MS-DFS referral.

Christopher R. Hertel crh at
Tue Oct 28 03:18:37 GMT 2003

Jeremy Allison wrote:
> Hmmm. Whilst fixing bug #667 I think I've noticed that a W2K SP4
> redirectory will sometimes do call_trans2getdfsreferral() IPC$
> calls as the anonymous user for DFS paths returned from a logged
> in user. It doesn't seem to care that it shouldn't have the
> privillages to look up this path (and indeed in Samba it doesn't).
> I wonder if this is a security flaw in the W2K MSDFS server code
> that it must allow the W2K redirector to do this.
> I can emulate it of course by becoming root before doing the DFS
> lookup, I'm just not sure I should.
> Shirish, or anyone working on the DFS code, any ideas ?
> Jeremy.

I saw something like this today at work, looking at a capture for another

I'll find out what types of systems they were and let you know if it's
really the same as what you're seeing or not.

Chris -)-----

"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team --     -)-----   Christopher R. Hertel
jCIFS Team --   -)-----   ubiqx development, uninq.
ubiqx Team --     -)-----   crh at
OnLineBook --    -)-----   crh at

More information about the samba-technical mailing list