summaryrefslogtreecommitdiff
path: root/source4/smbd/service_named_pipe.c
diff options
context:
space:
mode:
Diffstat (limited to 'source4/smbd/service_named_pipe.c')
-rw-r--r--source4/smbd/service_named_pipe.c41
1 files changed, 41 insertions, 0 deletions
diff --git a/source4/smbd/service_named_pipe.c b/source4/smbd/service_named_pipe.c
index d78fd72cc2..235d4c2a3a 100644
--- a/source4/smbd/service_named_pipe.c
+++ b/source4/smbd/service_named_pipe.c
@@ -35,6 +35,7 @@
#include "libcli/raw/smb.h"
#include "auth/credentials/credentials.h"
#include "auth/credentials/credentials_krb5.h"
+#include "libcli/security/dom_sid.h"
struct named_pipe_socket {
const char *pipe_name;
@@ -164,6 +165,8 @@ static void named_pipe_auth_request(struct tevent_req *subreq)
struct named_pipe_auth_req pipe_request;
struct named_pipe_auth_rep pipe_reply;
struct auth_context *auth_context;
+ uint32_t session_flags = 0;
+ struct dom_sid *anonymous_sid;
NTSTATUS status;
int ret;
@@ -264,11 +267,23 @@ static void named_pipe_auth_request(struct tevent_req *subreq)
goto reply;
}
+ anonymous_sid = dom_sid_parse_talloc(auth_context, SID_NT_ANONYMOUS);
+ if (anonymous_sid == NULL) {
+ named_pipe_terminate_connection(pipe_conn, "Failed to parse Anonymous SID ");
+ talloc_free(auth_context);
+ return;
+ }
+
+ session_flags = AUTH_SESSION_INFO_DEFAULT_GROUPS;
+ if (!dom_sid_equal(anonymous_sid, server_info->account_sid)) {
+ session_flags |= AUTH_SESSION_INFO_AUTHENTICATED;
+ }
/* setup the session_info on the connection */
pipe_reply.status = auth_context->generate_session_info(conn,
auth_context,
server_info,
+ session_flags,
&conn->session_info);
talloc_free(auth_context);
if (!NT_STATUS_IS_OK(pipe_reply.status)) {
@@ -315,9 +330,22 @@ static void named_pipe_auth_request(struct tevent_req *subreq)
goto reply;
}
+ anonymous_sid = dom_sid_parse_talloc(auth_context, SID_NT_ANONYMOUS);
+ if (anonymous_sid == NULL) {
+ named_pipe_terminate_connection(pipe_conn, "Failed to parse Anonymous SID ");
+ talloc_free(auth_context);
+ return;
+ }
+
+ session_flags = AUTH_SESSION_INFO_DEFAULT_GROUPS;
+ if (!dom_sid_equal(anonymous_sid, server_info->account_sid)) {
+ session_flags |= AUTH_SESSION_INFO_AUTHENTICATED;
+ }
+
pipe_reply.status = auth_context->generate_session_info(conn,
auth_context,
server_info,
+ session_flags,
&conn->session_info);
talloc_free(auth_context);
if (!NT_STATUS_IS_OK(pipe_reply.status)) {
@@ -405,10 +433,23 @@ static void named_pipe_auth_request(struct tevent_req *subreq)
goto reply;
}
+ anonymous_sid = dom_sid_parse_talloc(auth_context, SID_NT_ANONYMOUS);
+ if (anonymous_sid == NULL) {
+ named_pipe_terminate_connection(pipe_conn, "Failed to parse Anonymous SID ");
+ talloc_free(auth_context);
+ return;
+ }
+
+ session_flags = AUTH_SESSION_INFO_DEFAULT_GROUPS;
+ if (!dom_sid_equal(anonymous_sid, server_info->account_sid)) {
+ session_flags |= AUTH_SESSION_INFO_AUTHENTICATED;
+ }
+
/* setup the session_info on the connection */
pipe_reply.status = auth_context->generate_session_info(conn,
auth_context,
server_info,
+ session_flags,
&conn->session_info);
talloc_free(auth_context);
if (!NT_STATUS_IS_OK(pipe_reply.status)) {
generated by cgit (git 2.34.1) at 2024-06-26 18:45:48 +0000