svn commit: samba r16397 - in branches/SAMBA_3_0/source/smbd: .

Gerald (Jerry) Carter jerry at samba.org
Tue Jun 20 15:53:17 GMT 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gerald (Jerry) Carter wrote:
> jra at samba.org wrote:
>>> Author: jra
>>> Date: 2006-06-20 02:38:28 +0000 (Tue, 20 Jun 2006)
>>> New Revision: 16397
>>>
>>> WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16397
>>>
>>> Log:
>>> Fix Klocwork #11767 and drasticly simplify the
>>> logic in smbd/process.c. All interested (Volker,
>>> Jerry, James etc). PLEASE REVIEW THIS CHANGE.
>>> The logic should be identical but *much* easier
>>> to follow and change (and shouldn't confuse Klockwork :-).

James is right.  The logic is different in two places,
Before if change_to_user() failed bu the AS_GUEST flag was
set the code would fall on through.  Now it always fails.
Can you help me understand under what conditions the old
code would have been executed? I have a feeling it may
be for security = share.

- -      /* does this protocol need to be run as the connected user? */
- -      if ((flags & AS_USER) && !change_to_user (conn, session_tag))
+	  if (!change_to_user (conn, session_tag))
 	{
- -	  if (flags & AS_GUEST)
- -	    flags &= ~AS_USER;
- -	  else
 	    return (ERROR_FORCE_DOS (ERRSRV, ERRbaduid));
 	}


- -      /* this code is to work around a bug is MS client 3 without
- -         introducing a security hole - it needs to be able to do
- -         print queue checks as guest if it isn't logged in properly */
- -      if (flags & AS_USER)
- -	flags &= ~AS_GUEST;
+	  /* All NEED_WRITE and CAN_IPC flags must also have AS_USER. */







cheers, jerry
=====================================================================
Samba                                    ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFEmBntIR7qMdg1EfYRAsGaAKCyagoruaSEMvvT/znFFe1vdsXwmACgiyTk
MZqPDRIsW/CYBMYfvRhgkZs=
=piw5
-----END PGP SIGNATURE-----

More information about the samba-technical mailing list