the first independent msrpc daemon - lsarpcd.

one horrible cut / paste job from smbd, plus a code split of shared
components between the two.

the job is not _yet_ complete, as i need to be able to do a become_user()
call for security reasons.  i picked lsarpcd first because you don't
_need_ security on it (microsoft botched so badly on this one, it's not
real.  at least they fixed this in nt5 with restrictanonymous=0x2).
fixing this involves sending the current smb and unix credentials down
the unix pipe so that the daemon it eventually goes to can pick them
up at the other end.

i can't believe this all worked!!!

1 files changed, 3 insertions, 2 deletions

diff --git a/source/smbd/reply.c b/source/smbd/reply.c
index a0ad2ca20d2..81f2a9beb9e 100644
--- a/source/smbd/reply.c
+++ b/source/smbd/reply.c
@@ -415,6 +415,7 @@ static int session_trust_account(connection_struct *conn, char *inbuf, char *out
                                 char *smb_nt_passwd, int smb_nt_passlen)
 {
   struct smb_passwd *smb_trust_acct = NULL; /* check if trust account exists */
+	uchar last_chal[8];
   if (lp_security() == SEC_USER)
   {
     smb_trust_acct = getsmbpwnam(user);
@@ -441,8 +442,8 @@ static int session_trust_account(connection_struct *conn, char *inbuf, char *out
       SSVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES);
       return(ERROR(0, 0xc0000000|NT_STATUS_LOGON_FAILURE));
     }
-
-    if (!smb_password_ok(smb_trust_acct, NULL, NULL, NULL,
+	if (!last_challenge(last_chal) ||
+            !smb_password_ok(smb_trust_acct, last_chal, NULL, NULL,
 	(unsigned char *)smb_passwd, smb_passlen,
 	(unsigned char *)smb_nt_passwd, smb_nt_passlen, NULL))
     {