s3-smbd: Use security_session_user_level() rather than nt_token_check_sid()

This allows the unix.whoami test to pass when configured as part of the AD DC.

The struct auth_session_info is slightly different in the AD DC configuration
when using auth_samba4.  In particular, there is a distinction between Guest
and Anonymous logins.

Andrew Bartlett

1 files changed, 1 insertions, 13 deletions

diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 63ee76bce9..5cfbc3128b 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -3426,22 +3426,10 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned
 				return NT_STATUS_BUFFER_TOO_SMALL;
 			}
 
-			/* We ARE guest if global_sid_Builtin_Guests is
-			 * in our list of SIDs.
-			 */
-			if (nt_token_check_sid(&global_sid_Builtin_Guests,
-					       conn->session_info->security_token)) {
+			if (security_session_user_level(conn->session_info, NULL) < SECURITY_USER) {
 				flags |= SMB_WHOAMI_GUEST;
 			}
 
-			/* We are NOT guest if global_sid_Authenticated_Users
-			 * is in our list of SIDs.
-			 */
-			if (nt_token_check_sid(&global_sid_Authenticated_Users,
-					       conn->session_info->security_token)) {
-				flags &= ~SMB_WHOAMI_GUEST;
-			}
-
 			/* NOTE: 8 bytes for UID/GID, irrespective of native
 			 * platform size. This matches
 			 * SMB_QUERY_FILE_UNIX_BASIC and friends.