summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/password.c37
-rw-r--r--source3/smbd/uid.c7
2 files changed, 34 insertions, 10 deletions
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 7232bffd11..193653a867 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -166,37 +166,56 @@ char *validated_domain(uint16 vuid)
Create the SID list for this user.
****************************************************************************/
-NT_USER_TOKEN *create_nt_token(uid_t uid, gid_t gid, int ngroups, gid_t *groups)
+NT_USER_TOKEN *create_nt_token(uid_t uid, gid_t gid, int ngroups, gid_t *groups, BOOL is_guest)
{
+ extern DOM_SID global_sid_World;
+ extern DOM_SID global_sid_Network;
+ extern DOM_SID global_sid_Builtin_Guests;
+ extern DOM_SID global_sid_Authenticated_Users;
NT_USER_TOKEN *token;
DOM_SID *psids;
int i, psid_ndx = 0;
+ size_t num_sids = 0;
if ((token = (NT_USER_TOKEN *)malloc( sizeof(NT_USER_TOKEN) ) ) == NULL)
return NULL;
ZERO_STRUCTP(token);
- if ((token->user_sids = (DOM_SID *)malloc( (ngroups + 2)*sizeof(DOM_SID))) == NULL) {
+ /* We always have uid/gid plus World and Network and Authenticated Users or Guest SIDs. */
+ num_sids = 5 + ngroups;
+
+ if ((token->user_sids = (DOM_SID *)malloc( num_sids*sizeof(DOM_SID))) == NULL) {
free(token);
return NULL;
}
psids = token->user_sids;
- token->num_sids = 2;
+ sid_copy( &psids[psid_ndx++], &global_sid_World);
+ sid_copy( &psids[psid_ndx++], &global_sid_Network);
- uid_to_sid( &psids[0], uid);
- gid_to_sid( &psids[1], gid);
+ /*
+ * The only difference between guest and "anonymous" (which we
+ * don't really support) is the addition of Authenticated_Users.
+ */
+
+ if (is_guest)
+ sid_copy( &psids[psid_ndx++], &global_sid_Builtin_Guests);
+ else
+ sid_copy( &psids[psid_ndx++], &global_sid_Authenticated_Users);
+
+ uid_to_sid( &psids[psid_ndx++], uid);
+ gid_to_sid( &psids[psid_ndx++], gid);
for (i = 0; i < ngroups; i++) {
if (groups[i] != gid) {
- gid_to_sid( &psids[psid_ndx+2], groups[i]);
- psid_ndx++;
- token->num_sids++;
+ gid_to_sid( &psids[psid_ndx++], groups[i]);
}
}
+ token->num_sids = psid_ndx;
+
return token;
}
@@ -257,7 +276,7 @@ uint16 register_vuid(uid_t uid,gid_t gid, char *unix_name, char *requested_name,
get_current_groups( &vuser->n_groups, &vuser->groups);
/* Create an NT_USER_TOKEN struct for this user. */
- vuser->nt_user_token = create_nt_token(uid,gid, vuser->n_groups, vuser->groups);
+ vuser->nt_user_token = create_nt_token(uid,gid, vuser->n_groups, vuser->groups, guest);
next_vuid++;
num_validated_vuids++;
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index 008765cde1..25cadb51b0 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -148,6 +148,8 @@ BOOL become_user(connection_struct *conn, uint16 vuid)
*/
if((group_c = *lp_force_group(snum))) {
+ BOOL is_guest = False;
+
if(group_c == '+') {
/*
@@ -173,7 +175,10 @@ BOOL become_user(connection_struct *conn, uint16 vuid)
* re-create it.
*/
- token = create_nt_token(uid, gid, current_user.ngroups, current_user.groups);
+ if (vuser && vuser->guest)
+ is_guest = True;
+
+ token = create_nt_token(uid, gid, current_user.ngroups, current_user.groups, is_guest);
must_free_token = True;
}