sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Code

s3-auth Use guest boolean in auth_user_info_unix

Browse Source 
Signed-off-by: Andrew Tridgell <tridge@samba.org>
This commit is contained in:
Andrew Bartlett 2011-07-15 16:09:52 +10:00
parent bf1dba03b2
commit e2049e77e4
10 changed files with 26 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
source3/auth/auth_util.c
View File

@ -508,7 +508,7 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
(server_info->nss_token)) {
status = create_token_from_username(session_info,
session_info->unix_info->unix_name,
session_info->guest,
session_info->unix_info->guest,
&session_info->unix_token->uid,
&session_info->unix_token->gid,
&session_info->unix_info->unix_name,
@ -516,7 +516,7 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
} else {
status = create_local_nt_token_from_info3(session_info,
session_info->guest,
session_info->unix_info->guest,
session_info->info3,
&session_info->extra,
&session_info->security_token);
@ -978,7 +978,10 @@ static struct auth_serversupplied_info *copy_session_info_serverinfo(TALLOC_CTX
return NULL;
}
dst->guest = src->guest;
/* This element must be provided to convert back to an auth_serversupplied_info */
SMB_ASSERT(src->unix_info);
dst->guest = src->unix_info->guest;
dst->system = src->system;
/* This element must be provided to convert back to an auth_serversupplied_info */
@ -1015,8 +1018,6 @@ static struct auth_serversupplied_info *copy_session_info_serverinfo(TALLOC_CTX
}
dst->extra = src->extra;
/* This element must be provided to convert back to an auth_serversupplied_info */
SMB_ASSERT(src->unix_info);
dst->unix_name = talloc_strdup(dst, src->unix_info->unix_name);
if (!dst->unix_name) {
TALLOC_FREE(dst);
@ -1042,7 +1043,6 @@ static struct auth3_session_info *copy_serverinfo_session_info(TALLOC_CTX *mem_c
return NULL;
}
dst->guest = src->guest;
dst->system = src->system;
dst->unix_token = talloc(dst, struct security_unix_token);
@ -1100,6 +1100,8 @@ static struct auth3_session_info *copy_serverinfo_session_info(TALLOC_CTX *mem_c
return NULL;
}
dst->unix_info->guest = src->guest;
return dst;
}
@ -1113,7 +1115,6 @@ struct auth3_session_info *copy_session_info(TALLOC_CTX *mem_ctx,
return NULL;
}
dst->guest = src->guest;
dst->system = src->system;
if (src->unix_token) {
@ -1175,6 +1176,8 @@ struct auth3_session_info *copy_session_info(TALLOC_CTX *mem_ctx,
TALLOC_FREE(dst);
return NULL;
}
dst->unix_info->guest = src->unix_info->guest;
}
return dst;

1
source3/include/auth.h
View File

@ -76,7 +76,6 @@ struct auth_serversupplied_info {
};
struct auth3_session_info {
bool guest;
bool system;
struct security_unix_token *unix_token;

2
source3/rpc_server/lsa/srv_lsa_nt.c
View File

@ -2400,7 +2400,7 @@ NTSTATUS _lsa_GetUserName(struct pipes_struct *p,
return NT_STATUS_INVALID_PARAMETER;
}
if (p->session_info->guest) {
if (p->session_info->unix_info->guest) {
/*
* I'm 99% sure this is not the right place to do this,
* global_sid_Anonymous should probably be put into the token

2
source3/rpc_server/rpc_handles.c
View File

@ -346,7 +346,7 @@ bool pipe_access_check(struct pipes_struct *p)
return True;
}
if (p->session_info->guest) {
if (p->session_info->unix_info->guest) {
return False;
}
}

2
source3/smbd/lanman.c
View File

@ -5857,7 +5857,7 @@ void api_reply(connection_struct *conn, uint16 vuid,
if (api_commands[i].auth_user && lp_restrict_anonymous()) {
user_struct *user = get_valid_user_struct(req->sconn, vuid);
if (!user || user->session_info->guest) {
if (!user || user->session_info->unix_info->guest) {
reply_nterror(req, NT_STATUS_ACCESS_DENIED);
return;
}

6
source3/smbd/password.c
View File

@ -294,7 +294,7 @@ int register_existing_vuid(struct smbd_server_connection *sconn,
vuser->session_info->unix_info->unix_name,
vuser->session_info->unix_info->sanitized_username,
vuser->session_info->info3->base.domain.string,
vuser->session_info->guest ));
vuser->session_info->unix_info->guest ));
DEBUG(3, ("register_existing_vuid: User name: %s\t"
"Real name: %s\n", vuser->session_info->unix_info->unix_name,
@ -328,13 +328,13 @@ int register_existing_vuid(struct smbd_server_connection *sconn,
vuser->homes_snum = -1;
if (!vuser->session_info->guest) {
if (!vuser->session_info->unix_info->guest) {
vuser->homes_snum = register_homes_share(
vuser->session_info->unix_info->unix_name);
}
if (srv_is_signing_negotiated(sconn) &&
!vuser->session_info->guest) {
!vuser->session_info->unix_info->guest) {
/* Try and turn on server signing on the first non-guest
* sessionsetup. */
srv_set_signing(sconn,

4
source3/smbd/service.c
View File

@ -394,7 +394,7 @@ static NTSTATUS create_connection_session_info(struct smbd_server_connection *sc
* This is the normal security != share case where we have a
* valid vuid from the session setup. */
if (vuid_serverinfo->guest) {
if (vuid_serverinfo->unix_info->guest) {
if (!lp_guest_ok(snum)) {
DEBUG(2, ("guest user (from session setup) "
"not permitted to access this share "
@ -475,7 +475,7 @@ NTSTATUS set_conn_force_user_group(connection_struct *conn, int snum)
}
status = make_session_info_from_username(
conn, fuser, conn->session_info->guest,
conn, fuser, conn->session_info->unix_info->guest,
&forced_serverinfo);
if (!NT_STATUS_IS_OK(status)) {
return status;

2
source3/smbd/session.c
View File

@ -53,7 +53,7 @@ bool session_claim(struct smbd_server_connection *sconn, user_struct *vuser)
/* don't register sessions for the guest user - its just too
expensive to go through pam session code for browsing etc */
if (vuser->session_info->guest) {
if (vuser->session_info->unix_info->guest) {
return True;
}

6
source3/smbd/sesssetup.c
View File

@ -441,7 +441,7 @@ static void reply_spnego_kerberos(struct smb_request *req,
SSVAL(req->outbuf, smb_vwv3, 0);
if (session_info->guest) {
if (session_info->unix_info->guest) {
SSVAL(req->outbuf,smb_vwv2,1);
}
@ -535,7 +535,7 @@ static void reply_spnego_ntlmssp(struct smb_request *req,
SSVAL(req->outbuf, smb_vwv3, 0);
if (session_info->guest) {
if (session_info->unix_info->guest) {
SSVAL(req->outbuf,smb_vwv2,1);
}
}
@ -1702,7 +1702,7 @@ void reply_sesssetup_and_X(struct smb_request *req)
/* perhaps grab OS version here?? */
}
if (session_info->guest) {
if (session_info->unix_info->guest) {
SSVAL(req->outbuf,smb_vwv2,1);
}

8
source3/smbd/smb2_sesssetup.c
View File

@ -253,7 +253,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session,
session->do_signing = true;
}
if (session->session_info->guest) {
if (session->session_info->unix_info->guest) {
/* we map anonymous to guest internally */
*out_session_flags |= SMB2_SESSION_FLAG_IS_GUEST;
*out_session_flags |= SMB2_SESSION_FLAG_IS_NULL;
@ -280,7 +280,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session,
session->session_info->unix_info->sanitized_username =
talloc_strdup(session->session_info, tmp);
if (!session->session_info->guest) {
if (!session->session_info->unix_info->guest) {
session->compat_vuser->homes_snum =
register_homes_share(session->session_info->unix_info->unix_name);
}
@ -460,7 +460,7 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s
session->do_signing = true;
}
if (session->session_info->guest) {
if (session->session_info->unix_info->guest) {
/* we map anonymous to guest internally */
*out_session_flags |= SMB2_SESSION_FLAG_IS_GUEST;
*out_session_flags |= SMB2_SESSION_FLAG_IS_NULL;
@ -491,7 +491,7 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s
session->session_info->unix_info->sanitized_username = talloc_strdup(
session->session_info, tmp);
if (!session->compat_vuser->session_info->guest) {
if (!session->compat_vuser->session_info->unix_info->guest) {
session->compat_vuser->homes_snum =
register_homes_share(session->session_info->unix_info->unix_name);
}