IPC User Problem (was Situational Deadlock)

[Esh, Andrew]

It should be noted that the problem occurs in Samba 3.0.1 (CVS tag release_3_0_1), and  did not occur in Samba 2.2.8a. The code snippet shown below was added to smbd/uid.c:check_user_ok between those two releases.

FYI: This problem is reproducible on Windows NT, but is not reproducible on Windows 2K. Other platforms have not been tested for this. My guess is that 2K remembers which uid is used to connect to IPC, and reuses it. NT simply assumed that the IPC service would never deny access.

The code which is triggering the problem is a call to WNetAddConnection2. The share being connected to is a normal share (not IPC), and the user is a regular user (not the guest user or "nobody"). The password is not blank, so there is no fallback to the guest user.

The IPC connection is being made by the user nobody (as seen in my previous email), and the user is being registered with it's own separate vuid, and as a guest.

Given that this is being triggered by a single legitimate call to a Windows library function, I don't see any way to fix it except to change Samba. If the condition show in the code below is reached, it should not return False if the service is "\srvsvc" or IPC. Windows NT appears to expect to get into IPC with these credtial changes.

-----Original Message-----
From: samba-technical-bounces+andrew_esh=adaptec.com at lists.samba.org
[mailto:samba-technical-bounces+andrew_esh=adaptec.com at lists.samba.org]O
n Behalf Of Esh, Andrew
Sent: Wednesday, January 28, 2004 1:16 PM
To: samba-technical at lists.samba.org
Subject: IPC User Problem (was Situational Deadlock)

[...]

	if ((conn->force_user || conn->force_group) 
	    && (conn->vuid != vuser->vuid)) {
		return False;
	}

[...]

---
Andrew C. Esh                mail:Andrew_Esh[at]adaptec.com
Adaptec, Inc.
2905 Northwest Blvd., Suite 20        763-557-9005 (main)
Plymouth, MN 55441-2644 USA      763-551-6418 (direct)