From 662282106318e3f1f0bbcc7281f49ee5b3727f21 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 19 Jul 2011 11:57:05 +1000
Subject: s3-auth Remove seperate guest boolean

Instead, we base our guest calculations on the presence or absense of the
authenticated users group in the token, ensuring that we have only
one canonical source of this important piece of authorization data

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
---
 source3/smbd/lanman.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source3/smbd/lanman.c')

diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
index 4f905cf9b1..292ebf4385 100644
--- a/source3/smbd/lanman.c
+++ b/source3/smbd/lanman.c
@@ -5857,7 +5857,7 @@ void api_reply(connection_struct *conn, uint16 vuid,
 	if (api_commands[i].auth_user && lp_restrict_anonymous()) {
 		user_struct *user = get_valid_user_struct(req->sconn, vuid);
 
-		if (!user || user->session_info->unix_info->guest) {
+		if (!user || security_session_user_level(user->session_info, NULL) < SECURITY_USER) {
 			reply_nterror(req, NT_STATUS_ACCESS_DENIED);
 			return;
 		}
-- 
cgit