[PATCH] s3/rpc_server/samr get_user_info_18(): allow encrypted connexions

Aurélien Aptel aaptel at suse.com
Mon Feb 29 17:08:18 UTC 2016

On Mon, 29 Feb 2016 17:40:53 +0100 Stefan Metzmacher <metze at samba.org>
> Hi Aurélien,
> > In the current code the test to know if the connexion was encrypted
> > is incorrect as the test is always true (the function always returns
> > "access denied"). This patch fixes this and continues on properly
> > encrypted connexions, as expected.
> I think we should better match Windows and return
> NT_STATUS_INVALID_INFO_CLASS if this is called over the network.

we can update the return code but that's not the problem I was talking
> The only valid case is using this over NCALRPC as SYSTEM.
> Why are you trying to change this?

read again, the current test is always true.

- if auth_type is one of the tested type, it cannot be any of the
  others, the 2 other != expressions will return true => access denied
- if auth_type is not one of the tested type, then all the !=
  expressions return true => access denied

the whole test in its current form can be replaced with

    if (1)

which is surely not what we want.
another fix would be to replace all || by &&.

Aurélien Aptel / SUSE Labs Samba Team
GPG: 1839 CB5F 9F5B FB9B AA97  8C99 03C8 A49B 521B D5D3
SUSE Linux GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160229/caf842fb/attachment.sig>

More information about the samba-technical mailing list