svn commit: samba r9601 - in trunk/source/rpc_server: .
Andrew Bartlett
abartlet at samba.org
Thu Aug 25 21:04:45 GMT 2005
On Thu, 2005-08-25 at 08:59 -0700, Jeremy Allison wrote:
> On Thu, Aug 25, 2005 at 10:05:46AM +0200, Stefan (metze) Metzmacher wrote:
> > > Modified: trunk/source/rpc_server/srv_pipe.c
> > > ===================================================================
> > > --- trunk/source/rpc_server/srv_pipe.c 2005-08-25 00:57:21 UTC (rev 9600)
> > > +++ trunk/source/rpc_server/srv_pipe.c 2005-08-25 01:02:14 UTC (rev 9601)
> > > @@ -2081,13 +2081,17 @@
> > > BOOL api_pipe_request(pipes_struct *p)
> > > {
> > > BOOL ret = False;
> > > + BOOL changed_user = False;
> > > PIPE_RPC_FNS *pipe_fns;
> > >
> > > - if (p->pipe_bound && p->auth.auth_type == PIPE_AUTH_TYPE_NTLMSSP) {
> > > + if (p->pipe_bound &&
> > > + ((p->auth.auth_type == PIPE_AUTH_TYPE_NTLMSSP) ||
> > > + (p->auth.auth_type == PIPE_AUTH_TYPE_SPNEGO_NTLMSSP))) {
> >
> > Hi Jeremy,
> >
> > maybe just use p->auth.auth_type != PIPE_AUTH_TYPE_NONE
> > ( != 0)
> >
> > do we become the user for the ipc$ share before?
> > as with auth_type == 0 we need to run the call as the user that connected
> > to the ipc$ share.
>
> I can't do that as schannel doesn't change user I think. We are in
> the security context of the user who connected to the ipc$ share when
> auth type is none, this is changing to an authenticated user.
schannel should change user. We have been warning for ages that this
will happen, and removed the code that I added to allow machine account
to be 'virtual' in any way.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc. http://suse.de
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-cvs/attachments/20050826/86b92fe7/attachment.bin
More information about the samba-cvs
mailing list