diff options
author | Tim Potter <tpot@samba.org> | 2002-06-03 02:55:16 +0000 |
---|---|---|
committer | Tim Potter <tpot@samba.org> | 2002-06-03 02:55:16 +0000 |
commit | d706b5dc555bd61670359955770cb85ed0ce2896 (patch) | |
tree | 1f3e6a18652b429edaceb41d384b7e1ca8ef63a0 /source3/rpc_server/srv_lsa_hnd.c | |
parent | d53b9f113a5f33eb93ae3e114b71fcfe18dcf666 (diff) | |
download | samba-d706b5dc555bd61670359955770cb85ed0ce2896.tar.gz samba-d706b5dc555bd61670359955770cb85ed0ce2896.tar.bz2 samba-d706b5dc555bd61670359955770cb85ed0ce2896.zip |
Move restrict anonymous checks into a general function called
pipe_access_check(). Eventually this can take a security descriptor
as an argument as well.
(This used to be commit 8bbdc674afef32621bf473ba1af76bae7270b818)
Diffstat (limited to 'source3/rpc_server/srv_lsa_hnd.c')
-rw-r--r-- | source3/rpc_server/srv_lsa_hnd.c | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/source3/rpc_server/srv_lsa_hnd.c b/source3/rpc_server/srv_lsa_hnd.c index 62af0ecac8..5af1e8c265 100644 --- a/source3/rpc_server/srv_lsa_hnd.c +++ b/source3/rpc_server/srv_lsa_hnd.c @@ -249,3 +249,31 @@ void close_policy_by_pipe(pipes_struct *p) DEBUG(10,("close_policy_by_pipe: deleted handle list for pipe %s\n", p->name )); } } + +/******************************************************************* +Shall we allow access to this rpc? Currently this function +implements the 'restrict anonymous' setting by denying access to +anonymous users if the restrict anonymous level is > 0. Further work +will be checking a security descriptor to determine whether a user +token has enough access to access the pipe. +********************************************************************/ + +BOOL pipe_access_check(pipes_struct *p) +{ + /* Don't let anonymous users access this RPC if restrict + anonymous > 0 */ + + if (lp_restrict_anonymous() > 0) { + user_struct *user = get_valid_user_struct(p->vuid); + + if (!user) { + DEBUG(3, ("invalid vuid %d\n", p->vuid)); + return False; + } + + if (user->guest) + return False; + } + + return True; +} |