[PATCH] s3/rpc_server/samr get_user_info_18(): allow encrypted connexions
Aurélien Aptel
aaptel at suse.com
Mon Feb 29 17:08:18 UTC 2016
On Mon, 29 Feb 2016 17:40:53 +0100 Stefan Metzmacher <metze at samba.org>
wrote:
> Hi Aurélien,
>
> > In the current code the test to know if the connexion was encrypted
> > is incorrect as the test is always true (the function always returns
> > "access denied"). This patch fixes this and continues on properly
> > encrypted connexions, as expected.
>
> I think we should better match Windows and return
> NT_STATUS_INVALID_INFO_CLASS if this is called over the network.
we can update the return code but that's not the problem I was talking
about
> The only valid case is using this over NCALRPC as SYSTEM.
>
> Why are you trying to change this?
read again, the current test is always true.
- if auth_type is one of the tested type, it cannot be any of the
others, the 2 other != expressions will return true => access denied
- if auth_type is not one of the tested type, then all the !=
expressions return true => access denied
the whole test in its current form can be replaced with
if (1)
return NT_STATUS_ACCESS_DENIED
which is surely not what we want.
another fix would be to replace all || by &&.
--
Aurélien Aptel / SUSE Labs Samba Team
GPG: 1839 CB5F 9F5B FB9B AA97 8C99 03C8 A49B 521B D5D3
SUSE Linux GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG
Nürnberg)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160229/caf842fb/attachment.sig>
More information about the samba-technical
mailing list