summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2011-07-15 16:09:52 +1000
committerAndrew Bartlett <abartlet@samba.org>2011-07-20 09:17:11 +1000
commite2049e77e406981363a7b81fd092a6ccb4afb187 (patch)
tree5768746c4bb65ff4eb81b172adbc3350a6570980 /source3
parentbf1dba03b285f3044f096ab597df7859d68ad28e (diff)
downloadsamba-e2049e77e406981363a7b81fd092a6ccb4afb187.tar.gz
samba-e2049e77e406981363a7b81fd092a6ccb4afb187.tar.bz2
samba-e2049e77e406981363a7b81fd092a6ccb4afb187.zip
s3-auth Use guest boolean in auth_user_info_unix
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Diffstat (limited to 'source3')
-rw-r--r--source3/auth/auth_util.c17
-rw-r--r--source3/include/auth.h1
-rw-r--r--source3/rpc_server/lsa/srv_lsa_nt.c2
-rw-r--r--source3/rpc_server/rpc_handles.c2
-rw-r--r--source3/smbd/lanman.c2
-rw-r--r--source3/smbd/password.c6
-rw-r--r--source3/smbd/service.c4
-rw-r--r--source3/smbd/session.c2
-rw-r--r--source3/smbd/sesssetup.c6
-rw-r--r--source3/smbd/smb2_sesssetup.c8
10 files changed, 26 insertions, 24 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index f53f63df1f..fb1a207e72 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -508,7 +508,7 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
(server_info->nss_token)) {
status = create_token_from_username(session_info,
session_info->unix_info->unix_name,
- session_info->guest,
+ session_info->unix_info->guest,
&session_info->unix_token->uid,
&session_info->unix_token->gid,
&session_info->unix_info->unix_name,
@@ -516,7 +516,7 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
} else {
status = create_local_nt_token_from_info3(session_info,
- session_info->guest,
+ session_info->unix_info->guest,
session_info->info3,
&session_info->extra,
&session_info->security_token);
@@ -978,7 +978,10 @@ static struct auth_serversupplied_info *copy_session_info_serverinfo(TALLOC_CTX
return NULL;
}
- dst->guest = src->guest;
+ /* This element must be provided to convert back to an auth_serversupplied_info */
+ SMB_ASSERT(src->unix_info);
+
+ dst->guest = src->unix_info->guest;
dst->system = src->system;
/* This element must be provided to convert back to an auth_serversupplied_info */
@@ -1015,8 +1018,6 @@ static struct auth_serversupplied_info *copy_session_info_serverinfo(TALLOC_CTX
}
dst->extra = src->extra;
- /* This element must be provided to convert back to an auth_serversupplied_info */
- SMB_ASSERT(src->unix_info);
dst->unix_name = talloc_strdup(dst, src->unix_info->unix_name);
if (!dst->unix_name) {
TALLOC_FREE(dst);
@@ -1042,7 +1043,6 @@ static struct auth3_session_info *copy_serverinfo_session_info(TALLOC_CTX *mem_c
return NULL;
}
- dst->guest = src->guest;
dst->system = src->system;
dst->unix_token = talloc(dst, struct security_unix_token);
@@ -1100,6 +1100,8 @@ static struct auth3_session_info *copy_serverinfo_session_info(TALLOC_CTX *mem_c
return NULL;
}
+ dst->unix_info->guest = src->guest;
+
return dst;
}
@@ -1113,7 +1115,6 @@ struct auth3_session_info *copy_session_info(TALLOC_CTX *mem_ctx,
return NULL;
}
- dst->guest = src->guest;
dst->system = src->system;
if (src->unix_token) {
@@ -1175,6 +1176,8 @@ struct auth3_session_info *copy_session_info(TALLOC_CTX *mem_ctx,
TALLOC_FREE(dst);
return NULL;
}
+
+ dst->unix_info->guest = src->unix_info->guest;
}
return dst;
diff --git a/source3/include/auth.h b/source3/include/auth.h
index 11d501f434..d13f18b7a5 100644
--- a/source3/include/auth.h
+++ b/source3/include/auth.h
@@ -76,7 +76,6 @@ struct auth_serversupplied_info {
};
struct auth3_session_info {
- bool guest;
bool system;
struct security_unix_token *unix_token;
diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c
index eaf1a5b0ba..309e2aa5f6 100644
--- a/source3/rpc_server/lsa/srv_lsa_nt.c
+++ b/source3/rpc_server/lsa/srv_lsa_nt.c
@@ -2400,7 +2400,7 @@ NTSTATUS _lsa_GetUserName(struct pipes_struct *p,
return NT_STATUS_INVALID_PARAMETER;
}
- if (p->session_info->guest) {
+ if (p->session_info->unix_info->guest) {
/*
* I'm 99% sure this is not the right place to do this,
* global_sid_Anonymous should probably be put into the token
diff --git a/source3/rpc_server/rpc_handles.c b/source3/rpc_server/rpc_handles.c
index 7fa59b6b11..f3a97b37a2 100644
--- a/source3/rpc_server/rpc_handles.c
+++ b/source3/rpc_server/rpc_handles.c
@@ -346,7 +346,7 @@ bool pipe_access_check(struct pipes_struct *p)
return True;
}
- if (p->session_info->guest) {
+ if (p->session_info->unix_info->guest) {
return False;
}
}
diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
index b8fcc3022d..c1b7ab6077 100644
--- a/source3/smbd/lanman.c
+++ b/source3/smbd/lanman.c
@@ -5857,7 +5857,7 @@ void api_reply(connection_struct *conn, uint16 vuid,
if (api_commands[i].auth_user && lp_restrict_anonymous()) {
user_struct *user = get_valid_user_struct(req->sconn, vuid);
- if (!user || user->session_info->guest) {
+ if (!user || user->session_info->unix_info->guest) {
reply_nterror(req, NT_STATUS_ACCESS_DENIED);
return;
}
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 08b53a818e..9daecaf48e 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -294,7 +294,7 @@ int register_existing_vuid(struct smbd_server_connection *sconn,
vuser->session_info->unix_info->unix_name,
vuser->session_info->unix_info->sanitized_username,
vuser->session_info->info3->base.domain.string,
- vuser->session_info->guest ));
+ vuser->session_info->unix_info->guest ));
DEBUG(3, ("register_existing_vuid: User name: %s\t"
"Real name: %s\n", vuser->session_info->unix_info->unix_name,
@@ -328,13 +328,13 @@ int register_existing_vuid(struct smbd_server_connection *sconn,
vuser->homes_snum = -1;
- if (!vuser->session_info->guest) {
+ if (!vuser->session_info->unix_info->guest) {
vuser->homes_snum = register_homes_share(
vuser->session_info->unix_info->unix_name);
}
if (srv_is_signing_negotiated(sconn) &&
- !vuser->session_info->guest) {
+ !vuser->session_info->unix_info->guest) {
/* Try and turn on server signing on the first non-guest
* sessionsetup. */
srv_set_signing(sconn,
diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index 47114f1255..d5a757c61f 100644
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -394,7 +394,7 @@ static NTSTATUS create_connection_session_info(struct smbd_server_connection *sc
* This is the normal security != share case where we have a
* valid vuid from the session setup. */
- if (vuid_serverinfo->guest) {
+ if (vuid_serverinfo->unix_info->guest) {
if (!lp_guest_ok(snum)) {
DEBUG(2, ("guest user (from session setup) "
"not permitted to access this share "
@@ -475,7 +475,7 @@ NTSTATUS set_conn_force_user_group(connection_struct *conn, int snum)
}
status = make_session_info_from_username(
- conn, fuser, conn->session_info->guest,
+ conn, fuser, conn->session_info->unix_info->guest,
&forced_serverinfo);
if (!NT_STATUS_IS_OK(status)) {
return status;
diff --git a/source3/smbd/session.c b/source3/smbd/session.c
index a6bc4924b5..9b8d11cc65 100644
--- a/source3/smbd/session.c
+++ b/source3/smbd/session.c
@@ -53,7 +53,7 @@ bool session_claim(struct smbd_server_connection *sconn, user_struct *vuser)
/* don't register sessions for the guest user - its just too
expensive to go through pam session code for browsing etc */
- if (vuser->session_info->guest) {
+ if (vuser->session_info->unix_info->guest) {
return True;
}
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 694c0874f2..76f96b1e42 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -441,7 +441,7 @@ static void reply_spnego_kerberos(struct smb_request *req,
SSVAL(req->outbuf, smb_vwv3, 0);
- if (session_info->guest) {
+ if (session_info->unix_info->guest) {
SSVAL(req->outbuf,smb_vwv2,1);
}
@@ -535,7 +535,7 @@ static void reply_spnego_ntlmssp(struct smb_request *req,
SSVAL(req->outbuf, smb_vwv3, 0);
- if (session_info->guest) {
+ if (session_info->unix_info->guest) {
SSVAL(req->outbuf,smb_vwv2,1);
}
}
@@ -1702,7 +1702,7 @@ void reply_sesssetup_and_X(struct smb_request *req)
/* perhaps grab OS version here?? */
}
- if (session_info->guest) {
+ if (session_info->unix_info->guest) {
SSVAL(req->outbuf,smb_vwv2,1);
}
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index fb9fbde502..9475ffb363 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -253,7 +253,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session,
session->do_signing = true;
}
- if (session->session_info->guest) {
+ if (session->session_info->unix_info->guest) {
/* we map anonymous to guest internally */
*out_session_flags |= SMB2_SESSION_FLAG_IS_GUEST;
*out_session_flags |= SMB2_SESSION_FLAG_IS_NULL;
@@ -280,7 +280,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session,
session->session_info->unix_info->sanitized_username =
talloc_strdup(session->session_info, tmp);
- if (!session->session_info->guest) {
+ if (!session->session_info->unix_info->guest) {
session->compat_vuser->homes_snum =
register_homes_share(session->session_info->unix_info->unix_name);
}
@@ -460,7 +460,7 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s
session->do_signing = true;
}
- if (session->session_info->guest) {
+ if (session->session_info->unix_info->guest) {
/* we map anonymous to guest internally */
*out_session_flags |= SMB2_SESSION_FLAG_IS_GUEST;
*out_session_flags |= SMB2_SESSION_FLAG_IS_NULL;
@@ -491,7 +491,7 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s
session->session_info->unix_info->sanitized_username = talloc_strdup(
session->session_info, tmp);
- if (!session->compat_vuser->session_info->guest) {
+ if (!session->compat_vuser->session_info->unix_info->guest) {
session->compat_vuser->homes_snum =
register_homes_share(session->session_info->unix_info->unix_name);
}