summaryrefslogtreecommitdiff
path: root/source3/rpc_server/srv_lsa_hnd.c
diff options
context:
space:
mode:
authorTim Potter <tpot@samba.org>2002-06-03 02:55:16 +0000
committerTim Potter <tpot@samba.org>2002-06-03 02:55:16 +0000
commitd706b5dc555bd61670359955770cb85ed0ce2896 (patch)
tree1f3e6a18652b429edaceb41d384b7e1ca8ef63a0 /source3/rpc_server/srv_lsa_hnd.c
parentd53b9f113a5f33eb93ae3e114b71fcfe18dcf666 (diff)
downloadsamba-d706b5dc555bd61670359955770cb85ed0ce2896.tar.gz
samba-d706b5dc555bd61670359955770cb85ed0ce2896.tar.bz2
samba-d706b5dc555bd61670359955770cb85ed0ce2896.zip
Move restrict anonymous checks into a general function called
pipe_access_check(). Eventually this can take a security descriptor as an argument as well. (This used to be commit 8bbdc674afef32621bf473ba1af76bae7270b818)
Diffstat (limited to 'source3/rpc_server/srv_lsa_hnd.c')
-rw-r--r--source3/rpc_server/srv_lsa_hnd.c28
1 files changed, 28 insertions, 0 deletions
diff --git a/source3/rpc_server/srv_lsa_hnd.c b/source3/rpc_server/srv_lsa_hnd.c
index 62af0ecac8..5af1e8c265 100644
--- a/source3/rpc_server/srv_lsa_hnd.c
+++ b/source3/rpc_server/srv_lsa_hnd.c
@@ -249,3 +249,31 @@ void close_policy_by_pipe(pipes_struct *p)
DEBUG(10,("close_policy_by_pipe: deleted handle list for pipe %s\n", p->name ));
}
}
+
+/*******************************************************************
+Shall we allow access to this rpc? Currently this function
+implements the 'restrict anonymous' setting by denying access to
+anonymous users if the restrict anonymous level is > 0. Further work
+will be checking a security descriptor to determine whether a user
+token has enough access to access the pipe.
+********************************************************************/
+
+BOOL pipe_access_check(pipes_struct *p)
+{
+ /* Don't let anonymous users access this RPC if restrict
+ anonymous > 0 */
+
+ if (lp_restrict_anonymous() > 0) {
+ user_struct *user = get_valid_user_struct(p->vuid);
+
+ if (!user) {
+ DEBUG(3, ("invalid vuid %d\n", p->vuid));
+ return False;
+ }
+
+ if (user->guest)
+ return False;
+ }
+
+ return True;
+}