allowed.\n",
> diff --git a/source/auth/session.c b/source/auth/session.c
> index 8f5e8d6..b254ee5 100644
> --- a/source/auth/session.c
> +++ b/source/auth/session.c
> @@ -98,14 +98,14 @@ _PUBLIC_ NTSTATUS auth_anonymous_server_info(TALLOC_CTX *mem_ctx,
> server_info->n_domain_groups = 0;
> server_info->domain_groups = NULL;
>
> - /* annoying, but the Anonymous really does have a session key,
> - and it is all zeros! */
> + /* annoying, but the Anonymous really does have a session key... */
> server_info->user_session_key = data_blob_talloc(server_info, NULL, 16);
> NT_STATUS_HAVE_NO_MEMORY(server_info->user_session_key.data);
>
> server_info->lm_session_key = data_blob_talloc(server_info, NULL, 16);
> NT_STATUS_HAVE_NO_MEMORY(server_info->lm_session_key.data);
>
> + /* and it is all zeros! */
> data_blob_clear(&server_info->user_session_key);
> data_blob_clear(&server_info->lm_session_key);
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.samba.org/archive/samba-technical/attachments/20080808/e2e9842f/signature.bin
More information about the samba-technical
mailing list