summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2010-08-14 20:33:36 +1000
committerAndrew Bartlett <abartlet@samba.org>2010-08-18 09:50:45 +1000
commit23dc2e4244a99f1e955d54c22516a7a8c108d989 (patch)
tree86547834a98a7ba2183b778c0b95dc017e56dbb5 /source4
parent2ceb3d8d35b87926d0ffc933782321598457fc11 (diff)
downloadsamba-23dc2e4244a99f1e955d54c22516a7a8c108d989.tar.gz
samba-23dc2e4244a99f1e955d54c22516a7a8c108d989.tar.bz2
samba-23dc2e4244a99f1e955d54c22516a7a8c108d989.zip
s4:auth Change {anonymous,system}_session to use common session_info generation
This also changes the primary group for anonymous to be the anonymous SID, and adds code to detect and ignore this when constructing the token. Andrew Bartlett
Diffstat (limited to 'source4')
-rw-r--r--source4/auth/system_session.c8
-rw-r--r--source4/dsdb/samdb/samdb.c6
2 files changed, 8 insertions, 6 deletions
diff --git a/source4/auth/system_session.c b/source4/auth/system_session.c
index d588090d60..4712702e46 100644
--- a/source4/auth/system_session.c
+++ b/source4/auth/system_session.c
@@ -190,7 +190,7 @@ NTSTATUS auth_system_session_info(TALLOC_CTX *parent_ctx,
}
/* references the server_info into the session_info */
- nt_status = auth_generate_simple_session_info(parent_ctx, server_info, &session_info);
+ nt_status = auth_generate_session_info(parent_ctx, NULL, server_info, 0, &session_info);
talloc_free(mem_ctx);
NT_STATUS_NOT_OK_RETURN(nt_status);
@@ -441,7 +441,7 @@ _PUBLIC_ NTSTATUS auth_anonymous_session_info(TALLOC_CTX *parent_ctx,
}
/* references the server_info into the session_info */
- nt_status = auth_generate_simple_session_info(parent_ctx, server_info, &session_info);
+ nt_status = auth_generate_session_info(parent_ctx, NULL, server_info, 0, &session_info);
talloc_free(mem_ctx);
NT_STATUS_NOT_OK_RETURN(nt_status);
@@ -470,8 +470,8 @@ _PUBLIC_ NTSTATUS auth_anonymous_server_info(TALLOC_CTX *mem_ctx,
server_info->account_sid = dom_sid_parse_talloc(server_info, SID_NT_ANONYMOUS);
NT_STATUS_HAVE_NO_MEMORY(server_info->account_sid);
- /* is this correct? */
- server_info->primary_group_sid = dom_sid_parse_talloc(server_info, SID_BUILTIN_GUESTS);
+ /* The anonymous user has only one SID in it's token, but we need to fill something in here */
+ server_info->primary_group_sid = dom_sid_parse_talloc(server_info, SID_NT_ANONYMOUS);
NT_STATUS_HAVE_NO_MEMORY(server_info->primary_group_sid);
server_info->n_domain_groups = 0;
diff --git a/source4/dsdb/samdb/samdb.c b/source4/dsdb/samdb/samdb.c
index 2d64cc1b85..0a2d5c3c7c 100644
--- a/source4/dsdb/samdb/samdb.c
+++ b/source4/dsdb/samdb/samdb.c
@@ -168,8 +168,10 @@ NTSTATUS security_token_create(TALLOC_CTX *mem_ctx,
NT_STATUS_HAVE_NO_MEMORY(ptoken->sids);
ptoken->sids[PRIMARY_USER_SID_INDEX] = talloc_reference(ptoken, user_sid);
- ptoken->sids[PRIMARY_GROUP_SID_INDEX] = talloc_reference(ptoken, group_sid);
- ptoken->num_sids++;
+ if (!dom_sid_equal(user_sid, group_sid)) {
+ ptoken->sids[PRIMARY_GROUP_SID_INDEX] = talloc_reference(ptoken, group_sid);
+ ptoken->num_sids++;
+ }
/*
* Finally add the "standard" SIDs.