diff options
author | Andrew Bartlett <abartlet@samba.org> | 2011-07-19 11:57:05 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2011-07-20 09:17:14 +1000 |
commit | 662282106318e3f1f0bbcc7281f49ee5b3727f21 (patch) | |
tree | 615737d5c566c5ff5071d9db8227498f689e74f3 /source3/smbd/service.c | |
parent | 9d09b66f41cb4ab58bd4a6d83ecebb91805a4b5b (diff) | |
download | samba-662282106318e3f1f0bbcc7281f49ee5b3727f21.tar.gz samba-662282106318e3f1f0bbcc7281f49ee5b3727f21.tar.bz2 samba-662282106318e3f1f0bbcc7281f49ee5b3727f21.zip |
s3-auth Remove seperate guest boolean
Instead, we base our guest calculations on the presence or absense of the
authenticated users group in the token, ensuring that we have only
one canonical source of this important piece of authorization data
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Diffstat (limited to 'source3/smbd/service.c')
-rw-r--r-- | source3/smbd/service.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 71681aeca2..f1d2ca040d 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -394,8 +394,8 @@ static NTSTATUS create_connection_session_info(struct smbd_server_connection *sc * This is the normal security != share case where we have a * valid vuid from the session setup. */ - if (vuid_serverinfo->unix_info->guest) { - if (!lp_guest_ok(snum)) { + if (security_session_user_level(vuid_serverinfo, NULL) < SECURITY_USER) { + if (!lp_guest_ok(snum)) { DEBUG(2, ("guest user (from session setup) " "not permitted to access this share " "(%s)\n", lp_servicename(snum))); @@ -467,6 +467,7 @@ NTSTATUS set_conn_force_user_group(connection_struct *conn, int snum) char *fuser; struct auth_session_info *forced_serverinfo; + bool guest; fuser = talloc_string_sub(conn, lp_force_user(snum), "%S", lp_const_servicename(snum)); @@ -474,8 +475,11 @@ NTSTATUS set_conn_force_user_group(connection_struct *conn, int snum) return NT_STATUS_NO_MEMORY; } + guest = security_session_user_level(conn->session_info, NULL) < SECURITY_USER; + status = make_session_info_from_username( - conn, fuser, conn->session_info->unix_info->guest, + conn, fuser, + guest, &forced_serverinfo); if (!NT_STATUS_IS_OK(status)) { return status; |