CVS update: samba/source/rpc_server

Andrew Bartlett abartlet at
Fri Nov 9 17:02:04 GMT 2001

Jeremy Allison wrote:
> On Sat, Nov 10, 2001 at 10:54:39AM +1100, Andrew Bartlett wrote:
> > By this point it should be clearer why keeping the 'have vuid' case
> > should be kept simple - particularly given the security issues with the
> > current code.  (Users of NT4 terminal server are advised to always use
> > the registry hack to permit multiple connections to samba, for both
> > performance and security reasons).
> Performance reasons only. Multi-user NT boxes switch vuid and do
> multiple session setups when multiple users access the shares.
> There are no security holes known with mutli-user NT/Citrix and
> samba.

But they don't do multiple tree connects do they? 

The problem is that the user_ok() code at present doesn't consider the
guest user case.

(or the NT ACL in tdb for that matter)

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Samba Team member, Build Farm maintainer        abartlet at
Student Network Administrator, Hawker College   abartlet at

More information about the samba-technical mailing list