diff options
author | Matthias Dieter Wallnöfer <mdw@samba.org> | 2010-05-30 12:02:24 +0200 |
---|---|---|
committer | Matthias Dieter Wallnöfer <mdw@samba.org> | 2010-05-30 12:39:30 +0200 |
commit | 1cf5be39e30f9478606a5525eb7beeb21ee83c24 (patch) | |
tree | e58062f58d833d35b2bea24de698f1fcc22d3c1f /source4 | |
parent | 76cd237ee59a3301166ddcbc4166fc7a133e03e3 (diff) | |
download | samba-1cf5be39e30f9478606a5525eb7beeb21ee83c24.tar.gz samba-1cf5be39e30f9478606a5525eb7beeb21ee83c24.tar.bz2 samba-1cf5be39e30f9478606a5525eb7beeb21ee83c24.zip |
s4:rpc_server/dcesrv_auth.c - Fix a RPC issue in conjunction with Windows 2000
Windows 2000 does strictly request header signing on some requests also if the
server doesn't provide it. But there is a small trick (don't reset the actual
session info) to make these special RPC operations work without a full header
signing implementation.
This fixes for example the list of domain groups in local groups when displayed
sing the local user/group management tool.
And this should finally fix bug #7113.
The patch was inspired by another one by tridge and abartlet: http://gitweb.samba.org/samba.git/?p=tridge/samba.git;a=commitdiff;h=2dc19e2878371264606575d3fc09176776be7729
Diffstat (limited to 'source4')
-rw-r--r-- | source4/rpc_server/dcesrv_auth.c | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c index 4915c3ccbc..c04a2072a7 100644 --- a/source4/rpc_server/dcesrv_auth.c +++ b/source4/rpc_server/dcesrv_auth.c @@ -116,8 +116,18 @@ NTSTATUS dcesrv_auth_bind_ack(struct dcesrv_call_state *call, struct ncacn_packe &dce_conn->auth_state.auth_info->credentials); if (NT_STATUS_IS_OK(status)) { - status = gensec_session_info(dce_conn->auth_state.gensec_security, - &dce_conn->auth_state.session_info); + if ((call->pkt.pfc_flags & DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN) + && (talloc_get_type(dce_conn->auth_state.session_info, + struct auth_session_info) != NULL)) { + /* This is a small hack to make some Windows 2000 RPC + * operations work. It should be removed (always call + * "gensec_session_info") when we fully support header + * signing. */ + status = NT_STATUS_OK; + } else { + status = gensec_session_info(dce_conn->auth_state.gensec_security, + &dce_conn->auth_state.session_info); + } if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to establish session_info: %s\n", nt_errstr(status))); return status; |