diff options
author | Andrew Bartlett <abartlet@samba.org> | 2010-08-14 20:33:36 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2010-08-18 09:50:45 +1000 |
commit | 23dc2e4244a99f1e955d54c22516a7a8c108d989 (patch) | |
tree | 86547834a98a7ba2183b778c0b95dc017e56dbb5 | |
parent | 2ceb3d8d35b87926d0ffc933782321598457fc11 (diff) | |
download | samba-23dc2e4244a99f1e955d54c22516a7a8c108d989.tar.gz samba-23dc2e4244a99f1e955d54c22516a7a8c108d989.tar.bz2 samba-23dc2e4244a99f1e955d54c22516a7a8c108d989.zip |
s4:auth Change {anonymous,system}_session to use common session_info generation
This also changes the primary group for anonymous to be the anonymous
SID, and adds code to detect and ignore this when constructing the token.
Andrew Bartlett
-rw-r--r-- | source4/auth/system_session.c | 8 | ||||
-rw-r--r-- | source4/dsdb/samdb/samdb.c | 6 |
2 files changed, 8 insertions, 6 deletions
diff --git a/source4/auth/system_session.c b/source4/auth/system_session.c index d588090d60..4712702e46 100644 --- a/source4/auth/system_session.c +++ b/source4/auth/system_session.c @@ -190,7 +190,7 @@ NTSTATUS auth_system_session_info(TALLOC_CTX *parent_ctx, } /* references the server_info into the session_info */ - nt_status = auth_generate_simple_session_info(parent_ctx, server_info, &session_info); + nt_status = auth_generate_session_info(parent_ctx, NULL, server_info, 0, &session_info); talloc_free(mem_ctx); NT_STATUS_NOT_OK_RETURN(nt_status); @@ -441,7 +441,7 @@ _PUBLIC_ NTSTATUS auth_anonymous_session_info(TALLOC_CTX *parent_ctx, } /* references the server_info into the session_info */ - nt_status = auth_generate_simple_session_info(parent_ctx, server_info, &session_info); + nt_status = auth_generate_session_info(parent_ctx, NULL, server_info, 0, &session_info); talloc_free(mem_ctx); NT_STATUS_NOT_OK_RETURN(nt_status); @@ -470,8 +470,8 @@ _PUBLIC_ NTSTATUS auth_anonymous_server_info(TALLOC_CTX *mem_ctx, server_info->account_sid = dom_sid_parse_talloc(server_info, SID_NT_ANONYMOUS); NT_STATUS_HAVE_NO_MEMORY(server_info->account_sid); - /* is this correct? */ - server_info->primary_group_sid = dom_sid_parse_talloc(server_info, SID_BUILTIN_GUESTS); + /* The anonymous user has only one SID in it's token, but we need to fill something in here */ + server_info->primary_group_sid = dom_sid_parse_talloc(server_info, SID_NT_ANONYMOUS); NT_STATUS_HAVE_NO_MEMORY(server_info->primary_group_sid); server_info->n_domain_groups = 0; diff --git a/source4/dsdb/samdb/samdb.c b/source4/dsdb/samdb/samdb.c index 2d64cc1b85..0a2d5c3c7c 100644 --- a/source4/dsdb/samdb/samdb.c +++ b/source4/dsdb/samdb/samdb.c @@ -168,8 +168,10 @@ NTSTATUS security_token_create(TALLOC_CTX *mem_ctx, NT_STATUS_HAVE_NO_MEMORY(ptoken->sids); ptoken->sids[PRIMARY_USER_SID_INDEX] = talloc_reference(ptoken, user_sid); - ptoken->sids[PRIMARY_GROUP_SID_INDEX] = talloc_reference(ptoken, group_sid); - ptoken->num_sids++; + if (!dom_sid_equal(user_sid, group_sid)) { + ptoken->sids[PRIMARY_GROUP_SID_INDEX] = talloc_reference(ptoken, group_sid); + ptoken->num_sids++; + } /* * Finally add the "standard" SIDs. |