windows-smb-disable-loopback-check-20090427

LICENSE MIT

Now that BackConnectionHostNames can be set each time the smb listener
threads are stopped and restarted, we need to make sure that we do not
clear the DisableLoopbackCheck value if it was set during the same
service session because BackConnectionHostName value changes only take
effect on a reboot.

diff --git a/src/WINNT/afsd/smb.c b/src/WINNT/afsd/smb.c
index 6d3410290972af69a7347bc0a0747cb758806561..70d5f4bdf8672c4bd0795d2e1d3081f49d29d6bb 100644 (file)
--- a/src/WINNT/afsd/smb.c
+++ b/src/WINNT/afsd/smb.c
@@ -9439,6 +9439,9 @@ configureBackConnectionHostNames(void)
      * Starting in Longhorn Beta 1, an entry in the BackConnectionHostNames value will
      * force Windows to use the loopback authentication mechanism for the specified 
      * services.
+     * 
+     * Do not permit the "DisableLoopbackCheck" value to be removed within the same
+     * service session that set it.  
      */
     HKEY hkLsa;
     HKEY hkMSV10;
@@ -9448,6 +9451,7 @@ configureBackConnectionHostNames(void)
     DWORD dwValue;
     PBYTE pHostNames = NULL, pName = NULL;
     BOOL  bNameFound = FALSE;   
+    static BOOL bLoopbackCheckDisabled = FALSE;
 
     /* BackConnectionHostNames and DisableLoopbackCheck */
     if ( RegOpenKeyEx( HKEY_LOCAL_MACHINE, 
@@ -9521,12 +9525,13 @@ configureBackConnectionHostNames(void)
                         dwSize = sizeof(DWORD);
                         dwValue = 1;
                         RegSetValueEx( hkClient, "RemoveDisableLoopbackCheck", 0, dwType, (LPBYTE)&dwValue, dwSize);
+                        bLoopbackCheckDisabled = TRUE;
                         RegCloseKey(hkClient);
                     }
                     RegCloseKey(hkLsa);
                 }
             }
-        } else {
+        } else if (!bLoopbackCheckDisabled) {
             if (RegCreateKeyEx( HKEY_LOCAL_MACHINE, 
                                 AFSREG_CLT_OPENAFS_SUBKEY,
                                 0,