diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2010-08-14 20:33:36 +1000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2010-08-18 09:50:45 +1000 |
| commit | 23dc2e4244a99f1e955d54c22516a7a8c108d989 (patch) | |
| tree | 86547834a98a7ba2183b778c0b95dc017e56dbb5 /source4 | |
| parent | 2ceb3d8d35b87926d0ffc933782321598457fc11 (diff) | |
| download | samba-23dc2e4244a99f1e955d54c22516a7a8c108d989.tar.gz samba-23dc2e4244a99f1e955d54c22516a7a8c108d989.tar.bz2 samba-23dc2e4244a99f1e955d54c22516a7a8c108d989.zip | |
s4:auth Change {anonymous,system}_session to use common session_info generation
This also changes the primary group for anonymous to be the anonymous
SID, and adds code to detect and ignore this when constructing the token.
Andrew Bartlett
Diffstat (limited to 'source4')
| -rw-r--r-- | source4/auth/system_session.c | 8 | ||||
| -rw-r--r-- | source4/dsdb/samdb/samdb.c | 6 |
2 files changed, 8 insertions, 6 deletions
diff --git a/source4/auth/system_session.c b/source4/auth/system_session.c index d588090d60..4712702e46 100644 --- a/source4/auth/system_session.c +++ b/source4/auth/system_session.c @@ -190,7 +190,7 @@ NTSTATUS auth_system_session_info(TALLOC_CTX *parent_ctx, } /* references the server_info into the session_info */ - nt_status = auth_generate_simple_session_info(parent_ctx, server_info, &session_info); + nt_status = auth_generate_session_info(parent_ctx, NULL, server_info, 0, &session_info); talloc_free(mem_ctx); NT_STATUS_NOT_OK_RETURN(nt_status); @@ -441,7 +441,7 @@ _PUBLIC_ NTSTATUS auth_anonymous_session_info(TALLOC_CTX *parent_ctx, } /* references the server_info into the session_info */ - nt_status = auth_generate_simple_session_info(parent_ctx, server_info, &session_info); + nt_status = auth_generate_session_info(parent_ctx, NULL, server_info, 0, &session_info); talloc_free(mem_ctx); NT_STATUS_NOT_OK_RETURN(nt_status); @@ -470,8 +470,8 @@ _PUBLIC_ NTSTATUS auth_anonymous_server_info(TALLOC_CTX *mem_ctx, server_info->account_sid = dom_sid_parse_talloc(server_info, SID_NT_ANONYMOUS); NT_STATUS_HAVE_NO_MEMORY(server_info->account_sid); - /* is this correct? */ - server_info->primary_group_sid = dom_sid_parse_talloc(server_info, SID_BUILTIN_GUESTS); + /* The anonymous user has only one SID in it's token, but we need to fill something in here */ + server_info->primary_group_sid = dom_sid_parse_talloc(server_info, SID_NT_ANONYMOUS); NT_STATUS_HAVE_NO_MEMORY(server_info->primary_group_sid); server_info->n_domain_groups = 0; diff --git a/source4/dsdb/samdb/samdb.c b/source4/dsdb/samdb/samdb.c index 2d64cc1b85..0a2d5c3c7c 100644 --- a/source4/dsdb/samdb/samdb.c +++ b/source4/dsdb/samdb/samdb.c @@ -168,8 +168,10 @@ NTSTATUS security_token_create(TALLOC_CTX *mem_ctx, NT_STATUS_HAVE_NO_MEMORY(ptoken->sids); ptoken->sids[PRIMARY_USER_SID_INDEX] = talloc_reference(ptoken, user_sid); - ptoken->sids[PRIMARY_GROUP_SID_INDEX] = talloc_reference(ptoken, group_sid); - ptoken->num_sids++; + if (!dom_sid_equal(user_sid, group_sid)) { + ptoken->sids[PRIMARY_GROUP_SID_INDEX] = talloc_reference(ptoken, group_sid); + ptoken->num_sids++; + } /* * Finally add the "standard" SIDs. |