CVS update: samba/source/rpc_server

[Andrew Bartlett]

Andrew Bartlett wrote:
> 
> Jeremy Allison wrote:
> >
> > On Sat, Nov 10, 2001 at 10:54:39AM +1100, Andrew Bartlett wrote:
> >
> > > By this point it should be clearer why keeping the 'have vuid' case
> > > should be kept simple - particularly given the security issues with the
> > > current code.  (Users of NT4 terminal server are advised to always use
> > > the registry hack to permit multiple connections to samba, for both
> > > performance and security reasons).
> >
> > Performance reasons only. Multi-user NT boxes switch vuid and do
> > multiple session setups when multiple users access the shares.
> > There are no security holes known with mutli-user NT/Citrix and
> > samba.
> 
> But they don't do multiple tree connects do they?
> 
> The problem is that the user_ok() code at present doesn't consider the
> guest user case.
> 
> (or the NT ACL in tdb for that matter)

Correct me if I am wrong, but doesn't NT use the same tid for any
subsequent user of a share - ie the roaming profile and \\server\homes
bug?

Becouse its the old tid being used, we don't do any of the checks in
make_connection() and as such we don't check the ACL rules, we don't
check the 'guest ok' rules (these are in authorise_login) and we don't
use a per-conn guest user becouse we didn't set 'force_user' in the
conn.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Samba Team member, Build Farm maintainer        abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net