diff options
| author | Luke Leighton <lkcl@samba.org> | 1997-10-15 19:16:38 +0000 |
|---|---|---|
| committer | Luke Leighton <lkcl@samba.org> | 1997-10-15 19:16:38 +0000 |
| commit | d83845241381fb6ff86890d1d43c3d3bf6522a2b (patch) | |
| tree | bedfdef95d642a5df1ce1449d04c8985789cd319 /source3/smbd | |
| parent | 5619b53921aca62fea163399fd0ca1915e50cc11 (diff) | |
| download | samba-d83845241381fb6ff86890d1d43c3d3bf6522a2b.tar.gz samba-d83845241381fb6ff86890d1d43c3d3bf6522a2b.tar.bz2 samba-d83845241381fb6ff86890d1d43c3d3bf6522a2b.zip | |
smb.h smbparse.c pipenetlog.c :
whoops, the SAM Logon structure was wrong. updated this, and
cifsntdomain.txt. more debug info in pipenetlog.c. the crash
is somewhere around deal_with_credentials().
byteorder.h :
put in uint8, uint16 and uint32 typecasts around debug info, because
sign extending was resulting in ffffffe8 being displayed instead of e8.
credentials.c :
some debugging info, because i'm tracking a coredump. without gdb.
nothing like making things difficult.
reply.c :
whoops, missed this (important) bit from paul's code, which tells
the NT workstation that the MACHINE$ entry doesn't already exist,
and we're going to create a default entry with a password "machine"
right now.
proto.h:
the usual.
(This used to be commit ed606bc7d4e6fb1091e527ea70a3e950d50a1db4)
Diffstat (limited to 'source3/smbd')
| -rw-r--r-- | source3/smbd/reply.c | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index baccb76291..dffb6f05bd 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -479,8 +479,31 @@ int reply_sesssetup_and_X(char *inbuf,char *outbuf,int length,int bufsize) /* computer with that name (minus the $) has access. For now */ /* say yes to everything ending in $. */ if (user[strlen(user) - 1] == '$') { - computer_id = True; + struct smb_passwd *smb_pass; /* To check if machine account exists */ +#ifdef NTDOMAIN +/* + PAXX: Ack. We don't want to do this. The workstation trust account + with a $ on the end should exist in the local password database + or be mapped to something generic, but not modified. For NT + domain support we must reject this used in certain circumstances + with a code to indicate to the client that it is an invalid use + of a workstation trust account. NTWKS needs this error to join + a domain. This may be the source of future bugs if we cannot + be sure whether to reject this or not. +*/ + smb_pass = get_smbpwnam(user); + if(smb_pass) + { + /* PAXX: This is the NO LOGON workstation trust account stuff */ + DEBUG(4,("Rejecting workstation trust account %s",user)); + SSVAL(outbuf, smb_flg2, 0xc003); /* PAXX: Someone please unhack this */ + CVAL(outbuf, smb_reh) = 1; /* PAXX: Someone please unhack this */ + return(ERROR(0x99,0xc000)); /* 0x99 NT error, 0xc00 */ + } + computer_id = True; +#else /* not NTDOMAIN, leave this in. PAXX: Someone get rid of this */ user[strlen(user) - 1] = '\0'; +#endif } |