reply.c: Added timestamp to attack warning.

server.c: Fixed security=share problem where the vuid was still being
looked at.
Jeremy.

2 files changed, 3 insertions, 1 deletions

diff --git a/source/smbd/reply.c b/source/smbd/reply.c
index 7194f3b1446..b1caee10a22 100644
--- a/source/smbd/reply.c
+++ b/source/smbd/reply.c
@@ -55,7 +55,7 @@ report a possible attack via the password buffer overflow bug
 ****************************************************************************/
 static void overflow_attack(int len)
 {
-	DEBUG(0,("ERROR: Invalid password length %d\n", len));
+	DEBUG(0,("%s: ERROR: Invalid password length %d\n", timestring(), len));
 	DEBUG(0,("your machine may be under attack by a user exploiting an old bug\n"));
 	DEBUG(0,("Attack was from IP=%s\n", client_addr()));
 	exit_server("possible attack");
diff --git a/source/smbd/server.c b/source/smbd/server.c
index 3c40e9800fa..aaf446bdf5a 100644
--- a/source/smbd/server.c
+++ b/source/smbd/server.c
@@ -4681,6 +4681,8 @@ static int switch_message(int type,char *inbuf,char *outbuf,int size,int bufsize
 	  int flags = smb_messages[match].flags;
           /* In share mode security we must ignore the vuid. */
 	  uint16 session_tag = (lp_security() == SEC_SHARE) ? UID_FIELD_INVALID : SVAL(inbuf,smb_uid);
+          /* Ensure this value is replaced in the incoming packet. */
+          SSVAL(inbuf,smb_uid,session_tag);
 
 	  /* does this protocol need to be run as root? */
 	  if (!(flags & AS_USER))