svn commit: samba r24789 - in branches/SAMBA_3_2/source/utils: .
Rafal Szczesniak
mimir at samba.org
Thu Aug 30 10:57:32 GMT 2007
On Wed, Aug 29, 2007 at 10:18:37PM +0200, Volker Lendecke wrote:
> On Wed, Aug 29, 2007 at 07:55:15PM +0000, mimir at samba.org wrote:
> > + sec = (enum security_types)lp_security();
> > +
> > + if (sec == SEC_ADS) {
> > + /* Connect to IPC$ using machine account's credentials. We don't use anonymous
> > + connection here, as it may be denied by server's local policy. */
> > + net_use_machine_account();
> > +
> > + } else {
> > + /* some servers (e.g. WinNT) don't accept machine-authenticated
> > + smb connections */
> > + conn_flags |= NET_FLAGS_ANONYMOUS;
> > + }
> > +
> > /* Connect to remote machine */
> > - if (!(cli = net_make_ipc_connection_ex(domain, server, ip, (NET_FLAGS_ANONYMOUS|NET_FLAGS_PDC)))) {
> > + if (!(cli = net_make_ipc_connection_ex(domain, server, ip, conn_flags))) {
> > return -1;
> > }
>
> Quick uninformed question: Why the fixed setting here, why
> not try the secure alternative first and do a fallback if
> that fails?
To avoid misleading message about nt status returned (though I must
confess I haven't tested exactly this scenario). Besides it doesn't hurt
to authenticate smb connection to win2k3 pipe in first try. It satisfies
both restricted and anonymous-opened servers.
cheers,
--
Rafal Szczesniak
Samba Team member http://www.samba.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.samba.org/archive/samba-technical/attachments/20070830/c69838e4/attachment.bin
More information about the samba-technical
mailing list