From 96aaf64fa6279598b1a7ce67f02316c6cdd2a651 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Sat, 19 Feb 2005 11:09:52 +0000 Subject: r5460: Fix "restrict anonymous = 1". If we have schannel connection, we must be validated with a user, so allow it even if pipe itself had an anonymous connection. (This used to be commit 469a649ad7271159960335419fd3ce2633cf2c8b) --- source3/rpc_server/srv_lsa_hnd.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source3/rpc_server') diff --git a/source3/rpc_server/srv_lsa_hnd.c b/source3/rpc_server/srv_lsa_hnd.c index 0f9f239a02..68072b528a 100644 --- a/source3/rpc_server/srv_lsa_hnd.c +++ b/source3/rpc_server/srv_lsa_hnd.c @@ -252,6 +252,10 @@ BOOL pipe_access_check(pipes_struct *p) if (lp_restrict_anonymous() > 0) { user_struct *user = get_valid_user_struct(p->vuid); + /* schannel, so we must be ok */ + if (p->netsec_auth_validated) + return True; + if (!user) { DEBUG(3, ("invalid vuid %d\n", p->vuid)); return False; -- cgit