diff options
author | Andrew Bartlett <abartlet@samba.org> | 2011-07-19 11:57:05 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2011-07-20 09:17:14 +1000 |
commit | 662282106318e3f1f0bbcc7281f49ee5b3727f21 (patch) | |
tree | 615737d5c566c5ff5071d9db8227498f689e74f3 /source3/smbd/smb2_sesssetup.c | |
parent | 9d09b66f41cb4ab58bd4a6d83ecebb91805a4b5b (diff) | |
download | samba-662282106318e3f1f0bbcc7281f49ee5b3727f21.tar.gz samba-662282106318e3f1f0bbcc7281f49ee5b3727f21.tar.bz2 samba-662282106318e3f1f0bbcc7281f49ee5b3727f21.zip |
s3-auth Remove seperate guest boolean
Instead, we base our guest calculations on the presence or absense of the
authenticated users group in the token, ensuring that we have only
one canonical source of this important piece of authorization data
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Diffstat (limited to 'source3/smbd/smb2_sesssetup.c')
-rw-r--r-- | source3/smbd/smb2_sesssetup.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c index 9475ffb363..7a83953256 100644 --- a/source3/smbd/smb2_sesssetup.c +++ b/source3/smbd/smb2_sesssetup.c @@ -31,6 +31,7 @@ #include "../lib/util/asn1.h" #include "auth.h" #include "../lib/tsocket/tsocket.h" +#include "../libcli/security/security.h" static NTSTATUS smbd_smb2_session_setup(struct smbd_smb2_request *smb2req, uint64_t in_session_id, @@ -253,7 +254,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session, session->do_signing = true; } - if (session->session_info->unix_info->guest) { + if (security_session_user_level(session->session_info, NULL) < SECURITY_USER) { /* we map anonymous to guest internally */ *out_session_flags |= SMB2_SESSION_FLAG_IS_GUEST; *out_session_flags |= SMB2_SESSION_FLAG_IS_NULL; @@ -280,7 +281,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session, session->session_info->unix_info->sanitized_username = talloc_strdup(session->session_info, tmp); - if (!session->session_info->unix_info->guest) { + if (security_session_user_level(session->session_info, NULL) >= SECURITY_USER) { session->compat_vuser->homes_snum = register_homes_share(session->session_info->unix_info->unix_name); } @@ -460,7 +461,7 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s session->do_signing = true; } - if (session->session_info->unix_info->guest) { + if (security_session_user_level(session->session_info, NULL) < SECURITY_USER) { /* we map anonymous to guest internally */ *out_session_flags |= SMB2_SESSION_FLAG_IS_GUEST; *out_session_flags |= SMB2_SESSION_FLAG_IS_NULL; @@ -491,7 +492,7 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s session->session_info->unix_info->sanitized_username = talloc_strdup( session->session_info, tmp); - if (!session->compat_vuser->session_info->unix_info->guest) { + if (security_session_user_level(session->session_info, NULL) >= SECURITY_USER) { session->compat_vuser->homes_snum = register_homes_share(session->session_info->unix_info->unix_name); } |