summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthias Dieter Wallnöfer <mdw@samba.org>2010-05-30 12:02:24 +0200
committerMatthias Dieter Wallnöfer <mdw@samba.org>2010-05-30 12:39:30 +0200
commit1cf5be39e30f9478606a5525eb7beeb21ee83c24 (patch)
treee58062f58d833d35b2bea24de698f1fcc22d3c1f
parent76cd237ee59a3301166ddcbc4166fc7a133e03e3 (diff)
downloadsamba-1cf5be39e30f9478606a5525eb7beeb21ee83c24.tar.gz
samba-1cf5be39e30f9478606a5525eb7beeb21ee83c24.tar.bz2
samba-1cf5be39e30f9478606a5525eb7beeb21ee83c24.zip
s4:rpc_server/dcesrv_auth.c - Fix a RPC issue in conjunction with Windows 2000
Windows 2000 does strictly request header signing on some requests also if the server doesn't provide it. But there is a small trick (don't reset the actual session info) to make these special RPC operations work without a full header signing implementation. This fixes for example the list of domain groups in local groups when displayed sing the local user/group management tool. And this should finally fix bug #7113. The patch was inspired by another one by tridge and abartlet: http://gitweb.samba.org/samba.git/?p=tridge/samba.git;a=commitdiff;h=2dc19e2878371264606575d3fc09176776be7729
-rw-r--r--source4/rpc_server/dcesrv_auth.c14
1 files changed, 12 insertions, 2 deletions
diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c
index 4915c3ccbc..c04a2072a7 100644
--- a/source4/rpc_server/dcesrv_auth.c
+++ b/source4/rpc_server/dcesrv_auth.c
@@ -116,8 +116,18 @@ NTSTATUS dcesrv_auth_bind_ack(struct dcesrv_call_state *call, struct ncacn_packe
&dce_conn->auth_state.auth_info->credentials);
if (NT_STATUS_IS_OK(status)) {
- status = gensec_session_info(dce_conn->auth_state.gensec_security,
- &dce_conn->auth_state.session_info);
+ if ((call->pkt.pfc_flags & DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)
+ && (talloc_get_type(dce_conn->auth_state.session_info,
+ struct auth_session_info) != NULL)) {
+ /* This is a small hack to make some Windows 2000 RPC
+ * operations work. It should be removed (always call
+ * "gensec_session_info") when we fully support header
+ * signing. */
+ status = NT_STATUS_OK;
+ } else {
+ status = gensec_session_info(dce_conn->auth_state.gensec_security,
+ &dce_conn->auth_state.session_info);
+ }
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to establish session_info: %s\n", nt_errstr(status)));
return status;