From d83845241381fb6ff86890d1d43c3d3bf6522a2b Mon Sep 17 00:00:00 2001
From: Luke Leighton <lkcl@samba.org>
Date: Wed, 15 Oct 1997 19:16:38 +0000
Subject: smb.h smbparse.c pipenetlog.c :

	whoops, the SAM Logon structure was wrong.  updated this, and
	cifsntdomain.txt.  more debug info in pipenetlog.c.  the crash
	is somewhere around deal_with_credentials().

byteorder.h :

	put in uint8, uint16 and uint32 typecasts around debug info, because
	sign extending was resulting in ffffffe8 being displayed instead of e8.

credentials.c :

	some debugging info, because i'm tracking a coredump.  without gdb.
	nothing like making things difficult.

reply.c :

	whoops, missed this (important) bit from paul's code, which tells
	the NT workstation that the MACHINE$ entry doesn't already exist,
	and we're going to create a default entry with a password "machine"
	right now.

proto.h:

	the usual.
(This used to be commit ed606bc7d4e6fb1091e527ea70a3e950d50a1db4)
---
 source3/smbd/reply.c | 25 ++++++++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)

(limited to 'source3/smbd')

diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index baccb76291..dffb6f05bd 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -479,8 +479,31 @@ int reply_sesssetup_and_X(char *inbuf,char *outbuf,int length,int bufsize)
   /* computer with that name (minus the $) has access. For now */
   /* say yes to everything ending in $. */
   if (user[strlen(user) - 1] == '$') {
-    computer_id = True;
+    struct smb_passwd *smb_pass; /* To check if machine account exists */
+#ifdef NTDOMAIN
+/* 
+   PAXX: Ack. We don't want to do this. The workstation trust account
+   with a $ on the end should exist in the local password database
+   or be mapped to something generic, but not modified. For NT
+   domain support we must reject this used in certain circumstances
+   with a code to indicate to the client that it is an invalid use
+   of a workstation trust account. NTWKS needs this error to join
+   a domain. This may be the source of future bugs if we cannot
+   be sure whether to reject this or not.
+*/
+   smb_pass = get_smbpwnam(user);
+   if(smb_pass)
+   {
+     /* PAXX: This is the NO LOGON workstation trust account stuff */
+     DEBUG(4,("Rejecting workstation trust account %s",user));
+     SSVAL(outbuf, smb_flg2, 0xc003); /* PAXX: Someone please unhack this */
+     CVAL(outbuf, smb_reh) = 1; /* PAXX: Someone please unhack this */
+     return(ERROR(0x99,0xc000)); /* 0x99 NT error, 0xc00 */
+   }
+   computer_id = True;
+#else /* not NTDOMAIN, leave this in. PAXX: Someone get rid of this */
     user[strlen(user) - 1] = '\0';
+#endif
   }
 
 
-- 
cgit