diff options
author | Andrew Bartlett <abartlet@samba.org> | 2003-12-07 11:06:40 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2003-12-07 11:06:40 +0000 |
commit | 570c0c12fd5c7414d9543e48bc0f9139f8371d67 (patch) | |
tree | f54d21bd14565c8cd09881b37bb7bc230ec89deb | |
parent | 05646504c7046e61971948512d3ba6ca5eee69aa (diff) | |
download | samba-570c0c12fd5c7414d9543e48bc0f9139f8371d67.tar.gz samba-570c0c12fd5c7414d9543e48bc0f9139f8371d67.tar.bz2 samba-570c0c12fd5c7414d9543e48bc0f9139f8371d67.zip |
Merge from 3.0:
source/libsmb/ntlmssp.c:
Picked up by the build farm - despite all my efforts, security=server was
broken by my NTLM2 commit. This should correctly cause the NTLM2 case
not to be negotiated when 'security=server' is in effect.
testsuide/build_farm/runlist:
Without 'non unix accounts' we can't test security=domain on the build farm.
source/rpc_server/srv_samr_nt.c:
Match Win2k and return 'invalid parameter' for creating of a new account with
account flags of 0.
Andrew Bartlett
(This used to be commit e97f1eb62ae01b5259d7ecfab9b55b07103379c7)
-rw-r--r-- | source3/libsmb/ntlmssp.c | 21 | ||||
-rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 6 | ||||
-rw-r--r-- | testsuite/build_farm/runlist | 4 |
3 files changed, 21 insertions, 10 deletions
diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c index d361196047..ca1aa67403 100644 --- a/source3/libsmb/ntlmssp.c +++ b/source3/libsmb/ntlmssp.c @@ -340,7 +340,6 @@ static void ntlmssp_handle_neg_flags(struct ntlmssp_state *ntlmssp_state, if (!(neg_flags & NTLMSSP_NEGOTIATE_NTLM2)) { ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_NTLM2; - ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_LM_KEY; } if (!(neg_flags & NTLMSSP_NEGOTIATE_128)) { @@ -403,13 +402,6 @@ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state, ntlmssp_handle_neg_flags(ntlmssp_state, neg_flags, lp_lanman_auth()); - chal_flags = ntlmssp_state->neg_flags; - - target_name = ntlmssp_target_name(ntlmssp_state, - neg_flags, &chal_flags); - if (target_name == NULL) - return NT_STATUS_INVALID_PARAMETER; - /* Ask our caller what challenge they would like in the packet */ cryptkey = ntlmssp_state->get_challenge(ntlmssp_state); @@ -418,6 +410,19 @@ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state, ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_NTLM2; } + /* The flags we send back are not just the negotiated flags, + * they are also 'what is in this packet'. Therfore, we + * operate on 'chal_flags' from here on + */ + + chal_flags = ntlmssp_state->neg_flags; + + /* get the right name to fill in as 'target' */ + target_name = ntlmssp_target_name(ntlmssp_state, + neg_flags, &chal_flags); + if (target_name == NULL) + return NT_STATUS_INVALID_PARAMETER; + ntlmssp_state->chal = data_blob_talloc(ntlmssp_state->mem_ctx, cryptkey, 8); ntlmssp_state->internal_chal = data_blob_talloc(ntlmssp_state->mem_ctx, cryptkey, 8); diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 7be9b41ee9..7f57a9fc9d 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -2130,6 +2130,12 @@ NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_CREA return nt_status; } + if (!acb_info) { + /* Match Win2k, and return NT_STATUS_INVALID_PARAMETER if + this parameter is zero (ie, no user type specified) */ + return NT_STATUS_INVALID_PARAMETER; + } + /* find the account: tell the caller if it exists. lkclXXXX i have *no* idea if this is a problem or not or even if you are supposed to construct a different diff --git a/testsuite/build_farm/runlist b/testsuite/build_farm/runlist index 5996f24ba8..594c172b6f 100644 --- a/testsuite/build_farm/runlist +++ b/testsuite/build_farm/runlist @@ -1,6 +1,6 @@ TEST_ALL="basicsmb-sharelist basicsmb-local-pass-change \ basicsmb-sharesec basicsmb-usersec \ -basicsmb-serversec basicsmb-domainsec basicsmb-domainsec-nt4 \ +basicsmb-serversec \ basicsmb-shareguest basicsmb-hostsequiv basicsmb-invalidusers \ basicsmb-hostsdeny basicsmb-remote-pass-change \ basicsmb-preexec \ @@ -15,4 +15,4 @@ torture-RW1 torture-RW2 torture-OPEN torture-XCOPY \ torture-RENAME torture-DELETE torture-PROPERTIES \ torture-MANGLE torture-FDSESS" -#basicsmb-serversec +#basicsmb-domainsec basicsmb-domainsec-nt4
\ No newline at end of file |