From 662282106318e3f1f0bbcc7281f49ee5b3727f21 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 19 Jul 2011 11:57:05 +1000 Subject: s3-auth Remove seperate guest boolean Instead, we base our guest calculations on the presence or absense of the authenticated users group in the token, ensuring that we have only one canonical source of this important piece of authorization data Andrew Bartlett Signed-off-by: Andrew Tridgell --- source3/smbd/service.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'source3/smbd/service.c') diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 71681aeca2..f1d2ca040d 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -394,8 +394,8 @@ static NTSTATUS create_connection_session_info(struct smbd_server_connection *sc * This is the normal security != share case where we have a * valid vuid from the session setup. */ - if (vuid_serverinfo->unix_info->guest) { - if (!lp_guest_ok(snum)) { + if (security_session_user_level(vuid_serverinfo, NULL) < SECURITY_USER) { + if (!lp_guest_ok(snum)) { DEBUG(2, ("guest user (from session setup) " "not permitted to access this share " "(%s)\n", lp_servicename(snum))); @@ -467,6 +467,7 @@ NTSTATUS set_conn_force_user_group(connection_struct *conn, int snum) char *fuser; struct auth_session_info *forced_serverinfo; + bool guest; fuser = talloc_string_sub(conn, lp_force_user(snum), "%S", lp_const_servicename(snum)); @@ -474,8 +475,11 @@ NTSTATUS set_conn_force_user_group(connection_struct *conn, int snum) return NT_STATUS_NO_MEMORY; } + guest = security_session_user_level(conn->session_info, NULL) < SECURITY_USER; + status = make_session_info_from_username( - conn, fuser, conn->session_info->unix_info->guest, + conn, fuser, + guest, &forced_serverinfo); if (!NT_STATUS_IS_OK(status)) { return status; -- cgit