From 9d09b66f41cb4ab58bd4a6d83ecebb91805a4b5b Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 19 Jul 2011 10:51:08 +1000 Subject: auth: Set NETLOGON_GUEST and use it to determine guest status These additional measures should help ensure we do not accidentily upgrade a guest to an authenticated user in the future. Andrew Bartlett Signed-off-by: Andrew Tridgell --- auth/auth_sam_reply.c | 3 ++- source3/auth/auth_util.c | 3 +++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/auth/auth_sam_reply.c b/auth/auth_sam_reply.c index ee27e966f6..59fcf7ad5d 100644 --- a/auth/auth_sam_reply.c +++ b/auth/auth_sam_reply.c @@ -237,7 +237,8 @@ NTSTATUS make_user_info_SamBaseInfo(TALLOC_CTX *mem_ctx, info->bad_password_count = base->bad_password_count; info->acct_flags = base->acct_flags; - info->authenticated = authenticated; + /* Only set authenticated if both NETLOGON_GUEST is not set, and authenticated is set */ + info->authenticated = (authenticated && (!(base->user_flags & NETLOGON_GUEST))); *_user_info = info; return NT_STATUS_OK; diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 0627911aeb..d5ca1a206b 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -809,6 +809,9 @@ static NTSTATUS get_guest_info3(TALLOC_CTX *mem_ctx, /* Primary gid */ info3->base.primary_gid = BUILTIN_RID_GUESTS; + /* Set as guest */ + info3->base.user_flags = NETLOGON_GUEST; + TALLOC_FREE(pwd); return NT_STATUS_OK; } -- cgit