Samba3 RPC Server
Andreas Schneider
asn at samba.org
Fri May 27 10:20:18 MDT 2011
Hi Volker and Jeremy,
I think you know that Simo and I are working on preforking support for Samba3.
I'm currently working on a LSA Service Daemon and trying to cleanup and fix
some Samba3 RPC server flaws.
Lets take a look at
source3/rpc_server/srv_pipe.c +1551
api_pipe_request() checks if the user connecting is authenticated user and
then becomes the user connecting before each RPC call.
Before SambaXP I discussed that with Simo in spoolssd that it doesn't make
sense to do it. If the user has to deal with files we should switch to the
user and not in any other case. So we implemented it this way in spoolss.
I think the same should apply to all other rpc calls. I would like to remove
the become_authenticated_pipe_user() call in the api_pipe_request() function
and switch to the "guest" or "nobody" user when we fork a daemon. This implies
that we correctly switch to root (or the user) and back in all rpc services.
If this is fine for you I would start to implement and test this.
Best regards,
-- andreas
--
Andreas Schneider GPG-ID: F33E3FC6
Samba Team asn at samba.org
www.samba.org
More information about the samba-technical
mailing list