diff options
author | Andrew Bartlett <abartlet@samba.org> | 2011-07-19 11:57:05 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2011-07-20 09:17:14 +1000 |
commit | 662282106318e3f1f0bbcc7281f49ee5b3727f21 (patch) | |
tree | 615737d5c566c5ff5071d9db8227498f689e74f3 /source3/rpc_server | |
parent | 9d09b66f41cb4ab58bd4a6d83ecebb91805a4b5b (diff) | |
download | samba-662282106318e3f1f0bbcc7281f49ee5b3727f21.tar.gz samba-662282106318e3f1f0bbcc7281f49ee5b3727f21.tar.bz2 samba-662282106318e3f1f0bbcc7281f49ee5b3727f21.zip |
s3-auth Remove seperate guest boolean
Instead, we base our guest calculations on the presence or absense of the
authenticated users group in the token, ensuring that we have only
one canonical source of this important piece of authorization data
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Diffstat (limited to 'source3/rpc_server')
-rw-r--r-- | source3/rpc_server/lsa/srv_lsa_nt.c | 2 | ||||
-rw-r--r-- | source3/rpc_server/rpc_handles.c | 3 |
2 files changed, 3 insertions, 2 deletions
diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c index 8aea353679..5877c7b295 100644 --- a/source3/rpc_server/lsa/srv_lsa_nt.c +++ b/source3/rpc_server/lsa/srv_lsa_nt.c @@ -2400,7 +2400,7 @@ NTSTATUS _lsa_GetUserName(struct pipes_struct *p, return NT_STATUS_INVALID_PARAMETER; } - if (p->session_info->unix_info->guest) { + if (security_session_user_level(p->session_info, NULL) < SECURITY_USER) { /* * I'm 99% sure this is not the right place to do this, * global_sid_Anonymous should probably be put into the token diff --git a/source3/rpc_server/rpc_handles.c b/source3/rpc_server/rpc_handles.c index f3a97b37a2..3500a228d5 100644 --- a/source3/rpc_server/rpc_handles.c +++ b/source3/rpc_server/rpc_handles.c @@ -25,6 +25,7 @@ #include "auth.h" #include "ntdomain.h" #include "rpc_server/rpc_ncacn_np.h" +#include "../libcli/security/security.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_RPC_SRV @@ -346,7 +347,7 @@ bool pipe_access_check(struct pipes_struct *p) return True; } - if (p->session_info->unix_info->guest) { + if (security_session_user_level(p->session_info, NULL) < SECURITY_USER) { return False; } } |