diff options
author | Andrew Bartlett <abartlet@samba.org> | 2001-11-11 12:42:39 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2001-11-11 12:42:39 +0000 |
commit | 3d6154599a798e432360c001c25267e990f53d6d (patch) | |
tree | ba3da27773a6690dcbf63002f480ce878f0ee430 | |
parent | 989e0409ba581eb2ed2031a72b9d32a41417f860 (diff) | |
download | samba-3d6154599a798e432360c001c25267e990f53d6d.tar.gz samba-3d6154599a798e432360c001c25267e990f53d6d.tar.bz2 samba-3d6154599a798e432360c001c25267e990f53d6d.zip |
Kill off 'restrict anonymous' becouse it is useless in its current form.
To be replaced with a real restriction in consultation with jra. (Hence why
I've not touched loadparm.c).
Andrew Bartlett
(This used to be commit 95901449158a4ef7f95f75b22f63f6f8d43a01fe)
-rw-r--r-- | source3/smbd/sesssetup.c | 47 |
1 files changed, 0 insertions, 47 deletions
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index e2edd5703e..6a2bfc2d97 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -571,32 +571,6 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf, passlen2 = 0; } - if (lp_restrict_anonymous()) { - /* there seems to be no reason behind the - * differences in MS clients formatting - * various info like the domain, NativeOS, and - * NativeLanMan fields. Win95 in particular - * seems to have an extra null byte between - * the username and the domain, or the - * password length calculation is wrong, which - * throws off the string extraction routines - * below. This makes the value of domain be - * the empty string, which fails the restrict - * anonymous check further down. This - * compensates for that, and allows browsing - * to work in mixed NT and win95 environments - * even when restrict anonymous is true. AAB - * */ - dump_data(100, p, 0x70); - DEBUG(9, ("passlen1=%d, passlen2=%d\n", passlen1, passlen2)); - if (ra_type == RA_WIN95 && !passlen1 && !passlen2 && p[0] == 0 && p[1] == 0) { - DEBUG(0, ("restrict anonymous parameter used in a win95 environment!\n")); - DEBUG(0, ("client is win95 and broken passlen1 offset -- attempting fix\n")); - DEBUG(0, ("if win95 cilents are having difficulty browsing, you will be unable to use restrict anonymous\n")); - passlen1 = 1; - } - } - /* Save the lanman2 password and the NT md4 password. */ if ((doencrypt) && (passlen1 != 0) && (passlen1 != 24)) { @@ -664,27 +638,6 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf, *user = 0; } - if (done_sesssetup && lp_restrict_anonymous()) { - /* tests show that even if browsing is done over - * already validated connections without a username - * and password the domain is still provided, which it - * wouldn't be if it was a purely anonymous - * connection. So, in order to restrict anonymous, we - * only deny connections that have no session - * information. If a domain has been provided, then - * it's not a purely anonymous connection. AAB */ - if (!*user && !*domain) { - DEBUG(0, ("restrict anonymous is True and anonymous connection attempted. Denying access.\n")); - - data_blob_free(&lm_resp); - data_blob_free(&nt_resp); - data_blob_clear_free(&plaintext_password); - - END_PROFILE(SMBsesssetupX); - return ERROR_DOS(ERRDOS,ERRnoaccess); - } - } - if (!make_user_info_for_reply(&user_info, user, domain, lm_resp, nt_resp, |