[PATCH] s3/rpc_server/samr get_user_info_18(): allow encrypted connexions
Aurélien Aptel
aaptel at suse.com
Mon Feb 29 17:32:26 UTC 2016
Hi,
Sorry for the extra explanations :p
On Mon, 29 Feb 2016 18:21:37 +0100 Stefan Metzmacher <metze at samba.org>
wrote:
> I'm talking about something like this:
>
> diff --git a/source3/rpc_server/samr/srv_samr_nt.c
> b/source3/rpc_server/samr/srv_samr_nt.c
> index 4b4b77a..a77bd9d 100644
> --- a/source3/rpc_server/samr/srv_samr_nt.c
> +++ b/source3/rpc_server/samr/srv_samr_nt.c
> @@ -2616,21 +2616,14 @@ static NTSTATUS get_user_info_18(struct
> pipes_struct *p,
>
> ZERO_STRUCTP(r);
>
> - if
> (security_token_is_system(p->session_info->security_token)) {
> - goto query;
> - }
> -
> - if ((p->auth.auth_type != DCERPC_AUTH_TYPE_NTLMSSP) ||
> - (p->auth.auth_type != DCERPC_AUTH_TYPE_KRB5) ||
> - (p->auth.auth_type != DCERPC_AUTH_TYPE_SPNEGO)) {
> - return NT_STATUS_ACCESS_DENIED;
> + if (p->transport != NCALRPC) {
> + return NT_STATUS_INVALID_INFO_CLASS;
> }
>
> - if (p->auth.auth_level != DCERPC_AUTH_LEVEL_PRIVACY) {
> + if
> (!security_token_is_system(p->session_info->security_token)) { return
> NT_STATUS_ACCESS_DENIED; }
>
> - query:
> /*
> * Do *NOT* do become_root()/unbecome_root() here ! JRA.
> */
>
> metze
I don't think I know enough about the protocol to judge this :(
In any case the comment on top of the function might need some updates
too.
--
Aurélien Aptel / SUSE Labs Samba Team
GPG: 1839 CB5F 9F5B FB9B AA97 8C99 03C8 A49B 521B D5D3
SUSE Linux GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG
Nürnberg)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160229/2e26bb7b/attachment.sig>
More information about the samba-technical
mailing list