MS-DFS referral.

Jeremy Allison jra at
Tue Oct 28 01:25:37 GMT 2003

Hmmm. Whilst fixing bug #667 I think I've noticed that a W2K SP4
redirectory will sometimes do call_trans2getdfsreferral() IPC$
calls as the anonymous user for DFS paths returned from a logged
in user. It doesn't seem to care that it shouldn't have the
privillages to look up this path (and indeed in Samba it doesn't).

I wonder if this is a security flaw in the W2K MSDFS server code
that it must allow the W2K redirector to do this.

I can emulate it of course by becoming root before doing the DFS
lookup, I'm just not sure I should.

Shirish, or anyone working on the DFS code, any ideas ?


More information about the samba-technical mailing list