[SCM] Samba Shared Repository - branch master updated

Tue, 30 Aug 2011 11:51:03 -0700 

The branch, master has been updated
       via  a38ff63 s3-rpc_server: Make sure we switch always the connecting 
user.
      from  e52fa62 s3: Silence some warnings

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit a38ff63fcdc0d3ac1669b1c1343006d9db4e926b
Author: Andreas Schneider <[email protected]>
Date:   Tue Aug 30 16:37:40 2011 +0200

    s3-rpc_server: Make sure we switch always the connecting user.
    
    We always have a valid session info and if it is a anonymous connection
    we have a session info of the guest user. This means we should always
    call become_authenticated_pipe_user() else and anonymous user could do
    things as root.
    
    Autobuild-User: Andreas Schneider <[email protected]>
    Autobuild-Date: Tue Aug 30 20:50:54 CEST 2011 on sn-devel-104

-----------------------------------------------------------------------

Summary of changes:
 source3/rpc_server/srv_pipe.c |   24 +++++++++++-------------
 1 files changed, 11 insertions(+), 13 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 058f1b8..7a616c0 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -1521,18 +1521,18 @@ static bool api_pipe_request(struct pipes_struct *p,
                                struct ncacn_packet *pkt)
 {
        bool ret = False;
-       bool changed_user = False;
        struct pipe_rpc_fns *pipe_fns;
 
-       if (p->pipe_bound &&
-           ((p->auth.auth_type == DCERPC_AUTH_TYPE_NTLMSSP) ||
-            (p->auth.auth_type == DCERPC_AUTH_TYPE_KRB5) ||
-            (p->auth.auth_type == DCERPC_AUTH_TYPE_SPNEGO))) {
-               if(!become_authenticated_pipe_user(p->session_info)) {
-                       data_blob_free(&p->out_data.rdata);
-                       return False;
-               }
-               changed_user = True;
+       if (!p->pipe_bound) {
+               DEBUG(1, ("Pipe not bound!\n"));
+               data_blob_free(&p->out_data.rdata);
+               return false;
+       }
+
+       if (!become_authenticated_pipe_user(p->session_info)) {
+               DEBUG(1, ("Failed to become pipe user!\n"));
+               data_blob_free(&p->out_data.rdata);
+               return false;
        }
 
        /* get the set of RPC functions for this context */
@@ -1557,9 +1557,7 @@ static bool api_pipe_request(struct pipes_struct *p,
                          pkt->u.request.context_id));
        }
 
-       if (changed_user) {
-               unbecome_authenticated_pipe_user();
-       }
+       unbecome_authenticated_pipe_user();
 
        return ret;
 }


-- 
Samba Shared Repository

Reply via email to