s4:rpc_server/dcesrv_auth.c - Fix a RPC issue in conjunction with Windows 2000

Andrew Bartlett abartlet at samba.org
Sun May 30 05:07:16 MDT 2010 

On Sun, 2010-05-30 at 05:41 -0500, Matthias Dieter Wallnöfer wrote:
> The branch, master has been updated
>        via  1cf5be3... s4:rpc_server/dcesrv_auth.c - Fix a RPC issue in conjunction with Windows 2000
>       from  76cd237... s4:web_server/wsgi.c - free the "env" and "inputstream" objects on an "asprintf" failure
> 
> http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
> 
> 
> - Log -----------------------------------------------------------------
> commit 1cf5be39e30f9478606a5525eb7beeb21ee83c24
> Author: Matthias Dieter Wallnöfer <mdw at samba.org>
> Date:   Sun May 30 12:02:24 2010 +0200
> 
>     s4:rpc_server/dcesrv_auth.c - Fix a RPC issue in conjunction with Windows 2000
>     
>     Windows 2000 does strictly request header signing on some requests also if the
>     server doesn't provide it. But there is a small trick (don't reset the actual
>     session info) to make these special RPC operations work without a full header
>     signing implementation.
>     
>     This fixes for example the list of domain groups in local groups when displayed
>     sing the local user/group management tool.
>     
>     And this should finally fix bug #7113.
>     
>     The patch was inspired by another one by tridge and abartlet: http://gitweb.samba.org/samba.git/?p=tridge/samba.git;a=commitdiff;h=2dc19e2878371264606575d3fc09176776be7729

Matthias,

I'm not comfortable with this path, and would have liked a chance to
review it before you put it in.  

I believe it only passed 'make test' because we usually use the same
username and password for the SMB and authenticated RPC layers, but I do
not believe it is correct in the general case.  I'm particularly worried
because you made it apply for all authentication, not just schannel.  

How did this pass the RPC-SCHANNEL test?  How did you show that this new
behaviour is correct for all authentication methods?  

Finally, do you have any idea why the build farm is showing segfaults
now?

Andrew Bartlett
-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100530/8d564d8b/attachment.pgp>

More information about the samba-technical mailing list