From 23dc2e4244a99f1e955d54c22516a7a8c108d989 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 14 Aug 2010 20:33:36 +1000
Subject: s4:auth Change {anonymous,system}_session to use common session_info
 generation

This also changes the primary group for anonymous to be the anonymous
SID, and adds code to detect and ignore this when constructing the token.

Andrew Bartlett
---
 source4/auth/system_session.c | 8 ++++----
 source4/dsdb/samdb/samdb.c    | 6 ++++--
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/source4/auth/system_session.c b/source4/auth/system_session.c
index d588090d60..4712702e46 100644
--- a/source4/auth/system_session.c
+++ b/source4/auth/system_session.c
@@ -190,7 +190,7 @@ NTSTATUS auth_system_session_info(TALLOC_CTX *parent_ctx,
 	}
 
 	/* references the server_info into the session_info */
-	nt_status = auth_generate_simple_session_info(parent_ctx, server_info, &session_info);
+	nt_status = auth_generate_session_info(parent_ctx, NULL, server_info, 0, &session_info);
 	talloc_free(mem_ctx);
 
 	NT_STATUS_NOT_OK_RETURN(nt_status);
@@ -441,7 +441,7 @@ _PUBLIC_ NTSTATUS auth_anonymous_session_info(TALLOC_CTX *parent_ctx,
 	}
 
 	/* references the server_info into the session_info */
-	nt_status = auth_generate_simple_session_info(parent_ctx, server_info, &session_info);
+	nt_status = auth_generate_session_info(parent_ctx, NULL, server_info, 0, &session_info);
 	talloc_free(mem_ctx);
 
 	NT_STATUS_NOT_OK_RETURN(nt_status);
@@ -470,8 +470,8 @@ _PUBLIC_ NTSTATUS auth_anonymous_server_info(TALLOC_CTX *mem_ctx,
 	server_info->account_sid = dom_sid_parse_talloc(server_info, SID_NT_ANONYMOUS);
 	NT_STATUS_HAVE_NO_MEMORY(server_info->account_sid);
 
-	/* is this correct? */
-	server_info->primary_group_sid = dom_sid_parse_talloc(server_info, SID_BUILTIN_GUESTS);
+	/* The anonymous user has only one SID in it's token, but we need to fill something in here */
+	server_info->primary_group_sid = dom_sid_parse_talloc(server_info, SID_NT_ANONYMOUS);
 	NT_STATUS_HAVE_NO_MEMORY(server_info->primary_group_sid);
 
 	server_info->n_domain_groups = 0;
diff --git a/source4/dsdb/samdb/samdb.c b/source4/dsdb/samdb/samdb.c
index 2d64cc1b85..0a2d5c3c7c 100644
--- a/source4/dsdb/samdb/samdb.c
+++ b/source4/dsdb/samdb/samdb.c
@@ -168,8 +168,10 @@ NTSTATUS security_token_create(TALLOC_CTX *mem_ctx,
 	NT_STATUS_HAVE_NO_MEMORY(ptoken->sids);
 
 	ptoken->sids[PRIMARY_USER_SID_INDEX] = talloc_reference(ptoken, user_sid);
-	ptoken->sids[PRIMARY_GROUP_SID_INDEX] = talloc_reference(ptoken, group_sid);
-	ptoken->num_sids++;
+	if (!dom_sid_equal(user_sid, group_sid)) {
+		ptoken->sids[PRIMARY_GROUP_SID_INDEX] = talloc_reference(ptoken, group_sid);
+		ptoken->num_sids++;
+	}
 
 	/*
 	 * Finally add the "standard" SIDs.
-- 
cgit