summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2003-12-07 11:06:40 +0000
committerAndrew Bartlett <abartlet@samba.org>2003-12-07 11:06:40 +0000
commit570c0c12fd5c7414d9543e48bc0f9139f8371d67 (patch)
treef54d21bd14565c8cd09881b37bb7bc230ec89deb
parent05646504c7046e61971948512d3ba6ca5eee69aa (diff)
downloadsamba-570c0c12fd5c7414d9543e48bc0f9139f8371d67.tar.gz
samba-570c0c12fd5c7414d9543e48bc0f9139f8371d67.tar.bz2
samba-570c0c12fd5c7414d9543e48bc0f9139f8371d67.zip
Merge from 3.0:
source/libsmb/ntlmssp.c: Picked up by the build farm - despite all my efforts, security=server was broken by my NTLM2 commit. This should correctly cause the NTLM2 case not to be negotiated when 'security=server' is in effect. testsuide/build_farm/runlist: Without 'non unix accounts' we can't test security=domain on the build farm. source/rpc_server/srv_samr_nt.c: Match Win2k and return 'invalid parameter' for creating of a new account with account flags of 0. Andrew Bartlett (This used to be commit e97f1eb62ae01b5259d7ecfab9b55b07103379c7)
-rw-r--r--source3/libsmb/ntlmssp.c21
-rw-r--r--source3/rpc_server/srv_samr_nt.c6
-rw-r--r--testsuite/build_farm/runlist4
3 files changed, 21 insertions, 10 deletions
diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
index d361196047..ca1aa67403 100644
--- a/source3/libsmb/ntlmssp.c
+++ b/source3/libsmb/ntlmssp.c
@@ -340,7 +340,6 @@ static void ntlmssp_handle_neg_flags(struct ntlmssp_state *ntlmssp_state,
if (!(neg_flags & NTLMSSP_NEGOTIATE_NTLM2)) {
ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_NTLM2;
- ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_LM_KEY;
}
if (!(neg_flags & NTLMSSP_NEGOTIATE_128)) {
@@ -403,13 +402,6 @@ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state,
ntlmssp_handle_neg_flags(ntlmssp_state, neg_flags, lp_lanman_auth());
- chal_flags = ntlmssp_state->neg_flags;
-
- target_name = ntlmssp_target_name(ntlmssp_state,
- neg_flags, &chal_flags);
- if (target_name == NULL)
- return NT_STATUS_INVALID_PARAMETER;
-
/* Ask our caller what challenge they would like in the packet */
cryptkey = ntlmssp_state->get_challenge(ntlmssp_state);
@@ -418,6 +410,19 @@ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state,
ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_NTLM2;
}
+ /* The flags we send back are not just the negotiated flags,
+ * they are also 'what is in this packet'. Therfore, we
+ * operate on 'chal_flags' from here on
+ */
+
+ chal_flags = ntlmssp_state->neg_flags;
+
+ /* get the right name to fill in as 'target' */
+ target_name = ntlmssp_target_name(ntlmssp_state,
+ neg_flags, &chal_flags);
+ if (target_name == NULL)
+ return NT_STATUS_INVALID_PARAMETER;
+
ntlmssp_state->chal = data_blob_talloc(ntlmssp_state->mem_ctx, cryptkey, 8);
ntlmssp_state->internal_chal = data_blob_talloc(ntlmssp_state->mem_ctx, cryptkey, 8);
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 7be9b41ee9..7f57a9fc9d 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -2130,6 +2130,12 @@ NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_CREA
return nt_status;
}
+ if (!acb_info) {
+ /* Match Win2k, and return NT_STATUS_INVALID_PARAMETER if
+ this parameter is zero (ie, no user type specified) */
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
/* find the account: tell the caller if it exists.
lkclXXXX i have *no* idea if this is a problem or not
or even if you are supposed to construct a different
diff --git a/testsuite/build_farm/runlist b/testsuite/build_farm/runlist
index 5996f24ba8..594c172b6f 100644
--- a/testsuite/build_farm/runlist
+++ b/testsuite/build_farm/runlist
@@ -1,6 +1,6 @@
TEST_ALL="basicsmb-sharelist basicsmb-local-pass-change \
basicsmb-sharesec basicsmb-usersec \
-basicsmb-serversec basicsmb-domainsec basicsmb-domainsec-nt4 \
+basicsmb-serversec \
basicsmb-shareguest basicsmb-hostsequiv basicsmb-invalidusers \
basicsmb-hostsdeny basicsmb-remote-pass-change \
basicsmb-preexec \
@@ -15,4 +15,4 @@ torture-RW1 torture-RW2 torture-OPEN torture-XCOPY \
torture-RENAME torture-DELETE torture-PROPERTIES \
torture-MANGLE torture-FDSESS"
-#basicsmb-serversec
+#basicsmb-domainsec basicsmb-domainsec-nt4 \ No newline at end of file