summaryrefslogtreecommitdiff
path: root/source3/rpc_server
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2011-07-19 11:57:05 +1000
committerAndrew Bartlett <abartlet@samba.org>2011-07-20 09:17:14 +1000
commit662282106318e3f1f0bbcc7281f49ee5b3727f21 (patch)
tree615737d5c566c5ff5071d9db8227498f689e74f3 /source3/rpc_server
parent9d09b66f41cb4ab58bd4a6d83ecebb91805a4b5b (diff)
downloadsamba-662282106318e3f1f0bbcc7281f49ee5b3727f21.tar.gz
samba-662282106318e3f1f0bbcc7281f49ee5b3727f21.tar.bz2
samba-662282106318e3f1f0bbcc7281f49ee5b3727f21.zip
s3-auth Remove seperate guest boolean
Instead, we base our guest calculations on the presence or absense of the authenticated users group in the token, ensuring that we have only one canonical source of this important piece of authorization data Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
Diffstat (limited to 'source3/rpc_server')
-rw-r--r--source3/rpc_server/lsa/srv_lsa_nt.c2
-rw-r--r--source3/rpc_server/rpc_handles.c3
2 files changed, 3 insertions, 2 deletions
diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c
index 8aea353679..5877c7b295 100644
--- a/source3/rpc_server/lsa/srv_lsa_nt.c
+++ b/source3/rpc_server/lsa/srv_lsa_nt.c
@@ -2400,7 +2400,7 @@ NTSTATUS _lsa_GetUserName(struct pipes_struct *p,
return NT_STATUS_INVALID_PARAMETER;
}
- if (p->session_info->unix_info->guest) {
+ if (security_session_user_level(p->session_info, NULL) < SECURITY_USER) {
/*
* I'm 99% sure this is not the right place to do this,
* global_sid_Anonymous should probably be put into the token
diff --git a/source3/rpc_server/rpc_handles.c b/source3/rpc_server/rpc_handles.c
index f3a97b37a2..3500a228d5 100644
--- a/source3/rpc_server/rpc_handles.c
+++ b/source3/rpc_server/rpc_handles.c
@@ -25,6 +25,7 @@
#include "auth.h"
#include "ntdomain.h"
#include "rpc_server/rpc_ncacn_np.h"
+#include "../libcli/security/security.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_RPC_SRV
@@ -346,7 +347,7 @@ bool pipe_access_check(struct pipes_struct *p)
return True;
}
- if (p->session_info->unix_info->guest) {
+ if (security_session_user_level(p->session_info, NULL) < SECURITY_USER) {
return False;
}
}