From e2049e77e406981363a7b81fd092a6ccb4afb187 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 15 Jul 2011 16:09:52 +1000 Subject: s3-auth Use guest boolean in auth_user_info_unix Signed-off-by: Andrew Tridgell --- source3/auth/auth_util.c | 17 ++++++++++------- source3/include/auth.h | 1 - source3/rpc_server/lsa/srv_lsa_nt.c | 2 +- source3/rpc_server/rpc_handles.c | 2 +- source3/smbd/lanman.c | 2 +- source3/smbd/password.c | 6 +++--- source3/smbd/service.c | 4 ++-- source3/smbd/session.c | 2 +- source3/smbd/sesssetup.c | 6 +++--- source3/smbd/smb2_sesssetup.c | 8 ++++---- 10 files changed, 26 insertions(+), 24 deletions(-) diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index f53f63df1f..fb1a207e72 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -508,7 +508,7 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx, (server_info->nss_token)) { status = create_token_from_username(session_info, session_info->unix_info->unix_name, - session_info->guest, + session_info->unix_info->guest, &session_info->unix_token->uid, &session_info->unix_token->gid, &session_info->unix_info->unix_name, @@ -516,7 +516,7 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx, } else { status = create_local_nt_token_from_info3(session_info, - session_info->guest, + session_info->unix_info->guest, session_info->info3, &session_info->extra, &session_info->security_token); @@ -978,7 +978,10 @@ static struct auth_serversupplied_info *copy_session_info_serverinfo(TALLOC_CTX return NULL; } - dst->guest = src->guest; + /* This element must be provided to convert back to an auth_serversupplied_info */ + SMB_ASSERT(src->unix_info); + + dst->guest = src->unix_info->guest; dst->system = src->system; /* This element must be provided to convert back to an auth_serversupplied_info */ @@ -1015,8 +1018,6 @@ static struct auth_serversupplied_info *copy_session_info_serverinfo(TALLOC_CTX } dst->extra = src->extra; - /* This element must be provided to convert back to an auth_serversupplied_info */ - SMB_ASSERT(src->unix_info); dst->unix_name = talloc_strdup(dst, src->unix_info->unix_name); if (!dst->unix_name) { TALLOC_FREE(dst); @@ -1042,7 +1043,6 @@ static struct auth3_session_info *copy_serverinfo_session_info(TALLOC_CTX *mem_c return NULL; } - dst->guest = src->guest; dst->system = src->system; dst->unix_token = talloc(dst, struct security_unix_token); @@ -1100,6 +1100,8 @@ static struct auth3_session_info *copy_serverinfo_session_info(TALLOC_CTX *mem_c return NULL; } + dst->unix_info->guest = src->guest; + return dst; } @@ -1113,7 +1115,6 @@ struct auth3_session_info *copy_session_info(TALLOC_CTX *mem_ctx, return NULL; } - dst->guest = src->guest; dst->system = src->system; if (src->unix_token) { @@ -1175,6 +1176,8 @@ struct auth3_session_info *copy_session_info(TALLOC_CTX *mem_ctx, TALLOC_FREE(dst); return NULL; } + + dst->unix_info->guest = src->unix_info->guest; } return dst; diff --git a/source3/include/auth.h b/source3/include/auth.h index 11d501f434..d13f18b7a5 100644 --- a/source3/include/auth.h +++ b/source3/include/auth.h @@ -76,7 +76,6 @@ struct auth_serversupplied_info { }; struct auth3_session_info { - bool guest; bool system; struct security_unix_token *unix_token; diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c index eaf1a5b0ba..309e2aa5f6 100644 --- a/source3/rpc_server/lsa/srv_lsa_nt.c +++ b/source3/rpc_server/lsa/srv_lsa_nt.c @@ -2400,7 +2400,7 @@ NTSTATUS _lsa_GetUserName(struct pipes_struct *p, return NT_STATUS_INVALID_PARAMETER; } - if (p->session_info->guest) { + if (p->session_info->unix_info->guest) { /* * I'm 99% sure this is not the right place to do this, * global_sid_Anonymous should probably be put into the token diff --git a/source3/rpc_server/rpc_handles.c b/source3/rpc_server/rpc_handles.c index 7fa59b6b11..f3a97b37a2 100644 --- a/source3/rpc_server/rpc_handles.c +++ b/source3/rpc_server/rpc_handles.c @@ -346,7 +346,7 @@ bool pipe_access_check(struct pipes_struct *p) return True; } - if (p->session_info->guest) { + if (p->session_info->unix_info->guest) { return False; } } diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c index b8fcc3022d..c1b7ab6077 100644 --- a/source3/smbd/lanman.c +++ b/source3/smbd/lanman.c @@ -5857,7 +5857,7 @@ void api_reply(connection_struct *conn, uint16 vuid, if (api_commands[i].auth_user && lp_restrict_anonymous()) { user_struct *user = get_valid_user_struct(req->sconn, vuid); - if (!user || user->session_info->guest) { + if (!user || user->session_info->unix_info->guest) { reply_nterror(req, NT_STATUS_ACCESS_DENIED); return; } diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 08b53a818e..9daecaf48e 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -294,7 +294,7 @@ int register_existing_vuid(struct smbd_server_connection *sconn, vuser->session_info->unix_info->unix_name, vuser->session_info->unix_info->sanitized_username, vuser->session_info->info3->base.domain.string, - vuser->session_info->guest )); + vuser->session_info->unix_info->guest )); DEBUG(3, ("register_existing_vuid: User name: %s\t" "Real name: %s\n", vuser->session_info->unix_info->unix_name, @@ -328,13 +328,13 @@ int register_existing_vuid(struct smbd_server_connection *sconn, vuser->homes_snum = -1; - if (!vuser->session_info->guest) { + if (!vuser->session_info->unix_info->guest) { vuser->homes_snum = register_homes_share( vuser->session_info->unix_info->unix_name); } if (srv_is_signing_negotiated(sconn) && - !vuser->session_info->guest) { + !vuser->session_info->unix_info->guest) { /* Try and turn on server signing on the first non-guest * sessionsetup. */ srv_set_signing(sconn, diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 47114f1255..d5a757c61f 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -394,7 +394,7 @@ static NTSTATUS create_connection_session_info(struct smbd_server_connection *sc * This is the normal security != share case where we have a * valid vuid from the session setup. */ - if (vuid_serverinfo->guest) { + if (vuid_serverinfo->unix_info->guest) { if (!lp_guest_ok(snum)) { DEBUG(2, ("guest user (from session setup) " "not permitted to access this share " @@ -475,7 +475,7 @@ NTSTATUS set_conn_force_user_group(connection_struct *conn, int snum) } status = make_session_info_from_username( - conn, fuser, conn->session_info->guest, + conn, fuser, conn->session_info->unix_info->guest, &forced_serverinfo); if (!NT_STATUS_IS_OK(status)) { return status; diff --git a/source3/smbd/session.c b/source3/smbd/session.c index a6bc4924b5..9b8d11cc65 100644 --- a/source3/smbd/session.c +++ b/source3/smbd/session.c @@ -53,7 +53,7 @@ bool session_claim(struct smbd_server_connection *sconn, user_struct *vuser) /* don't register sessions for the guest user - its just too expensive to go through pam session code for browsing etc */ - if (vuser->session_info->guest) { + if (vuser->session_info->unix_info->guest) { return True; } diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 694c0874f2..76f96b1e42 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -441,7 +441,7 @@ static void reply_spnego_kerberos(struct smb_request *req, SSVAL(req->outbuf, smb_vwv3, 0); - if (session_info->guest) { + if (session_info->unix_info->guest) { SSVAL(req->outbuf,smb_vwv2,1); } @@ -535,7 +535,7 @@ static void reply_spnego_ntlmssp(struct smb_request *req, SSVAL(req->outbuf, smb_vwv3, 0); - if (session_info->guest) { + if (session_info->unix_info->guest) { SSVAL(req->outbuf,smb_vwv2,1); } } @@ -1702,7 +1702,7 @@ void reply_sesssetup_and_X(struct smb_request *req) /* perhaps grab OS version here?? */ } - if (session_info->guest) { + if (session_info->unix_info->guest) { SSVAL(req->outbuf,smb_vwv2,1); } diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c index fb9fbde502..9475ffb363 100644 --- a/source3/smbd/smb2_sesssetup.c +++ b/source3/smbd/smb2_sesssetup.c @@ -253,7 +253,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session, session->do_signing = true; } - if (session->session_info->guest) { + if (session->session_info->unix_info->guest) { /* we map anonymous to guest internally */ *out_session_flags |= SMB2_SESSION_FLAG_IS_GUEST; *out_session_flags |= SMB2_SESSION_FLAG_IS_NULL; @@ -280,7 +280,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session, session->session_info->unix_info->sanitized_username = talloc_strdup(session->session_info, tmp); - if (!session->session_info->guest) { + if (!session->session_info->unix_info->guest) { session->compat_vuser->homes_snum = register_homes_share(session->session_info->unix_info->unix_name); } @@ -460,7 +460,7 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s session->do_signing = true; } - if (session->session_info->guest) { + if (session->session_info->unix_info->guest) { /* we map anonymous to guest internally */ *out_session_flags |= SMB2_SESSION_FLAG_IS_GUEST; *out_session_flags |= SMB2_SESSION_FLAG_IS_NULL; @@ -491,7 +491,7 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s session->session_info->unix_info->sanitized_username = talloc_strdup( session->session_info, tmp); - if (!session->compat_vuser->session_info->guest) { + if (!session->compat_vuser->session_info->unix_info->guest) { session->compat_vuser->homes_snum = register_homes_share(session->session_info->unix_info->unix_name); } -- cgit