summaryrefslogtreecommitdiff
path: root/source3/nmbd
diff options
context:
space:
mode:
Diffstat (limited to 'source3/nmbd')
-rw-r--r--source3/nmbd/nmbd_packets.c9
-rw-r--r--source3/nmbd/nmbd_processlogon.c59
2 files changed, 38 insertions, 30 deletions
diff --git a/source3/nmbd/nmbd_packets.c b/source3/nmbd/nmbd_packets.c
index 627bbea019..a7c94f1544 100644
--- a/source3/nmbd/nmbd_packets.c
+++ b/source3/nmbd/nmbd_packets.c
@@ -592,7 +592,7 @@ struct response_record *queue_release_name( struct subnet_record *subrec,
if(assert_check_subnet(subrec))
return NULL;
- if(( p = create_and_init_netbios_packet(nmbname, (subrec != unicast_subnet), False,
+ if ((p = create_and_init_netbios_packet(nmbname, (subrec != unicast_subnet), False,
subrec->bcast_ip)) == NULL)
return NULL;
@@ -621,10 +621,9 @@ struct response_record *queue_release_name( struct subnet_record *subrec,
* This will cause us to remove the name asap. JRA.
*/
- if(bcast)
- {
- rrec->repeat_count = 0;
- rrec->repeat_time = 0;
+ if (subrec != unicast_subnet) {
+ rrec->repeat_count = 0;
+ rrec->repeat_time = 0;
}
return rrec;
diff --git a/source3/nmbd/nmbd_processlogon.c b/source3/nmbd/nmbd_processlogon.c
index d3b7f92fc7..bc4c6ea127 100644
--- a/source3/nmbd/nmbd_processlogon.c
+++ b/source3/nmbd/nmbd_processlogon.c
@@ -117,28 +117,35 @@ logons are not enabled.\n", inet_ntoa(p->ip) ));
getdc = skip_string(machine,1);
unicomp = skip_string(getdc,1);
- q = align2(unicomp, buf);
-
- q = skip_unicode_string(q, 1);
-
- if ((buf - q) >= len) { /* Check for a short request */
-
- short_request = True;
-
- }
- else { /* A full length request */
-
- ntversion = IVAL(q, 0);
- q += 4;
- lmnttoken = SVAL(q, 0);
- q += 2;
- lm20token = SVAL(q, 0);
- q += 2;
-
+ /* at this point we can work out if this is a W9X or NT style
+ request. Experiments show that the difference is wether the
+ packet ends here. For a W9X request we now end with a pair of
+ bytes (usually 0xFE 0xFF) whereas with NT we have two further
+ strings - the following is a simple way of detecting this */
+ if (len - PTR_DIFF(unicomp, buf) > 3) {
+ short_request = True;
+ } else {
+ /* A full length (NT style) request */
+ q = skip_unicode_string(unicomp, 1);
+
+ if (len - PTR_DIFF(q, buf) > 8) {
+ /* with NT5 clients we can sometimes
+ get additional data - a length specificed string
+ containing the domain name, then 16 bytes of
+ data (no idea what it is) */
+ int dom_len = CVAL(q, 0);
+ q++;
+ if (dom_len != 0) {
+ q += dom_len + 1;
+ }
+ q += 16;
+ }
+ ntversion = IVAL(q, 0);
+ lmnttoken = SVAL(q, 4);
+ lm20token = SVAL(q, 6);
}
/* Construct reply. */
-
q = outbuf;
SSVAL(q, 0, QUERYFORPDC_R);
q += 2;
@@ -159,11 +166,9 @@ logons are not enabled.\n", inet_ntoa(p->ip) ));
q = skip_unicode_string(q, 1);
SIVAL(q, 0, ntversion);
- q += 4;
- SSVAL(q, 0, lmnttoken);
- q += 2;
- SSVAL(q, 0, lm20token);
- q += 2;
+ SSVAL(q, 4, lmnttoken);
+ SSVAL(q, 6, lm20token);
+ q += 8;
}
/* RJS, 21-Feb-2000, we send a short reply if the request was short */
@@ -227,7 +232,11 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n",
/* Construct reply. */
q = outbuf;
- SSVAL(q, 0, SAMLOGON_R);
+ if (SVAL(uniuser, 0) == 0) {
+ SSVAL(q, 0, SAMLOGON_UNK_R); /* user unknown */
+ } else {
+ SSVAL(q, 0, SAMLOGON_R);
+ }
q += 2;
dos_PutUniCode(q, reply_name,sizeof(pstring));