Samba3 RPC Server

Andreas Schneider asn at
Fri May 27 10:20:18 MDT 2011

Hi Volker and Jeremy,

I think you know that Simo and I are working on preforking support for Samba3. 
I'm currently working on a LSA Service Daemon and trying to cleanup and fix 
some Samba3 RPC server flaws.

Lets take a look at

source3/rpc_server/srv_pipe.c +1551

api_pipe_request() checks if the user connecting is authenticated user and 
then becomes the user connecting before each RPC call.

Before SambaXP I discussed that with Simo in spoolssd that it doesn't make 
sense to do it. If the user has to deal with files we should switch to the 
user and not in any other case. So we implemented it this way in spoolss.

I think the same should apply to all other rpc calls. I would like to remove 
the become_authenticated_pipe_user() call in the api_pipe_request() function 
and switch to the "guest" or "nobody" user when we fork a daemon. This implies 
that we correctly switch to root (or the user) and back in all rpc services.

If this is fine for you I would start to implement and test this.

Best regards,

	-- andreas

Andreas Schneider                   GPG-ID: F33E3FC6
Samba Team                             asn at

More information about the samba-technical mailing list