From 662282106318e3f1f0bbcc7281f49ee5b3727f21 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 19 Jul 2011 11:57:05 +1000 Subject: s3-auth Remove seperate guest boolean Instead, we base our guest calculations on the presence or absense of the authenticated users group in the token, ensuring that we have only one canonical source of this important piece of authorization data Andrew Bartlett Signed-off-by: Andrew Tridgell --- source3/smbd/password.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'source3/smbd/password.c') diff --git a/source3/smbd/password.c b/source3/smbd/password.c index d529dc1a63..e23818f2d1 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -24,6 +24,7 @@ #include "smbd/globals.h" #include "../librpc/gen_ndr/netlogon.h" #include "auth.h" +#include "../libcli/security/security.h" /* Fix up prototypes for OSX 10.4, where they're missing */ #ifndef HAVE_SETNETGRENT_PROTOTYPE @@ -269,6 +270,7 @@ int register_existing_vuid(struct smbd_server_connection *sconn, { fstring tmp; user_struct *vuser; + bool guest = security_session_user_level(session_info, NULL) < SECURITY_USER; vuser = get_partial_auth_user_struct(sconn, vuid); if (!vuser) { @@ -294,7 +296,7 @@ int register_existing_vuid(struct smbd_server_connection *sconn, vuser->session_info->unix_info->unix_name, vuser->session_info->unix_info->sanitized_username, vuser->session_info->info->domain_name, - vuser->session_info->unix_info->guest )); + guest)); DEBUG(3, ("register_existing_vuid: User name: %s\t" "Real name: %s\n", vuser->session_info->unix_info->unix_name, @@ -328,13 +330,14 @@ int register_existing_vuid(struct smbd_server_connection *sconn, vuser->homes_snum = -1; - if (!vuser->session_info->unix_info->guest) { + + if (!guest) { vuser->homes_snum = register_homes_share( vuser->session_info->unix_info->unix_name); } if (srv_is_signing_negotiated(sconn) && - !vuser->session_info->unix_info->guest) { + !guest) { /* Try and turn on server signing on the first non-guest * sessionsetup. */ srv_set_signing(sconn, -- cgit