From a38ff63fcdc0d3ac1669b1c1343006d9db4e926b Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Tue, 30 Aug 2011 16:37:40 +0200 Subject: [PATCH] s3-rpc_server: Make sure we switch always the connecting user. We always have a valid session info and if it is a anonymous connection we have a session info of the guest user. This means we should always call become_authenticated_pipe_user() else and anonymous user could do things as root. Autobuild-User: Andreas Schneider Autobuild-Date: Tue Aug 30 20:50:54 CEST 2011 on sn-devel-104 --- source3/rpc_server/srv_pipe.c | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 058f1b8b14..7a616c0ee6 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -1521,18 +1521,18 @@ static bool api_pipe_request(struct pipes_struct *p, struct ncacn_packet *pkt) { bool ret = False; - bool changed_user = False; struct pipe_rpc_fns *pipe_fns; - if (p->pipe_bound && - ((p->auth.auth_type == DCERPC_AUTH_TYPE_NTLMSSP) || - (p->auth.auth_type == DCERPC_AUTH_TYPE_KRB5) || - (p->auth.auth_type == DCERPC_AUTH_TYPE_SPNEGO))) { - if(!become_authenticated_pipe_user(p->session_info)) { - data_blob_free(&p->out_data.rdata); - return False; - } - changed_user = True; + if (!p->pipe_bound) { + DEBUG(1, ("Pipe not bound!\n")); + data_blob_free(&p->out_data.rdata); + return false; + } + + if (!become_authenticated_pipe_user(p->session_info)) { + DEBUG(1, ("Failed to become pipe user!\n")); + data_blob_free(&p->out_data.rdata); + return false; } /* get the set of RPC functions for this context */ @@ -1557,9 +1557,7 @@ static bool api_pipe_request(struct pipes_struct *p, pkt->u.request.context_id)); } - if (changed_user) { - unbecome_authenticated_pipe_user(); - } + unbecome_authenticated_pipe_user(); return ret; } -- 2.34.1