r5460: Fix "restrict anonymous = 1". If we have schannel connection, we must be

validated with a user, so allow it even if pipe itself had an anonymous
connection.
(This used to be commit 469a649ad7271159960335419fd3ce2633cf2c8b)

diff --git a/source3/rpc_server/srv_lsa_hnd.c b/source3/rpc_server/srv_lsa_hnd.c
index 0f9f239a029e36624edef14f8e4ba8fd6c19687d..68072b528aaac439872014e4fd31796e59e34b40 100644 (file)
--- a/source3/rpc_server/srv_lsa_hnd.c
+++ b/source3/rpc_server/srv_lsa_hnd.c
@@ -252,6 +252,10 @@ BOOL pipe_access_check(pipes_struct *p)
        if (lp_restrict_anonymous() > 0) {
                user_struct *user = get_valid_user_struct(p->vuid);
 
+               /* schannel, so we must be ok */
+               if (p->netsec_auth_validated)
+                       return True;
+
                if (!user) {
                        DEBUG(3, ("invalid vuid %d\n", p->vuid));
                        return False;