diff options
author | Andrew Bartlett <abartlet@samba.org> | 2011-07-19 10:51:08 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2011-07-20 09:17:14 +1000 |
commit | 9d09b66f41cb4ab58bd4a6d83ecebb91805a4b5b (patch) | |
tree | d8a9805ff8c06f32c7a43631fa7bb470ceb0884a | |
parent | 02444afb87ae940d4d58d5566f16121279a57902 (diff) | |
download | samba-9d09b66f41cb4ab58bd4a6d83ecebb91805a4b5b.tar.gz samba-9d09b66f41cb4ab58bd4a6d83ecebb91805a4b5b.tar.bz2 samba-9d09b66f41cb4ab58bd4a6d83ecebb91805a4b5b.zip |
auth: Set NETLOGON_GUEST and use it to determine guest status
These additional measures should help ensure we do not accidentily upgrade
a guest to an authenticated user in the future.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
-rw-r--r-- | auth/auth_sam_reply.c | 3 | ||||
-rw-r--r-- | source3/auth/auth_util.c | 3 |
2 files changed, 5 insertions, 1 deletions
diff --git a/auth/auth_sam_reply.c b/auth/auth_sam_reply.c index ee27e966f6..59fcf7ad5d 100644 --- a/auth/auth_sam_reply.c +++ b/auth/auth_sam_reply.c @@ -237,7 +237,8 @@ NTSTATUS make_user_info_SamBaseInfo(TALLOC_CTX *mem_ctx, info->bad_password_count = base->bad_password_count; info->acct_flags = base->acct_flags; - info->authenticated = authenticated; + /* Only set authenticated if both NETLOGON_GUEST is not set, and authenticated is set */ + info->authenticated = (authenticated && (!(base->user_flags & NETLOGON_GUEST))); *_user_info = info; return NT_STATUS_OK; diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 0627911aeb..d5ca1a206b 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -809,6 +809,9 @@ static NTSTATUS get_guest_info3(TALLOC_CTX *mem_ctx, /* Primary gid */ info3->base.primary_gid = BUILTIN_RID_GUESTS; + /* Set as guest */ + info3->base.user_flags = NETLOGON_GUEST; + TALLOC_FREE(pwd); return NT_STATUS_OK; } |